Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663         {
664         1,
665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
666         SSL3_CK_KRB5_DES_64_CBC_SHA,
667         SSL_kKRB5,
668         SSL_aKRB5,
669         SSL_DES,
670         SSL_SHA1,
671         SSL_SSLV3,
672         SSL_NOT_EXP|SSL_LOW,
673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674         56,
675         56,
676         },
677
678 /* Cipher 1F */
679         {
680         1,
681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
683         SSL_kKRB5,
684         SSL_aKRB5,
685         SSL_3DES,
686         SSL_SHA1,
687         SSL_SSLV3,
688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690         168,
691         168,
692         },
693
694 /* Cipher 20 */
695         {
696         1,
697         SSL3_TXT_KRB5_RC4_128_SHA,
698         SSL3_CK_KRB5_RC4_128_SHA,
699         SSL_kKRB5,
700         SSL_aKRB5,
701         SSL_RC4,
702         SSL_SHA1,
703         SSL_SSLV3,
704         SSL_NOT_EXP|SSL_MEDIUM,
705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706         128,
707         128,
708         },
709
710 /* Cipher 21 */
711         {
712         1,
713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715         SSL_kKRB5,
716         SSL_aKRB5,
717         SSL_IDEA,
718         SSL_SHA1,
719         SSL_SSLV3,
720         SSL_NOT_EXP|SSL_MEDIUM,
721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722         128,
723         128,
724         },
725
726 /* Cipher 22 */
727         {
728         1,
729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
730         SSL3_CK_KRB5_DES_64_CBC_MD5,
731         SSL_kKRB5,
732         SSL_aKRB5,
733         SSL_DES,
734         SSL_MD5,
735         SSL_SSLV3,
736         SSL_NOT_EXP|SSL_LOW,
737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738         56,
739         56,
740         },
741
742 /* Cipher 23 */
743         {
744         1,
745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
747         SSL_kKRB5,
748         SSL_aKRB5,
749         SSL_3DES,
750         SSL_MD5,
751         SSL_SSLV3,
752         SSL_NOT_EXP|SSL_HIGH,
753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754         168,
755         168,
756         },
757
758 /* Cipher 24 */
759         {
760         1,
761         SSL3_TXT_KRB5_RC4_128_MD5,
762         SSL3_CK_KRB5_RC4_128_MD5,
763         SSL_kKRB5,
764         SSL_aKRB5,
765         SSL_RC4,
766         SSL_MD5,
767         SSL_SSLV3,
768         SSL_NOT_EXP|SSL_MEDIUM,
769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770         128,
771         128,
772         },
773
774 /* Cipher 25 */
775         {
776         1,
777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779         SSL_kKRB5,
780         SSL_aKRB5,
781         SSL_IDEA,
782         SSL_MD5,
783         SSL_SSLV3,
784         SSL_NOT_EXP|SSL_MEDIUM,
785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786         128,
787         128,
788         },
789
790 /* Cipher 26 */
791         {
792         1,
793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
794         SSL3_CK_KRB5_DES_40_CBC_SHA,
795         SSL_kKRB5,
796         SSL_aKRB5,
797         SSL_DES,
798         SSL_SHA1,
799         SSL_SSLV3,
800         SSL_EXPORT|SSL_EXP40,
801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802         40,
803         56,
804         },
805
806 /* Cipher 27 */
807         {
808         1,
809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
811         SSL_kKRB5,
812         SSL_aKRB5,
813         SSL_RC2,
814         SSL_SHA1,
815         SSL_SSLV3,
816         SSL_EXPORT|SSL_EXP40,
817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818         40,
819         128,
820         },
821
822 /* Cipher 28 */
823         {
824         1,
825         SSL3_TXT_KRB5_RC4_40_SHA,
826         SSL3_CK_KRB5_RC4_40_SHA,
827         SSL_kKRB5,
828         SSL_aKRB5,
829         SSL_RC4,
830         SSL_SHA1,
831         SSL_SSLV3,
832         SSL_EXPORT|SSL_EXP40,
833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834         40,
835         128,
836         },
837
838 /* Cipher 29 */
839         {
840         1,
841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
842         SSL3_CK_KRB5_DES_40_CBC_MD5,
843         SSL_kKRB5,
844         SSL_aKRB5,
845         SSL_DES,
846         SSL_MD5,
847         SSL_SSLV3,
848         SSL_EXPORT|SSL_EXP40,
849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850         40,
851         56,
852         },
853
854 /* Cipher 2A */
855         {
856         1,
857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
