Updates from 0.9.8-stable branch.
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         0,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE,
200         0,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         0,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         0,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         0,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         0,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         0,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         0,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         0,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH,
330         0,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         0,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         0,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH,
379         0,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         0,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         0,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH,
427         0,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         0,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         0,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH,
476         0,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         0,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         0,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH,
524         0,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         0,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         0,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         0,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         0,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH,
604         0,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         0,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         0,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         0,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers
662 ** 20000107 VRS: And the first shall be last,
663 ** in hopes of avoiding the lynx ssl renegotiation problem.
664 */
665 /* Cipher 1E */
666         {
667         1,
668         SSL3_TXT_KRB5_DES_64_CBC_SHA,
669         SSL3_CK_KRB5_DES_64_CBC_SHA,
670         SSL_kKRB5,
671         SSL_aKRB5,
672         SSL_DES,
673         SSL_SHA1,
674         SSL_SSLV3,
675         SSL_NOT_EXP|SSL_LOW,
676         0,
677         56,
678         56,
679         },
680
681 /* Cipher 1F */
682         {
683         1,
684         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
685         SSL3_CK_KRB5_DES_192_CBC3_SHA,
686         SSL_kKRB5,
687         SSL_aKRB5,
688         SSL_3DES,
689         SSL_SHA1,
690         SSL_SSLV3,
691         SSL_NOT_EXP|SSL_HIGH,
692         0,
693         112,
694         168,
695         },
696
697 /* Cipher 20 */
698         {
699         1,
700         SSL3_TXT_KRB5_RC4_128_SHA,
701         SSL3_CK_KRB5_RC4_128_SHA,
702         SSL_kKRB5,SSL_aKRB5,
703         SSL_RC4,
704         SSL_SHA1,
705         SSL_SSLV3,
706         SSL_NOT_EXP,
707         SSL_MEDIUM,
708         0,
709         128,
710         128,
711         },
712
713 /* Cipher 21 */
714         {
715         1,
716         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
717         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
718         SSL_kKRB5,
719         SSL_aKRB5,
720         SSL_IDEA,
721         SSL_SHA1,
722         SSL_SSLV3,
723         SSL_NOT_EXP|SSL_MEDIUM,
724         0,
725         128,
726         128,
727         },
728
729 /* Cipher 22 */
730         {
731         1,
732         SSL3_TXT_KRB5_DES_64_CBC_MD5,
733         SSL3_CK_KRB5_DES_64_CBC_MD5,
734         SSL_kKRB5,
735         SSL_aKRB5,
736         SSL_DES,
737         SSL_MD5,
738         SSL_SSLV3,
739         SSL_NOT_EXP|SSL_LOW,
740         0,
741         56,
742         56,
743         },
744
745 /* Cipher 23 */
746         {
747         1,
748         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
749         SSL3_CK_KRB5_DES_192_CBC3_MD5,
750         SSL_kKRB5,
751         SSL_aKRB5,
752         SSL_3DES,
753         SSL_MD5,
754         SSL_SSLV3,
755         SSL_NOT_EXP|SSL_HIGH,
756         0,
757         112,
758         168,
759         },
760
761 /* Cipher 24 */
762         {
763         1,
764         SSL3_TXT_KRB5_RC4_128_MD5,
765         SSL3_CK_KRB5_RC4_128_MD5,
766         SSL_kKRB5,
767         SSL_aKRB5,
768         SSL_RC4,
769         SSL_MD5,
770         SSL_SSLV3,
771         SSL_NOT_EXP|SSL_MEDIUM,
772         0,
773         128,
774         128,
775         },
776
777 /* Cipher 25 */
778         {
779         1,
780         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
781         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
782         SSL_kKRB5,
783         SSL_aKRB5,
784         SSL_IDEA,
785         SSL_MD5,
786         SSL_SSLV3,
787         SSL_NOT_EXP|SSL_MEDIUM,
788         0,
789         128,
790         128,
791         },
792
793 /* Cipher 26 */
794         {
795         1,
796         SSL3_TXT_KRB5_DES_40_CBC_SHA,
797         SSL3_CK_KRB5_DES_40_CBC_SHA,
798         SSL_kKRB5,
799         SSL_aKRB5,
800         SSL_DES,
801         SSL_SHA1,
802         |SSL_SSLV3,
803         SSL_EXPORT|SSL_EXP40,
804         0,
805         40,
806         56,
807         },
808
809 /* Cipher 27 */
810         {
811         1,
812         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
813         SSL3_CK_KRB5_RC2_40_CBC_SHA,
814         SSL_kKRB5,
815         SSL_aKRB5,
816         SSL_RC2,
817         SSL_SHA1,
818         SSL_SSLV3,
819         SSL_EXPORT|SSL_EXP40,
820         0,
821         40,
822         128,
823         },
824
825 /* Cipher 28 */
826         {
827         1,
828         SSL3_TXT_KRB5_RC4_40_SHA,
829         SSL3_CK_KRB5_RC4_40_SHA,
830         SSL_kKRB5,
831         SSL_aKRB5,
832         SSL_RC4,
833         SSL_SHA1,
834         SSL_SSLV3,
835         SSL_EXPORT|SSL_EXP40,
836         0,
837         128,
838         128,
839         },
840
841 /* Cipher 29 */
842         {
843         1,
844         SSL3_TXT_KRB5_DES_40_CBC_MD5,
845         SSL3_CK_KRB5_DES_40_CBC_MD5,
846         SSL_kKRB5,
847         SSL_aKRB5,
848         SSL_DES,
849         SSL_MD5,
850         SSL_SSLV3,
851         SSL_EXPORT|SSL_EXP40,
852         0,
853         40,
854         56,
855         },
856
857 /* Cipher 2A */
858         {
859         1,
860         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
861         SSL3_CK_KRB5_RC2_40_CBC_MD5,
862         SSL_kKRB5,
863         SSL_aKRB5,
864         SSL_RC2,
865         SSL_MD5,
866         SSL_SSLV3,
867         SSL_EXPORT|SSL_EXP40,
868         0,
869         40,
870         128,
871         },
872
873 /* Cipher 2B */
874         {
875         1,
876         SSL3_TXT_KRB5_RC4_40_MD5,
877         SSL3_CK_KRB5_RC4_40_MD5,
878         SSL_kKRB5,
879         SSL_aKRB5,
880         SSL_RC4,
881         SSL_MD5,
882         SSL_SSLV3,
883         SSL_EXPORT|SSL_EXP40,
884         0,
885         128,
886         128,
887         },
888 #endif  /* OPENSSL_NO_KRB5 */
889
890 /* New AES ciphersuites */
891 /* Cipher 2F */
892         {
893         1,
894         TLS1_TXT_RSA_WITH_AES_128_SHA,
895         TLS1_CK_RSA_WITH_AES_128_SHA,
896         SSL_kRSA,
897         SSL_aRSA,
898         SSL_AES128,
899         SSL_SHA1,
900         SSL_TLSV1,
901         SSL_NOT_EXP|SSL_HIGH,
902         0,
903         128,
904         128,
905         },
906 /* Cipher 30 */
907         {
908         0,
909         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
910         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
911         SSL_kDHd,
912         SSL_aDH,
913         SSL_AES128,
914         SSL_SHA1,
915         SSL_TLSV1,
916         SSL_NOT_EXP|SSL_HIGH,
917         0,
918         128,
919         128,
920         },
921 /* Cipher 31 */
922         {
923         0,
924         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
925         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
926         SSL_kDHr,
927         SSL_aDH,
928         SSL_AES128,
929         SSL_SHA1,
930         SSL_TLSV1,
931         SSL_NOT_EXP|SSL_HIGH,
932         0,
933         128,
934         128,
935         },
936 /* Cipher 32 */
937         {
938         1,
939         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
940         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
941         SSL_kEDH,
942         SSL_aDSS,
943         SSL_AES128,
944         SSL_SHA1,
945         SSL_TLSV1,
946         SSL_NOT_EXP|SSL_HIGH,
947         0,
948         128,
949         128,
950         },
951 /* Cipher 33 */
952         {
953         1,
954         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
955         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
956         SSL_kEDH,
957         SSL_aRSA,
958         SSL_AES128,
959         SSL_SHA1,
960         SSL_TLSV1,
961         SSL_NOT_EXP|SSL_HIGH,
962         0,
963         128,
964         128,
965         },
966 /* Cipher 34 */
967         {
968         1,
969         TLS1_TXT_ADH_WITH_AES_128_SHA,
