d3f636a0954ac071f32ab0f5f4e3ac3145f19ee5
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663         {
664         1,
665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
666         SSL3_CK_KRB5_DES_64_CBC_SHA,
667         SSL_kKRB5,
668         SSL_aKRB5,
669         SSL_DES,
670         SSL_SHA1,
671         SSL_SSLV3,
672         SSL_NOT_EXP|SSL_LOW,
673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674         56,
675         56,
676         },
677
678 /* Cipher 1F */
679         {
680         1,
681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
683         SSL_kKRB5,
684         SSL_aKRB5,
685         SSL_3DES,
686         SSL_SHA1,
687         SSL_SSLV3,
688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690         168,
691         168,
692         },
693
694 /* Cipher 20 */
695         {
696         1,
697         SSL3_TXT_KRB5_RC4_128_SHA,
698         SSL3_CK_KRB5_RC4_128_SHA,
699         SSL_kKRB5,
700         SSL_aKRB5,
701         SSL_RC4,
702         SSL_SHA1,
703         SSL_SSLV3,
704         SSL_NOT_EXP|SSL_MEDIUM,
705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706         128,
707         128,
708         },
709
710 /* Cipher 21 */
711         {
712         1,
713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715         SSL_kKRB5,
716         SSL_aKRB5,
717         SSL_IDEA,
718         SSL_SHA1,
719         SSL_SSLV3,
720         SSL_NOT_EXP|SSL_MEDIUM,
721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722         128,
723         128,
724         },
725
726 /* Cipher 22 */
727         {
728         1,
729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
730         SSL3_CK_KRB5_DES_64_CBC_MD5,
731         SSL_kKRB5,
732         SSL_aKRB5,
733         SSL_DES,
734         SSL_MD5,
735         SSL_SSLV3,
736         SSL_NOT_EXP|SSL_LOW,
737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738         56,
739         56,
740         },
741
742 /* Cipher 23 */
743         {
744         1,
745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
747         SSL_kKRB5,
748         SSL_aKRB5,
749         SSL_3DES,
750         SSL_MD5,
751         SSL_SSLV3,
752         SSL_NOT_EXP|SSL_HIGH,
753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754         168,
755         168,
756         },
757
758 /* Cipher 24 */
759         {
760         1,
761         SSL3_TXT_KRB5_RC4_128_MD5,
762         SSL3_CK_KRB5_RC4_128_MD5,
763         SSL_kKRB5,
764         SSL_aKRB5,
765         SSL_RC4,
766         SSL_MD5,
767         SSL_SSLV3,
768         SSL_NOT_EXP|SSL_MEDIUM,
769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770         128,
771         128,
772         },
773
774 /* Cipher 25 */
775         {
776         1,
777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779         SSL_kKRB5,
780         SSL_aKRB5,
781         SSL_IDEA,
782         SSL_MD5,
783         SSL_SSLV3,
784         SSL_NOT_EXP|SSL_MEDIUM,
785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786         128,
787         128,
788         },
789
790 /* Cipher 26 */
791         {
792         1,
793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
794         SSL3_CK_KRB5_DES_40_CBC_SHA,
795         SSL_kKRB5,
796         SSL_aKRB5,
797         SSL_DES,
798         SSL_SHA1,
799         SSL_SSLV3,
800         SSL_EXPORT|SSL_EXP40,
801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802         40,
803         56,
804         },
805
806 /* Cipher 27 */
807         {
808         1,
809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
811         SSL_kKRB5,
812         SSL_aKRB5,
813         SSL_RC2,
814         SSL_SHA1,
815         SSL_SSLV3,
816         SSL_EXPORT|SSL_EXP40,
817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818         40,
819         128,
820         },
821
822 /* Cipher 28 */
823         {
824         1,
825         SSL3_TXT_KRB5_RC4_40_SHA,
826         SSL3_CK_KRB5_RC4_40_SHA,
827         SSL_kKRB5,
828         SSL_aKRB5,
829         SSL_RC4,
830         SSL_SHA1,
831         SSL_SSLV3,
832         SSL_EXPORT|SSL_EXP40,
833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834         40,
835         128,
836         },
837
838 /* Cipher 29 */
839         {
840         1,
841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
842         SSL3_CK_KRB5_DES_40_CBC_MD5,
843         SSL_kKRB5,
844         SSL_aKRB5,
845         SSL_DES,
846         SSL_MD5,
847         SSL_SSLV3,
848         SSL_EXPORT|SSL_EXP40,
849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850         40,
851         56,
852         },
853
854 /* Cipher 2A */
855         {
856         1,
857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
859         SSL_kKRB5,
860         SSL_aKRB5,
861         SSL_RC2,
862         SSL_MD5,
863         SSL_SSLV3,
864         SSL_EXPORT|SSL_EXP40,
865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866         40,
867         128,
868         },
869
870 /* Cipher 2B */
871         {
872         1,
873         SSL3_TXT_KRB5_RC4_40_MD5,
874         SSL3_CK_KRB5_RC4_40_MD5,
875         SSL_kKRB5,
876         SSL_aKRB5,
877         SSL_RC4,
878         SSL_MD5,
879         SSL_SSLV3,
880         SSL_EXPORT|SSL_EXP40,
881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882         40,
883         128,
884         },
885 #endif  /* OPENSSL_NO_KRB5 */
886
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889         {
890         1,
891         TLS1_TXT_RSA_WITH_AES_128_SHA,
892         TLS1_CK_RSA_WITH_AES_128_SHA,
893         SSL_kRSA,
894         SSL_aRSA,
895         SSL_AES128,
896         SSL_SHA1,
897         SSL_TLSV1,
898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900         128,
901         128,
902         },
903 /* Cipher 30 */
904         {
905         0,
906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908         SSL_kDHd,
909         SSL_aDH,
910         SSL_AES128,
911         SSL_SHA1,
912         SSL_TLSV1,
913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915         128,
916         128,
917         },
918 /* Cipher 31 */
919         {
920         0,
921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923         SSL_kDHr,
924         SSL_aDH,
925         SSL_AES128,
926         SSL_SHA1,
927         SSL_TLSV1,
928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930         128,
931         128,
932         },
933 /* Cipher 32 */
934         {
935         1,
936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938         SSL_kEDH,
939         SSL_aDSS,
940         SSL_AES128,
941         SSL_SHA1,
942         SSL_TLSV1,
943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945         128,
946         128,
947         },
948 /* Cipher 33 */
949         {
950         1,
951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953         SSL_kEDH,
954         SSL_aRSA,
955         SSL_AES128,
956         SSL_SHA1,
957         SSL_TLSV1,
958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960         128,
961         128,
962         },
963 /* Cipher 34 */
964         {
965         1,
966         TLS1_TXT_ADH_WITH_AES_128_SHA,
967         TLS1_CK_ADH_WITH_AES_128_SHA,
968         SSL_kEDH,
969         SSL_aNULL,
970         SSL_AES128,
971         SSL_SHA1,
972         SSL_TLSV1,
973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975         128,
976         128,
977         },
978
979 /* Cipher 35 */
980         {
981         1,
982         TLS1_TXT_RSA_WITH_AES_256_SHA,
983         TLS1_CK_RSA_WITH_AES_256_SHA,
984         SSL_kRSA,
985         SSL_aRSA,
986         SSL_AES256,
987         SSL_SHA1,
988         SSL_TLSV1,
989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991         256,
992         256,
993         },
994 /* Cipher 36 */
995         {
996         0,
997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073
1074         /* TLS v1.2 ciphersuites */
1075         /* Cipher 3B */
1076         {
1077         1,
1078         TLS1_TXT_RSA_WITH_NULL_SHA256,
1079         TLS1_CK_RSA_WITH_NULL_SHA256,
1080         SSL_kRSA,
1081         SSL_aRSA,
1082         SSL_eNULL,
1083         SSL_SHA256,
1084         SSL_SSLV3,
1085         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087         0,
1088         0,
1089         },
1090
1091         /* Cipher 3C */
1092         {
1093         1,
1094         TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095         TLS1_CK_RSA_WITH_AES_128_SHA256,
1096         SSL_kRSA,
1097         SSL_aRSA,
1098         SSL_AES128,
1099         SSL_SHA256,
1100         SSL_TLSV1,
1101         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103         128,
1104         128,
1105         },
1106
1107         /* Cipher 3D */
1108         {
1109         1,
1110         TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111         TLS1_CK_RSA_WITH_AES_256_SHA256,
1112         SSL_kRSA,
1113         SSL_aRSA,
1114         SSL_AES256,
1115         SSL_SHA256,
1116         SSL_TLSV1,
1117         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119         256,
1120         256,
1121         },
1122
1123         /* Cipher 3E */
1124         {
1125         0, /* not implemented (non-ephemeral DH) */
1126         TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127         TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128         SSL_kDHr,
1129         SSL_aDH,
1130         SSL_AES128,
1131         SSL_SHA256,
1132         SSL_TLSV1,
1133         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135         128,
1136         128,
1137         },
1138
1139         /* Cipher 3F */
1140         {
1141         0, /* not implemented (non-ephemeral DH) */
1142         TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143         TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144         SSL_kDHr,
1145         SSL_aDH,
1146         SSL_AES128,
1147         SSL_SHA256,
1148         SSL_TLSV1,
1149         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151         128,
1152         128,
1153         },
1154
1155         /* Cipher 40 */
1156         {
1157         1,
1158         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159         TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160         SSL_kEDH,
1161         SSL_aDSS,
1162         SSL_AES128,
1163         SSL_SHA256,
1164         SSL_TLSV1,
1165         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167         128,
1168         128,
1169         },
1170
1171 #ifndef OPENSSL_NO_CAMELLIA
1172         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173
1174         /* Cipher 41 */
1175         {
1176         1,
1177         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179         SSL_kRSA,
1180         SSL_aRSA,
1181         SSL_CAMELLIA128,
1182         SSL_SHA1,
1183         SSL_TLSV1,
1184         SSL_NOT_EXP|SSL_HIGH,
1185         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186         128,
1187         128,
1188         },
1189
1190         /* Cipher 42 */
1191         {
1192         0, /* not implemented (non-ephemeral DH) */
1193         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195         SSL_kDHd,
1196         SSL_aDH,
1197         SSL_CAMELLIA128,
1198         SSL_SHA1,
1199         SSL_TLSV1,
1200         SSL_NOT_EXP|SSL_HIGH,
1201         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202         128,
1203         128,
1204         },
1205
1206         /* Cipher 43 */
1207         {
1208         0, /* not implemented (non-ephemeral DH) */
1209         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211         SSL_kDHr,
1212         SSL_aDH,
1213         SSL_CAMELLIA128,
1214         SSL_SHA1,
1215         SSL_TLSV1,
1216         SSL_NOT_EXP|SSL_HIGH,
1217         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218         128,
1219         128,
1220         },
1221
1222         /* Cipher 44 */
1223         {
1224         1,
1225         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227         SSL_kEDH,
1228         SSL_aDSS,
1229         SSL_CAMELLIA128,
1230         SSL_SHA1,
1231         SSL_TLSV1,
1232         SSL_NOT_EXP|SSL_HIGH,
1233         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234         128,
1235         128,
1236         },
1237
1238         /* Cipher 45 */
1239         {
1240         1,
1241         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243         SSL_kEDH,
1244         SSL_aRSA,
1245         SSL_CAMELLIA128,
1246         SSL_SHA1,
1247         SSL_TLSV1,
1248         SSL_NOT_EXP|SSL_HIGH,
1249         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250         128,
1251         128,
1252         },
1253
1254         /* Cipher 46 */
1255         {
1256         1,
1257         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259         SSL_kEDH,
1260         SSL_aNULL,
1261         SSL_CAMELLIA128,
1262         SSL_SHA1,
1263         SSL_TLSV1,
1264         SSL_NOT_EXP|SSL_HIGH,
1265         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266         128,
1267         128,
1268         },
1269 #endif /* OPENSSL_NO_CAMELLIA */
1270
1271 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272         /* New TLS Export CipherSuites from expired ID */
1273 #if 0
1274         /* Cipher 60 */
1275         {
1276         1,
1277         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279         SSL_kRSA,
1280         SSL_aRSA,
1281         SSL_RC4,
1282         SSL_MD5,
1283         SSL_TLSV1,
1284         SSL_EXPORT|SSL_EXP56,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         56,
1287         128,
1288         },
1289
1290         /* Cipher 61 */
1291         {
1292         1,