859         SSL_kKRB5,
860         SSL_aKRB5,
861         SSL_RC2,
862         SSL_MD5,
863         SSL_SSLV3,
864         SSL_EXPORT|SSL_EXP40,
865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866         40,
867         128,
868         },
869
870 /* Cipher 2B */
871         {
872         1,
873         SSL3_TXT_KRB5_RC4_40_MD5,
874         SSL3_CK_KRB5_RC4_40_MD5,
875         SSL_kKRB5,
876         SSL_aKRB5,
877         SSL_RC4,
878         SSL_MD5,
879         SSL_SSLV3,
880         SSL_EXPORT|SSL_EXP40,
881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882         40,
883         128,
884         },
885 #endif  /* OPENSSL_NO_KRB5 */
886
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889         {
890         1,
891         TLS1_TXT_RSA_WITH_AES_128_SHA,
892         TLS1_CK_RSA_WITH_AES_128_SHA,
893         SSL_kRSA,
894         SSL_aRSA,
895         SSL_AES128,
896         SSL_SHA1,
897         SSL_TLSV1,
898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900         128,
901         128,
902         },
903 /* Cipher 30 */
904         {
905         0,
906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908         SSL_kDHd,
909         SSL_aDH,
910         SSL_AES128,
911         SSL_SHA1,
912         SSL_TLSV1,
913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915         128,
916         128,
917         },
918 /* Cipher 31 */
919         {
920         0,
921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923         SSL_kDHr,
924         SSL_aDH,
925         SSL_AES128,
926         SSL_SHA1,
927         SSL_TLSV1,
928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930         128,
931         128,
932         },
933 /* Cipher 32 */
934         {
935         1,
936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938         SSL_kEDH,
939         SSL_aDSS,
940         SSL_AES128,
941         SSL_SHA1,
942         SSL_TLSV1,
943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945         128,
946         128,
947         },
948 /* Cipher 33 */
949         {
950         1,
951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953         SSL_kEDH,
954         SSL_aRSA,
955         SSL_AES128,
956         SSL_SHA1,
957         SSL_TLSV1,
958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960         128,
961         128,
962         },
963 /* Cipher 34 */
964         {
965         1,
966         TLS1_TXT_ADH_WITH_AES_128_SHA,
967         TLS1_CK_ADH_WITH_AES_128_SHA,
968         SSL_kEDH,
969         SSL_aNULL,
970         SSL_AES128,
971         SSL_SHA1,
972         SSL_TLSV1,
973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975         128,
976         128,
977         },
978
979 /* Cipher 35 */
980         {
981         1,
982         TLS1_TXT_RSA_WITH_AES_256_SHA,
983         TLS1_CK_RSA_WITH_AES_256_SHA,
984         SSL_kRSA,
985         SSL_aRSA,
986         SSL_AES256,
987         SSL_SHA1,
988         SSL_TLSV1,
989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991         256,
992         256,
993         },
994 /* Cipher 36 */
995         {
996         0,
997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073
1074         /* TLS v1.2 ciphersuites */
1075         /* Cipher 3B */
1076         {
1077         1,
1078         TLS1_TXT_RSA_WITH_NULL_SHA256,
1079         TLS1_CK_RSA_WITH_NULL_SHA256,
1080         SSL_kRSA,
1081         SSL_aRSA,
1082         SSL_eNULL,
1083         SSL_SHA256,
1084         SSL_SSLV3,
1085         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087         0,
1088         0,
1089         },
1090
1091         /* Cipher 3C */
1092         {
1093         1,
1094         TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095         TLS1_CK_RSA_WITH_AES_128_SHA256,
1096         SSL_kRSA,
1097         SSL_aRSA,
1098         SSL_AES128,
1099         SSL_SHA256,
1100         SSL_TLSV1,
1101         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103         128,
1104         128,
1105         },
1106
1107         /* Cipher 3D */
1108         {
1109         1,
1110         TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111         TLS1_CK_RSA_WITH_AES_256_SHA256,
1112         SSL_kRSA,
1113         SSL_aRSA,
1114         SSL_AES256,
1115         SSL_SHA256,
1116         SSL_TLSV1,
1117         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119         256,
1120         256,
1121         },
1122
1123         /* Cipher 3E */
1124         {
1125         0, /* not implemented (non-ephemeral DH) */
1126         TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127         TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128         SSL_kDHr,