970         TLS1_CK_ADH_WITH_AES_128_SHA,
971         SSL_kEDH,
972         SSL_aNULL,
973         SSL_AES128,
974         SSL_SHA1,
975         SSL_TLSV1,
976         SSL_NOT_EXP|SSL_HIGH,
977         0,
978         128,
979         128,
980         },
981
982 /* Cipher 35 */
983         {
984         1,
985         TLS1_TXT_RSA_WITH_AES_256_SHA,
986         TLS1_CK_RSA_WITH_AES_256_SHA,
987         SSL_kRSA,
988         SSL_aRSA,
989         SSL_AES256,
990         SSL_SHA1,
991         SSL_TLSV1,
992         SSL_NOT_EXP|SSL_HIGH,
993         0,
994         256,
995         256,
996         },
997 /* Cipher 36 */
998         {
999         0,
1000         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
1001         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
1002         SSL_kDHd,
1003         SSL_aDH,
1004         SSL_AES256,
1005         SSL_SHA1,
1006         SSL_TLSV1,
1007         SSL_NOT_EXP|SSL_HIGH,
1008         0,
1009         256,
1010         256,
1011         },
1012
1013 /* Cipher 37 */
1014         {
1015         0, /* not implemented (non-ephemeral DH) */
1016         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1017         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1018         SSL_kDHr,
1019         SSL_aDH,
1020         SSL_AES256,
1021         SSL_SHA1,
1022         SSL_TLSV1,
1023         SSL_NOT_EXP|SSL_HIGH,
1024         0,
1025         256,
1026         256,
1027         },
1028
1029 /* Cipher 38 */
1030         {
1031         1,
1032         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1033         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1034         SSL_kEDH,
1035         SSL_aDSS,
1036         SSL_AES256,
1037         SSL_SHA1,
1038         SSL_TLSV1,
1039         SSL_NOT_EXP|SSL_HIGH,
1040         0,
1041         256,
1042         256,
1043         },
1044
1045 /* Cipher 39 */
1046         {
1047         1,
1048         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1049         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1050         SSL_kEDH,
1051         SSL_aRSA,
1052         SSL_AES256,
1053         SSL_SHA1,
1054         SSL_TLSV1,
1055         SSL_NOT_EXP|SSL_HIGH,
1056         0,
1057         256,
1058         256,
1059         },
1060
1061         /* Cipher 3A */
1062         {
1063         1,
1064         TLS1_TXT_ADH_WITH_AES_256_SHA,
1065         TLS1_CK_ADH_WITH_AES_256_SHA,
1066         SSL_kEDH,
1067         SSL_aNULL,
1068         SSL_AES256,
1069         SSL_SHA1,
1070         SSL_TLSV1,
1071         SSL_NOT_EXP|SSL_HIGH,
1072         0,
1073         256,
1074         256,
1075         },
1076
1077 #ifndef OPENSSL_NO_CAMELLIA
1078         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1079
1080         /* Cipher 41 */
1081         {
1082         1,
1083         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1084         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1085         SSL_kRSA,
1086         SSL_aRSA,
1087         SSL_CAMELLIA128,
1088         SSL_SHA1,
1089         SSL_TLSV1,
1090         SSL_NOT_EXP|SSL_HIGH,
1091         0,
1092         128,
1093         128,
1094         },
1095
1096         /* Cipher 42 */
1097         {
1098         0, /* not implemented (non-ephemeral DH) */
1099         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1100         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1101         SSL_kDHd,
1102         SSL_aDH,
1103         SSL_CAMELLIA128,
1104         SSL_SHA1,
1105         SSL_TLSV1,
1106         SSL_NOT_EXP|SSL_HIGH,
1107         0,
1108         128,
1109         128,
1110         },
1111
1112         /* Cipher 43 */
1113         {
1114         0, /* not implemented (non-ephemeral DH) */
1115         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1116         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1117         SSL_kDHr,
1118         SSL_aDH,
1119         SSL_CAMELLIA128,
1120         SSL_SHA1,
1121         SSL_TLSV1,
1122         SSL_NOT_EXP|SSL_HIGH,
1123         0,
1124         128,
1125         128,
1126         },
1127
1128         /* Cipher 44 */
1129         {
1130         1,
1131         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1132         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1133         SSL_kEDH,
1134         SSL_aDSS,
1135         SSL_CAMELLIA128,
1136         SSL_SHA1,
1137         SSL_TLSV1,
1138         SSL_NOT_EXP|SSL_HIGH,
1139         0,
1140         128,
1141         128,
1142         },
1143
1144         /* Cipher 45 */
1145         {
1146         1,
1147         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1148         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1149         SSL_kEDH,
1150         SSL_aRSA,
1151         SSL_CAMELLIA128,
1152         SSL_SHA1,
1153         SSL_TLSV1,
1154         SSL_NOT_EXP|SSL_HIGH,
1155         0,
1156         128,
1157         128,
1158         },
1159
1160         /* Cipher 46 */
1161         {
1162         1,
1163         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1164         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1165         SSL_kEDH,
1166         SSL_aNULL,
1167         SSL_CAMELLIA128,
1168         SSL_SHA1,
1169         SSL_TLSV1,
1170         SSL_NOT_EXP|SSL_HIGH,
1171         0,
1172         128,
1173         128,
1174         },
1175 #endif /* OPENSSL_NO_CAMELLIA */
1176
1177 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1178         /* New TLS Export CipherSuites from expired ID */
1179 #if 0
1180         /* Cipher 60 */
1181         {
1182         1,
1183         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1184         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1185         SSL_kRSA,
1186         SSL_aRSA,
1187         SSL_RC4,
1188         SSL_MD5,
1189         SSL_TLSV1,
1190         SSL_EXPORT|SSL_EXP56,
1191         0,
1192         56,
1193         128,
1194         },
1195
1196         /* Cipher 61 */
1197         {
1198         1,
1199         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1200         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1201         SSL_kRSA,
1202         SSL_aRSA,
1203         SSL_RC2,
1204         SSL_MD5,
1205         SSL_TLSV1,
1206         SSL_EXPORT|SSL_EXP56,
1207         0,
1208         56,
1209         128,
1210         },
1211 #endif
1212
1213         /* Cipher 62 */
1214         {
1215         1,
1216         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1217         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1218         SSL_kRSA,
1219         SSL_aRSA,
1220         SSL_DES,
1221         SSL_SHA1,
1222         SSL_TLSV1,
1223         SSL_EXPORT|SSL_EXP56,
1224         0,
1225         56,
1226         56,
1227         },
1228
1229         /* Cipher 63 */
1230         {
1231         1,
1232         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1233         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1234         SSL_kEDH,
1235         SSL_aDSS,
1236         SSL_DES,
1237         SSL_SHA1,
1238         SSL_TLSV1,
1239         SSL_EXPORT|SSL_EXP56,
1240         0,
1241         56,
1242         56,
1243         },
1244
1245         /* Cipher 64 */
1246         {
1247         1,
1248         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1249         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1250         SSL_kRSA,
1251         SSL_aRSA,
1252         SSL_RC4,
1253         SSL_SHA1,
1254         SSL_TLSV1,
1255         SSL_EXPORT|SSL_EXP56,
1256         0,
1257         56,
1258         128,
1259         },
1260
1261         /* Cipher 65 */
1262         {
1263         1,
1264         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1265         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1266         SSL_kEDH,
1267         SSL_aDSS,
1268         SSL_RC4,
1269         SSL_SHA1,
1270         SSL_TLSV1,
1271         SSL_EXPORT|SSL_EXP56,
1272         0,
1273         56,
1274         128,
1275         },
1276
1277         /* Cipher 66 */
1278         {
1279         1,
1280         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1281         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1282         SSL_kEDH,
1283         SSL_aDSS,
1284         SSL_RC4,
1285         SSL_SHA1,
1286         SSL_TLSV1,
1287         SSL_NOT_EXP|SSL_MEDIUM,
1288         0,
1289         128,
1290         128,
1291         },
1292 #endif
1293
1294 #ifndef OPENSSL_NO_CAMELLIA
1295         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1296
1297         /* Cipher 84 */
1298         {
1299         1,
1300         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1301         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1302         SSL_kRSA,
1303         SSL_aRSA,
1304         SSL_CAMELLIA256,
1305         SSL_SHA1,
1306         SSL_TLSV1,
1307         SSL_NOT_EXP|SSL_HIGH,
1308         0,
1309         256,
1310         256,
1311         },
1312         /* Cipher 85 */
1313         {
1314         0, /* not implemented (non-ephemeral DH) */
1315         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1316         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1317         SSL_kDHd,
