e2d2f913db1fd0fdbdbbe5363731162c06050196
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171 /* The RSA ciphers */
172 /* Cipher 01 */
173         {
174         1,
175         SSL3_TXT_RSA_NULL_MD5,
176         SSL3_CK_RSA_NULL_MD5,
177         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
178         SSL_NOT_EXP|SSL_STRONG_NONE,
179         0,
180         0,
181         0,
182         SSL_ALL_CIPHERS,
183         SSL_ALL_STRENGTHS,
184         },
185 /* Cipher 02 */
186         {
187         1,
188         SSL3_TXT_RSA_NULL_SHA,
189         SSL3_CK_RSA_NULL_SHA,
190         SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
191         SSL_NOT_EXP|SSL_STRONG_NONE,
192         0,
193         0,
194         0,
195         SSL_ALL_CIPHERS,
196         SSL_ALL_STRENGTHS,
197         },
198 /* Cipher 03 */
199         {
200         1,
201         SSL3_TXT_RSA_RC4_40_MD5,
202         SSL3_CK_RSA_RC4_40_MD5,
203         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
204         SSL_EXPORT|SSL_EXP40,
205         0,
206         40,
207         128,
208         SSL_ALL_CIPHERS,
209         SSL_ALL_STRENGTHS,
210         },
211 /* Cipher 04 */
212         {
213         1,
214         SSL3_TXT_RSA_RC4_128_MD5,
215         SSL3_CK_RSA_RC4_128_MD5,
216         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
217         SSL_NOT_EXP|SSL_MEDIUM,
218         0,
219         128,
220         128,
221         SSL_ALL_CIPHERS,
222         SSL_ALL_STRENGTHS,
223         },
224 /* Cipher 05 */
225         {
226         1,
227         SSL3_TXT_RSA_RC4_128_SHA,
228         SSL3_CK_RSA_RC4_128_SHA,
229         SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
230         SSL_NOT_EXP|SSL_MEDIUM,
231         0,
232         128,
233         128,
234         SSL_ALL_CIPHERS,
235         SSL_ALL_STRENGTHS,
236         },
237 /* Cipher 06 */
238         {
239         1,
240         SSL3_TXT_RSA_RC2_40_MD5,
241         SSL3_CK_RSA_RC2_40_MD5,
242         SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
243         SSL_EXPORT|SSL_EXP40,
244         0,
245         40,
246         128,
247         SSL_ALL_CIPHERS,
248         SSL_ALL_STRENGTHS,
249         },
250 /* Cipher 07 */
251 #ifndef OPENSSL_NO_IDEA
252         {
253         1,
254         SSL3_TXT_RSA_IDEA_128_SHA,
255         SSL3_CK_RSA_IDEA_128_SHA,
256         SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
257         SSL_NOT_EXP|SSL_MEDIUM,
258         0,
259         128,
260         128,
261         SSL_ALL_CIPHERS,
262         SSL_ALL_STRENGTHS,
263         },
264 #endif
265 /* Cipher 08 */
266         {
267         1,
268         SSL3_TXT_RSA_DES_40_CBC_SHA,
269         SSL3_CK_RSA_DES_40_CBC_SHA,
270         SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
271         SSL_EXPORT|SSL_EXP40,
272         0,
273         40,
274         56,
275         SSL_ALL_CIPHERS,
276         SSL_ALL_STRENGTHS,
277         },
278 /* Cipher 09 */
279         {
280         1,
281         SSL3_TXT_RSA_DES_64_CBC_SHA,
282         SSL3_CK_RSA_DES_64_CBC_SHA,
283         SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
284         SSL_NOT_EXP|SSL_LOW,
285         0,
286         56,
287         56,
288         SSL_ALL_CIPHERS,
289         SSL_ALL_STRENGTHS,
290         },
291 /* Cipher 0A */
292         {
293         1,
294         SSL3_TXT_RSA_DES_192_CBC3_SHA,
295         SSL3_CK_RSA_DES_192_CBC3_SHA,
296         SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
297         SSL_NOT_EXP|SSL_HIGH,
298         0,
299         168,
300         168,
301         SSL_ALL_CIPHERS,
302         SSL_ALL_STRENGTHS,
303         },
304 /* The DH ciphers */
305 /* Cipher 0B */
306         {
307         0,
308         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
309         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
310         SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
311         SSL_EXPORT|SSL_EXP40,
312         0,
313         40,
314         56,
315         SSL_ALL_CIPHERS,
316         SSL_ALL_STRENGTHS,
317         },
318 /* Cipher 0C */
319         {
320         0, /* not implemented (non-ephemeral DH) */
321         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
322         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
323         SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
324         SSL_NOT_EXP|SSL_LOW,
325         0,
326         56,
327         56,
328         SSL_ALL_CIPHERS,
329         SSL_ALL_STRENGTHS,
330         },
331 /* Cipher 0D */
332         {
333         0, /* not implemented (non-ephemeral DH) */
334         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
335         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
336         SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
337         SSL_NOT_EXP|SSL_HIGH,
338         0,
339         168,
340         168,
341         SSL_ALL_CIPHERS,
342         SSL_ALL_STRENGTHS,
343         },
344 /* Cipher 0E */
345         {
346         0, /* not implemented (non-ephemeral DH) */
347         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
348         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
349         SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
350         SSL_EXPORT|SSL_EXP40,
351         0,
352         40,
353         56,
354         SSL_ALL_CIPHERS,
355         SSL_ALL_STRENGTHS,
356         },
357 /* Cipher 0F */
358         {
359         0, /* not implemented (non-ephemeral DH) */
360         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
361         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
362         SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
363         SSL_NOT_EXP|SSL_LOW,
364         0,
365         56,
366         56,
367         SSL_ALL_CIPHERS,
368         SSL_ALL_STRENGTHS,
369         },
370 /* Cipher 10 */
371         {
372         0, /* not implemented (non-ephemeral DH) */
373         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
374         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
375         SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
376         SSL_NOT_EXP|SSL_HIGH,
377         0,
378         168,
379         168,
380         SSL_ALL_CIPHERS,
381         SSL_ALL_STRENGTHS,
382         },
383
384 /* The Ephemeral DH ciphers */
385 /* Cipher 11 */
386         {
387         1,
388         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
389         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
390         SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
391         SSL_EXPORT|SSL_EXP40,
392         0,
393         40,
394         56,
395         SSL_ALL_CIPHERS,
396         SSL_ALL_STRENGTHS,
397         },
398 /* Cipher 12 */
399         {
400         1,
401         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
402         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
403         SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
404         SSL_NOT_EXP|SSL_LOW,
405         0,
406         56,
407         56,
408         SSL_ALL_CIPHERS,
409         SSL_ALL_STRENGTHS,
410         },
411 /* Cipher 13 */
412         {
413         1,
414         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
415         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
416         SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
417         SSL_NOT_EXP|SSL_HIGH,
418         0,
419         168,
420         168,
421         SSL_ALL_CIPHERS,
422         SSL_ALL_STRENGTHS,
423         },
424 /* Cipher 14 */
425         {
426         1,
427         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
428         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
429         SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
430         SSL_EXPORT|SSL_EXP40,
431         0,
432         40,
433         56,
434         SSL_ALL_CIPHERS,
435         SSL_ALL_STRENGTHS,
436         },
437 /* Cipher 15 */
438         {
439         1,
440         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
441         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
442         SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
443         SSL_NOT_EXP|SSL_LOW,
444         0,
445         56,
446         56,
447         SSL_ALL_CIPHERS,
448         SSL_ALL_STRENGTHS,
449         },
450 /* Cipher 16 */
451         {
452         1,
453         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
454         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
455         SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
456         SSL_NOT_EXP|SSL_HIGH,
457         0,
458         168,
459         168,
460         SSL_ALL_CIPHERS,
461         SSL_ALL_STRENGTHS,
462         },
463 /* Cipher 17 */
464         {
465         1,
466         SSL3_TXT_ADH_RC4_40_MD5,
467         SSL3_CK_ADH_RC4_40_MD5,
468         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
469         SSL_EXPORT|SSL_EXP40,
470         0,
471         40,
472         128,
473         SSL_ALL_CIPHERS,
474         SSL_ALL_STRENGTHS,
475         },
476 /* Cipher 18 */
477         {
478         1,
479         SSL3_TXT_ADH_RC4_128_MD5,
480         SSL3_CK_ADH_RC4_128_MD5,
481         SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
482         SSL_NOT_EXP|SSL_MEDIUM,
483         0,
484         128,
485         128,
486         SSL_ALL_CIPHERS,
487         SSL_ALL_STRENGTHS,
488         },
489 /* Cipher 19 */
490         {
491         1,
492         SSL3_TXT_ADH_DES_40_CBC_SHA,
493         SSL3_CK_ADH_DES_40_CBC_SHA,
494         SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
495         SSL_EXPORT|SSL_EXP40,
496         0,
497         40,
498         128,
499         SSL_ALL_CIPHERS,
500         SSL_ALL_STRENGTHS,
501         },
502 /* Cipher 1A */
503         {
504         1,
505         SSL3_TXT_ADH_DES_64_CBC_SHA,
506         SSL3_CK_ADH_DES_64_CBC_SHA,
507         SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
508         SSL_NOT_EXP|SSL_LOW,
509         0,
510         56,
511         56,
512         SSL_ALL_CIPHERS,
513         SSL_ALL_STRENGTHS,
514         },
515 /* Cipher 1B */
516         {
517         1,
518         SSL3_TXT_ADH_DES_192_CBC_SHA,
519         SSL3_CK_ADH_DES_192_CBC_SHA,
520         SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
521         SSL_NOT_EXP|SSL_HIGH,
522         0,
523         168,
524         168,
525         SSL_ALL_CIPHERS,
526         SSL_ALL_STRENGTHS,
527         },
528
529 /* Fortezza ciphersuite from SSL 3.0 spec */
530 #if 0
531 /* Cipher 1C */
532         {
533         0,
534         SSL3_TXT_FZA_DMS_NULL_SHA,
535         SSL3_CK_FZA_DMS_NULL_SHA,
536         SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
537         SSL_NOT_EXP|SSL_STRONG_NONE,
538         0,
539         0,
540         0,
541         SSL_ALL_CIPHERS,
542         SSL_ALL_STRENGTHS,