1129         SSL_aDH,
1130         SSL_AES128,
1131         SSL_SHA256,
1132         SSL_TLSV1,
1133         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135         128,
1136         128,
1137         },
1138
1139         /* Cipher 3F */
1140         {
1141         0, /* not implemented (non-ephemeral DH) */
1142         TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143         TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144         SSL_kDHr,
1145         SSL_aDH,
1146         SSL_AES128,
1147         SSL_SHA256,
1148         SSL_TLSV1,
1149         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151         128,
1152         128,
1153         },
1154
1155         /* Cipher 40 */
1156         {
1157         1,
1158         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159         TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160         SSL_kEDH,
1161         SSL_aDSS,
1162         SSL_AES128,
1163         SSL_SHA256,
1164         SSL_TLSV1,
1165         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167         128,
1168         128,
1169         },
1170
1171 #ifndef OPENSSL_NO_CAMELLIA
1172         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173
1174         /* Cipher 41 */
1175         {
1176         1,
1177         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179         SSL_kRSA,
1180         SSL_aRSA,
1181         SSL_CAMELLIA128,
1182         SSL_SHA1,
1183         SSL_TLSV1,
1184         SSL_NOT_EXP|SSL_HIGH,
1185         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186         128,
1187         128,
1188         },
1189
1190         /* Cipher 42 */
1191         {
1192         0, /* not implemented (non-ephemeral DH) */
1193         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195         SSL_kDHd,
1196         SSL_aDH,
1197         SSL_CAMELLIA128,
1198         SSL_SHA1,
1199         SSL_TLSV1,
1200         SSL_NOT_EXP|SSL_HIGH,
1201         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202         128,
1203         128,
1204         },
1205
1206         /* Cipher 43 */
1207         {
1208         0, /* not implemented (non-ephemeral DH) */
1209         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211         SSL_kDHr,
1212         SSL_aDH,
1213         SSL_CAMELLIA128,
1214         SSL_SHA1,
1215         SSL_TLSV1,
1216         SSL_NOT_EXP|SSL_HIGH,
1217         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218         128,
1219         128,
1220         },
1221
1222         /* Cipher 44 */
1223         {
1224         1,
1225         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227         SSL_kEDH,
1228         SSL_aDSS,
1229         SSL_CAMELLIA128,
1230         SSL_SHA1,
1231         SSL_TLSV1,
1232         SSL_NOT_EXP|SSL_HIGH,
1233         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234         128,
1235         128,
1236         },
1237
1238         /* Cipher 45 */
1239         {
1240         1,
1241         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243         SSL_kEDH,
1244         SSL_aRSA,
1245         SSL_CAMELLIA128,
1246         SSL_SHA1,
1247         SSL_TLSV1,
1248         SSL_NOT_EXP|SSL_HIGH,
1249         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250         128,
1251         128,
1252         },
1253
1254         /* Cipher 46 */
1255         {
1256         1,
1257         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259         SSL_kEDH,
1260         SSL_aNULL,
1261         SSL_CAMELLIA128,
1262         SSL_SHA1,
1263         SSL_TLSV1,
1264         SSL_NOT_EXP|SSL_HIGH,
1265         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266         128,
1267         128,
1268         },
1269 #endif /* OPENSSL_NO_CAMELLIA */
1270
1271 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272         /* New TLS Export CipherSuites from expired ID */
1273 #if 0
1274         /* Cipher 60 */
1275         {
1276         1,
1277         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279         SSL_kRSA,
1280         SSL_aRSA,
1281         SSL_RC4,
1282         SSL_MD5,
1283         SSL_TLSV1,
1284         SSL_EXPORT|SSL_EXP56,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         56,
1287         128,
1288         },
1289
1290         /* Cipher 61 */
1291         {
1292         1,
1293         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295         SSL_kRSA,
1296         SSL_aRSA,
1297         SSL_RC2,
1298         SSL_MD5,
1299         SSL_TLSV1,
1300         SSL_EXPORT|SSL_EXP56,
1301         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302         56,