1318         SSL_aDH,
1319         SSL_CAMELLIA256,
1320         SSL_SHA1,
1321         SSL_TLSV1,
1322         SSL_NOT_EXP|SSL_HIGH,
1323         0,
1324         256,
1325         256,
1326         },
1327
1328         /* Cipher 86 */
1329         {
1330         0, /* not implemented (non-ephemeral DH) */
1331         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1332         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1333         SSL_kDHr,
1334         SSL_aDH,
1335         SSL_CAMELLIA256,
1336         SSL_SHA1,
1337         SSL_TLSV1,
1338         SSL_NOT_EXP|SSL_HIGH,
1339         0,
1340         256,
1341         256,
1342         },
1343
1344         /* Cipher 87 */
1345         {
1346         1,
1347         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1348         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1349         SSL_kEDH,
1350         SSL_aDSS,
1351         SSL_CAMELLIA256,
1352         SSL_SHA1,
1353         SSL_TLSV1,
1354         SSL_NOT_EXP|SSL_HIGH,
1355         0,
1356         256,
1357         256,
1358         },
1359
1360         /* Cipher 88 */
1361         {
1362         1,
1363         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1364         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1365         SSL_kEDH,
1366         SSL_aRSA,
1367         SSL_CAMELLIA256,
1368         SSL_SHA1,
1369         SSL_TLSV1,
1370         SSL_NOT_EXP|SSL_HIGH,
1371         0,
1372         256,
1373         256,
1374         },
1375
1376         /* Cipher 89 */
1377         {
1378         1,
1379         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1380         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1381         SSL_kEDH,
1382         SSL_aNULL,
1383         SSL_CAMELLIA256,
1384         SSL_SHA1,
1385         SSL_TLSV1,
1386         SSL_NOT_EXP|SSL_HIGH,
1387         0,
1388         256,
1389         256,
1390         },
1391 #endif /* OPENSSL_NO_CAMELLIA */
1392
1393 #ifndef OPENSSL_NO_PSK
1394         /* Cipher 8A */
1395         {
1396         1,
1397         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1398         TLS1_CK_PSK_WITH_RC4_128_SHA,
1399         SSL_kPSK,
1400         SSL_aPSK,
1401         SSL_RC4,
1402         SSL_SHA1,
1403         SSL_TLSV1,
1404         SSL_NOT_EXP|SSL_MEDIUM,
1405         0,
1406         128,
1407         128,
1408         },
1409
1410         /* Cipher 8B */
1411         {
1412         1,
1413         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1414         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1415         SSL_kPSK,
1416         SSL_aPSK,
1417         SSL_3DES,
1418         SSL_SHA1,
1419         SSL_TLSV1,
1420         SSL_NOT_EXP|SSL_HIGH,
1421         0,
1422         168,
1423         168,
1424         },
1425
1426         /* Cipher 8C */
1427         {
1428         1,
1429         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1430         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1431         SSL_kPSK,
1432         SSL_aPSK,
1433         SSL_AES128,
1434         SSL_SHA1,
1435         SSL_TLSV1,
1436         SSL_NOT_EXP|SSL_HIGH,
1437         0,
1438         128,
1439         128,
1440         },
1441
1442         /* Cipher 8D */
1443         {
1444         1,
1445         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1446         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1447         SSL_kPSK,
1448         SSL_aPSK,
1449         SSL_AES256,
1450         SSL_SHA1,
1451         SSL_TLSV1,
1452         SSL_NOT_EXP|SSL_HIGH,
1453         0,
1454         256,
1455         256,
1456         },
1457 #endif  /* OPENSSL_NO_PSK */
1458
1459 #ifndef OPENSSL_NO_ECDH
1460         /* Cipher C001 */
1461         {
1462         1,
1463         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1464         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1465         SSL_kECDHe,
1466         SSL_aECDH,
1467         SSL_eNULL,
1468         SSL_SHA1,
1469         SSL_TLSV1,
1470         SSL_NOT_EXP,
1471         0,
1472         0,
1473         0,
1474         },
1475
1476         /* Cipher C002 */
1477         {
1478         1,
1479         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1480         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1481         SSL_kECDHe,
1482         SSL_aECDH,
1483         SSL_RC4,
1484         SSL_SHA1,
1485         SSL_TLSV1,
1486         SSL_NOT_EXP,
1487         0,
1488         128,
1489         128,
1490         },
1491
1492         /* Cipher C003 */
1493         {
1494         1,
1495         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1496         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1497         SSL_kECDHe,
1498         SSL_aECDH,
1499         SSL_3DES,
1500         SSL_SHA1,
1501         SSL_TLSV1,
1502         SSL_NOT_EXP|SSL_HIGH,
1503         0,
1504         168,
1505         168,
1506         },
1507
1508         /* Cipher C004 */
1509         {
1510         1,
1511         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1512         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1513         SSL_kECDHe,
1514         SSL_aECDH,
1515         SSL_AES128,
1516         SSL_SHA1,
1517         SSL_TLSV1,
1518         SSL_NOT_EXP|SSL_HIGH,
1519         0,
1520         128,
1521         128,
1522         },
1523
1524         /* Cipher C005 */
1525         {
1526         1,
1527         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1528         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1529         SSL_kECDHe,
1530         SSL_aECDH,
1531         SSL_AES256,
1532         SSL_SHA1,
1533         SSL_TLSV1,
1534         SSL_NOT_EXP|SSL_HIGH,
1535         0,
1536         256,
1537         256,
1538         },
1539
1540         /* Cipher C006 */
1541         {
1542         1,
1543         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1544         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1545         SSL_kEECDH,
1546         SSL_aECDSA,
1547         SSL_eNULL,
1548         SSL_SHA1,
1549         SSL_TLSV1,
1550         SSL_NOT_EXP,
1551         0,
1552         0,
1553         0,
1554         },
1555
1556         /* Cipher C007 */
1557         {
1558         1,
1559         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1560         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1561         SSL_kEECDH,
1562         SSL_aECDSA,
1563         SSL_RC4,
1564         SSL_SHA1,
1565         SSL_TLSV1,
1566         SSL_NOT_EXP,
1567         0,
1568         128,
1569         128,
1570         },
1571
1572         /* Cipher C008 */
1573         {
1574         1,
1575         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1576         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1577         SSL_kEECDH,
1578         SSL_aECDSA,
1579         SSL_3DES,
1580         SSL_SHA1,
1581         SSL_TLSV1,
1582         SSL_NOT_EXP|SSL_HIGH,
1583         0,
1584         168,
1585         168,
1586         },
1587
1588         /* Cipher C009 */
1589         {
1590         1,
1591         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1592         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1593         SSL_kEECDH,
1594         SSL_aECDSA,
1595         SSL_AES128,
1596         SSL_SHA1,
1597         SSL_TLSV1,
1598         SSL_NOT_EXP|SSL_HIGH,
1599         0,
1600         128,
1601         128,
1602         },
1603
1604         /* Cipher C00A */
1605         {
1606         1,
1607         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1608         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1609         SSL_kEECDH,
1610         SSL_aECDSA,
1611         SSL_AES256,
1612         SSL_SHA1,
1613         SSL_TLSV1,
1614         SSL_NOT_EXP|SSL_HIGH,
1615         0,
1616         256,
1617         256,
1618         },
1619
1620         /* Cipher C00B */
1621         {
1622         1,
1623         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1624         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1625         SSL_kECDHr,
1626         SSL_aECDH,
1627         SSL_eNULL,
1628         SSL_SHA1,
1629         SSL_TLSV1,
1630         SSL_NOT_EXP,
1631         0,
1632         0,
1633         0,
1634         },
1635
1636         /* Cipher C00C */
1637         {
1638         1,
1639         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1640         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1641         SSL_kECDHr,
1642         SSL_aECDH,
1643         SSL_RC4,
1644         SSL_SHA1,
1645         SSL_TLSV1,
1646         SSL_NOT_EXP,
1647         0,
1648         128,
1649         128,
1650         },
1651
1652         /* Cipher C00D */
1653         {
1654         1,
1655         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1656         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1657         SSL_kECDHr,
1658         SSL_aECDH,
1659         SSL_3DES,
1660         SSL_SHA1,
1661         SSL_TLSV1,
1662         SSL_NOT_EXP|SSL_HIGH,
1663         0,
1664         168,
1665         168,
1666         },
1667
1668         /* Cipher C00E */
1669         {
1670         1,