1293         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295         SSL_kRSA,
1296         SSL_aRSA,
1297         SSL_RC2,
1298         SSL_MD5,
1299         SSL_TLSV1,
1300         SSL_EXPORT|SSL_EXP56,
1301         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302         56,
1303         128,
1304         },
1305 #endif
1306
1307         /* Cipher 62 */
1308         {
1309         1,
1310         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312         SSL_kRSA,
1313         SSL_aRSA,
1314         SSL_DES,
1315         SSL_SHA1,
1316         SSL_TLSV1,
1317         SSL_EXPORT|SSL_EXP56,
1318         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319         56,
1320         56,
1321         },
1322
1323         /* Cipher 63 */
1324         {
1325         1,
1326         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328         SSL_kEDH,
1329         SSL_aDSS,
1330         SSL_DES,
1331         SSL_SHA1,
1332         SSL_TLSV1,
1333         SSL_EXPORT|SSL_EXP56,
1334         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335         56,
1336         56,
1337         },
1338
1339         /* Cipher 64 */
1340         {
1341         1,
1342         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344         SSL_kRSA,
1345         SSL_aRSA,
1346         SSL_RC4,
1347         SSL_SHA1,
1348         SSL_TLSV1,
1349         SSL_EXPORT|SSL_EXP56,
1350         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351         56,
1352         128,
1353         },
1354
1355         /* Cipher 65 */
1356         {
1357         1,
1358         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360         SSL_kEDH,
1361         SSL_aDSS,
1362         SSL_RC4,
1363         SSL_SHA1,
1364         SSL_TLSV1,
1365         SSL_EXPORT|SSL_EXP56,
1366         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367         56,
1368         128,
1369         },
1370
1371         /* Cipher 66 */
1372         {
1373         1,
1374         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376         SSL_kEDH,
1377         SSL_aDSS,
1378         SSL_RC4,
1379         SSL_SHA1,
1380         SSL_TLSV1,
1381         SSL_NOT_EXP|SSL_MEDIUM,
1382         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383         128,
1384         128,
1385         },
1386 #endif
1387
1388         /* TLS v1.2 ciphersuites */
1389         /* Cipher 67 */
1390         {
1391         1,
1392         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393         TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394         SSL_kEDH,
1395         SSL_aRSA,
1396         SSL_AES128,
1397         SSL_SHA256,
1398         SSL_TLSV1,
1399         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401         128,
1402         128,
1403         },
1404
1405         /* Cipher 68 */
1406         {
1407         0, /* not implemented (non-ephemeral DH) */
1408         TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409         TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410         SSL_kDHr,
1411         SSL_aDH,
1412         SSL_AES256,
1413         SSL_SHA256,
1414         SSL_TLSV1,
1415         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417         256,
1418         256,
1419         },
1420
1421         /* Cipher 69 */
1422         {
1423         0, /* not implemented (non-ephemeral DH) */
1424         TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425         TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426         SSL_kDHr,
1427         SSL_aDH,
1428         SSL_AES256,
1429         SSL_SHA256,
1430         SSL_TLSV1,
1431         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433         256,
1434         256,
1435         },
1436
1437         /* Cipher 6A */
1438         {
1439         1,
1440         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441         TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442         SSL_kEDH,
1443         SSL_aDSS,
1444         SSL_AES256,
1445         SSL_SHA256,
1446         SSL_TLSV1,
1447         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449         256,
1450         256,
1451         },
1452
1453         /* Cipher 6B */
1454         {
1455         1,
1456         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457         TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458         SSL_kEDH,
1459         SSL_aRSA,
1460         SSL_AES256,
1461         SSL_SHA256,
1462         SSL_TLSV1,
1463         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465         256,
1466         256,
1467         },
1468
1469         /* Cipher 6C */
1470         {
1471         1,
1472         TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473         TLS1_CK_ADH_WITH_AES_128_SHA256,
1474         SSL_kEDH,
1475         SSL_aNULL,
1476         SSL_AES128,
1477         SSL_SHA256,
1478         SSL_TLSV1,
1479         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481         128,
1482         128,
1483         },
1484
1485         /* Cipher 6D */
1486         {
1487         1,
1488         TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489         TLS1_CK_ADH_WITH_AES_256_SHA256,
1490         SSL_kEDH,
1491         SSL_aNULL,
1492         SSL_AES256,
1493         SSL_SHA256,
1494         SSL_TLSV1,
1495         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497         256,
1498         256,
1499         },
1500
1501         /* GOST Ciphersuites */
1502
1503         {
1504         1,
1505         "GOST94-GOST89-GOST89",
1506         0x3000080,
1507         SSL_kGOST,
1508         SSL_aGOST94,
1509         SSL_eGOST2814789CNT,
1510         SSL_GOST89MAC,
1511         SSL_TLSV1,
1512         SSL_NOT_EXP|SSL_HIGH,
1513         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514         256,
1515         256
1516         },
1517         {
1518         1,
1519         "GOST2001-GOST89-GOST89",
1520         0x3000081,
1521         SSL_kGOST,
1522         SSL_aGOST01,
1523         SSL_eGOST2814789CNT,
1524         SSL_GOST89MAC,
1525         SSL_TLSV1,
1526         SSL_NOT_EXP|SSL_HIGH,
1527         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528         256,
1529         256
1530         },
1531         {
1532         1,
1533         "GOST94-NULL-GOST94",
1534         0x3000082,
1535         SSL_kGOST,
1536         SSL_aGOST94,
1537         SSL_eNULL,
1538         SSL_GOST94,
1539         SSL_TLSV1,
1540         SSL_NOT_EXP|SSL_STRONG_NONE,
1541         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542         0,
1543         0
1544         },
1545         {
1546         1,
1547         "GOST2001-NULL-GOST94",
1548         0x3000083,
1549         SSL_kGOST,
1550         SSL_aGOST01,
1551         SSL_eNULL,
1552         SSL_GOST94,
1553         SSL_TLSV1,
1554         SSL_NOT_EXP|SSL_STRONG_NONE,
1555         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556         0,
1557         0
1558         },
1559
1560 #ifndef OPENSSL_NO_CAMELLIA
1561         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1562
1563         /* Cipher 84 */
1564         {
1565         1,
1566         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568         SSL_kRSA,
1569         SSL_aRSA,
1570         SSL_CAMELLIA256,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_HIGH,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         256,
1576         256,
1577         },
1578         /* Cipher 85 */
1579         {
1580         0, /* not implemented (non-ephemeral DH) */
1581         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583         SSL_kDHd,
1584         SSL_aDH,
1585         SSL_CAMELLIA256,
1586         SSL_SHA1,
1587         SSL_TLSV1,
1588         SSL_NOT_EXP|SSL_HIGH,
1589         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590         256,
1591         256,
1592         },
1593
1594         /* Cipher 86 */
1595         {
1596         0, /* not implemented (non-ephemeral DH) */
1597         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599         SSL_kDHr,
1600         SSL_aDH,
1601         SSL_CAMELLIA256,
1602         SSL_SHA1,
1603         SSL_TLSV1,
1604         SSL_NOT_EXP|SSL_HIGH,
1605         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606         256,
1607         256,
1608         },
1609
1610         /* Cipher 87 */
1611         {
1612         1,
1613         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615         SSL_kEDH,
1616         SSL_aDSS,
1617         SSL_CAMELLIA256,
1618         SSL_SHA1,
1619         SSL_TLSV1,
1620         SSL_NOT_EXP|SSL_HIGH,
1621         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622         256,
1623         256,
1624         },
1625
1626         /* Cipher 88 */
1627         {
1628         1,
1629         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631         SSL_kEDH,
1632         SSL_aRSA,
1633         SSL_CAMELLIA256,
1634         SSL_SHA1,
1635         SSL_TLSV1,
1636         SSL_NOT_EXP|SSL_HIGH,
1637         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638         256,
1639         256,
1640         },
1641
1642         /* Cipher 89 */
1643         {
1644         1,
1645         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647         SSL_kEDH,
1648         SSL_aNULL,
1649         SSL_CAMELLIA256,
1650         SSL_SHA1,
1651         SSL_TLSV1,
1652         SSL_NOT_EXP|SSL_HIGH,
1653         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654         256,
1655         256,
1656         },
1657 #endif /* OPENSSL_NO_CAMELLIA */
1658
1659 #ifndef OPENSSL_NO_PSK
1660         /* Cipher 8A */
1661         {
1662         1,
1663         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664         TLS1_CK_PSK_WITH_RC4_128_SHA,
1665         SSL_kPSK,
1666         SSL_aPSK,
1667         SSL_RC4,
1668         SSL_SHA1,
1669         SSL_TLSV1,
1670         SSL_NOT_EXP|SSL_MEDIUM,
1671         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672         128,
1673         128,
1674         },
1675
1676         /* Cipher 8B */
1677         {
1678         1,
1679         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681         SSL_kPSK,
1682         SSL_aPSK,
1683         SSL_3DES,
1684         SSL_SHA1,
1685         SSL_TLSV1,
1686         SSL_NOT_EXP|SSL_HIGH,
1687         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688         168,
1689         168,
1690         },
1691
1692         /* Cipher 8C */
1693         {
1694         1,
1695         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697         SSL_kPSK,
1698         SSL_aPSK,
1699         SSL_AES128,
1700         SSL_SHA1,
1701         SSL_TLSV1,
1702         SSL_NOT_EXP|SSL_HIGH,
1703         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704         128,
1705         128,
1706         },
1707
1708         /* Cipher 8D */
1709         {
1710         1,
1711         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713         SSL_kPSK,
1714         SSL_aPSK,
1715         SSL_AES256,
1716         SSL_SHA1,
1717         SSL_TLSV1,
1718         SSL_NOT_EXP|SSL_HIGH,
1719         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720         256,
1721         256,
1722         },
1723 #endif  /* OPENSSL_NO_PSK */
1724
1725 #ifndef OPENSSL_NO_SEED
1726         /* SEED ciphersuites from RFC4162 */
1727
1728         /* Cipher 96 */
1729         {
1730         1,
1731         TLS1_TXT_RSA_WITH_SEED_SHA,
1732         TLS1_CK_RSA_WITH_SEED_SHA,
1733         SSL_kRSA,
1734         SSL_aRSA,
1735         SSL_SEED,
1736         SSL_SHA1,
1737         SSL_TLSV1,
1738         SSL_NOT_EXP|SSL_MEDIUM,
1739         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740         128,
1741         128,
1742         },
1743
1744         /* Cipher 97 */
1745         {
1746         0, /* not implemented (non-ephemeral DH) */
1747         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749         SSL_kDHd,
1750         SSL_aDH,
1751         SSL_SEED,
1752         SSL_SHA1,
1753         SSL_TLSV1,
1754         SSL_NOT_EXP|SSL_MEDIUM,
1755         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756         128,
1757         128,
1758         },
1759
1760         /* Cipher 98 */
1761         {
1762         0, /* not implemented (non-ephemeral DH) */
1763         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765         SSL_kDHr,
1766         SSL_aDH,
1767         SSL_SEED,
1768         SSL_SHA1,
1769         SSL_TLSV1,
1770         SSL_NOT_EXP|SSL_MEDIUM,
1771         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772         128,
1773         128,
1774         },
1775
1776         /* Cipher 99 */
1777         {
1778         1,
1779         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781         SSL_kEDH,
1782         SSL_aDSS,
1783         SSL_SEED,
1784         SSL_SHA1,
1785         SSL_TLSV1,
1786         SSL_NOT_EXP|SSL_MEDIUM,
1787         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788         128,
1789         128,
1790         },
1791
1792         /* Cipher 9A */
1793         {
1794         1,
1795         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797         SSL_kEDH,
1798         SSL_aRSA,
1799         SSL_SEED,
1800         SSL_SHA1,
1801         SSL_TLSV1,
1802         SSL_NOT_EXP|SSL_MEDIUM,
1803         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804         128,
1805         128,
1806         },
1807
1808         /* Cipher 9B */
1809         {
1810         1,
1811         TLS1_TXT_ADH_WITH_SEED_SHA,
1812         TLS1_CK_ADH_WITH_SEED_SHA,
1813         SSL_kEDH,
1814         SSL_aNULL,
1815         SSL_SEED,
1816         SSL_SHA1,
1817         SSL_TLSV1,
1818         SSL_NOT_EXP|SSL_MEDIUM,