543         },
544
545 /* Cipher 1D */
546         {
547         0,
548         SSL3_TXT_FZA_DMS_FZA_SHA,
549         SSL3_CK_FZA_DMS_FZA_SHA,
550         SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
551         SSL_NOT_EXP|SSL_STRONG_NONE,
552         0,
553         0,
554         0,
555         SSL_ALL_CIPHERS,
556         SSL_ALL_STRENGTHS,
557         },
558
559 /* Cipher 1E */
560         {
561         0,
562         SSL3_TXT_FZA_DMS_RC4_SHA,
563         SSL3_CK_FZA_DMS_RC4_SHA,
564         SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
565         SSL_NOT_EXP|SSL_MEDIUM,
566         0,
567         128,
568         128,
569         SSL_ALL_CIPHERS,
570         SSL_ALL_STRENGTHS,
571         },
572 #endif
573
574 #ifndef OPENSSL_NO_KRB5
575 /* The Kerberos ciphers
576 ** 20000107 VRS: And the first shall be last,
577 ** in hopes of avoiding the lynx ssl renegotiation problem.
578 */
579 /* Cipher 1E */
580         {
581         1,
582         SSL3_TXT_KRB5_DES_64_CBC_SHA,
583         SSL3_CK_KRB5_DES_64_CBC_SHA,
584         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
585         SSL_NOT_EXP|SSL_LOW,
586         0,
587         56,
588         56,
589         SSL_ALL_CIPHERS,
590         SSL_ALL_STRENGTHS,
591         },
592
593 /* Cipher 1F */
594         {
595         1,
596         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
597         SSL3_CK_KRB5_DES_192_CBC3_SHA,
598         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
599         SSL_NOT_EXP|SSL_HIGH,
600         0,
601         112,
602         168,
603         SSL_ALL_CIPHERS,
604         SSL_ALL_STRENGTHS,
605         },
606
607 /* Cipher 20 */
608         {
609         1,
610         SSL3_TXT_KRB5_RC4_128_SHA,
611         SSL3_CK_KRB5_RC4_128_SHA,
612         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
613         SSL_NOT_EXP|SSL_MEDIUM,
614         0,
615         128,
616         128,
617         SSL_ALL_CIPHERS,
618         SSL_ALL_STRENGTHS,
619         },
620
621 /* Cipher 21 */
622         {
623         1,
624         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
625         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
626         SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
627         SSL_NOT_EXP|SSL_MEDIUM,
628         0,
629         128,
630         128,
631         SSL_ALL_CIPHERS,
632         SSL_ALL_STRENGTHS,
633         },
634
635 /* Cipher 22 */
636         {
637         1,
638         SSL3_TXT_KRB5_DES_64_CBC_MD5,
639         SSL3_CK_KRB5_DES_64_CBC_MD5,
640         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
641         SSL_NOT_EXP|SSL_LOW,
642         0,
643         56,
644         56,
645         SSL_ALL_CIPHERS,
646         SSL_ALL_STRENGTHS,
647         },
648
649 /* Cipher 23 */
650         {
651         1,
652         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
653         SSL3_CK_KRB5_DES_192_CBC3_MD5,
654         SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
655         SSL_NOT_EXP|SSL_HIGH,
656         0,
657         112,
658         168,
659         SSL_ALL_CIPHERS,
660         SSL_ALL_STRENGTHS,
661         },
662
663 /* Cipher 24 */
664         {
665         1,
666         SSL3_TXT_KRB5_RC4_128_MD5,
667         SSL3_CK_KRB5_RC4_128_MD5,
668         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
669         SSL_NOT_EXP|SSL_MEDIUM,
670         0,
671         128,
672         128,
673         SSL_ALL_CIPHERS,
674         SSL_ALL_STRENGTHS,
675         },
676
677 /* Cipher 25 */
678         {
679         1,
680         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
681         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
682         SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
683         SSL_NOT_EXP|SSL_MEDIUM,
684         0,
685         128,
686         128,
687         SSL_ALL_CIPHERS,
688         SSL_ALL_STRENGTHS,
689         },
690
691 /* Cipher 26 */
692         {
693         1,
694         SSL3_TXT_KRB5_DES_40_CBC_SHA,
695         SSL3_CK_KRB5_DES_40_CBC_SHA,
696         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
697         SSL_EXPORT|SSL_EXP40,
698         0,
699         40,
700         56,
701         SSL_ALL_CIPHERS,
702         SSL_ALL_STRENGTHS,
703         },
704
705 /* Cipher 27 */
706         {
707         1,
708         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
709         SSL3_CK_KRB5_RC2_40_CBC_SHA,
710         SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
711         SSL_EXPORT|SSL_EXP40,
712         0,
713         40,
714         128,
715         SSL_ALL_CIPHERS,
716         SSL_ALL_STRENGTHS,
717         },
718
719 /* Cipher 28 */
720         {
721         1,
722         SSL3_TXT_KRB5_RC4_40_SHA,
723         SSL3_CK_KRB5_RC4_40_SHA,
724         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
725         SSL_EXPORT|SSL_EXP40,
726         0,
727         128,
728         128,
729         SSL_ALL_CIPHERS,
730         SSL_ALL_STRENGTHS,
731         },
732
733 /* Cipher 29 */
734         {
735         1,
736         SSL3_TXT_KRB5_DES_40_CBC_MD5,
737         SSL3_CK_KRB5_DES_40_CBC_MD5,
738         SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
739         SSL_EXPORT|SSL_EXP40,
740         0,
741         40,
742         56,
743         SSL_ALL_CIPHERS,
744         SSL_ALL_STRENGTHS,
745         },
746
747 /* Cipher 2A */
748         {
749         1,
750         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
751         SSL3_CK_KRB5_RC2_40_CBC_MD5,
752         SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
753         SSL_EXPORT|SSL_EXP40,
754         0,
755         40,
756         128,
757         SSL_ALL_CIPHERS,
758         SSL_ALL_STRENGTHS,
759         },
760
761 /* Cipher 2B */
762         {
763         1,
764         SSL3_TXT_KRB5_RC4_40_MD5,
765         SSL3_CK_KRB5_RC4_40_MD5,
766         SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
767         SSL_EXPORT|SSL_EXP40,
768         0,
769         128,
770         128,
771         SSL_ALL_CIPHERS,
772         SSL_ALL_STRENGTHS,
773         },
774 #endif  /* OPENSSL_NO_KRB5 */
775
776 /* New AES ciphersuites */
777 /* Cipher 2F */
778         {
779         1,
780         TLS1_TXT_RSA_WITH_AES_128_SHA,
781         TLS1_CK_RSA_WITH_AES_128_SHA,
782         SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
783         SSL_NOT_EXP|SSL_HIGH,
784         0,
785         128,
786         128,
787         SSL_ALL_CIPHERS,
788         SSL_ALL_STRENGTHS,
789         },
790 /* Cipher 30 */
791         {
792         0,
793         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
794         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
795         SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
796         SSL_NOT_EXP|SSL_HIGH,
797         0,
798         128,
799         128,
800         SSL_ALL_CIPHERS,
801         SSL_ALL_STRENGTHS,
802         },
803 /* Cipher 31 */
804         {
805         0,
806         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
807         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
808         SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
809         SSL_NOT_EXP|SSL_HIGH,
810         0,
811         128,
812         128,
813         SSL_ALL_CIPHERS,
814         SSL_ALL_STRENGTHS,
815         },
816 /* Cipher 32 */
817         {
818         1,
819         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
820         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
821         SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
822         SSL_NOT_EXP|SSL_HIGH,
823         0,
824         128,
825         128,
826         SSL_ALL_CIPHERS,
827         SSL_ALL_STRENGTHS,
828         },
829 /* Cipher 33 */
830         {
831         1,
832         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
833         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
834         SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
835         SSL_NOT_EXP|SSL_HIGH,
836         0,
837         128,
838         128,
839         SSL_ALL_CIPHERS,
840         SSL_ALL_STRENGTHS,
841         },
842 /* Cipher 34 */
843         {
844         1,
845         TLS1_TXT_ADH_WITH_AES_128_SHA,
846         TLS1_CK_ADH_WITH_AES_128_SHA,
847         SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
848         SSL_NOT_EXP|SSL_HIGH,
849         0,
850         128,
851         128,
852         SSL_ALL_CIPHERS,
853         SSL_ALL_STRENGTHS,
854         },
855
856 /* Cipher 35 */
857         {
858         1,
859         TLS1_TXT_RSA_WITH_AES_256_SHA,
860         TLS1_CK_RSA_WITH_AES_256_SHA,
861         SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
862         SSL_NOT_EXP|SSL_HIGH,
863         0,
864         256,
865         256,
866         SSL_ALL_CIPHERS,
867         SSL_ALL_STRENGTHS,
868         },
869 /* Cipher 36 */
870         {
871         0,
872         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
873         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
874         SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
875         SSL_NOT_EXP|SSL_HIGH,
876         0,
877         256,
878         256,
879         SSL_ALL_CIPHERS,
880         SSL_ALL_STRENGTHS,
881         },
882 /* Cipher 37 */
883         {
884         0, /* not implemented (non-ephemeral DH) */
885         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
886         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
887         SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
888         SSL_NOT_EXP|SSL_HIGH,
889         0,
890         256,
891         256,
892         SSL_ALL_CIPHERS,
893         SSL_ALL_STRENGTHS,
894         },
895 /* Cipher 38 */
896         {
897         1,
898         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
899         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
900         SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
901         SSL_NOT_EXP|SSL_HIGH,
902         0,
903         256,
904         256,
905         SSL_ALL_CIPHERS,
906         SSL_ALL_STRENGTHS,
907         },
908 /* Cipher 39 */
909         {
910         1,
911         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
912         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
913         SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
914         SSL_NOT_EXP|SSL_HIGH,
915         0,
916         256,
917         256,
918         SSL_ALL_CIPHERS,
919         SSL_ALL_STRENGTHS,
920         },
921         /* Cipher 3A */
922         {
923         1,
924         TLS1_TXT_ADH_WITH_AES_256_SHA,
925         TLS1_CK_ADH_WITH_AES_256_SHA,
926         SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
927         SSL_NOT_EXP|SSL_HIGH,
928         0,
929         256,
930         256,
931         SSL_ALL_CIPHERS,
932         SSL_ALL_STRENGTHS,
933         },
934