1303         128,
1304         },
1305 #endif
1306
1307         /* Cipher 62 */
1308         {
1309         1,
1310         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312         SSL_kRSA,
1313         SSL_aRSA,
1314         SSL_DES,
1315         SSL_SHA1,
1316         SSL_TLSV1,
1317         SSL_EXPORT|SSL_EXP56,
1318         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319         56,
1320         56,
1321         },
1322
1323         /* Cipher 63 */
1324         {
1325         1,
1326         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328         SSL_kEDH,
1329         SSL_aDSS,
1330         SSL_DES,
1331         SSL_SHA1,
1332         SSL_TLSV1,
1333         SSL_EXPORT|SSL_EXP56,
1334         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335         56,
1336         56,
1337         },
1338
1339         /* Cipher 64 */
1340         {
1341         1,
1342         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344         SSL_kRSA,
1345         SSL_aRSA,
1346         SSL_RC4,
1347         SSL_SHA1,
1348         SSL_TLSV1,
1349         SSL_EXPORT|SSL_EXP56,
1350         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351         56,
1352         128,
1353         },
1354
1355         /* Cipher 65 */
1356         {
1357         1,
1358         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360         SSL_kEDH,
1361         SSL_aDSS,
1362         SSL_RC4,
1363         SSL_SHA1,
1364         SSL_TLSV1,
1365         SSL_EXPORT|SSL_EXP56,
1366         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367         56,
1368         128,
1369         },
1370
1371         /* Cipher 66 */
1372         {
1373         1,
1374         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376         SSL_kEDH,
1377         SSL_aDSS,
1378         SSL_RC4,
1379         SSL_SHA1,
1380         SSL_TLSV1,
1381         SSL_NOT_EXP|SSL_MEDIUM,
1382         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383         128,
1384         128,
1385         },
1386 #endif
1387
1388         /* TLS v1.2 ciphersuites */
1389         /* Cipher 67 */
1390         {
1391         1,
1392         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393         TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394         SSL_kEDH,
1395         SSL_aRSA,
1396         SSL_AES128,
1397         SSL_SHA256,
1398         SSL_TLSV1,
1399         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401         128,
1402         128,
1403         },
1404
1405         /* Cipher 68 */
1406         {
1407         0, /* not implemented (non-ephemeral DH) */
1408         TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409         TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410         SSL_kDHr,
1411         SSL_aDH,
1412         SSL_AES256,
1413         SSL_SHA256,
1414         SSL_TLSV1,
1415         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417         256,
1418         256,
1419         },
1420
1421         /* Cipher 69 */
1422         {
1423         0, /* not implemented (non-ephemeral DH) */
1424         TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425         TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426         SSL_kDHr,
1427         SSL_aDH,
1428         SSL_AES256,
1429         SSL_SHA256,
1430         SSL_TLSV1,
1431         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433         256,
1434         256,
1435         },
1436
1437         /* Cipher 6A */
1438         {
1439         1,
1440         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441         TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442         SSL_kEDH,
1443         SSL_aDSS,
1444         SSL_AES256,
1445         SSL_SHA256,
1446         SSL_TLSV1,
1447         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449         256,
1450         256,
1451         },
1452
1453         /* Cipher 6B */
1454         {
1455         1,
1456         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457         TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458         SSL_kEDH,
1459         SSL_aRSA,
1460         SSL_AES256,
1461         SSL_SHA256,
1462         SSL_TLSV1,
1463         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465         256,
1466         256,
1467         },
1468
1469         /* Cipher 6C */
1470         {
1471         1,
1472         TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473         TLS1_CK_ADH_WITH_AES_128_SHA256,
1474         SSL_kEDH,
1475         SSL_aNULL,
1476         SSL_AES128,
1477         SSL_SHA256,
1478         SSL_TLSV1,