1819         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820         128,
1821         128,
1822         },
1823
1824 #endif /* OPENSSL_NO_SEED */
1825
1826         /* GCM ciphersuites from RFC5288 */
1827
1828         /* Cipher 9C */
1829         {
1830         1,
1831         TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832         TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833         SSL_kRSA,
1834         SSL_aRSA,
1835         SSL_AES128GCM,
1836         SSL_AEAD,
1837         SSL_TLSV1_2,
1838         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840         128,
1841         128,
1842         },
1843
1844         /* Cipher 9D */
1845         {
1846         1,
1847         TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848         TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849         SSL_kRSA,
1850         SSL_aRSA,
1851         SSL_AES256GCM,
1852         SSL_AEAD,
1853         SSL_TLSV1_2,
1854         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856         256,
1857         256,
1858         },
1859
1860         /* Cipher 9E */
1861         {
1862         1,
1863         TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864         TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865         SSL_kEDH,
1866         SSL_aRSA,
1867         SSL_AES128GCM,
1868         SSL_AEAD,
1869         SSL_TLSV1_2,
1870         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872         128,
1873         128,
1874         },
1875
1876         /* Cipher 9F */
1877         {
1878         1,
1879         TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880         TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881         SSL_kEDH,
1882         SSL_aRSA,
1883         SSL_AES256GCM,
1884         SSL_AEAD,
1885         SSL_TLSV1_2,
1886         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888         256,
1889         256,
1890         },
1891
1892         /* Cipher A0 */
1893         {
1894         0,
1895         TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896         TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897         SSL_kDHr,
1898         SSL_aDH,
1899         SSL_AES128GCM,
1900         SSL_AEAD,
1901         SSL_TLSV1_2,
1902         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904         128,
1905         128,
1906         },
1907
1908         /* Cipher A1 */
1909         {
1910         0,
1911         TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912         TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913         SSL_kDHr,
1914         SSL_aDH,
1915         SSL_AES256GCM,
1916         SSL_AEAD,
1917         SSL_TLSV1_2,
1918         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920         256,
1921         256,
1922         },
1923
1924         /* Cipher A2 */
1925         {
1926         1,
1927         TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928         TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929         SSL_kEDH,
1930         SSL_aDSS,
1931         SSL_AES128GCM,
1932         SSL_AEAD,
1933         SSL_TLSV1_2,
1934         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936         128,
1937         128,
1938         },
1939
1940         /* Cipher A3 */
1941         {
1942         1,
1943         TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944         TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945         SSL_kEDH,
1946         SSL_aDSS,
1947         SSL_AES256GCM,
1948         SSL_AEAD,
1949         SSL_TLSV1_2,
1950         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952         256,
1953         256,
1954         },
1955
1956         /* Cipher A4 */
1957         {
1958         0,
1959         TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960         TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961         SSL_kDHr,
1962         SSL_aDH,
1963         SSL_AES128GCM,
1964         SSL_AEAD,
1965         SSL_TLSV1_2,
1966         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968         128,
1969         128,
1970         },
1971
1972         /* Cipher A5 */
1973         {
1974         0,
1975         TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976         TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977         SSL_kDHr,
1978         SSL_aDH,
1979         SSL_AES256GCM,
1980         SSL_AEAD,
1981         SSL_TLSV1_2,
1982         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984         256,
1985         256,
1986         },
1987
1988         /* Cipher A6 */
1989         {
1990         1,
1991         TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992         TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993         SSL_kEDH,
1994         SSL_aNULL,
1995         SSL_AES128GCM,
1996         SSL_AEAD,
1997         SSL_TLSV1_2,
1998         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000         128,
2001         128,
2002         },
2003
2004         /* Cipher A7 */
2005         {
2006         1,
2007         TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008         TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009         SSL_kEDH,
2010         SSL_aNULL,
2011         SSL_AES256GCM,
2012         SSL_AEAD,
2013         SSL_TLSV1_2,
2014         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016         256,
2017         256,
2018         },
2019
2020 #ifndef OPENSSL_NO_ECDH
2021         /* Cipher C001 */
2022         {
2023         1,
2024         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026         SSL_kECDHe,
2027         SSL_aECDH,
2028         SSL_eNULL,
2029         SSL_SHA1,
2030         SSL_TLSV1,
2031         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033         0,
2034         0,
2035         },
2036
2037         /* Cipher C002 */
2038         {
2039         1,
2040         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042         SSL_kECDHe,
2043         SSL_aECDH,
2044         SSL_RC4,
2045         SSL_SHA1,
2046         SSL_TLSV1,
2047         SSL_NOT_EXP|SSL_MEDIUM,
2048         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049         128,
2050         128,
2051         },
2052
2053         /* Cipher C003 */
2054         {
2055         1,
2056         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058         SSL_kECDHe,
2059         SSL_aECDH,
2060         SSL_3DES,
2061         SSL_SHA1,
2062         SSL_TLSV1,
2063         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065         168,
2066         168,
2067         },
2068
2069         /* Cipher C004 */
2070         {
2071         1,
2072         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074         SSL_kECDHe,
2075         SSL_aECDH,
2076         SSL_AES128,
2077         SSL_SHA1,
2078         SSL_TLSV1,
2079         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081         128,
2082         128,
2083         },
2084
2085         /* Cipher C005 */
2086         {
2087         1,
2088         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090         SSL_kECDHe,
2091         SSL_aECDH,
2092         SSL_AES256,
2093         SSL_SHA1,
2094         SSL_TLSV1,
2095         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097         256,
2098         256,
2099         },
2100
2101         /* Cipher C006 */
2102         {
2103         1,
2104         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106         SSL_kEECDH,
2107         SSL_aECDSA,
2108         SSL_eNULL,
2109         SSL_SHA1,
2110         SSL_TLSV1,
2111         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113         0,
2114         0,
2115         },
2116
2117         /* Cipher C007 */
2118         {
2119         1,
2120         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122         SSL_kEECDH,
2123         SSL_aECDSA,
2124         SSL_RC4,
2125         SSL_SHA1,
2126         SSL_TLSV1,
2127         SSL_NOT_EXP|SSL_MEDIUM,
2128         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129         128,
2130         128,
2131         },
2132
2133         /* Cipher C008 */
2134         {
2135         1,
2136         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138         SSL_kEECDH,
2139         SSL_aECDSA,
2140         SSL_3DES,
2141         SSL_SHA1,
2142         SSL_TLSV1,
2143         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145         168,
2146         168,
2147         },
2148
2149         /* Cipher C009 */
2150         {
2151         1,
2152         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154         SSL_kEECDH,
2155         SSL_aECDSA,
2156         SSL_AES128,
2157         SSL_SHA1,
2158         SSL_TLSV1,
2159         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161         128,
2162         128,
2163         },
2164
2165         /* Cipher C00A */
2166         {
2167         1,
2168         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170         SSL_kEECDH,
2171         SSL_aECDSA,
2172         SSL_AES256,
2173         SSL_SHA1,
2174         SSL_TLSV1,
2175         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177         256,
2178         256,
2179         },
2180
2181         /* Cipher C00B */
2182         {
2183         1,
2184         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186         SSL_kECDHr,
2187         SSL_aECDH,
2188         SSL_eNULL,
2189         SSL_SHA1,
2190         SSL_TLSV1,
2191         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193         0,
2194         0,
2195         },
2196
2197         /* Cipher C00C */
2198         {
2199         1,
2200         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202         SSL_kECDHr,
2203         SSL_aECDH,
2204         SSL_RC4,
2205         SSL_SHA1,
2206         SSL_TLSV1,
2207         SSL_NOT_EXP|SSL_MEDIUM,
2208         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209         128,
2210         128,
2211         },
2212
2213         /* Cipher C00D */
2214         {
2215         1,
2216         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218         SSL_kECDHr,
2219         SSL_aECDH,
2220         SSL_3DES,
2221         SSL_SHA1,
2222         SSL_TLSV1,
2223         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225         168,
2226         168,
2227         },
2228
2229         /* Cipher C00E */
2230         {
2231         1,
2232         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234         SSL_kECDHr,
2235         SSL_aECDH,
2236         SSL_AES128,
2237         SSL_SHA1,
2238         SSL_TLSV1,
2239         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241         128,
2242         128,
2243         },
2244
2245         /* Cipher C00F */
2246         {
2247         1,
2248         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250         SSL_kECDHr,
2251         SSL_aECDH,
2252         SSL_AES256,
2253         SSL_SHA1,
2254         SSL_TLSV1,
2255         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257         256,
2258         256,
2259         },
2260
2261         /* Cipher C010 */
2262         {
2263         1,
2264         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266         SSL_kEECDH,
2267         SSL_aRSA,
2268         SSL_eNULL,
2269         SSL_SHA1,
2270         SSL_TLSV1,
2271         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273         0,
2274         0,
2275         },
2276
2277         /* Cipher C011 */
2278         {
2279         1,
2280         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282         SSL_kEECDH,
2283         SSL_aRSA,
2284         SSL_RC4,
2285         SSL_SHA1,
2286         SSL_TLSV1,
2287         SSL_NOT_EXP|SSL_MEDIUM,
2288         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289         128,
2290         128,
2291         },
2292
2293         /* Cipher C012 */
2294         {
2295         1,
2296         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298         SSL_kEECDH,
2299         SSL_aRSA,
2300         SSL_3DES,
2301         SSL_SHA1,
2302         SSL_TLSV1,
2303         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305         168,
2306         168,
2307         },
2308
2309         /* Cipher C013 */
2310         {
2311         1,
2312         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314         SSL_kEECDH,
2315         SSL_aRSA,
2316         SSL_AES128,
2317         SSL_SHA1,
2318         SSL_TLSV1,
2319         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321         128,
2322         128,
2323         },
2324
2325         /* Cipher C014 */
2326         {
2327         1,
2328         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330         SSL_kEECDH,
2331         SSL_aRSA,
2332         SSL_AES256,
2333         SSL_SHA1,
2334         SSL_TLSV1,
2335         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337         256,
2338         256,
2339         },
2340
2341         /* Cipher C015 */
2342         {
2343         1,
2344         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346         SSL_kEECDH,
2347         SSL_aNULL,
2348         SSL_eNULL,
2349         SSL_SHA1,
2350         SSL_TLSV1,
2351         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353         0,
2354         0,
2355         },
2356
2357         /* Cipher C016 */
2358         {
2359         1,
2360         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362         SSL_kEECDH,
2363         SSL_aNULL,
2364         SSL_RC4,
2365         SSL_SHA1,
2366         SSL_TLSV1,
2367         SSL_NOT_EXP|SSL_MEDIUM,
2368         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369         128,
2370         128,