1671         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1672         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1673         SSL_kECDHr,
1674         SSL_aECDH,
1675         SSL_AES128,
1676         SSL_SHA1,
1677         SSL_TLSV1,
1678         SSL_NOT_EXP|SSL_HIGH,
1679         0,
1680         128,
1681         128,
1682         },
1683
1684         /* Cipher C00F */
1685         {
1686         1,
1687         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1688         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1689         SSL_kECDHr,
1690         SSL_aECDH,
1691         SSL_AES256,
1692         SSL_SHA1,
1693         SSL_TLSV1,
1694         SSL_NOT_EXP|SSL_HIGH,
1695         0,
1696         256,
1697         256,
1698         },
1699
1700         /* Cipher C010 */
1701         {
1702         1,
1703         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1704         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1705         SSL_kEECDH,
1706         SSL_aRSA,
1707         SSL_eNULL,
1708         SSL_SHA1,
1709         SSL_TLSV1,
1710         SSL_NOT_EXP,
1711         0,
1712         0,
1713         0,
1714         },
1715
1716         /* Cipher C011 */
1717         {
1718         1,
1719         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1720         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1721         SSL_kEECDH,
1722         SSL_aRSA,
1723         SSL_RC4,
1724         SSL_SHA1,
1725         SSL_TLSV1,
1726         SSL_NOT_EXP,
1727         0,
1728         128,
1729         128,
1730         },
1731
1732         /* Cipher C012 */
1733         {
1734         1,
1735         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1736         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1737         SSL_kEECDH,
1738         SSL_aRSA,
1739         SSL_3DES,
1740         SSL_SHA1,
1741         SSL_TLSV1,
1742         SSL_NOT_EXP|SSL_HIGH,
1743         0,
1744         168,
1745         168,
1746         },
1747
1748         /* Cipher C013 */
1749         {
1750         1,
1751         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1752         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1753         SSL_kEECDH,
1754         SSL_aRSA,
1755         SSL_AES128,
1756         SSL_SHA1,
1757         SSL_TLSV1,
1758         SSL_NOT_EXP|SSL_HIGH,
1759         0,
1760         128,
1761         128,
1762         },
1763
1764         /* Cipher C014 */
1765         {
1766         1,
1767         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1768         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1769         SSL_kEECDH,
1770         SSL_aRSA,
1771         SSL_AES256,
1772         SSL_SHA1,
1773         SSL_TLSV1,
1774         SSL_NOT_EXP|SSL_HIGH,
1775         0,
1776         256,
1777         256,
1778         },
1779
1780         /* Cipher C015 */
1781         {
1782         1,
1783         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1784         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1785         SSL_kEECDH,
1786         SSL_aNULL,
1787         SSL_eNULL,
1788         SSL_SHA1,
1789         SSL_TLSV1,
1790         SSL_NOT_EXP,
1791         0,
1792         0,
1793         0,
1794         },
1795
1796         /* Cipher C016 */
1797         {
1798         1,
1799         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1800         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1801         SSL_kEECDH,
1802         SSL_aNULL,
1803         SSL_RC4,
1804         SSL_SHA1,
1805         SSL_TLSV1,
1806         SSL_NOT_EXP,
1807         0,
1808         128,
1809         128,
1810         },
1811
1812         /* Cipher C017 */
1813         {
1814         1,
1815         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1816         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1817         SSL_kEECDH,
1818         SSL_aNULL,
1819         SSL_3DES,
1820         SSL_SHA1,
1821         SSL_TLSV1,
1822         SSL_NOT_EXP|SSL_HIGH,
1823         0,
1824         168,
1825         168,
1826         },
1827
1828         /* Cipher C018 */
1829         {
1830         1,
1831         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1832         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1833         SSL_kEECDH,
1834         SSL_aNULL,
1835         SSL_AES128,
1836         SSL_SHA1,
1837         SSL_TLSV1,
1838         SSL_NOT_EXP|SSL_HIGH,
1839         0,
1840         128,
1841         128,
1842         },
1843
1844         /* Cipher C019 */
1845         {
1846         1,
1847         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1848         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1849         SSL_kEECDH,
1850         SSL_aNULL,
1851         SSL_AES256,
1852         SSL_SHA1,
1853         SSL_TLSV1,
1854         SSL_NOT_EXP|SSL_HIGH,
1855         0,
1856         256,
1857         256,
1858         },
1859 #endif  /* OPENSSL_NO_ECDH */
1860
1861 /* end of list */
1862         };
1863
1864 SSL3_ENC_METHOD SSLv3_enc_data={
1865         ssl3_enc,
1866         ssl3_mac,
1867         ssl3_setup_key_block,
1868         ssl3_generate_master_secret,
1869         ssl3_change_cipher_state,
1870         ssl3_final_finish_mac,
1871         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1872         ssl3_cert_verify_mac,
1873         SSL3_MD_CLIENT_FINISHED_CONST,4,
1874         SSL3_MD_SERVER_FINISHED_CONST,4,
1875         ssl3_alert_code,
1876         };
1877
1878 long ssl3_default_timeout(void)
1879         {
1880         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1881          * is way too long for http, the cache would over fill */
1882         return(60*60*2);
1883         }
1884
1885 int ssl3_num_ciphers(void)
1886         {
1887         return(SSL3_NUM_CIPHERS);
1888         }
1889
1890 SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1891         {
1892         if (u < SSL3_NUM_CIPHERS)
1893                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
1894         else
1895                 return(NULL);
1896         }
1897
1898 int ssl3_pending(const SSL *s)
1899         {
1900         if (s->rstate == SSL_ST_READ_BODY)
1901                 return 0;
1902         
1903         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
1904         }
1905
1906 int ssl3_new(SSL *s)
1907         {
1908         SSL3_STATE *s3;
1909
1910         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1911         memset(s3,0,sizeof *s3);
1912         EVP_MD_CTX_init(&s3->finish_dgst1);
1913         EVP_MD_CTX_init(&s3->finish_dgst2);
1914         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
1915         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
1916
1917         s->s3=s3;
1918
1919         s->method->ssl_clear(s);
1920         return(1);
1921 err:
1922         return(0);
1923         }
1924
1925 void ssl3_free(SSL *s)
1926         {
1927         if(s == NULL)
1928             return;
1929
1930         ssl3_cleanup_key_block(s);
1931         if (s->s3->rbuf.buf != NULL)
1932                 OPENSSL_free(s->s3->rbuf.buf);
1933         if (s->s3->wbuf.buf != NULL)
1934                 OPENSSL_free(s->s3->wbuf.buf);
1935         if (s->s3->rrec.comp != NULL)
1936                 OPENSSL_free(s->s3->rrec.comp);
1937 #ifndef OPENSSL_NO_DH
1938         if (s->s3->tmp.dh != NULL)
1939                 DH_free(s->s3->tmp.dh);
1940 #endif
1941 #ifndef OPENSSL_NO_ECDH
1942         if (s->s3->tmp.ecdh != NULL)
1943                 EC_KEY_free(s->s3->tmp.ecdh);
1944 #endif
1945
1946         if (s->s3->tmp.ca_names != NULL)
1947                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1948         EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1949         EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1950
1951         OPENSSL_cleanse(s->s3,sizeof *s->s3);
1952         OPENSSL_free(s->s3);
1953         s->s3=NULL;
1954         }
1955
1956 void ssl3_clear(SSL *s)
1957         {
1958         unsigned char *rp,*wp;
1959         size_t rlen, wlen;
1960
1961         ssl3_cleanup_key_block(s);
1962         if (s->s3->tmp.ca_names != NULL)
1963                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1964
1965         if (s->s3->rrec.comp != NULL)
1966                 {
1967                 OPENSSL_free(s->s3->rrec.comp);
1968                 s->s3->rrec.comp=NULL;
1969                 }
1970 #ifndef OPENSSL_NO_DH
1971         if (s->s3->tmp.dh != NULL)
1972                 DH_free(s->s3->tmp.dh);
1973 #endif
1974 #ifndef OPENSSL_NO_ECDH
1975         if (s->s3->tmp.ecdh != NULL)
1976                 EC_KEY_free(s->s3->tmp.ecdh);
1977 #endif
1978
1979         rp = s->s3->rbuf.buf;
1980         wp = s->s3->wbuf.buf;
1981         rlen = s->s3->rbuf.len;
1982         wlen = s->s3->wbuf.len;
1983
1984         EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1985         EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1986
1987         memset(s->s3,0,sizeof *s->s3);
1988         s->s3->rbuf.buf = rp;
1989         s->s3->wbuf.buf = wp;
1990         s->s3->rbuf.len = rlen;
1991         s->s3->wbuf.len = wlen;
1992
1993         ssl_free_wbio_buffer(s);
1994
1995         s->packet_length=0;
1996         s->s3->renegotiate=0;