1479         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481         128,
1482         128,
1483         },
1484
1485         /* Cipher 6D */
1486         {
1487         1,
1488         TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489         TLS1_CK_ADH_WITH_AES_256_SHA256,
1490         SSL_kEDH,
1491         SSL_aNULL,
1492         SSL_AES256,
1493         SSL_SHA256,
1494         SSL_TLSV1,
1495         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497         256,
1498         256,
1499         },
1500
1501         /* GOST Ciphersuites */
1502
1503         {
1504         1,
1505         "GOST94-GOST89-GOST89",
1506         0x3000080,
1507         SSL_kGOST,
1508         SSL_aGOST94,
1509         SSL_eGOST2814789CNT,
1510         SSL_GOST89MAC,
1511         SSL_TLSV1,
1512         SSL_NOT_EXP|SSL_HIGH,
1513         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514         256,
1515         256
1516         },
1517         {
1518         1,
1519         "GOST2001-GOST89-GOST89",
1520         0x3000081,
1521         SSL_kGOST,
1522         SSL_aGOST01,
1523         SSL_eGOST2814789CNT,
1524         SSL_GOST89MAC,
1525         SSL_TLSV1,
1526         SSL_NOT_EXP|SSL_HIGH,
1527         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528         256,
1529         256
1530         },
1531         {
1532         1,
1533         "GOST94-NULL-GOST94",
1534         0x3000082,
1535         SSL_kGOST,
1536         SSL_aGOST94,
1537         SSL_eNULL,
1538         SSL_GOST94,
1539         SSL_TLSV1,
1540         SSL_NOT_EXP|SSL_STRONG_NONE,
1541         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542         0,
1543         0
1544         },
1545         {
1546         1,
1547         "GOST2001-NULL-GOST94",
1548         0x3000083,
1549         SSL_kGOST,
1550         SSL_aGOST01,
1551         SSL_eNULL,
1552         SSL_GOST94,
1553         SSL_TLSV1,
1554         SSL_NOT_EXP|SSL_STRONG_NONE,
1555         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556         0,
1557         0
1558         },
1559
1560 #ifndef OPENSSL_NO_CAMELLIA
1561         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1562
1563         /* Cipher 84 */
1564         {
1565         1,
1566         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568         SSL_kRSA,
1569         SSL_aRSA,
1570         SSL_CAMELLIA256,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_HIGH,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         256,
1576         256,
1577         },
1578         /* Cipher 85 */
1579         {
1580         0, /* not implemented (non-ephemeral DH) */
1581         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583         SSL_kDHd,
1584         SSL_aDH,
1585         SSL_CAMELLIA256,
1586         SSL_SHA1,
1587         SSL_TLSV1,
1588         SSL_NOT_EXP|SSL_HIGH,
1589         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590         256,
1591         256,
1592         },
1593
1594         /* Cipher 86 */
1595         {
1596         0, /* not implemented (non-ephemeral DH) */
1597         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599         SSL_kDHr,
1600         SSL_aDH,
1601         SSL_CAMELLIA256,
1602         SSL_SHA1,
1603         SSL_TLSV1,
1604         SSL_NOT_EXP|SSL_HIGH,
1605         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606         256,
1607         256,
1608         },
1609
1610         /* Cipher 87 */
1611         {
1612         1,
1613         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615         SSL_kEDH,
1616         SSL_aDSS,
1617         SSL_CAMELLIA256,
1618         SSL_SHA1,
1619         SSL_TLSV1,
1620         SSL_NOT_EXP|SSL_HIGH,
1621         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622         256,
1623         256,
1624         },
1625
1626         /* Cipher 88 */
1627         {
1628         1,
1629         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631         SSL_kEDH,
1632         SSL_aRSA,
1633         SSL_CAMELLIA256,
1634         SSL_SHA1,
1635         SSL_TLSV1,
1636         SSL_NOT_EXP|SSL_HIGH,
1637         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638         256,
1639         256,
1640         },
1641
1642         /* Cipher 89 */
1643         {
1644         1,
1645         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647         SSL_kEDH,
1648         SSL_aNULL,
1649         SSL_CAMELLIA256,
1650         SSL_SHA1,
1651         SSL_TLSV1,
1652         SSL_NOT_EXP|SSL_HIGH,
1653         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654         256,
1655         256,
1656         },