935 #ifndef OPENSSL_NO_CAMELLIA
936         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
937
938         /* Cipher 41 */
939         {
940         1,
941         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
942         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
943         SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
944         SSL_NOT_EXP|SSL_HIGH,
945         0,
946         128,
947         128,
948         SSL_ALL_CIPHERS,
949         SSL_ALL_STRENGTHS
950         },
951         /* Cipher 42 */
952         {
953         0, /* not implemented (non-ephemeral DH) */
954         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
955         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
956         SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
957         SSL_NOT_EXP|SSL_HIGH,
958         0,
959         128,
960         128,
961         SSL_ALL_CIPHERS,
962         SSL_ALL_STRENGTHS
963         },
964         /* Cipher 43 */
965         {
966         0, /* not implemented (non-ephemeral DH) */
967         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
968         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
969         SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
970         SSL_NOT_EXP|SSL_HIGH,
971         0,
972         128,
973         128,
974         SSL_ALL_CIPHERS,
975         SSL_ALL_STRENGTHS
976         },
977         /* Cipher 44 */
978         {
979         1,
980         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
981         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
982         SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
983         SSL_NOT_EXP|SSL_HIGH,
984         0,
985         128,
986         128,
987         SSL_ALL_CIPHERS,
988         SSL_ALL_STRENGTHS
989         },
990         /* Cipher 45 */
991         {
992         1,
993         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
994         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
995         SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
996         SSL_NOT_EXP|SSL_HIGH,
997         0,
998         128,
999         128,
1000         SSL_ALL_CIPHERS,
1001         SSL_ALL_STRENGTHS
1002         },
1003         /* Cipher 46 */
1004         {
1005         1,
1006         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1007         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1008         SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1009         SSL_NOT_EXP|SSL_HIGH,
1010         0,
1011         128,
1012         128,
1013         SSL_ALL_CIPHERS,
1014         SSL_ALL_STRENGTHS
1015         },
1016 #endif /* OPENSSL_NO_CAMELLIA */
1017
1018 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1019         /* New TLS Export CipherSuites from expired ID */
1020 #if 0
1021         /* Cipher 60 */
1022             {
1023             1,
1024             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1025             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1026             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
1027             SSL_EXPORT|SSL_EXP56,
1028             0,
1029             56,
1030             128,
1031             SSL_ALL_CIPHERS,
1032             SSL_ALL_STRENGTHS,
1033             },
1034         /* Cipher 61 */
1035             {
1036             1,
1037             TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1038             TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1039             SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
1040             SSL_EXPORT|SSL_EXP56,
1041             0,
1042             56,
1043             128,
1044             SSL_ALL_CIPHERS,
1045             SSL_ALL_STRENGTHS,
1046             },
1047 #endif
1048         /* Cipher 62 */
1049             {
1050             1,
1051             TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1052             TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1053             SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
1054             SSL_EXPORT|SSL_EXP56,
1055             0,
1056             56,
1057             56,
1058             SSL_ALL_CIPHERS,
1059             SSL_ALL_STRENGTHS,
1060             },
1061         /* Cipher 63 */
1062             {
1063             1,
1064             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1065             TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1066             SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
1067             SSL_EXPORT|SSL_EXP56,
1068             0,
1069             56,
1070             56,
1071             SSL_ALL_CIPHERS,
1072             SSL_ALL_STRENGTHS,
1073             },
1074         /* Cipher 64 */
1075             {
1076             1,
1077             TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1078             TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1079             SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1080             SSL_EXPORT|SSL_EXP56,
1081             0,
1082             56,
1083             128,
1084             SSL_ALL_CIPHERS,
1085             SSL_ALL_STRENGTHS,
1086             },
1087         /* Cipher 65 */
1088             {
1089             1,
1090             TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1091             TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1092             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
1093             SSL_EXPORT|SSL_EXP56,
1094             0,
1095             56,
1096             128,
1097             SSL_ALL_CIPHERS,
1098             SSL_ALL_STRENGTHS,
1099             },
1100         /* Cipher 66 */
1101             {
1102             1,
1103             TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1104             TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1105             SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
1106             SSL_NOT_EXP|SSL_MEDIUM,
1107             0,
1108             128,
1109             128,
1110             SSL_ALL_CIPHERS,
1111             SSL_ALL_STRENGTHS
1112             },
1113 #endif
1114
1115 #ifndef OPENSSL_NO_CAMELLIA
1116         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1117
1118         /* Cipher 84 */
1119         {
1120         1,
1121         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1122         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1123         SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1124         SSL_NOT_EXP|SSL_HIGH,
1125         0,
1126         256,
1127         256,
1128         SSL_ALL_CIPHERS,
1129         SSL_ALL_STRENGTHS
1130         },
1131         /* Cipher 85 */
1132         {
1133         0, /* not implemented (non-ephemeral DH) */
1134         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1135         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1136         SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1137         SSL_NOT_EXP|SSL_HIGH,
1138         0,
1139         256,
1140         256,
1141         SSL_ALL_CIPHERS,
1142         SSL_ALL_STRENGTHS
1143         },
1144         /* Cipher 86 */
1145         {
1146         0, /* not implemented (non-ephemeral DH) */
1147         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1148         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1149         SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1150         SSL_NOT_EXP|SSL_HIGH,
1151         0,
1152         256,
1153         256,
1154         SSL_ALL_CIPHERS,
1155         SSL_ALL_STRENGTHS
1156         },
1157         /* Cipher 87 */
1158         {
1159         1,
1160         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1161         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1162         SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1163         SSL_NOT_EXP|SSL_HIGH,
1164         0,
1165         256,
1166         256,
1167         SSL_ALL_CIPHERS,
1168         SSL_ALL_STRENGTHS
1169         },
1170         /* Cipher 88 */
1171         {
1172         1,
1173         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1174         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1175         SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1176         SSL_NOT_EXP|SSL_HIGH,
1177         0,
1178         256,
1179         256,
1180         SSL_ALL_CIPHERS,
1181         SSL_ALL_STRENGTHS
1182         },
1183         /* Cipher 89 */
1184         {
1185         1,
1186         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1187         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1188         SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
1189         SSL_NOT_EXP|SSL_HIGH,
1190         0,
1191         256,
1192         256,
1193         SSL_ALL_CIPHERS,
1194         SSL_ALL_STRENGTHS
1195         },
1196 #endif /* OPENSSL_NO_CAMELLIA */
1197
1198 #ifndef OPENSSL_NO_PSK
1199         /* Cipher 8A */
1200         {
1201         1,
1202         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1203         TLS1_CK_PSK_WITH_RC4_128_SHA,
1204         SSL_kPSK|SSL_aPSK|SSL_RC4|SSL_SHA|SSL_TLSV1,
1205         SSL_NOT_EXP|SSL_MEDIUM,
1206         0,
1207         128,
1208         128,
1209         SSL_ALL_CIPHERS,
1210         SSL_ALL_STRENGTHS,
1211         },
1212
1213         /* Cipher 8B */
1214         {
1215         1,
1216         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1217         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1218         SSL_kPSK|SSL_aPSK|SSL_3DES|SSL_SHA|SSL_TLSV1,
1219         SSL_NOT_EXP|SSL_HIGH,
1220         0,
1221         168,
1222         168,
1223         SSL_ALL_CIPHERS,
1224         SSL_ALL_STRENGTHS,
1225         },
1226
1227         /* Cipher 8C */
1228         {
1229         1,
1230         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1231         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1232         SSL_kPSK|SSL_aPSK|SSL_AES|SSL_SHA|SSL_TLSV1,
1233         SSL_NOT_EXP|SSL_MEDIUM,
1234         0,
1235         128,
1236         128,
1237         SSL_ALL_CIPHERS,
1238         SSL_ALL_STRENGTHS,
1239         },
1240
1241         /* Cipher 8D */
1242         {
1243         1,
1244         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1245         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1246         SSL_kPSK|SSL_aPSK|SSL_AES|SSL_SHA|SSL_TLSV1,
1247         SSL_NOT_EXP|SSL_HIGH,
1248         0,
1249         256,
1250         256,
1251         SSL_ALL_CIPHERS,
1252         SSL_ALL_STRENGTHS,
1253         },
1254 #endif  /* OPENSSL_NO_PSK */
1255
1256 #ifndef OPENSSL_NO_ECDH
1257         /* Cipher C001 */
1258             {
1259             1,
1260             TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1261             TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1262             SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1263             SSL_NOT_EXP,