2371         },
2372
2373         /* Cipher C017 */
2374         {
2375         1,
2376         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378         SSL_kEECDH,
2379         SSL_aNULL,
2380         SSL_3DES,
2381         SSL_SHA1,
2382         SSL_TLSV1,
2383         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385         168,
2386         168,
2387         },
2388
2389         /* Cipher C018 */
2390         {
2391         1,
2392         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394         SSL_kEECDH,
2395         SSL_aNULL,
2396         SSL_AES128,
2397         SSL_SHA1,
2398         SSL_TLSV1,
2399         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401         128,
2402         128,
2403         },
2404
2405         /* Cipher C019 */
2406         {
2407         1,
2408         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410         SSL_kEECDH,
2411         SSL_aNULL,
2412         SSL_AES256,
2413         SSL_SHA1,
2414         SSL_TLSV1,
2415         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417         256,
2418         256,
2419         },
2420 #endif  /* OPENSSL_NO_ECDH */
2421
2422 #ifndef OPENSSL_NO_SRP
2423         /* Cipher C01A */
2424         {
2425         1,
2426         TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427         TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428         SSL_kSRP,
2429         SSL_aNULL,
2430         SSL_3DES,
2431         SSL_SHA1,
2432         SSL_TLSV1,
2433         SSL_NOT_EXP|SSL_HIGH,
2434         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435         168,
2436         168,
2437         },
2438
2439         /* Cipher C01B */
2440         {
2441         1,
2442         TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443         TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444         SSL_kSRP,
2445         SSL_aRSA,
2446         SSL_3DES,
2447         SSL_SHA1,
2448         SSL_TLSV1,
2449         SSL_NOT_EXP|SSL_HIGH,
2450         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451         168,
2452         168,
2453         },
2454
2455         /* Cipher C01C */
2456         {
2457         1,
2458         TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459         TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460         SSL_kSRP,
2461         SSL_aDSS,
2462         SSL_3DES,
2463         SSL_SHA1,
2464         SSL_TLSV1,
2465         SSL_NOT_EXP|SSL_HIGH,
2466         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467         168,
2468         168,
2469         },
2470
2471         /* Cipher C01D */
2472         {
2473         1,
2474         TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475         TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476         SSL_kSRP,
2477         SSL_aNULL,
2478         SSL_AES128,
2479         SSL_SHA1,
2480         SSL_TLSV1,
2481         SSL_NOT_EXP|SSL_HIGH,
2482         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483         128,
2484         128,
2485         },
2486
2487         /* Cipher C01E */
2488         {
2489         1,
2490         TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491         TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492         SSL_kSRP,
2493         SSL_aRSA,
2494         SSL_AES128,
2495         SSL_SHA1,
2496         SSL_TLSV1,
2497         SSL_NOT_EXP|SSL_HIGH,
2498         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499         128,
2500         128,
2501         },
2502
2503         /* Cipher C01F */
2504         {
2505         1,
2506         TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507         TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508         SSL_kSRP,
2509         SSL_aDSS,
2510         SSL_AES128,
2511         SSL_SHA1,
2512         SSL_TLSV1,
2513         SSL_NOT_EXP|SSL_HIGH,
2514         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515         128,
2516         128,
2517         },
2518
2519         /* Cipher C020 */
2520         {
2521         1,
2522         TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523         TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524         SSL_kSRP,
2525         SSL_aNULL,
2526         SSL_AES256,
2527         SSL_SHA1,
2528         SSL_TLSV1,
2529         SSL_NOT_EXP|SSL_HIGH,
2530         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531         256,
2532         256,
2533         },
2534
2535         /* Cipher C021 */
2536         {
2537         1,
2538         TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539         TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540         SSL_kSRP,
2541         SSL_aRSA,
2542         SSL_AES256,
2543         SSL_SHA1,
2544         SSL_TLSV1,
2545         SSL_NOT_EXP|SSL_HIGH,
2546         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547         256,
2548         256,
2549         },
2550
2551         /* Cipher C022 */
2552         {
2553         1,
2554         TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555         TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556         SSL_kSRP,
2557         SSL_aDSS,
2558         SSL_AES256,
2559         SSL_SHA1,
2560         SSL_TLSV1,
2561         SSL_NOT_EXP|SSL_HIGH,
2562         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563         256,
2564         256,
2565         },
2566 #endif  /* OPENSSL_NO_SRP */
2567 #ifndef OPENSSL_NO_ECDH
2568
2569         /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2570
2571         /* Cipher C023 */
2572         {
2573         1,
2574         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576         SSL_kEECDH,
2577         SSL_aECDSA,
2578         SSL_AES128,
2579         SSL_SHA256,
2580         SSL_TLSV1_2,
2581         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583         128,
2584         128,
2585         },
2586
2587         /* Cipher C024 */
2588         {
2589         1,
2590         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592         SSL_kEECDH,
2593         SSL_aECDSA,
2594         SSL_AES256,
2595         SSL_SHA384,
2596         SSL_TLSV1_2,
2597         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599         256,
2600         256,
2601         },
2602
2603         /* Cipher C025 */
2604         {
2605         1,
2606         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607         TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608         SSL_kECDHe,
2609         SSL_aECDH,
2610         SSL_AES128,
2611         SSL_SHA256,
2612         SSL_TLSV1_2,
2613         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615         128,
2616         128,
2617         },
2618
2619         /* Cipher C026 */
2620         {
2621         1,
2622         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623         TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624         SSL_kECDHe,
2625         SSL_aECDH,
2626         SSL_AES256,
2627         SSL_SHA384,
2628         SSL_TLSV1_2,
2629         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631         256,
2632         256,
2633         },
2634
2635         /* Cipher C027 */
2636         {
2637         1,
2638         TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639         TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640         SSL_kEECDH,
2641         SSL_aRSA,
2642         SSL_AES128,
2643         SSL_SHA256,
2644         SSL_TLSV1_2,
2645         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647         128,
2648         128,
2649         },
2650
2651         /* Cipher C028 */
2652         {
2653         1,
2654         TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655         TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656         SSL_kEECDH,
2657         SSL_aRSA,
2658         SSL_AES256,
2659         SSL_SHA384,
2660         SSL_TLSV1_2,
2661         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663         256,
2664         256,
2665         },
2666
2667         /* Cipher C029 */
2668         {
2669         1,
2670         TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671         TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672         SSL_kECDHe,
2673         SSL_aECDH,
2674         SSL_AES128,
2675         SSL_SHA256,
2676         SSL_TLSV1_2,
2677         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679         128,
2680         128,
2681         },
2682
2683         /* Cipher C02A */
2684         {
2685         1,
2686         TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687         TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688         SSL_kECDHe,
2689         SSL_aECDH,
2690         SSL_AES256,
2691         SSL_SHA384,
2692         SSL_TLSV1_2,
2693         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695         256,
2696         256,
2697         },
2698
2699         /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700
2701         /* Cipher C02B */
2702         {
2703         1,
2704         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706         SSL_kEECDH,
2707         SSL_aECDSA,
2708         SSL_AES128GCM,
2709         SSL_AEAD,
2710         SSL_TLSV1_2,
2711         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713         128,
2714         128,
2715         },
2716
2717         /* Cipher C02C */
2718         {
2719         1,
2720         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722         SSL_kEECDH,
2723         SSL_aECDSA,
2724         SSL_AES256GCM,
2725         SSL_AEAD,
2726         SSL_TLSV1_2,
2727         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729         256,
2730         256,
2731         },
2732
2733         /* Cipher C02D */
2734         {
2735         1,
2736         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737         TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738         SSL_kECDHe,
2739         SSL_aECDH,
2740         SSL_AES128GCM,
2741         SSL_AEAD,
2742         SSL_TLSV1_2,
2743         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745         128,
2746         128,
2747         },
2748
2749         /* Cipher C02E */
2750         {
2751         1,
2752         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753         TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754         SSL_kECDHe,
2755         SSL_aECDH,
2756         SSL_AES256GCM,
2757         SSL_AEAD,
2758         SSL_TLSV1_2,
2759         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761         256,
2762         256,
2763         },
2764
2765         /* Cipher C02F */
2766         {
2767         1,
2768         TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769         TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770         SSL_kEECDH,
2771         SSL_aRSA,
2772         SSL_AES128GCM,
2773         SSL_AEAD,
2774         SSL_TLSV1_2,
2775         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777         128,
2778         128,
2779         },
2780
2781         /* Cipher C030 */
2782         {
2783         1,
2784         TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785         TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786         SSL_kEECDH,
2787         SSL_aRSA,
2788         SSL_AES256GCM,
2789         SSL_AEAD,
2790         SSL_TLSV1_2,
2791         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793         256,
2794         256,
2795         },
2796
2797         /* Cipher C031 */
2798         {
2799         1,
2800         TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801         TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802         SSL_kECDHe,
2803         SSL_aECDH,
2804         SSL_AES128GCM,
2805         SSL_AEAD,
2806         SSL_TLSV1_2,
2807         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809         128,
2810         128,
2811         },
2812
2813         /* Cipher C032 */
2814         {
2815         1,
2816         TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817         TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818         SSL_kECDHe,
2819         SSL_aECDH,
2820         SSL_AES256GCM,
2821         SSL_AEAD,
2822         SSL_TLSV1_2,
2823         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825         256,
2826         256,
2827         },
2828
2829 #endif /* OPENSSL_NO_ECDH */
2830
2831
2832 #ifdef TEMP_GOST_TLS
2833 /* Cipher FF00 */
2834         {
2835         1,
2836         "GOST-MD5",
2837         0x0300ff00,
2838         SSL_kRSA,
2839         SSL_aRSA,
2840         SSL_eGOST2814789CNT,
2841         SSL_MD5,
2842         SSL_TLSV1,
2843         SSL_NOT_EXP|SSL_HIGH,
2844         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845         256,
2846         256,
2847         },
2848         {
2849         1,
2850         "GOST-GOST94",
2851         0x0300ff01,
2852         SSL_kRSA,
2853         SSL_aRSA,
2854         SSL_eGOST2814789CNT,
2855         SSL_GOST94,
2856         SSL_TLSV1,
2857         SSL_NOT_EXP|SSL_HIGH,
2858         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859         256,
2860         256
2861         },
2862         {
2863         1,
2864         "GOST-GOST89MAC",
2865         0x0300ff02,
2866         SSL_kRSA,
2867         SSL_aRSA,
2868         SSL_eGOST2814789CNT,
2869         SSL_GOST89MAC,
2870         SSL_TLSV1,
2871         SSL_NOT_EXP|SSL_HIGH,
2872         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873         256,
2874         256
2875         },
2876         {
2877         1,
2878         "GOST-GOST89STREAM",
2879         0x0300ff03,
2880         SSL_kRSA,
2881         SSL_aRSA,