1657 #endif /* OPENSSL_NO_CAMELLIA */
1658
1659 #ifndef OPENSSL_NO_PSK
1660         /* Cipher 8A */
1661         {
1662         1,
1663         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664         TLS1_CK_PSK_WITH_RC4_128_SHA,
1665         SSL_kPSK,
1666         SSL_aPSK,
1667         SSL_RC4,
1668         SSL_SHA1,
1669         SSL_TLSV1,
1670         SSL_NOT_EXP|SSL_MEDIUM,
1671         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672         128,
1673         128,
1674         },
1675
1676         /* Cipher 8B */
1677         {
1678         1,
1679         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681         SSL_kPSK,
1682         SSL_aPSK,
1683         SSL_3DES,
1684         SSL_SHA1,
1685         SSL_TLSV1,
1686         SSL_NOT_EXP|SSL_HIGH,
1687         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688         168,
1689         168,
1690         },
1691
1692         /* Cipher 8C */
1693         {
1694         1,
1695         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697         SSL_kPSK,
1698         SSL_aPSK,
1699         SSL_AES128,
1700         SSL_SHA1,
1701         SSL_TLSV1,
1702         SSL_NOT_EXP|SSL_HIGH,
1703         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704         128,
1705         128,
1706         },
1707
1708         /* Cipher 8D */
1709         {
1710         1,
1711         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713         SSL_kPSK,
1714         SSL_aPSK,
1715         SSL_AES256,
1716         SSL_SHA1,
1717         SSL_TLSV1,
1718         SSL_NOT_EXP|SSL_HIGH,
1719         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720         256,
1721         256,
1722         },
1723 #endif  /* OPENSSL_NO_PSK */
1724
1725 #ifndef OPENSSL_NO_SEED
1726         /* SEED ciphersuites from RFC4162 */
1727
1728         /* Cipher 96 */
1729         {
1730         1,
1731         TLS1_TXT_RSA_WITH_SEED_SHA,
1732         TLS1_CK_RSA_WITH_SEED_SHA,
1733         SSL_kRSA,
1734         SSL_aRSA,
1735         SSL_SEED,
1736         SSL_SHA1,
1737         SSL_TLSV1,
1738         SSL_NOT_EXP|SSL_MEDIUM,
1739         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740         128,
1741         128,
1742         },
1743
1744         /* Cipher 97 */
1745         {
1746         0, /* not implemented (non-ephemeral DH) */
1747         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749         SSL_kDHd,
1750         SSL_aDH,
1751         SSL_SEED,
1752         SSL_SHA1,
1753         SSL_TLSV1,
1754         SSL_NOT_EXP|SSL_MEDIUM,
1755         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756         128,
1757         128,
1758         },
1759
1760         /* Cipher 98 */
1761         {
1762         0, /* not implemented (non-ephemeral DH) */
1763         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765         SSL_kDHr,
1766         SSL_aDH,
1767         SSL_SEED,
1768         SSL_SHA1,
1769         SSL_TLSV1,
1770         SSL_NOT_EXP|SSL_MEDIUM,
1771         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772         128,
1773         128,
1774         },
1775
1776         /* Cipher 99 */
1777         {
1778         1,
1779         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781         SSL_kEDH,
1782         SSL_aDSS,
1783         SSL_SEED,
1784         SSL_SHA1,
1785         SSL_TLSV1,
1786         SSL_NOT_EXP|SSL_MEDIUM,
1787         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788         128,
1789         128,
1790         },
1791
1792         /* Cipher 9A */
1793         {
1794         1,
1795         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797         SSL_kEDH,
1798         SSL_aRSA,
1799         SSL_SEED,
1800         SSL_SHA1,
1801         SSL_TLSV1,
1802         SSL_NOT_EXP|SSL_MEDIUM,
1803         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804         128,
1805         128,
1806         },
1807
1808         /* Cipher 9B */
1809         {
1810         1,
1811         TLS1_TXT_ADH_WITH_SEED_SHA,
1812         TLS1_CK_ADH_WITH_SEED_SHA,
1813         SSL_kEDH,
1814         SSL_aNULL,
1815         SSL_SEED,
1816         SSL_SHA1,
1817         SSL_TLSV1,
1818         SSL_NOT_EXP|SSL_MEDIUM,
1819         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820         128,
1821         128,
1822         },
1823
1824 #endif /* OPENSSL_NO_SEED */
1825
1826 #ifndef OPENSSL_NO_ECDH
1827         /* Cipher C001 */
1828         {
1829         1,
1830         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1831         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1832         SSL_kECDHe,
1833         SSL_aECDH,