1264             0,
1265             0,
1266             0,
1267             SSL_ALL_CIPHERS,
1268             SSL_ALL_STRENGTHS,
1269             },
1270
1271         /* Cipher C002 */
1272             {
1273             1,
1274             TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1275             TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1276             SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,
1277             SSL_NOT_EXP,
1278             0,
1279             128,
1280             128,
1281             SSL_ALL_CIPHERS,
1282             SSL_ALL_STRENGTHS,
1283             },
1284
1285         /* Cipher C003 */
1286             {
1287             1,
1288             TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1289             TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1290             SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,
1291             SSL_NOT_EXP|SSL_HIGH,
1292             0,
1293             168,
1294             168,
1295             SSL_ALL_CIPHERS,
1296             SSL_ALL_STRENGTHS,
1297             },
1298
1299         /* Cipher C004 */
1300             {
1301             1,
1302             TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1303             TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1304             SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1305             SSL_NOT_EXP|SSL_HIGH,
1306             0,
1307             128,
1308             128,
1309             SSL_ALL_CIPHERS,
1310             SSL_ALL_STRENGTHS,
1311             },
1312
1313         /* Cipher C005 */
1314             {
1315             1,
1316             TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1317             TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1318             SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1319             SSL_NOT_EXP|SSL_HIGH,
1320             0,
1321             256,
1322             256,
1323             SSL_ALL_CIPHERS,
1324             SSL_ALL_STRENGTHS,
1325             },
1326
1327         /* Cipher C006 */
1328             {
1329             1,
1330             TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1331             TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1332             SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1333             SSL_NOT_EXP,
1334             0,
1335             0,
1336             0,
1337             SSL_ALL_CIPHERS,
1338             SSL_ALL_STRENGTHS,
1339             },
1340
1341         /* Cipher C007 */
1342             {
1343             1,
1344             TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1345             TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1346             SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1347             SSL_NOT_EXP,
1348             0,
1349             128,
1350             128,
1351             SSL_ALL_CIPHERS,
1352             SSL_ALL_STRENGTHS,
1353             },
1354
1355         /* Cipher C008 */
1356             {
1357             1,
1358             TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1359             TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1360             SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1361             SSL_NOT_EXP|SSL_HIGH,
1362             0,
1363             168,
1364             168,
1365             SSL_ALL_CIPHERS,
1366             SSL_ALL_STRENGTHS,
1367             },
1368
1369         /* Cipher C009 */
1370             {
1371             1,
1372             TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1373             TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1374             SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1375             SSL_NOT_EXP|SSL_HIGH,
1376             0,
1377             128,
1378             128,
1379             SSL_ALL_CIPHERS,
1380             SSL_ALL_STRENGTHS,
1381             },
1382
1383         /* Cipher C00A */
1384             {
1385             1,
1386             TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1387             TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1388             SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1389             SSL_NOT_EXP|SSL_HIGH,
1390             0,
1391             256,
1392             256,
1393             SSL_ALL_CIPHERS,
1394             SSL_ALL_STRENGTHS,
1395             },
1396
1397         /* Cipher C00B */
1398             {
1399             1,
1400             TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1401             TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1402             SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1403             SSL_NOT_EXP,
1404             0,
1405             0,
1406             0,
1407             SSL_ALL_CIPHERS,
1408             SSL_ALL_STRENGTHS,
1409             },
1410
1411         /* Cipher C00C */
1412             {
1413             1,
1414             TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1415             TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1416             SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,
1417             SSL_NOT_EXP,
1418             0,
1419             128,
1420             128,
1421             SSL_ALL_CIPHERS,
1422             SSL_ALL_STRENGTHS,
1423             },
1424
1425         /* Cipher C00D */
1426             {
1427             1,
1428             TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1429             TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1430             SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,
1431             SSL_NOT_EXP|SSL_HIGH,
1432             0,
1433             168,
1434             168,
1435             SSL_ALL_CIPHERS,
1436             SSL_ALL_STRENGTHS,
1437             },
1438
1439         /* Cipher C00E */
1440             {
1441             1,
1442             TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1443             TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1444             SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1445             SSL_NOT_EXP|SSL_HIGH,
1446             0,
1447             128,
1448             128,
1449             SSL_ALL_CIPHERS,
1450             SSL_ALL_STRENGTHS,
1451             },
1452
1453         /* Cipher C00F */
1454             {
1455             1,
1456             TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1457             TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1458             SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,
1459             SSL_NOT_EXP|SSL_HIGH,
1460             0,
1461             256,
1462             256,
1463             SSL_ALL_CIPHERS,
1464             SSL_ALL_STRENGTHS,
1465             },
1466
1467         /* Cipher C010 */
1468             {
1469             1,
1470             TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1471             TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1472             SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1473             SSL_NOT_EXP,
1474             0,
1475             0,
1476             0,
1477             SSL_ALL_CIPHERS,
1478             SSL_ALL_STRENGTHS,
1479             },
1480
1481         /* Cipher C011 */
1482             {
1483             1,
1484             TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1485             TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1486             SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
1487             SSL_NOT_EXP,
1488             0,
1489             128,
1490             128,
1491             SSL_ALL_CIPHERS,
1492             SSL_ALL_STRENGTHS,
1493             },
1494
1495         /* Cipher C012 */
1496             {
1497             1,
1498             TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1499             TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1500             SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
1501             SSL_NOT_EXP|SSL_HIGH,
1502             0,
1503             168,
1504             168,
1505             SSL_ALL_CIPHERS,
1506             SSL_ALL_STRENGTHS,
1507             },
1508
1509         /* Cipher C013 */
1510             {
1511             1,
1512             TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1513             TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1514             SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1515             SSL_NOT_EXP|SSL_HIGH,
1516             0,
1517             128,
1518             128,
1519             SSL_ALL_CIPHERS,
1520             SSL_ALL_STRENGTHS,
1521             },
1522
1523         /* Cipher C014 */
1524             {
1525             1,
1526             TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1527             TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1528             SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
1529             SSL_NOT_EXP|SSL_HIGH,
1530             0,
1531             256,
1532             256,
1533             SSL_ALL_CIPHERS,
1534             SSL_ALL_STRENGTHS,
1535             },
1536
1537         /* Cipher C015 */
1538             {
1539             1,
1540             TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1541             TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1542             SSL_kEECDH|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
1543             SSL_NOT_EXP,
1544             0,
1545             0,
1546             0,
1547             SSL_ALL_CIPHERS,
1548             SSL_ALL_STRENGTHS,
1549             },
1550
1551         /* Cipher C016 */
1552             {
1553             1,
1554             TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1555             TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1556             SSL_kEECDH|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
1557             SSL_NOT_EXP,
1558             0,
1559             128,
1560             128,
1561             SSL_ALL_CIPHERS,
1562             SSL_ALL_STRENGTHS,
1563             },
1564
1565         /* Cipher C017 */
1566             {
1567             1,
1568             TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1569             TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1570             SSL_kEECDH|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
1571             SSL_NOT_EXP|SSL_HIGH,
1572             0,
1573             168,
1574             168,
1575             SSL_ALL_CIPHERS,
1576             SSL_ALL_STRENGTHS,
1577             },
1578
1579         /* Cipher C018 */
1580             {
1581             1,