1997         s->s3->total_renegotiations=0;
1998         s->s3->num_renegotiations=0;
1999         s->s3->in_read_app_data=0;
2000         s->version=SSL3_VERSION;
2001         }
2002
2003 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2004         {
2005         int ret=0;
2006
2007 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2008         if (
2009 #ifndef OPENSSL_NO_RSA
2010             cmd == SSL_CTRL_SET_TMP_RSA ||
2011             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2012 #endif
2013 #ifndef OPENSSL_NO_DSA
2014             cmd == SSL_CTRL_SET_TMP_DH ||
2015             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2016 #endif
2017                 0)
2018                 {
2019                 if (!ssl_cert_inst(&s->cert))
2020                         {
2021                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2022                         return(0);
2023                         }
2024                 }
2025 #endif
2026
2027         switch (cmd)
2028                 {
2029         case SSL_CTRL_GET_SESSION_REUSED:
2030                 ret=s->hit;
2031                 break;
2032         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2033                 break;
2034         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2035                 ret=s->s3->num_renegotiations;
2036                 break;
2037         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2038                 ret=s->s3->num_renegotiations;
2039                 s->s3->num_renegotiations=0;
2040                 break;
2041         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2042                 ret=s->s3->total_renegotiations;
2043                 break;
2044         case SSL_CTRL_GET_FLAGS:
2045                 ret=(int)(s->s3->flags);
2046                 break;
2047 #ifndef OPENSSL_NO_RSA
2048         case SSL_CTRL_NEED_TMP_RSA:
2049                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2050                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2051                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2052                         ret = 1;
2053                 break;
2054         case SSL_CTRL_SET_TMP_RSA:
2055                 {
2056                         RSA *rsa = (RSA *)parg;
2057                         if (rsa == NULL)
2058                                 {
2059                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2060                                 return(ret);
2061                                 }
2062                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2063                                 {
2064                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2065                                 return(ret);
2066                                 }
2067                         if (s->cert->rsa_tmp != NULL)
2068                                 RSA_free(s->cert->rsa_tmp);
2069                         s->cert->rsa_tmp = rsa;
2070                         ret = 1;
2071                 }
2072                 break;
2073         case SSL_CTRL_SET_TMP_RSA_CB:
2074                 {
2075                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2076                 return(ret);
2077                 }
2078                 break;
2079 #endif
2080 #ifndef OPENSSL_NO_DH
2081         case SSL_CTRL_SET_TMP_DH:
2082                 {
2083                         DH *dh = (DH *)parg;
2084                         if (dh == NULL)
2085                                 {
2086                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2087                                 return(ret);
2088                                 }
2089                         if ((dh = DHparams_dup(dh)) == NULL)
2090                                 {
2091                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2092                                 return(ret);
2093                                 }
2094                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
2095                                 {
2096                                 if (!DH_generate_key(dh))
2097                                         {
2098                                         DH_free(dh);
2099                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2100                                         return(ret);
2101                                         }
2102                                 }
2103                         if (s->cert->dh_tmp != NULL)
2104                                 DH_free(s->cert->dh_tmp);
2105                         s->cert->dh_tmp = dh;
2106                         ret = 1;
2107                 }
2108                 break;
2109         case SSL_CTRL_SET_TMP_DH_CB:
2110                 {
2111                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2112                 return(ret);
2113                 }
2114                 break;
2115 #endif
2116 #ifndef OPENSSL_NO_ECDH
2117         case SSL_CTRL_SET_TMP_ECDH:
2118                 {
2119                 EC_KEY *ecdh = NULL;
2120                         
2121                 if (parg == NULL)
2122                         {
2123                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2124                         return(ret);
2125                         }
2126                 if (!EC_KEY_up_ref((EC_KEY *)parg))
2127                         {
2128                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2129                         return(ret);
2130                         }
2131                 ecdh = (EC_KEY *)parg;
2132                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2133                         {
2134                         if (!EC_KEY_generate_key(ecdh))
2135                                 {
2136                                 EC_KEY_free(ecdh);
2137                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2138                                 return(ret);
2139                                 }
2140                         }
2141                 if (s->cert->ecdh_tmp != NULL)
2142                         EC_KEY_free(s->cert->ecdh_tmp);
2143                 s->cert->ecdh_tmp = ecdh;
2144                 ret = 1;
2145                 }
2146                 break;
2147         case SSL_CTRL_SET_TMP_ECDH_CB:
2148                 {
2149                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2150                 return(ret);
2151                 }
2152                 break;
2153 #endif /* !OPENSSL_NO_ECDH */
2154 #ifndef OPENSSL_NO_TLSEXT
2155         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2156                 if (larg == TLSEXT_NAMETYPE_host_name)
2157                         {
2158                         if (s->tlsext_hostname != NULL) 
2159                                 OPENSSL_free(s->tlsext_hostname);
2160                         s->tlsext_hostname = NULL;
2161
2162                         ret = 1;
2163                         if (parg == NULL) 
2164                                 break;
2165                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2166                                 {
2167                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2168                                 return 0;
2169                                 }
2170                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2171                                 {
2172                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2173                                 return 0;
2174                                 }
2175                         }
2176                 else
2177                         {
2178                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2179                         return 0;
2180                         }
2181                 s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
2182                 break;
2183 #endif /* !OPENSSL_NO_TLSEXT */
2184         default:
2185                 break;
2186                 }
2187         return(ret);
2188         }
2189
2190 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2191         {
2192         int ret=0;
2193
2194 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2195         if (
2196 #ifndef OPENSSL_NO_RSA
2197             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2198 #endif
2199 #ifndef OPENSSL_NO_DSA
2200             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2201 #endif
2202                 0)
2203                 {
2204                 if (!ssl_cert_inst(&s->cert))
2205                         {
2206                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2207                         return(0);
2208                         }
2209                 }
2210 #endif
2211
2212         switch (cmd)
2213                 {
2214 #ifndef OPENSSL_NO_RSA
2215         case SSL_CTRL_SET_TMP_RSA_CB:
2216                 {
2217                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2218                 }
2219                 break;
2220 #endif
2221 #ifndef OPENSSL_NO_DH
2222         case SSL_CTRL_SET_TMP_DH_CB:
2223                 {