1834         SSL_eNULL,
1835         SSL_SHA1,
1836         SSL_TLSV1,
1837         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1838         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1839         0,
1840         0,
1841         },
1842
1843         /* Cipher C002 */
1844         {
1845         1,
1846         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1847         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1848         SSL_kECDHe,
1849         SSL_aECDH,
1850         SSL_RC4,
1851         SSL_SHA1,
1852         SSL_TLSV1,
1853         SSL_NOT_EXP|SSL_MEDIUM,
1854         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1855         128,
1856         128,
1857         },
1858
1859         /* Cipher C003 */
1860         {
1861         1,
1862         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1863         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1864         SSL_kECDHe,
1865         SSL_aECDH,
1866         SSL_3DES,
1867         SSL_SHA1,
1868         SSL_TLSV1,
1869         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1870         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1871         168,
1872         168,
1873         },
1874
1875         /* Cipher C004 */
1876         {
1877         1,
1878         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1879         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1880         SSL_kECDHe,
1881         SSL_aECDH,
1882         SSL_AES128,
1883         SSL_SHA1,
1884         SSL_TLSV1,
1885         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1886         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1887         128,
1888         128,
1889         },
1890
1891         /* Cipher C005 */
1892         {
1893         1,
1894         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1895         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1896         SSL_kECDHe,
1897         SSL_aECDH,
1898         SSL_AES256,
1899         SSL_SHA1,
1900         SSL_TLSV1,
1901         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1902         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1903         256,
1904         256,
1905         },
1906
1907         /* Cipher C006 */
1908         {
1909         1,
1910         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1911         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1912         SSL_kEECDH,
1913         SSL_aECDSA,
1914         SSL_eNULL,
1915         SSL_SHA1,
1916         SSL_TLSV1,
1917         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1918         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1919         0,
1920         0,
1921         },
1922
1923         /* Cipher C007 */
1924         {
1925         1,
1926         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1927         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1928         SSL_kEECDH,
1929         SSL_aECDSA,
1930         SSL_RC4,
1931         SSL_SHA1,
1932         SSL_TLSV1,
1933         SSL_NOT_EXP|SSL_MEDIUM,
1934         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1935         128,
1936         128,
1937         },
1938
1939         /* Cipher C008 */
1940         {
1941         1,
1942         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1943         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1944         SSL_kEECDH,
1945         SSL_aECDSA,
1946         SSL_3DES,
1947         SSL_SHA1,
1948         SSL_TLSV1,
1949         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1950         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1951         168,
1952         168,
1953         },
1954
1955         /* Cipher C009 */
1956         {
1957         1,
1958         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1959         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1960         SSL_kEECDH,
1961         SSL_aECDSA,
1962         SSL_AES128,
1963         SSL_SHA1,
1964         SSL_TLSV1,
1965         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1966         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1967         128,
1968         128,
1969         },
1970
1971         /* Cipher C00A */
1972         {
1973         1,
1974         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1975         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1976         SSL_kEECDH,
1977         SSL_aECDSA,
1978         SSL_AES256,
1979         SSL_SHA1,
1980         SSL_TLSV1,
1981         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1982         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1983         256,