1582             TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1583             TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1584             SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1585             SSL_NOT_EXP|SSL_HIGH,
1586             0,
1587             128,
1588             128,
1589             SSL_ALL_CIPHERS,
1590             SSL_ALL_STRENGTHS,
1591             },
1592
1593         /* Cipher C019 */
1594             {
1595             1,
1596             TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1597             TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1598             SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
1599             SSL_NOT_EXP|SSL_HIGH,
1600             0,
1601             256,
1602             256,
1603             SSL_ALL_CIPHERS,
1604             SSL_ALL_STRENGTHS,
1605             },
1606 #endif  /* OPENSSL_NO_ECDH */
1607
1608
1609 /* end of list */
1610         };
1611
1612 SSL3_ENC_METHOD SSLv3_enc_data={
1613         ssl3_enc,
1614         ssl3_mac,
1615         ssl3_setup_key_block,
1616         ssl3_generate_master_secret,
1617         ssl3_change_cipher_state,
1618         ssl3_final_finish_mac,
1619         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1620         ssl3_cert_verify_mac,
1621         SSL3_MD_CLIENT_FINISHED_CONST,4,
1622         SSL3_MD_SERVER_FINISHED_CONST,4,
1623         ssl3_alert_code,
1624         };
1625
1626 long ssl3_default_timeout(void)
1627         {
1628         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
1629          * is way too long for http, the cache would over fill */
1630         return(60*60*2);
1631         }
1632
1633 int ssl3_num_ciphers(void)
1634         {
1635         return(SSL3_NUM_CIPHERS);
1636         }
1637
1638 SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1639         {
1640         if (u < SSL3_NUM_CIPHERS)
1641                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
1642         else
1643                 return(NULL);
1644         }
1645
1646 int ssl3_pending(const SSL *s)
1647         {
1648         if (s->rstate == SSL_ST_READ_BODY)
1649                 return 0;
1650         
1651         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
1652         }
1653
1654 int ssl3_new(SSL *s)
1655         {
1656         SSL3_STATE *s3;
1657
1658         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1659         memset(s3,0,sizeof *s3);
1660         EVP_MD_CTX_init(&s3->finish_dgst1);
1661         EVP_MD_CTX_init(&s3->finish_dgst2);
1662         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
1663         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
1664
1665         s->s3=s3;
1666
1667         s->method->ssl_clear(s);
1668         return(1);
1669 err:
1670         return(0);
1671         }
1672
1673 void ssl3_free(SSL *s)
1674         {
1675         if(s == NULL)
1676             return;
1677
1678         ssl3_cleanup_key_block(s);
1679         if (s->s3->rbuf.buf != NULL)
1680                 OPENSSL_free(s->s3->rbuf.buf);
1681         if (s->s3->wbuf.buf != NULL)
1682                 OPENSSL_free(s->s3->wbuf.buf);
1683         if (s->s3->rrec.comp != NULL)
1684                 OPENSSL_free(s->s3->rrec.comp);
1685 #ifndef OPENSSL_NO_DH
1686         if (s->s3->tmp.dh != NULL)
1687                 DH_free(s->s3->tmp.dh);
1688 #endif
1689 #ifndef OPENSSL_NO_ECDH
1690         if (s->s3->tmp.ecdh != NULL)
1691                 EC_KEY_free(s->s3->tmp.ecdh);
1692 #endif
1693
1694         if (s->s3->tmp.ca_names != NULL)
1695                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1696         EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1697         EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1698
1699         OPENSSL_cleanse(s->s3,sizeof *s->s3);
1700         OPENSSL_free(s->s3);
1701         s->s3=NULL;
1702         }
1703
1704 void ssl3_clear(SSL *s)
1705         {
1706         unsigned char *rp,*wp;
1707         size_t rlen, wlen;
1708
1709         ssl3_cleanup_key_block(s);
1710         if (s->s3->tmp.ca_names != NULL)
1711                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1712
1713         if (s->s3->rrec.comp != NULL)
1714                 {
1715                 OPENSSL_free(s->s3->rrec.comp);
1716                 s->s3->rrec.comp=NULL;
1717                 }
1718 #ifndef OPENSSL_NO_DH
1719         if (s->s3->tmp.dh != NULL)
1720                 DH_free(s->s3->tmp.dh);
1721 #endif
1722 #ifndef OPENSSL_NO_ECDH
1723         if (s->s3->tmp.ecdh != NULL)
1724                 EC_KEY_free(s->s3->tmp.ecdh);
1725 #endif
1726
1727         rp = s->s3->rbuf.buf;
1728         wp = s->s3->wbuf.buf;
1729         rlen = s->s3->rbuf.len;
1730         wlen = s->s3->wbuf.len;
1731
1732         EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
1733         EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
1734
1735         memset(s->s3,0,sizeof *s->s3);
1736         s->s3->rbuf.buf = rp;
1737         s->s3->wbuf.buf = wp;
1738         s->s3->rbuf.len = rlen;
1739         s->s3->wbuf.len = wlen;
1740
1741         ssl_free_wbio_buffer(s);
1742
1743         s->packet_length=0;
1744         s->s3->renegotiate=0;
1745         s->s3->total_renegotiations=0;
1746         s->s3->num_renegotiations=0;
1747         s->s3->in_read_app_data=0;
1748         s->version=SSL3_VERSION;
1749         }
1750
1751 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1752         {
1753         int ret=0;
1754
1755 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1756         if (
1757 #ifndef OPENSSL_NO_RSA
1758             cmd == SSL_CTRL_SET_TMP_RSA ||
1759             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1760 #endif
1761 #ifndef OPENSSL_NO_DSA
1762             cmd == SSL_CTRL_SET_TMP_DH ||
1763             cmd == SSL_CTRL_SET_TMP_DH_CB ||
1764 #endif
1765                 0)
1766                 {
1767                 if (!ssl_cert_inst(&s->cert))
1768                         {
1769                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
1770                         return(0);
1771                         }
1772                 }
1773 #endif
1774
1775         switch (cmd)
1776                 {
1777         case SSL_CTRL_GET_SESSION_REUSED:
1778                 ret=s->hit;
1779                 break;
1780         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
1781                 break;
1782         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
1783                 ret=s->s3->num_renegotiations;
1784                 break;
1785         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
1786                 ret=s->s3->num_renegotiations;
1787                 s->s3->num_renegotiations=0;
1788                 break;
1789         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
1790                 ret=s->s3->total_renegotiations;
1791                 break;
1792         case SSL_CTRL_GET_FLAGS:
1793                 ret=(int)(s->s3->flags);
1794                 break;
1795 #ifndef OPENSSL_NO_RSA
1796         case SSL_CTRL_NEED_TMP_RSA:
1797                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
1798                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
1799                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
1800                         ret = 1;
1801                 break;
1802         case SSL_CTRL_SET_TMP_RSA:
1803                 {
1804                         RSA *rsa = (RSA *)parg;
1805                         if (rsa == NULL)
1806                                 {
1807                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1808                                 return(ret);
1809                                 }
1810                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
1811                                 {
1812                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
1813                                 return(ret);
1814                                 }
1815                         if (s->cert->rsa_tmp != NULL)
1816                                 RSA_free(s->cert->rsa_tmp);
1817                         s->cert->rsa_tmp = rsa;
1818                         ret = 1;
1819                 }
1820                 break;
1821         case SSL_CTRL_SET_TMP_RSA_CB:
1822                 {
1823                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1824                 return(ret);
1825                 }
1826                 break;
1827 #endif
1828 #ifndef OPENSSL_NO_DH
1829         case SSL_CTRL_SET_TMP_DH:
1830                 {
1831                         DH *dh = (DH *)parg;
1832                         if (dh == NULL)
1833                                 {
1834                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1835                                 return(ret);
1836                                 }
1837                         if ((dh = DHparams_dup(dh)) == NULL)
1838                                 {
1839                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1840                                 return(ret);
1841                                 }
1842                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
1843                                 {
1844                                 if (!DH_generate_key(dh))
1845                                         {
1846                                         DH_free(dh);
1847                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
1848                                         return(ret);
1849                                         }
1850                                 }
1851                         if (s->cert->dh_tmp != NULL)
1852                                 DH_free(s->cert->dh_tmp);
1853                         s->cert->dh_tmp = dh;
1854                         ret = 1;
1855                 }
1856                 break;
1857         case SSL_CTRL_SET_TMP_DH_CB:
1858                 {
1859                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1860                 return(ret);
1861                 }
1862                 break;
1863 #endif
1864 #ifndef OPENSSL_NO_ECDH
1865         case SSL_CTRL_SET_TMP_ECDH:
1866                 {
1867                 EC_KEY *ecdh = NULL;
1868                         
1869                 if (parg == NULL)
1870                         {
1871                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
1872                         return(ret);
1873                         }
1874                 if (!EC_KEY_up_ref((EC_KEY *)parg))
1875                         {
1876                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1877                         return(ret);
1878                         }
1879                 ecdh = (EC_KEY *)parg;
1880                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
1881                         {
1882                         if (!EC_KEY_generate_key(ecdh))