2882         SSL_eGOST2814789CNT,
2883         SSL_GOST89MAC,
2884         SSL_TLSV1,
2885         SSL_NOT_EXP|SSL_HIGH,
2886         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887         256,
2888         256
2889         },
2890 #endif
2891
2892 /* end of list */
2893         };
2894
2895 SSL3_ENC_METHOD SSLv3_enc_data={
2896         ssl3_enc,
2897         n_ssl3_mac,
2898         ssl3_setup_key_block,
2899         ssl3_generate_master_secret,
2900         ssl3_change_cipher_state,
2901         ssl3_final_finish_mac,
2902         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2903         ssl3_cert_verify_mac,
2904         SSL3_MD_CLIENT_FINISHED_CONST,4,
2905         SSL3_MD_SERVER_FINISHED_CONST,4,
2906         ssl3_alert_code,
2907         (int (*)(SSL *, unsigned char *, size_t, const char *,
2908                  size_t, const unsigned char *, size_t,
2909                  int use_context))ssl_undefined_function,
2910         };
2911
2912 long ssl3_default_timeout(void)
2913         {
2914         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915          * is way too long for http, the cache would over fill */
2916         return(60*60*2);
2917         }
2918
2919 int ssl3_num_ciphers(void)
2920         {
2921         return(SSL3_NUM_CIPHERS);
2922         }
2923
2924 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2925         {
2926         if (u < SSL3_NUM_CIPHERS)
2927                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2928         else
2929                 return(NULL);
2930         }
2931
2932 int ssl3_pending(const SSL *s)
2933         {
2934         if (s->rstate == SSL_ST_READ_BODY)
2935                 return 0;
2936         
2937         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938         }
2939
2940 int ssl3_new(SSL *s)
2941         {
2942         SSL3_STATE *s3;
2943
2944         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945         memset(s3,0,sizeof *s3);
2946         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2947         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2948
2949         s->s3=s3;
2950
2951 #ifndef OPENSSL_NO_SRP
2952         SSL_SRP_CTX_init(s);
2953 #endif
2954         s->method->ssl_clear(s);
2955         return(1);
2956 err:
2957         return(0);
2958         }
2959
2960 void ssl3_free(SSL *s)
2961         {
2962         if(s == NULL)
2963             return;
2964
2965 #ifdef TLSEXT_TYPE_opaque_prf_input
2966         if (s->s3->client_opaque_prf_input != NULL)
2967                 OPENSSL_free(s->s3->client_opaque_prf_input);
2968         if (s->s3->server_opaque_prf_input != NULL)
2969                 OPENSSL_free(s->s3->server_opaque_prf_input);
2970 #endif
2971
2972         ssl3_cleanup_key_block(s);
2973         if (s->s3->rbuf.buf != NULL)
2974                 ssl3_release_read_buffer(s);
2975         if (s->s3->wbuf.buf != NULL)
2976                 ssl3_release_write_buffer(s);
2977         if (s->s3->rrec.comp != NULL)
2978                 OPENSSL_free(s->s3->rrec.comp);
2979 #ifndef OPENSSL_NO_DH
2980         if (s->s3->tmp.dh != NULL)
2981                 DH_free(s->s3->tmp.dh);
2982 #endif
2983 #ifndef OPENSSL_NO_ECDH
2984         if (s->s3->tmp.ecdh != NULL)
2985                 EC_KEY_free(s->s3->tmp.ecdh);
2986 #endif
2987
2988         if (s->s3->tmp.ca_names != NULL)
2989                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2990         if (s->s3->handshake_buffer) {
2991                 BIO_free(s->s3->handshake_buffer);
2992         }
2993         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2994 #ifndef OPENSSL_NO_SRP
2995         SSL_SRP_CTX_free(s);
2996 #endif
2997         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2998         OPENSSL_free(s->s3);
2999         s->s3=NULL;
3000         }
3001
3002 void ssl3_clear(SSL *s)
3003         {
3004         unsigned char *rp,*wp;
3005         size_t rlen, wlen;
3006         int init_extra;
3007
3008 #ifdef TLSEXT_TYPE_opaque_prf_input
3009         if (s->s3->client_opaque_prf_input != NULL)
3010                 OPENSSL_free(s->s3->client_opaque_prf_input);
3011         s->s3->client_opaque_prf_input = NULL;
3012         if (s->s3->server_opaque_prf_input != NULL)
3013                 OPENSSL_free(s->s3->server_opaque_prf_input);
3014         s->s3->server_opaque_prf_input = NULL;
3015 #endif
3016
3017         ssl3_cleanup_key_block(s);
3018         if (s->s3->tmp.ca_names != NULL)
3019                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
3020
3021         if (s->s3->rrec.comp != NULL)
3022                 {
3023                 OPENSSL_free(s->s3->rrec.comp);
3024                 s->s3->rrec.comp=NULL;
3025                 }
3026 #ifndef OPENSSL_NO_DH
3027         if (s->s3->tmp.dh != NULL)
3028                 {
3029                 DH_free(s->s3->tmp.dh);
3030                 s->s3->tmp.dh = NULL;
3031                 }
3032 #endif
3033 #ifndef OPENSSL_NO_ECDH
3034         if (s->s3->tmp.ecdh != NULL)
3035                 {
3036                 EC_KEY_free(s->s3->tmp.ecdh);
3037                 s->s3->tmp.ecdh = NULL;
3038                 }
3039 #endif
3040
3041         rp = s->s3->rbuf.buf;
3042         wp = s->s3->wbuf.buf;
3043         rlen = s->s3->rbuf.len;
3044         wlen = s->s3->wbuf.len;
3045         init_extra = s->s3->init_extra;
3046         if (s->s3->handshake_buffer) {
3047                 BIO_free(s->s3->handshake_buffer);
3048                 s->s3->handshake_buffer = NULL;
3049         }
3050         if (s->s3->handshake_dgst) {
3051                 ssl3_free_digest_list(s);
3052         }       
3053         memset(s->s3,0,sizeof *s->s3);
3054         s->s3->rbuf.buf = rp;
3055         s->s3->wbuf.buf = wp;
3056         s->s3->rbuf.len = rlen;
3057         s->s3->wbuf.len = wlen;
3058         s->s3->init_extra = init_extra;
3059
3060         ssl_free_wbio_buffer(s);
3061
3062         s->packet_length=0;
3063         s->s3->renegotiate=0;
3064         s->s3->total_renegotiations=0;
3065         s->s3->num_renegotiations=0;
3066         s->s3->in_read_app_data=0;
3067         s->version=SSL3_VERSION;
3068
3069 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3070         if (s->next_proto_negotiated)
3071                 {
3072                 OPENSSL_free(s->next_proto_negotiated);
3073                 s->next_proto_negotiated = NULL;
3074                 s->next_proto_negotiated_len = 0;
3075                 }
3076 #endif
3077         }
3078
3079 #ifndef OPENSSL_NO_SRP
3080 static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3081         {
3082         return BUF_strdup(s->srp_ctx.info) ;
3083         }
3084 #endif
3085
3086 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3087         {
3088         int ret=0;
3089
3090 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3091         if (
3092 #ifndef OPENSSL_NO_RSA
3093             cmd == SSL_CTRL_SET_TMP_RSA ||
3094             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3095 #endif
3096 #ifndef OPENSSL_NO_DSA
3097             cmd == SSL_CTRL_SET_TMP_DH ||
3098             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3099 #endif
3100                 0)
3101                 {
3102                 if (!ssl_cert_inst(&s->cert))
3103                         {
3104                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3105                         return(0);
3106                         }
3107                 }
3108 #endif
3109
3110         switch (cmd)
3111                 {
3112         case SSL_CTRL_GET_SESSION_REUSED:
3113                 ret=s->hit;
3114                 break;
3115         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3116                 break;
3117         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3118                 ret=s->s3->num_renegotiations;
3119                 break;
3120         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3121                 ret=s->s3->num_renegotiations;
3122                 s->s3->num_renegotiations=0;
3123                 break;
3124         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3125                 ret=s->s3->total_renegotiations;
3126                 break;
3127         case SSL_CTRL_GET_FLAGS:
3128                 ret=(int)(s->s3->flags);
3129                 break;
3130 #ifndef OPENSSL_NO_RSA
3131         case SSL_CTRL_NEED_TMP_RSA:
3132                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3133                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3134                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
3135                         ret = 1;
3136                 break;
3137         case SSL_CTRL_SET_TMP_RSA:
3138                 {
3139                         RSA *rsa = (RSA *)parg;
3140                         if (rsa == NULL)
3141                                 {
3142                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3143                                 return(ret);
3144                                 }
3145                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3146                                 {
3147                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3148                                 return(ret);
3149                                 }
3150                         if (s->cert->rsa_tmp != NULL)
3151                                 RSA_free(s->cert->rsa_tmp);
3152                         s->cert->rsa_tmp = rsa;
3153                         ret = 1;
3154                 }
3155                 break;
3156         case SSL_CTRL_SET_TMP_RSA_CB:
3157                 {
3158                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3159                 return(ret);
3160                 }
3161                 break;
3162 #endif
3163 #ifndef OPENSSL_NO_DH
3164         case SSL_CTRL_SET_TMP_DH:
3165                 {
3166                         DH *dh = (DH *)parg;
3167                         if (dh == NULL)
3168                                 {
3169                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3170                                 return(ret);
3171                                 }
3172                         if ((dh = DHparams_dup(dh)) == NULL)
3173                                 {
3174                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3175                                 return(ret);
3176                                 }
3177                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
3178                                 {
3179                                 if (!DH_generate_key(dh))
3180                                         {
3181                                         DH_free(dh);
3182                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3183                                         return(ret);
3184                                         }
3185                                 }
3186                         if (s->cert->dh_tmp != NULL)
3187                                 DH_free(s->cert->dh_tmp);
3188                         s->cert->dh_tmp = dh;
3189                         ret = 1;
3190                 }
3191                 break;
3192         case SSL_CTRL_SET_TMP_DH_CB:
3193                 {
3194                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3195                 return(ret);
3196                 }
3197                 break;
3198 #endif
3199 #ifndef OPENSSL_NO_ECDH
3200         case SSL_CTRL_SET_TMP_ECDH:
3201                 {
3202                 EC_KEY *ecdh = NULL;
3203                         
3204                 if (parg == NULL)
3205                         {
3206                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3207                         return(ret);
3208                         }
3209                 if (!EC_KEY_up_ref((EC_KEY *)parg))
3210                         {
3211                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3212                         return(ret);
3213                         }
3214                 ecdh = (EC_KEY *)parg;
3215                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
3216                         {
3217                         if (!EC_KEY_generate_key(ecdh))
3218                                 {
3219                                 EC_KEY_free(ecdh);
3220                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3221                                 return(ret);
3222                                 }
3223                         }
3224                 if (s->cert->ecdh_tmp != NULL)
3225                         EC_KEY_free(s->cert->ecdh_tmp);
3226                 s->cert->ecdh_tmp = ecdh;
3227                 ret = 1;
3228                 }
3229                 break;
3230         case SSL_CTRL_SET_TMP_ECDH_CB:
3231                 {
3232                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3233                 return(ret);
3234                 }
3235                 break;
3236 #endif /* !OPENSSL_NO_ECDH */
3237 #ifndef OPENSSL_NO_TLSEXT
3238         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3239                 if (larg == TLSEXT_NAMETYPE_host_name)
3240                         {
3241                         if (s->tlsext_hostname != NULL) 
3242                                 OPENSSL_free(s->tlsext_hostname);
3243                         s->tlsext_hostname = NULL;
3244
3245                         ret = 1;
3246                         if (parg == NULL) 
3247                                 break;
3248                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
3249                                 {