2224                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2225                 }
2226                 break;
2227 #endif
2228 #ifndef OPENSSL_NO_ECDH
2229         case SSL_CTRL_SET_TMP_ECDH_CB:
2230                 {
2231                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2232                 }
2233                 break;
2234 #endif
2235         default:
2236                 break;
2237                 }
2238         return(ret);
2239         }
2240
2241 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2242         {
2243         CERT *cert;
2244
2245         cert=ctx->cert;
2246
2247         switch (cmd)
2248                 {
2249 #ifndef OPENSSL_NO_RSA
2250         case SSL_CTRL_NEED_TMP_RSA:
2251                 if (    (cert->rsa_tmp == NULL) &&
2252                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2253                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2254                         )
2255                         return(1);
2256                 else
2257                         return(0);
2258                 /* break; */
2259         case SSL_CTRL_SET_TMP_RSA:
2260                 {
2261                 RSA *rsa;
2262                 int i;
2263
2264                 rsa=(RSA *)parg;
2265                 i=1;
2266                 if (rsa == NULL)
2267                         i=0;
2268                 else
2269                         {
2270                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2271                                 i=0;
2272                         }
2273                 if (!i)
2274                         {
2275                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2276                         return(0);
2277                         }
2278                 else
2279                         {
2280                         if (cert->rsa_tmp != NULL)
2281                                 RSA_free(cert->rsa_tmp);
2282                         cert->rsa_tmp=rsa;
2283                         return(1);
2284                         }
2285                 }
2286                 /* break; */
2287         case SSL_CTRL_SET_TMP_RSA_CB:
2288                 {
2289                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2290                 return(0);
2291                 }
2292                 break;
2293 #endif
2294 #ifndef OPENSSL_NO_DH
2295         case SSL_CTRL_SET_TMP_DH:
2296                 {
2297                 DH *new=NULL,*dh;
2298
2299                 dh=(DH *)parg;
2300                 if ((new=DHparams_dup(dh)) == NULL)
2301                         {
2302                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2303                         return 0;
2304                         }
2305                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2306                         {
2307                         if (!DH_generate_key(new))
2308                                 {
2309                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2310                                 DH_free(new);
2311                                 return 0;
2312                                 }
2313                         }
2314                 if (cert->dh_tmp != NULL)
2315                         DH_free(cert->dh_tmp);
2316                 cert->dh_tmp=new;
2317                 return 1;
2318                 }
2319                 /*break; */
2320         case SSL_CTRL_SET_TMP_DH_CB:
2321                 {
2322                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2323                 return(0);
2324                 }
2325                 break;
2326 #endif
2327 #ifndef OPENSSL_NO_ECDH
2328         case SSL_CTRL_SET_TMP_ECDH:
2329                 {
2330                 EC_KEY *ecdh = NULL;
2331                         
2332                 if (parg == NULL)
2333                         {
2334                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2335                         return 0;
2336                         }
2337                 ecdh = EC_KEY_dup((EC_KEY *)parg);
2338                 if (ecdh == NULL)
2339                         {
2340                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2341                         return 0;
2342                         }
2343                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2344                         {
2345                         if (!EC_KEY_generate_key(ecdh))
2346                                 {
2347                                 EC_KEY_free(ecdh);
2348                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2349                                 return 0;
2350                                 }
2351                         }
2352
2353                 if (cert->ecdh_tmp != NULL)
2354                         {
2355                         EC_KEY_free(cert->ecdh_tmp);
2356                         }
2357                 cert->ecdh_tmp = ecdh;
2358                 return 1;
2359                 }
2360                 /* break; */
2361         case SSL_CTRL_SET_TMP_ECDH_CB:
2362                 {
2363                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2364                 return(0);
2365                 }
2366                 break;
2367 #endif /* !OPENSSL_NO_ECDH */
2368 #ifndef OPENSSL_NO_TLSEXT
2369         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2370                 ctx->tlsext_servername_arg=parg;
2371                 break;
2372 #endif /* !OPENSSL_NO_TLSEXT */
2373         /* A Thawte special :-) */
2374         case SSL_CTRL_EXTRA_CHAIN_CERT:
2375                 if (ctx->extra_certs == NULL)
2376                         {
2377                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2378                                 return(0);
2379                         }
2380                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2381                 break;
2382
2383         default:
2384                 return(0);
2385                 }
2386         return(1);
2387         }
2388
2389 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2390         {
2391         CERT *cert;
2392
2393         cert=ctx->cert;
2394
2395         switch (cmd)
2396                 {
2397 #ifndef OPENSSL_NO_RSA
2398         case SSL_CTRL_SET_TMP_RSA_CB:
2399                 {
2400                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2401                 }
2402                 break;
2403 #endif
2404 #ifndef OPENSSL_NO_DH
2405         case SSL_CTRL_SET_TMP_DH_CB:
2406                 {
2407                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2408                 }
2409                 break;
2410 #endif
2411 #ifndef OPENSSL_NO_ECDH
2412         case SSL_CTRL_SET_TMP_ECDH_CB:
2413                 {
2414                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2415                 }
2416                 break;
2417 #endif
2418 #ifndef OPENSSL_NO_TLSEXT
2419         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2420                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2421                 break;
2422 #endif
2423         default:
2424                 return(0);
2425                 }
2426         return(1);
2427         }
2428
2429 /* This function needs to check if the ciphers required are actually
2430  * available */
2431 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2432         {
2433         SSL_CIPHER c,*cp;
2434         unsigned long id;
2435
2436         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2437         c.id=id;
2438         cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
2439                 (char *)ssl3_ciphers,
2440                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
2441                 FP_ICC ssl_cipher_id_cmp);
2442         if (cp == NULL || cp->valid == 0)
2443                 return NULL;
2444         else
2445                 return cp;
2446         }
2447
2448 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2449         {
2450         long l;
2451
2452         if (p != NULL)
2453                 {
2454                 l=c->id;
2455                 if ((l & 0xff000000) != 0x03000000) return(0);
2456                 p[0]=((unsigned char)(l>> 8L))&0xFF;
2457                 p[1]=((unsigned char)(l     ))&0xFF;
2458                 }
2459         return(2);
2460         }
2461
2462 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2463              STACK_OF(SSL_CIPHER) *srvr)
2464         {
2465         SSL_CIPHER *c,*ret=NULL;
2466         STACK_OF(SSL_CIPHER) *prio, *allow;
2467         int i,ii,ok;
2468         unsigned int j;
2469 #ifndef OPENSSL_NO_TLSEXT
2470 #ifndef OPENSSL_NO_EC
2471         int ec_ok, ec_nid;
2472         unsigned char ec_search1 = 0, ec_search2 = 0;
2473 #endif /* OPENSSL_NO_EC */
2474 #endif /* OPENSSL_NO_TLSEXT */
2475         CERT *cert;
2476         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2477
2478         /* Let's see which ciphers we can support */
2479         cert=s->cert;
2480
2481 #if 0
2482         /* Do not set the compare functions, because this may lead to a
2483          * reordering by "id". We want to keep the original ordering.