1883                                 {
1884                                 EC_KEY_free(ecdh);
1885                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
1886                                 return(ret);
1887                                 }
1888                         }
1889                 if (s->cert->ecdh_tmp != NULL)
1890                         EC_KEY_free(s->cert->ecdh_tmp);
1891                 s->cert->ecdh_tmp = ecdh;
1892                 ret = 1;
1893                 }
1894                 break;
1895         case SSL_CTRL_SET_TMP_ECDH_CB:
1896                 {
1897                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1898                 return(ret);
1899                 }
1900                 break;
1901 #endif /* !OPENSSL_NO_ECDH */
1902 #ifndef OPENSSL_NO_TLSEXT
1903         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
1904                 if (larg == TLSEXT_NAMETYPE_host_name)
1905                         {
1906                         if (s->tlsext_hostname != NULL) 
1907                                 OPENSSL_free(s->tlsext_hostname);
1908                         s->tlsext_hostname = NULL;
1909
1910                         ret = 1;
1911                         if (parg == NULL) 
1912                                 break;
1913                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
1914                                 {
1915                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
1916                                 return 0;
1917                                 }
1918                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
1919                                 {
1920                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
1921                                 return 0;
1922                                 }
1923                         }
1924                 else
1925                         {
1926                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
1927                         return 0;
1928                         }
1929                 s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
1930                 break;
1931 #endif /* !OPENSSL_NO_TLSEXT */
1932         default:
1933                 break;
1934                 }
1935         return(ret);
1936         }
1937
1938 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1939         {
1940         int ret=0;
1941
1942 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
1943         if (
1944 #ifndef OPENSSL_NO_RSA
1945             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
1946 #endif
1947 #ifndef OPENSSL_NO_DSA
1948             cmd == SSL_CTRL_SET_TMP_DH_CB ||
1949 #endif
1950                 0)
1951                 {
1952                 if (!ssl_cert_inst(&s->cert))
1953                         {
1954                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
1955                         return(0);
1956                         }
1957                 }
1958 #endif
1959
1960         switch (cmd)
1961                 {
1962 #ifndef OPENSSL_NO_RSA
1963         case SSL_CTRL_SET_TMP_RSA_CB:
1964                 {
1965                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
1966                 }
1967                 break;
1968 #endif
1969 #ifndef OPENSSL_NO_DH
1970         case SSL_CTRL_SET_TMP_DH_CB:
1971                 {
1972                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
1973                 }
1974                 break;
1975 #endif
1976 #ifndef OPENSSL_NO_ECDH
1977         case SSL_CTRL_SET_TMP_ECDH_CB:
1978                 {
1979                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
1980                 }
1981                 break;
1982 #endif
1983         default:
1984                 break;
1985                 }
1986         return(ret);
1987         }
1988
1989 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1990         {
1991         CERT *cert;
1992
1993         cert=ctx->cert;
1994
1995         switch (cmd)
1996                 {
1997 #ifndef OPENSSL_NO_RSA
1998         case SSL_CTRL_NEED_TMP_RSA:
1999                 if (    (cert->rsa_tmp == NULL) &&
2000                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2001                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2002                         )
2003                         return(1);
2004                 else
2005                         return(0);
2006                 /* break; */
2007         case SSL_CTRL_SET_TMP_RSA:
2008                 {
2009                 RSA *rsa;
2010                 int i;
2011
2012                 rsa=(RSA *)parg;
2013                 i=1;
2014                 if (rsa == NULL)
2015                         i=0;
2016                 else
2017                         {
2018                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2019                                 i=0;
2020                         }
2021                 if (!i)
2022                         {
2023                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2024                         return(0);
2025                         }
2026                 else
2027                         {
2028                         if (cert->rsa_tmp != NULL)
2029                                 RSA_free(cert->rsa_tmp);
2030                         cert->rsa_tmp=rsa;
2031                         return(1);
2032                         }
2033                 }
2034                 /* break; */
2035         case SSL_CTRL_SET_TMP_RSA_CB:
2036                 {
2037                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2038                 return(0);
2039                 }
2040                 break;
2041 #endif
2042 #ifndef OPENSSL_NO_DH
2043         case SSL_CTRL_SET_TMP_DH:
2044                 {
2045                 DH *new=NULL,*dh;
2046
2047                 dh=(DH *)parg;
2048                 if ((new=DHparams_dup(dh)) == NULL)
2049                         {
2050                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2051                         return 0;
2052                         }
2053                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2054                         {
2055                         if (!DH_generate_key(new))
2056                                 {
2057                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2058                                 DH_free(new);
2059                                 return 0;
2060                                 }
2061                         }
2062                 if (cert->dh_tmp != NULL)
2063                         DH_free(cert->dh_tmp);
2064                 cert->dh_tmp=new;
2065                 return 1;
2066                 }
2067                 /*break; */
2068         case SSL_CTRL_SET_TMP_DH_CB:
2069                 {
2070                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2071                 return(0);
2072                 }
2073                 break;
2074 #endif
2075 #ifndef OPENSSL_NO_ECDH
2076         case SSL_CTRL_SET_TMP_ECDH:
2077                 {
2078                 EC_KEY *ecdh = NULL;
2079                         
2080                 if (parg == NULL)
2081                         {
2082                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2083                         return 0;
2084                         }
2085                 ecdh = EC_KEY_dup((EC_KEY *)parg);
2086                 if (ecdh == NULL)
2087                         {
2088                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2089                         return 0;
2090                         }
2091                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2092                         {
2093                         if (!EC_KEY_generate_key(ecdh))
2094                                 {
2095                                 EC_KEY_free(ecdh);
2096                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2097                                 return 0;
2098                                 }
2099                         }
2100
2101                 if (cert->ecdh_tmp != NULL)
2102                         {
2103                         EC_KEY_free(cert->ecdh_tmp);
2104                         }
2105                 cert->ecdh_tmp = ecdh;
2106                 return 1;
2107                 }
2108                 /* break; */
2109         case SSL_CTRL_SET_TMP_ECDH_CB:
2110                 {
2111                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2112                 return(0);
2113                 }
2114                 break;
2115 #endif /* !OPENSSL_NO_ECDH */
2116 #ifndef OPENSSL_NO_TLSEXT
2117         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2118                 ctx->tlsext_servername_arg=parg;
2119                 break;
2120 #endif /* !OPENSSL_NO_TLSEXT */
2121         /* A Thawte special :-) */
2122         case SSL_CTRL_EXTRA_CHAIN_CERT:
2123                 if (ctx->extra_certs == NULL)
2124                         {
2125                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2126                                 return(0);
2127                         }
2128                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2129                 break;
2130
2131         default:
2132                 return(0);
2133                 }
2134         return(1);
2135         }
2136
2137 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2138         {
2139         CERT *cert;
2140
2141         cert=ctx->cert;
2142
2143         switch (cmd)
2144                 {
2145 #ifndef OPENSSL_NO_RSA
2146         case SSL_CTRL_SET_TMP_RSA_CB:
2147                 {
2148                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2149                 }
2150                 break;
2151 #endif
2152 #ifndef OPENSSL_NO_DH
2153         case SSL_CTRL_SET_TMP_DH_CB:
2154                 {
2155                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2156                 }
2157                 break;
2158 #endif
2159 #ifndef OPENSSL_NO_ECDH
2160         case SSL_CTRL_SET_TMP_ECDH_CB:
2161                 {
2162                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2163                 }
2164                 break;
2165 #endif
2166 #ifndef OPENSSL_NO_TLSEXT
2167         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2168                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2169                 break;
2170 #endif
2171         default:
2172                 return(0);
2173                 }
2174         return(1);
2175         }
2176
2177 /* This function needs to check if the ciphers required are actually
2178  * available */
2179 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2180         {
2181         SSL_CIPHER c,*cp;
2182         unsigned long id;
2183