3250                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3251                                 return 0;
3252                                 }
3253                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
3254                                 {
3255                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3256                                 return 0;
3257                                 }
3258                         }
3259                 else
3260                         {
3261                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3262                         return 0;
3263                         }
3264                 break;
3265         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3266                 s->tlsext_debug_arg=parg;
3267                 ret = 1;
3268                 break;
3269
3270 #ifdef TLSEXT_TYPE_opaque_prf_input
3271         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3272                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3273                                    * (including the cert chain and everything) */
3274                         {
3275                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3276                         break;
3277                         }
3278                 if (s->tlsext_opaque_prf_input != NULL)
3279                         OPENSSL_free(s->tlsext_opaque_prf_input);
3280                 if ((size_t)larg == 0)
3281                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3282                 else
3283                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3284                 if (s->tlsext_opaque_prf_input != NULL)
3285                         {
3286                         s->tlsext_opaque_prf_input_len = (size_t)larg;
3287                         ret = 1;
3288                         }
3289                 else
3290                         s->tlsext_opaque_prf_input_len = 0;
3291                 break;
3292 #endif
3293
3294         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3295                 s->tlsext_status_type=larg;
3296                 ret = 1;
3297                 break;
3298
3299         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3300                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3301                 ret = 1;
3302                 break;
3303
3304         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3305                 s->tlsext_ocsp_exts = parg;
3306                 ret = 1;
3307                 break;
3308
3309         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3310                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3311                 ret = 1;
3312                 break;
3313
3314         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3315                 s->tlsext_ocsp_ids = parg;
3316                 ret = 1;
3317                 break;
3318
3319         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3320                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3321                 return s->tlsext_ocsp_resplen;
3322                 
3323         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3324                 if (s->tlsext_ocsp_resp)
3325                         OPENSSL_free(s->tlsext_ocsp_resp);
3326                 s->tlsext_ocsp_resp = parg;
3327                 s->tlsext_ocsp_resplen = larg;
3328                 ret = 1;
3329                 break;
3330
3331 #endif /* !OPENSSL_NO_TLSEXT */
3332         default:
3333                 break;
3334                 }
3335         return(ret);
3336         }
3337
3338 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3339         {
3340         int ret=0;
3341
3342 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3343         if (
3344 #ifndef OPENSSL_NO_RSA
3345             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3346 #endif
3347 #ifndef OPENSSL_NO_DSA
3348             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3349 #endif
3350                 0)
3351                 {
3352                 if (!ssl_cert_inst(&s->cert))
3353                         {
3354                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3355                         return(0);
3356                         }
3357                 }
3358 #endif
3359
3360         switch (cmd)
3361                 {
3362 #ifndef OPENSSL_NO_RSA
3363         case SSL_CTRL_SET_TMP_RSA_CB:
3364                 {
3365                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3366                 }
3367                 break;
3368 #endif
3369 #ifndef OPENSSL_NO_DH
3370         case SSL_CTRL_SET_TMP_DH_CB:
3371                 {
3372                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3373                 }
3374                 break;
3375 #endif
3376 #ifndef OPENSSL_NO_ECDH
3377         case SSL_CTRL_SET_TMP_ECDH_CB:
3378                 {
3379                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3380                 }
3381                 break;
3382 #endif
3383 #ifndef OPENSSL_NO_TLSEXT
3384         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3385                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3386                                         unsigned char *, int, void *))fp;
3387                 break;
3388 #endif
3389         default:
3390                 break;
3391                 }
3392         return(ret);
3393         }
3394
3395 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3396         {
3397         CERT *cert;
3398
3399         cert=ctx->cert;
3400
3401         switch (cmd)
3402                 {
3403 #ifndef OPENSSL_NO_RSA
3404         case SSL_CTRL_NEED_TMP_RSA:
3405                 if (    (cert->rsa_tmp == NULL) &&
3406                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3407                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3408                         )
3409                         return(1);
3410                 else
3411                         return(0);
3412                 /* break; */
3413         case SSL_CTRL_SET_TMP_RSA:
3414                 {
3415                 RSA *rsa;
3416                 int i;
3417
3418                 rsa=(RSA *)parg;
3419                 i=1;
3420                 if (rsa == NULL)
3421                         i=0;
3422                 else
3423                         {
3424                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3425                                 i=0;
3426                         }
3427                 if (!i)
3428                         {
3429                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
3430                         return(0);
3431                         }
3432                 else
3433                         {
3434                         if (cert->rsa_tmp != NULL)
3435                                 RSA_free(cert->rsa_tmp);
3436                         cert->rsa_tmp=rsa;
3437                         return(1);
3438                         }
3439                 }
3440                 /* break; */
3441         case SSL_CTRL_SET_TMP_RSA_CB:
3442                 {
3443                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3444                 return(0);
3445                 }
3446                 break;
3447 #endif
3448 #ifndef OPENSSL_NO_DH
3449         case SSL_CTRL_SET_TMP_DH:
3450                 {
3451                 DH *new=NULL,*dh;
3452
3453                 dh=(DH *)parg;
3454                 if ((new=DHparams_dup(dh)) == NULL)
3455                         {
3456                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3457                         return 0;
3458                         }
3459                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3460                         {
3461                         if (!DH_generate_key(new))
3462                                 {
3463                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3464                                 DH_free(new);
3465                                 return 0;
3466                                 }
3467                         }
3468                 if (cert->dh_tmp != NULL)
3469                         DH_free(cert->dh_tmp);
3470                 cert->dh_tmp=new;
3471                 return 1;
3472                 }
3473                 /*break; */
3474         case SSL_CTRL_SET_TMP_DH_CB:
3475                 {
3476                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3477                 return(0);
3478                 }
3479                 break;
3480 #endif
3481 #ifndef OPENSSL_NO_ECDH
3482         case SSL_CTRL_SET_TMP_ECDH:
3483                 {
3484                 EC_KEY *ecdh = NULL;
3485                         
3486                 if (parg == NULL)
3487                         {
3488                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3489                         return 0;
3490                         }
3491                 ecdh = EC_KEY_dup((EC_KEY *)parg);
3492                 if (ecdh == NULL)
3493                         {
3494                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3495                         return 0;
3496                         }
3497                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3498                         {
3499                         if (!EC_KEY_generate_key(ecdh))
3500                                 {
3501                                 EC_KEY_free(ecdh);
3502                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3503                                 return 0;
3504                                 }
3505                         }
3506
3507                 if (cert->ecdh_tmp != NULL)
3508                         {
3509                         EC_KEY_free(cert->ecdh_tmp);
3510                         }
3511                 cert->ecdh_tmp = ecdh;
3512                 return 1;
3513                 }
3514                 /* break; */
3515         case SSL_CTRL_SET_TMP_ECDH_CB:
3516                 {
3517                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3518                 return(0);
3519                 }
3520                 break;
3521 #endif /* !OPENSSL_NO_ECDH */
3522 #ifndef OPENSSL_NO_TLSEXT
3523         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3524                 ctx->tlsext_servername_arg=parg;
3525                 break;
3526         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3527         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3528                 {
3529                 unsigned char *keys = parg;
3530                 if (!keys)
3531                         return 48;
3532                 if (larg != 48)
3533                         {
3534                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3535                         return 0;
3536                         }
3537                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3538                         {
3539                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
3540                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3541                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3542                         }
3543                 else
3544                         {
3545                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
3546                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3547                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3548                         }
3549                 return 1;
3550                 }
3551
3552 #ifdef TLSEXT_TYPE_opaque_prf_input
3553         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3554                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
3555                 return 1;
3556 #endif
3557
3558         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3559                 ctx->tlsext_status_arg=parg;
3560                 return 1;
3561                 break;
3562
3563 #ifndef OPENSSL_NO_SRP
3564         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3565                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3566                 if (ctx->srp_ctx.login != NULL)
3567                         OPENSSL_free(ctx->srp_ctx.login);
3568                 ctx->srp_ctx.login = NULL;
3569                 if (parg == NULL)
3570                         break;
3571                 if (strlen((char *)parg) > 254)
3572                         {
3573                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3574                         return 0;
3575                         } 
3576                 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3577                         {
3578                         SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3579                         return 0;
3580                         }
3581                 break;
3582         case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3583                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3584                 ctx->srp_ctx.info=parg;
3585                 break;
3586         case SSL_CTRL_SET_SRP_ARG:
3587                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3588                 ctx->srp_ctx.SRP_cb_arg=parg;
3589                 break;
3590
3591         case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3592                 ctx->srp_ctx.strength=larg;
3593                 break;
3594 #endif
3595 #endif /* !OPENSSL_NO_TLSEXT */
3596
3597         /* A Thawte special :-) */