2484          * We may pay a price in performance during sk_SSL_CIPHER_find(),
2485          * but would have to pay with the price of sk_SSL_CIPHER_dup().
2486          */
2487         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2488         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2489 #endif
2490
2491 #ifdef CIPHER_DEBUG
2492         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
2493         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2494             {
2495             c=sk_SSL_CIPHER_value(srvr,i);
2496             printf("%p:%s\n",c,c->name);
2497             }
2498         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
2499         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2500             {
2501             c=sk_SSL_CIPHER_value(clnt,i);
2502             printf("%p:%s\n",c,c->name);
2503             }
2504 #endif
2505
2506         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2507             {
2508             prio = srvr;
2509             allow = clnt;
2510             }
2511         else
2512             {
2513             prio = clnt;
2514             allow = srvr;
2515             }
2516
2517         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2518                 {
2519                 c=sk_SSL_CIPHER_value(prio,i);
2520
2521                 ssl_set_cert_masks(cert,c);
2522                 mask_k = cert->mask_k;
2523                 mask_a = cert->mask_a;
2524                 emask_k = cert->export_mask_k;
2525                 emask_a = cert->export_mask_a;
2526                         
2527 #ifdef KSSL_DEBUG
2528                 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
2529 #endif    /* KSSL_DEBUG */
2530
2531                 alg_k=c->algorithm_mkey;
2532                 alg_a=c->algorithm_auth;
2533
2534 #ifndef OPENSSL_NO_KRB5
2535                 if (alg_k & SSL_kKRB5)
2536                         {
2537                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
2538                             continue;
2539                         }
2540 #endif /* OPENSSL_NO_KRB5 */
2541 #ifndef OPENSSL_NO_PSK
2542                 /* with PSK there must be server callback set */
2543                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2544                         continue;
2545 #endif /* OPENSSL_NO_PSK */
2546
2547                 if (SSL_C_IS_EXPORT(c))
2548                         {
2549                         ok = (alg_k & emask_k) && (alg_a & emask_a);
2550 #ifdef CIPHER_DEBUG
2551                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2552                                c,c->name);
2553 #endif
2554                         }
2555                 else
2556                         {
2557                         ok = (alg_k & mask_k) && (alg_a & mask_a);
2558 #ifdef CIPHER_DEBUG
2559                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,c,
2560                                c->name);
2561 #endif
2562                         }
2563
2564 #ifndef OPENSSL_NO_TLSEXT
2565 #ifndef OPENSSL_NO_EC
2566                 if (
2567                         /* if we are considering an ECC cipher suite that uses our certificate */
2568                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2569                         /* and we have an ECC certificate */
2570                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2571                         /* and the client specified a Supported Point Formats extension */
2572                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2573                         /* and our certificate's point is compressed */
2574                         && (
2575                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2576                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2577                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2578                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2579                                 && (
2580                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2581                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2582                                         )
2583                                 )
2584                 )
2585                         {
2586                         ec_ok = 0;
2587                         /* if our certificate's curve is over a field type that the client does not support
2588                          * then do not allow this cipher suite to be negotiated */
2589                         if (
2590                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2591                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2592                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2593                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2594                         )
2595                                 {
2596                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2597                                         {
2598                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2599                                                 {
2600                                                 ec_ok = 1;
2601                                                 break;
2602                                                 }
2603                                         }
2604                                 }
2605                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2606                                 {
2607                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2608                                         {
2609                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2610                                                 {
2611                                                 ec_ok = 1;
2612                                                 break;
2613                                                 }
2614                                         }
2615                                 }
2616                         ok = ok && ec_ok;
2617                         }
2618                 if (
2619                         /* if we are considering an ECC cipher suite that uses our certificate */
2620                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2621                         /* and we have an ECC certificate */
2622                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2623                         /* and the client specified an EllipticCurves extension */
2624                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2625                 )
2626                         {
2627                         ec_ok = 0;
2628                         if (
2629                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2630                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2631                         )
2632                                 {
2633                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2634                                 if ((ec_nid == 0)
2635                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2636                                 )
2637                                         {
2638                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2639                                                 {
2640                                                 ec_search1 = 0xFF;
2641                                                 ec_search2 = 0x01;
2642                                                 }
2643                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2644                                                 {
2645                                                 ec_search1 = 0xFF;
2646                                                 ec_search2 = 0x02;
2647                                                 }
2648                                         }
2649                                 else
2650                                         {
2651                                         ec_search1 = 0x00;
2652                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
2653                                         }
2654                                 if ((ec_search1 != 0) || (ec_search2 != 0))
2655                                         {
2656                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
2657                                                 {
2658                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
2659                                                         {
2660                                                         ec_ok = 1;
2661                                                         break;
2662                                                         }
2663                                                 }
2664                                         }
2665                                 }
2666                         ok = ok && ec_ok;
2667                         }
2668                 if (
2669                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
2670                         (alg_k & SSL_kEECDH)
2671                         /* and we have an ephemeral EC key */
2672                         && (s->cert->ecdh_tmp != NULL)
2673                         /* and the client specified an EllipticCurves extension */
2674                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2675                 )
2676                         {
2677                         ec_ok = 0;
2678                         if (s->cert->ecdh_tmp->group != NULL)
2679                                 {
2680                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
2681                                 if ((ec_nid == 0)
2682                                         && (s->cert->ecdh_tmp->group->meth != NULL)
2683                                 )
2684                                         {
2685                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