2184         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2185         c.id=id;
2186         cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
2187                 (char *)ssl3_ciphers,
2188                 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
2189                 FP_ICC ssl_cipher_id_cmp);
2190         if (cp == NULL || cp->valid == 0)
2191                 return NULL;
2192         else
2193                 return cp;
2194         }
2195
2196 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2197         {
2198         long l;
2199
2200         if (p != NULL)
2201                 {
2202                 l=c->id;
2203                 if ((l & 0xff000000) != 0x03000000) return(0);
2204                 p[0]=((unsigned char)(l>> 8L))&0xFF;
2205                 p[1]=((unsigned char)(l     ))&0xFF;
2206                 }
2207         return(2);
2208         }
2209
2210 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2211              STACK_OF(SSL_CIPHER) *srvr)
2212         {
2213         SSL_CIPHER *c,*ret=NULL;
2214         STACK_OF(SSL_CIPHER) *prio, *allow;
2215         int i,ii,ok;
2216         unsigned int j;
2217 #ifndef OPENSSL_NO_TLSEXT
2218 #ifndef OPENSSL_NO_EC
2219         int ec_ok, ec_nid;
2220         unsigned char ec_search1 = 0, ec_search2 = 0;
2221 #endif /* OPENSSL_NO_EC */
2222 #endif /* OPENSSL_NO_TLSEXT */
2223         CERT *cert;
2224         unsigned long alg,mask,emask;
2225
2226         /* Let's see which ciphers we can support */
2227         cert=s->cert;
2228
2229 #if 0
2230         /* Do not set the compare functions, because this may lead to a
2231          * reordering by "id". We want to keep the original ordering.
2232          * We may pay a price in performance during sk_SSL_CIPHER_find(),
2233          * but would have to pay with the price of sk_SSL_CIPHER_dup().
2234          */
2235         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2236         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2237 #endif
2238
2239 #ifdef CIPHER_DEBUG
2240         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
2241         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2242             {
2243             c=sk_SSL_CIPHER_value(srvr,i);
2244             printf("%p:%s\n",c,c->name);
2245             }
2246         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
2247         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2248             {
2249             c=sk_SSL_CIPHER_value(clnt,i);
2250             printf("%p:%s\n",c,c->name);
2251             }
2252 #endif
2253
2254         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2255             {
2256             prio = srvr;
2257             allow = clnt;
2258             }
2259         else
2260             {
2261             prio = clnt;
2262             allow = srvr;
2263             }
2264
2265         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2266                 {
2267                 c=sk_SSL_CIPHER_value(prio,i);
2268
2269                 ssl_set_cert_masks(cert,c);
2270                 mask=cert->mask;
2271                 emask=cert->export_mask;
2272                         
2273 #ifdef KSSL_DEBUG
2274                 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
2275 #endif    /* KSSL_DEBUG */
2276
2277                 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
2278 #ifndef OPENSSL_NO_KRB5
2279                 if (alg & SSL_KRB5) 
2280                         {
2281                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
2282                             continue;
2283                         }
2284 #endif /* OPENSSL_NO_KRB5 */
2285 #ifndef OPENSSL_NO_PSK
2286                 /* with PSK there must be server callback set */
2287                 if ((alg & SSL_PSK) && s->psk_server_callback == NULL)
2288                         continue;
2289 #endif /* OPENSSL_NO_PSK */
2290
2291                 if (SSL_C_IS_EXPORT(c))
2292                         {
2293                         ok=((alg & emask) == alg)?1:0;
2294 #ifdef CIPHER_DEBUG
2295                         printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
2296                                c,c->name);
2297 #endif
2298                         }
2299                 else
2300                         {
2301                         ok=((alg & mask) == alg)?1:0;
2302 #ifdef CIPHER_DEBUG
2303                         printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
2304                                c->name);
2305 #endif
2306                         }
2307
2308 #ifndef OPENSSL_NO_TLSEXT
2309 #ifndef OPENSSL_NO_EC
2310                 if (
2311                         /* if we are considering an ECC cipher suite that uses our certificate */
2312                         (alg & SSL_aECDSA)
2313                         /* and we have an ECC certificate */
2314                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2315                         /* and the client specified a Supported Point Formats extension */
2316                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2317                         /* and our certificate's point is compressed */
2318                         && (
2319                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2320                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2321                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2322                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2323                                 && (
2324                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2325                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2326                                         )
2327                                 )
2328                 )
2329                         {
2330                         ec_ok = 0;
2331                         /* if our certificate's curve is over a field type that the client does not support
2332                          * then do not allow this cipher suite to be negotiated */
2333                         if (
2334                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2335                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2336                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2337                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2338                         )
2339                                 {
2340                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2341                                         {
2342                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2343                                                 {
2344                                                 ec_ok = 1;
2345                                                 break;
2346                                                 }
2347                                         }
2348                                 }
2349                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2350                                 {
2351                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2352                                         {
2353                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2354                                                 {
2355                                                 ec_ok = 1;
2356                                                 break;
2357                                                 }
2358                                         }
2359                                 }
2360                         ok = ok && ec_ok;
2361                         }
2362                 if (
2363                         /* if we are considering an ECC cipher suite that uses our certificate */
2364                         (alg & SSL_aECDSA)
2365                         /* and we have an ECC certificate */
2366                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2367                         /* and the client specified an EllipticCurves extension */
2368                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2369                 )
2370                         {
2371                         ec_ok = 0;
2372                         if (
2373                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2374                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2375                         )
2376                                 {
2377                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2378                                 if ((ec_nid == 0)
2379                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2380                                 )
2381                                         {
2382                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2383                                                 {
2384                                                 ec_search1 = 0xFF;
2385                                                 ec_search2 = 0x01;
2386                                                 }
2387                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2388                                                 {
2389                                                 ec_search1 = 0xFF;
2390                                                 ec_search2 = 0x02;
2391                                                 }
2392                                         }
2393                                 else
2394                                         {
2395                                         ec_search1 = 0x00;
2396                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
2397                                         }
2398                                 if ((ec_search1 != 0) || (ec_search2 != 0))
2399                                         {
2400                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
2401                                                 {
2402                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
2403                                                         {
2404                                                         ec_ok = 1;
2405                                                         break;
2406                                                         }
2407                                                 }
2408                                         }
2409                                 }
2410                         ok = ok && ec_ok;
2411                         }
2412                 if (
2413                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
2414                         ((alg & SSL_kECDH) || (alg & SSL_kEECDH))
2415                         /* and we have an ephemeral EC key */
2416                         && (s->cert->ecdh_tmp != NULL)