3598         case SSL_CTRL_EXTRA_CHAIN_CERT:
3599                 if (ctx->extra_certs == NULL)
3600                         {
3601                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3602                                 return(0);
3603                         }
3604                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3605                 break;
3606
3607         default:
3608                 return(0);
3609                 }
3610         return(1);
3611         }
3612
3613 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3614         {
3615         CERT *cert;
3616
3617         cert=ctx->cert;
3618
3619         switch (cmd)
3620                 {
3621 #ifndef OPENSSL_NO_RSA
3622         case SSL_CTRL_SET_TMP_RSA_CB:
3623                 {
3624                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3625                 }
3626                 break;
3627 #endif
3628 #ifndef OPENSSL_NO_DH
3629         case SSL_CTRL_SET_TMP_DH_CB:
3630                 {
3631                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3632                 }
3633                 break;
3634 #endif
3635 #ifndef OPENSSL_NO_ECDH
3636         case SSL_CTRL_SET_TMP_ECDH_CB:
3637                 {
3638                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3639                 }
3640                 break;
3641 #endif
3642 #ifndef OPENSSL_NO_TLSEXT
3643         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3644                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3645                 break;
3646
3647 #ifdef TLSEXT_TYPE_opaque_prf_input
3648         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3649                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
3650                 break;
3651 #endif
3652
3653         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3654                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3655                 break;
3656
3657         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3658                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
3659                                                 unsigned char *,
3660                                                 EVP_CIPHER_CTX *,
3661                                                 HMAC_CTX *, int))fp;
3662                 break;
3663
3664 #ifndef OPENSSL_NO_SRP
3665         case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3666                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3667                 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3668                 break;
3669         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3670                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3671                 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3672                 break;
3673         case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3674                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3675                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3676                 break;
3677 #endif
3678 #endif
3679         default:
3680                 return(0);
3681                 }
3682         return(1);
3683         }
3684
3685 /* This function needs to check if the ciphers required are actually
3686  * available */
3687 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3688         {
3689         SSL_CIPHER c;
3690         const SSL_CIPHER *cp;
3691         unsigned long id;
3692
3693         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3694         c.id=id;
3695         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3696 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3697 if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3698 #endif
3699         if (cp == NULL || cp->valid == 0)
3700                 return NULL;
3701         else
3702                 return cp;
3703         }
3704
3705 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3706         {
3707         long l;
3708
3709         if (p != NULL)
3710                 {
3711                 l=c->id;
3712                 if ((l & 0xff000000) != 0x03000000) return(0);
3713                 p[0]=((unsigned char)(l>> 8L))&0xFF;
3714                 p[1]=((unsigned char)(l     ))&0xFF;
3715                 }
3716         return(2);
3717         }
3718
3719 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3720              STACK_OF(SSL_CIPHER) *srvr)
3721         {
3722         SSL_CIPHER *c,*ret=NULL;
3723         STACK_OF(SSL_CIPHER) *prio, *allow;
3724         int i,ii,ok;
3725 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3726         unsigned int j;
3727         int ec_ok, ec_nid;
3728         unsigned char ec_search1 = 0, ec_search2 = 0;
3729 #endif
3730         CERT *cert;
3731         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
3732
3733         /* Let's see which ciphers we can support */
3734         cert=s->cert;
3735
3736 #if 0
3737         /* Do not set the compare functions, because this may lead to a
3738          * reordering by "id". We want to keep the original ordering.
3739          * We may pay a price in performance during sk_SSL_CIPHER_find(),
3740          * but would have to pay with the price of sk_SSL_CIPHER_dup().
3741          */
3742         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3743         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3744 #endif
3745
3746 #ifdef CIPHER_DEBUG
3747         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3748         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3749                 {
3750                 c=sk_SSL_CIPHER_value(srvr,i);
3751                 printf("%p:%s\n",(void *)c,c->name);
3752                 }
3753         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3754         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3755             {
3756             c=sk_SSL_CIPHER_value(clnt,i);
3757             printf("%p:%s\n",(void *)c,c->name);
3758             }
3759 #endif
3760
3761         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
3762                 {
3763                 prio = srvr;
3764                 allow = clnt;
3765                 }
3766         else
3767                 {
3768                 prio = clnt;
3769                 allow = srvr;
3770                 }
3771
3772         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3773                 {
3774                 c=sk_SSL_CIPHER_value(prio,i);
3775
3776                 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3777                 if ((c->algorithm_ssl & SSL_TLSV1_2) && 
3778                         (TLS1_get_version(s) < TLS1_2_VERSION))
3779                         continue;
3780
3781                 ssl_set_cert_masks(cert,c);
3782                 mask_k = cert->mask_k;
3783                 mask_a = cert->mask_a;
3784                 emask_k = cert->export_mask_k;
3785                 emask_a = cert->export_mask_a;
3786 #ifndef OPENSSL_NO_SRP
3787                 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3788                 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3789 #endif
3790                         
3791 #ifdef KSSL_DEBUG
3792 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3793 #endif    /* KSSL_DEBUG */
3794
3795                 alg_k=c->algorithm_mkey;
3796                 alg_a=c->algorithm_auth;
3797
3798 #ifndef OPENSSL_NO_KRB5
3799                 if (alg_k & SSL_kKRB5)
3800                         {
3801                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
3802                             continue;
3803                         }
3804 #endif /* OPENSSL_NO_KRB5 */
3805 #ifndef OPENSSL_NO_PSK
3806                 /* with PSK there must be server callback set */
3807                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3808                         continue;
3809 #endif /* OPENSSL_NO_PSK */
3810
3811                 if (SSL_C_IS_EXPORT(c))
3812                         {
3813                         ok = (alg_k & emask_k) && (alg_a & emask_a);
3814 #ifdef CIPHER_DEBUG
3815                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3816                                (void *)c,c->name);
3817 #endif
3818                         }
3819                 else
3820                         {
3821                         ok = (alg_k & mask_k) && (alg_a & mask_a);
3822 #ifdef CIPHER_DEBUG
3823                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3824                                c->name);
3825 #endif
3826                         }
3827
3828 #ifndef OPENSSL_NO_TLSEXT
3829 #ifndef OPENSSL_NO_EC
3830                 if (
3831                         /* if we are considering an ECC cipher suite that uses our certificate */
3832                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3833                         /* and we have an ECC certificate */
3834                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3835                         /* and the client specified a Supported Point Formats extension */
3836                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3837                         /* and our certificate's point is compressed */
3838                         && (
3839                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3840                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3841                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3842                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3843                                 && (
3844                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3845                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3846                                         )
3847                                 )
3848                 )
3849                         {
3850                         ec_ok = 0;
3851                         /* if our certificate's curve is over a field type that the client does not support
3852                          * then do not allow this cipher suite to be negotiated */
3853                         if (
3854                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3855                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3856                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3857                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3858                         )
3859                                 {
3860                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3861                                         {
3862                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3863                                                 {
3864                                                 ec_ok = 1;
3865                                                 break;
3866                                                 }
3867                                         }
3868                                 }
3869                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3870                                 {
3871                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3872                                         {
3873                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3874                                                 {
3875                                                 ec_ok = 1;
3876                                                 break;
3877                                                 }
3878                                         }
3879                                 }
3880                         ok = ok && ec_ok;
3881                         }
3882                 if (
3883                         /* if we are considering an ECC cipher suite that uses our certificate */
3884                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3885                         /* and we have an ECC certificate */
3886                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3887                         /* and the client specified an EllipticCurves extension */
3888                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3889                 )
3890                         {
3891                         ec_ok = 0;
3892                         if (
3893                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3894                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3895                         )
3896                                 {
3897                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3898                                 if ((ec_nid == 0)
3899                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3900                                 )
3901                                         {
3902                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3903                                                 {
3904                                                 ec_search1 = 0xFF;
3905                                                 ec_search2 = 0x01;
3906                                                 }
3907                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3908                                                 {
3909                                                 ec_search1 = 0xFF;
3910                                                 ec_search2 = 0x02;
3911                                                 }
3912                                         }
3913                                 else