2686                                                 {
2687                                                 ec_search1 = 0xFF;
2688                                                 ec_search2 = 0x01;
2689                                                 }
2690                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
2691                                                 {
2692                                                 ec_search1 = 0xFF;
2693                                                 ec_search2 = 0x02;
2694                                                 }
2695                                         }
2696                                 else
2697                                         {
2698                                         ec_search1 = 0x00;
2699                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
2700                                         }
2701                                 if ((ec_search1 != 0) || (ec_search2 != 0))
2702                                         {
2703                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
2704                                                 {
2705                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
2706                                                         {
2707                                                         ec_ok = 1;
2708                                                         break;
2709                                                         }
2710                                                 }
2711                                         }
2712                                 }
2713                         ok = ok && ec_ok;
2714                         }
2715 #endif /* OPENSSL_NO_EC */
2716 #endif /* OPENSSL_NO_TLSEXT */
2717
2718                 if (!ok) continue;
2719                 ii=sk_SSL_CIPHER_find(allow,c);
2720                 if (ii >= 0)
2721                         {
2722                         ret=sk_SSL_CIPHER_value(allow,ii);
2723                         break;
2724                         }
2725                 }
2726         return(ret);
2727         }
2728
2729 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2730         {
2731         int ret=0;
2732         unsigned long alg_k;
2733
2734         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2735
2736 #ifndef OPENSSL_NO_DH
2737         if (alg_k & (SSL_kDHr|SSL_kEDH))
2738                 {
2739 #  ifndef OPENSSL_NO_RSA
2740                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
2741 #  endif
2742 #  ifndef OPENSSL_NO_DSA
2743                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
2744 #  endif
2745                 }
2746         if ((s->version == SSL3_VERSION) &&
2747                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
2748                 {
2749 #  ifndef OPENSSL_NO_RSA
2750                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
2751 #  endif
2752 #  ifndef OPENSSL_NO_DSA
2753                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
2754 #  endif
2755                 }
2756 #endif /* !OPENSSL_NO_DH */
2757 #ifndef OPENSSL_NO_RSA
2758         p[ret++]=SSL3_CT_RSA_SIGN;
2759 #endif
2760 #ifndef OPENSSL_NO_DSA
2761         p[ret++]=SSL3_CT_DSS_SIGN;
2762 #endif
2763 #ifndef OPENSSL_NO_ECDH
2764         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
2765                 {
2766                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2767                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
2768                 }
2769 #endif
2770
2771 #ifndef OPENSSL_NO_ECDSA
2772         /* ECDSA certs can be used with RSA cipher suites as well 
2773          * so we don't need to check for SSL_kECDH or SSL_kEECDH
2774          */
2775         if (s->version >= TLS1_VERSION)
2776                 {
2777                 p[ret++]=TLS_CT_ECDSA_SIGN;
2778                 }
2779 #endif  
2780         return(ret);
2781         }
2782
2783 int ssl3_shutdown(SSL *s)
2784         {
2785
2786         /* Don't do anything much if we have not done the handshake or
2787          * we don't want to send messages :-) */
2788         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
2789                 {
2790                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2791                 return(1);
2792                 }
2793
2794         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
2795                 {
2796                 s->shutdown|=SSL_SENT_SHUTDOWN;
2797 #if 1
2798                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
2799 #endif
2800                 /* our shutdown alert has been sent now, and if it still needs
2801                  * to be written, s->s3->alert_dispatch will be true */
2802                 }
2803         else if (s->s3->alert_dispatch)
2804                 {
2805                 /* resend it if not sent */
2806 #if 1
2807                 s->method->ssl_dispatch_alert(s);
2808 #endif
2809                 }
2810         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
2811                 {
2812                 /* If we are waiting for a close from our peer, we are closed */
2813                 s->method->ssl_read_bytes(s,0,NULL,0,0);
2814                 }
2815
2816         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2817                 !s->s3->alert_dispatch)
2818                 return(1);
2819         else
2820                 return(0);
2821         }
2822
2823 int ssl3_write(SSL *s, const void *buf, int len)
2824         {
2825         int ret,n;
2826
2827 #if 0
2828         if (s->shutdown & SSL_SEND_SHUTDOWN)
2829                 {
2830                 s->rwstate=SSL_NOTHING;
2831                 return(0);
2832                 }
2833 #endif
2834         clear_sys_error();
2835         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2836
2837         /* This is an experimental flag that sends the
2838          * last handshake message in the same packet as the first
2839          * use data - used to see if it helps the TCP protocol during
2840          * session-id reuse */
2841         /* The second test is because the buffer may have been removed */
2842         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
2843                 {
2844                 /* First time through, we write into the buffer */
2845                 if (s->s3->delay_buf_pop_ret == 0)
2846                         {
2847                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2848                                              buf,len);
2849                         if (ret <= 0) return(ret);
2850
2851                         s->s3->delay_buf_pop_ret=ret;
2852                         }
2853
2854                 s->rwstate=SSL_WRITING;
2855                 n=BIO_flush(s->wbio);
2856                 if (n <= 0) return(n);
2857                 s->rwstate=SSL_NOTHING;
2858
2859                 /* We have flushed the buffer, so remove it */
2860                 ssl_free_wbio_buffer(s);
2861                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2862
2863                 ret=s->s3->delay_buf_pop_ret;
2864                 s->s3->delay_buf_pop_ret=0;
2865                 }
2866         else
2867                 {
2868                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2869                         buf,len);
2870                 if (ret <= 0) return(ret);
2871                 }
2872
2873         return(ret);
2874         }
2875
2876 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2877         {
2878         int ret;
2879         
2880         clear_sys_error();
2881         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2882         s->s3->in_read_app_data=1;
2883         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2884         if ((ret == -1) && (s->s3->in_read_app_data == 2))
2885                 {
2886                 /* ssl3_read_bytes decided to call s->handshake_func, which
2887                  * called ssl3_read_bytes to read handshake data.
2888                  * However, ssl3_read_bytes actually found application data
2889                  * and thinks that application data makes sense here; so disable
2890                  * handshake processing and try to read application data again. */
2891                 s->in_handshake++;
2892                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2893                 s->in_handshake--;
2894                 }
2895         else
2896                 s->s3->in_read_app_data=0;
2897
2898         return(ret);
2899         }
2900
2901 int ssl3_read(SSL *s, void *buf, int len)
2902         {
2903         return ssl3_read_internal(s, buf, len, 0);
2904         }
2905
2906 int ssl3_peek(SSL *s, void *buf, int len)
2907         {
2908         return ssl3_read_internal(s, buf, len, 1);
2909         }
2910
2911 int ssl3_renegotiate(SSL *s)
2912         {
2913         if (s->handshake_func == NULL)
2914                 return(1);
2915
2916         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2917                 return(0);
2918
2919         s->s3->renegotiate=1;
2920         return(1);
2921         }
2922
2923 int ssl3_renegotiate_check(SSL *s)
2924         {
2925         int ret=0;
2926
2927         if (s->s3->renegotiate)
2928                 {
2929                 if (    (s->s3->rbuf.left == 0) &&
2930                         (s->s3->wbuf.left == 0) &&
2931                         !SSL_in_init(s))
2932                         {
2933 /*
2934 if we are the server, and we have sent a 'RENEGOTIATE' message, we
2935 need to go to SSL_ST_ACCEPT.
2936 */
2937                         /* SSL_ST_ACCEPT */
2938                         s->state=SSL_ST_RENEGOTIATE;
2939                         s->s3->renegotiate=0;
2940                         s->s3->num_renegotiations++;
2941                         s->s3->total_renegotiations++;
2942                         ret=1;
2943                         }
2944                 }
2945         return(ret);
2946         }
2947