2417                         /* and the client specified an EllipticCurves extension */
2418                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2419                 )
2420                         {
2421                         ec_ok = 0;
2422                         if (s->cert->ecdh_tmp->group != NULL)
2423                                 {
2424                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
2425                                 if ((ec_nid == 0)
2426                                         && (s->cert->ecdh_tmp->group->meth != NULL)
2427                                 )
2428                                         {
2429                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
2430                                                 {
2431                                                 ec_search1 = 0xFF;
2432                                                 ec_search2 = 0x01;
2433                                                 }
2434                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
2435                                                 {
2436                                                 ec_search1 = 0xFF;
2437                                                 ec_search2 = 0x02;
2438                                                 }
2439                                         }
2440                                 else
2441                                         {
2442                                         ec_search1 = 0x00;
2443                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
2444                                         }
2445                                 if ((ec_search1 != 0) || (ec_search2 != 0))
2446                                         {
2447                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
2448                                                 {
2449                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
2450                                                         {
2451                                                         ec_ok = 1;
2452                                                         break;
2453                                                         }
2454                                                 }
2455                                         }
2456                                 }
2457                         ok = ok && ec_ok;
2458                         }
2459 #endif /* OPENSSL_NO_EC */
2460 #endif /* OPENSSL_NO_TLSEXT */
2461
2462                 if (!ok) continue;
2463                 ii=sk_SSL_CIPHER_find(allow,c);
2464                 if (ii >= 0)
2465                         {
2466                         ret=sk_SSL_CIPHER_value(allow,ii);
2467                         break;
2468                         }
2469                 }
2470         return(ret);
2471         }
2472
2473 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2474         {
2475         int ret=0;
2476         unsigned long alg;
2477
2478         alg=s->s3->tmp.new_cipher->algorithms;
2479
2480 #ifndef OPENSSL_NO_DH
2481         if (alg & (SSL_kDHr|SSL_kEDH))
2482                 {
2483 #  ifndef OPENSSL_NO_RSA
2484                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
2485 #  endif
2486 #  ifndef OPENSSL_NO_DSA
2487                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
2488 #  endif
2489                 }
2490         if ((s->version == SSL3_VERSION) &&
2491                 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
2492                 {
2493 #  ifndef OPENSSL_NO_RSA
2494                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
2495 #  endif
2496 #  ifndef OPENSSL_NO_DSA
2497                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
2498 #  endif
2499                 }
2500 #endif /* !OPENSSL_NO_DH */
2501 #ifndef OPENSSL_NO_RSA
2502         p[ret++]=SSL3_CT_RSA_SIGN;
2503 #endif
2504 #ifndef OPENSSL_NO_DSA
2505         p[ret++]=SSL3_CT_DSS_SIGN;
2506 #endif
2507 #ifndef OPENSSL_NO_ECDH
2508         /* We should ask for fixed ECDH certificates only
2509          * for SSL_kECDH (and not SSL_kEECDH)
2510          */
2511         if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2512                 {
2513                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2514                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
2515                 }
2516 #endif
2517
2518 #ifndef OPENSSL_NO_ECDSA
2519         /* ECDSA certs can be used with RSA cipher suites as well 
2520          * so we don't need to check for SSL_kECDH or SSL_kEECDH
2521          */
2522         if (s->version >= TLS1_VERSION)
2523                 {
2524                 p[ret++]=TLS_CT_ECDSA_SIGN;
2525                 }
2526 #endif  
2527         return(ret);
2528         }
2529
2530 int ssl3_shutdown(SSL *s)
2531         {
2532
2533         /* Don't do anything much if we have not done the handshake or
2534          * we don't want to send messages :-) */
2535         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
2536                 {
2537                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2538                 return(1);
2539                 }
2540
2541         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
2542                 {
2543                 s->shutdown|=SSL_SENT_SHUTDOWN;
2544 #if 1
2545                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
2546 #endif
2547                 /* our shutdown alert has been sent now, and if it still needs
2548                  * to be written, s->s3->alert_dispatch will be true */
2549                 }
2550         else if (s->s3->alert_dispatch)
2551                 {
2552                 /* resend it if not sent */
2553 #if 1
2554                 s->method->ssl_dispatch_alert(s);
2555 #endif
2556                 }
2557         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
2558                 {
2559                 /* If we are waiting for a close from our peer, we are closed */
2560                 s->method->ssl_read_bytes(s,0,NULL,0,0);
2561                 }
2562
2563         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2564                 !s->s3->alert_dispatch)
2565                 return(1);
2566         else
2567                 return(0);
2568         }
2569
2570 int ssl3_write(SSL *s, const void *buf, int len)
2571         {
2572         int ret,n;
2573
2574 #if 0
2575         if (s->shutdown & SSL_SEND_SHUTDOWN)
2576                 {
2577                 s->rwstate=SSL_NOTHING;
2578                 return(0);
2579                 }
2580 #endif
2581         clear_sys_error();
2582         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2583
2584         /* This is an experimental flag that sends the
2585          * last handshake message in the same packet as the first
2586          * use data - used to see if it helps the TCP protocol during
2587          * session-id reuse */
2588         /* The second test is because the buffer may have been removed */
2589         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
2590                 {
2591                 /* First time through, we write into the buffer */
2592                 if (s->s3->delay_buf_pop_ret == 0)
2593                         {
2594                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2595                                              buf,len);
2596                         if (ret <= 0) return(ret);
2597
2598                         s->s3->delay_buf_pop_ret=ret;
2599                         }
2600
2601                 s->rwstate=SSL_WRITING;
2602                 n=BIO_flush(s->wbio);
2603                 if (n <= 0) return(n);
2604                 s->rwstate=SSL_NOTHING;
2605
2606                 /* We have flushed the buffer, so remove it */
2607                 ssl_free_wbio_buffer(s);
2608                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2609
2610                 ret=s->s3->delay_buf_pop_ret;
2611                 s->s3->delay_buf_pop_ret=0;
2612                 }
2613         else
2614                 {
2615                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
2616                         buf,len);
2617                 if (ret <= 0) return(ret);
2618                 }
2619
2620         return(ret);
2621         }
2622
2623 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2624         {
2625         int ret;
2626         
2627         clear_sys_error();
2628         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
2629         s->s3->in_read_app_data=1;
2630         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2631         if ((ret == -1) && (s->s3->in_read_app_data == 2))
2632                 {
2633                 /* ssl3_read_bytes decided to call s->handshake_func, which
2634                  * called ssl3_read_bytes to read handshake data.
2635                  * However, ssl3_read_bytes actually found application data
2636                  * and thinks that application data makes sense here; so disable
2637                  * handshake processing and try to read application data again. */
2638                 s->in_handshake++;
2639                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
2640                 s->in_handshake--;
2641                 }
2642         else
2643                 s->s3->in_read_app_data=0;
2644
2645         return(ret);
2646         }
2647
2648 int ssl3_read(SSL *s, void *buf, int len)
2649         {
2650         return ssl3_read_internal(s, buf, len, 0);
2651         }
2652
2653 int ssl3_peek(SSL *s, void *buf, int len)
2654         {
2655         return ssl3_read_internal(s, buf, len, 1);
2656         }
2657
2658 int ssl3_renegotiate(SSL *s)
2659         {
2660         if (s->handshake_func == NULL)
2661                 return(1);
2662
2663         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2664                 return(0);
2665
2666         s->s3->renegotiate=1;
2667         return(1);
2668         }
2669
2670 int ssl3_renegotiate_check(SSL *s)
2671         {
2672         int ret=0;
2673
2674         if (s->s3->renegotiate)
2675                 {
2676                 if (    (s->s3->rbuf.left == 0) &&
2677                         (s->s3->wbuf.left == 0) &&
2678                         !SSL_in_init(s))
2679                         {
2680 /*
2681 if we are the server, and we have sent a 'RENEGOTIATE' message, we
2682 need to go to SSL_ST_ACCEPT.
2683 */
2684                         /* SSL_ST_ACCEPT */
2685                         s->state=SSL_ST_RENEGOTIATE;
2686                         s->s3->renegotiate=0;
2687                         s->s3->num_renegotiations++;
2688                         s->s3->total_renegotiations++;
2689                         ret=1;
2690                         }
2691                 }
2692         return(ret);
2693         }
2694