3914                                         {
3915                                         ec_search1 = 0x00;
3916                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3917                                         }
3918                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3919                                         {
3920                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3921                                                 {
3922                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3923                                                         {
3924                                                         ec_ok = 1;
3925                                                         break;
3926                                                         }
3927                                                 }
3928                                         }
3929                                 }
3930                         ok = ok && ec_ok;
3931                         }
3932                 if (
3933                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3934                         (alg_k & SSL_kEECDH)
3935                         /* and we have an ephemeral EC key */
3936                         && (s->cert->ecdh_tmp != NULL)
3937                         /* and the client specified an EllipticCurves extension */
3938                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3939                 )
3940                         {
3941                         ec_ok = 0;
3942                         if (s->cert->ecdh_tmp->group != NULL)
3943                                 {
3944                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3945                                 if ((ec_nid == 0)
3946                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3947                                 )
3948                                         {
3949                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3950                                                 {
3951                                                 ec_search1 = 0xFF;
3952                                                 ec_search2 = 0x01;
3953                                                 }
3954                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3955                                                 {
3956                                                 ec_search1 = 0xFF;
3957                                                 ec_search2 = 0x02;
3958                                                 }
3959                                         }
3960                                 else
3961                                         {
3962                                         ec_search1 = 0x00;
3963                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3964                                         }
3965                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3966                                         {
3967                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3968                                                 {
3969                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3970                                                         {
3971                                                         ec_ok = 1;
3972                                                         break;
3973                                                         }
3974                                                 }
3975                                         }
3976                                 }
3977                         ok = ok && ec_ok;
3978                         }
3979 #endif /* OPENSSL_NO_EC */
3980 #endif /* OPENSSL_NO_TLSEXT */
3981
3982                 if (!ok) continue;
3983                 ii=sk_SSL_CIPHER_find(allow,c);
3984                 if (ii >= 0)
3985                         {
3986                         ret=sk_SSL_CIPHER_value(allow,ii);
3987                         break;
3988                         }
3989                 }
3990         return(ret);
3991         }
3992
3993 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3994         {
3995         int ret=0;
3996         unsigned long alg_k;
3997
3998         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3999
4000 #ifndef OPENSSL_NO_GOST
4001         if (s->version >= TLS1_VERSION)
4002                 {
4003                 if (alg_k & SSL_kGOST)
4004                         {
4005                         p[ret++]=TLS_CT_GOST94_SIGN;
4006                         p[ret++]=TLS_CT_GOST01_SIGN;
4007                         return(ret);
4008                         }
4009                 }
4010 #endif
4011
4012 #ifndef OPENSSL_NO_DH
4013         if (alg_k & (SSL_kDHr|SSL_kEDH))
4014                 {
4015 #  ifndef OPENSSL_NO_RSA
4016                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
4017 #  endif
4018 #  ifndef OPENSSL_NO_DSA
4019                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
4020 #  endif
4021                 }
4022         if ((s->version == SSL3_VERSION) &&
4023                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
4024                 {
4025 #  ifndef OPENSSL_NO_RSA
4026                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
4027 #  endif
4028 #  ifndef OPENSSL_NO_DSA
4029                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
4030 #  endif
4031                 }
4032 #endif /* !OPENSSL_NO_DH */
4033 #ifndef OPENSSL_NO_RSA
4034         p[ret++]=SSL3_CT_RSA_SIGN;
4035 #endif
4036 #ifndef OPENSSL_NO_DSA
4037         p[ret++]=SSL3_CT_DSS_SIGN;
4038 #endif
4039 #ifndef OPENSSL_NO_ECDH
4040         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
4041                 {
4042                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
4043                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
4044                 }
4045 #endif
4046
4047 #ifndef OPENSSL_NO_ECDSA
4048         /* ECDSA certs can be used with RSA cipher suites as well 
4049          * so we don't need to check for SSL_kECDH or SSL_kEECDH
4050          */
4051         if (s->version >= TLS1_VERSION)
4052                 {
4053                 p[ret++]=TLS_CT_ECDSA_SIGN;
4054                 }
4055 #endif  
4056         return(ret);
4057         }
4058
4059 int ssl3_shutdown(SSL *s)
4060         {
4061         int ret;
4062
4063         /* Don't do anything much if we have not done the handshake or
4064          * we don't want to send messages :-) */
4065         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
4066                 {
4067                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4068                 return(1);
4069                 }
4070
4071         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
4072                 {
4073                 s->shutdown|=SSL_SENT_SHUTDOWN;
4074 #if 1
4075                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
4076 #endif
4077                 /* our shutdown alert has been sent now, and if it still needs
4078                  * to be written, s->s3->alert_dispatch will be true */
4079                 if (s->s3->alert_dispatch)
4080                         return(-1);     /* return WANT_WRITE */
4081                 }
4082         else if (s->s3->alert_dispatch)
4083                 {
4084                 /* resend it if not sent */
4085 #if 1
4086                 ret=s->method->ssl_dispatch_alert(s);
4087                 if(ret == -1)
4088                         {
4089                         /* we only get to return -1 here the 2nd/Nth
4090                          * invocation, we must  have already signalled
4091                          * return 0 upon a previous invoation,
4092                          * return WANT_WRITE */
4093                         return(ret);
4094                         }
4095 #endif
4096                 }
4097         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4098                 {
4099                 /* If we are waiting for a close from our peer, we are closed */
4100                 s->method->ssl_read_bytes(s,0,NULL,0,0);
4101                 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4102                         {
4103                         return(-1);     /* return WANT_READ */
4104                         }
4105                 }
4106
4107         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4108                 !s->s3->alert_dispatch)
4109                 return(1);
4110         else
4111                 return(0);
4112         }
4113
4114 int ssl3_write(SSL *s, const void *buf, int len)
4115         {
4116         int ret,n;
4117
4118 #if 0
4119         if (s->shutdown & SSL_SEND_SHUTDOWN)
4120                 {
4121                 s->rwstate=SSL_NOTHING;
4122                 return(0);
4123                 }
4124 #endif
4125         clear_sys_error();
4126         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4127
4128         /* This is an experimental flag that sends the
4129          * last handshake message in the same packet as the first
4130          * use data - used to see if it helps the TCP protocol during
4131          * session-id reuse */
4132         /* The second test is because the buffer may have been removed */
4133         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
4134                 {
4135                 /* First time through, we write into the buffer */
4136                 if (s->s3->delay_buf_pop_ret == 0)
4137                         {
4138                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4139                                              buf,len);
4140                         if (ret <= 0) return(ret);
4141
4142                         s->s3->delay_buf_pop_ret=ret;
4143                         }
4144
4145                 s->rwstate=SSL_WRITING;
4146                 n=BIO_flush(s->wbio);
4147                 if (n <= 0) return(n);
4148                 s->rwstate=SSL_NOTHING;
4149
4150                 /* We have flushed the buffer, so remove it */
4151                 ssl_free_wbio_buffer(s);
4152                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4153
4154                 ret=s->s3->delay_buf_pop_ret;
4155                 s->s3->delay_buf_pop_ret=0;
4156                 }
4157         else
4158                 {
4159                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4160                         buf,len);
4161                 if (ret <= 0) return(ret);
4162                 }
4163
4164         return(ret);
4165         }
4166
4167 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4168         {
4169         int ret;
4170         
4171         clear_sys_error();
4172         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4173         s->s3->in_read_app_data=1;
4174         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4175         if ((ret == -1) && (s->s3->in_read_app_data == 2))
4176                 {
4177                 /* ssl3_read_bytes decided to call s->handshake_func, which
4178                  * called ssl3_read_bytes to read handshake data.
4179                  * However, ssl3_read_bytes actually found application data
4180                  * and thinks that application data makes sense here; so disable
4181                  * handshake processing and try to read application data again. */
4182                 s->in_handshake++;
4183                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4184                 s->in_handshake--;
4185                 }
4186         else
4187                 s->s3->in_read_app_data=0;
4188
4189         return(ret);
4190         }
4191
4192 int ssl3_read(SSL *s, void *buf, int len)
4193         {
4194         return ssl3_read_internal(s, buf, len, 0);
4195         }
4196
4197 int ssl3_peek(SSL *s, void *buf, int len)
4198         {
4199         return ssl3_read_internal(s, buf, len, 1);
4200         }
4201
4202 int ssl3_renegotiate(SSL *s)
4203         {
4204         if (s->handshake_func == NULL)
4205                 return(1);
4206
4207         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4208                 return(0);
4209
4210         s->s3->renegotiate=1;
4211         return(1);
4212         }
4213
4214 int ssl3_renegotiate_check(SSL *s)
4215         {
4216         int ret=0;
4217
4218         if (s->s3->renegotiate)
4219                 {
4220                 if (    (s->s3->rbuf.left == 0) &&
4221                         (s->s3->wbuf.left == 0) &&
4222                         !SSL_in_init(s))
4223                         {
4224 /*
4225 if we are the server, and we have sent a 'RENEGOTIATE' message, we
4226 need to go to SSL_ST_ACCEPT.
4227 */
4228                         /* SSL_ST_ACCEPT */
4229                         s->state=SSL_ST_RENEGOTIATE;
4230                         s->s3->renegotiate=0;
4231                         s->s3->num_renegotiations++;
4232                         s->s3->total_renegotiations++;
4233                         ret=1;
4234                         }
4235                 }
4236         return(ret);
4237         }
4238 /* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4239  * to new SHA256 PRF and handshake macs
4240  */
4241 long ssl_get_algorithm2(SSL *s)
4242         {
4243         long alg2 = s->s3->tmp.new_cipher->algorithm2;
4244         if (TLS1_get_version(s) >= TLS1_2_VERSION &&
4245             alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4246                 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4247         return alg2;
4248         }
4249