1984         256,
1985         },
1986
1987         /* Cipher C00B */
1988         {
1989         1,
1990         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1991         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1992         SSL_kECDHr,
1993         SSL_aECDH,
1994         SSL_eNULL,
1995         SSL_SHA1,
1996         SSL_TLSV1,
1997         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1998         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1999         0,
2000         0,
2001         },
2002
2003         /* Cipher C00C */
2004         {
2005         1,
2006         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2007         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2008         SSL_kECDHr,
2009         SSL_aECDH,
2010         SSL_RC4,
2011         SSL_SHA1,
2012         SSL_TLSV1,
2013         SSL_NOT_EXP|SSL_MEDIUM,
2014         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2015         128,
2016         128,
2017         },
2018
2019         /* Cipher C00D */
2020         {
2021         1,
2022         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2023         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2024         SSL_kECDHr,
2025         SSL_aECDH,
2026         SSL_3DES,
2027         SSL_SHA1,
2028         SSL_TLSV1,
2029         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2030         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2031         168,
2032         168,
2033         },
2034
2035         /* Cipher C00E */
2036         {
2037         1,
2038         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2039         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2040         SSL_kECDHr,
2041         SSL_aECDH,
2042         SSL_AES128,
2043         SSL_SHA1,
2044         SSL_TLSV1,
2045         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2046         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2047         128,
2048         128,
2049         },
2050
2051         /* Cipher C00F */
2052         {
2053         1,
2054         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2055         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2056         SSL_kECDHr,
2057         SSL_aECDH,
2058         SSL_AES256,
2059         SSL_SHA1,
2060         SSL_TLSV1,
2061         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2062         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2063         256,
2064         256,
2065         },
2066
2067         /* Cipher C010 */
2068         {
2069         1,
2070         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2071         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2072         SSL_kEECDH,
2073         SSL_aRSA,
2074         SSL_eNULL,
2075         SSL_SHA1,
2076         SSL_TLSV1,
2077         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2078         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2079         0,
2080         0,
2081         },
2082
2083         /* Cipher C011 */
2084         {
2085         1,
2086         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2087         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2088         SSL_kEECDH,
2089         SSL_aRSA,
2090         SSL_RC4,
2091         SSL_SHA1,
2092         SSL_TLSV1,
2093         SSL_NOT_EXP|SSL_MEDIUM,
2094         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2095         128,
2096         128,
2097         },
2098
2099         /* Cipher C012 */
2100         {
2101         1,
2102         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2103         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2104         SSL_kEECDH,
2105         SSL_aRSA,
2106         SSL_3DES,
2107         SSL_SHA1,
2108         SSL_TLSV1,
2109         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2110         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2111         168,
2112         168,
2113         },
2114
2115         /* Cipher C013 */
2116         {
2117         1,
2118         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2119         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2120         SSL_kEECDH,
2121         SSL_aRSA,
2122         SSL_AES128,
2123         SSL_SHA1,
2124         SSL_TLSV1,
2125         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2126         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2127         128,
2128         128,
2129         },
2130
2131         /* Cipher C014 */
2132         {
2133         1,
2134         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2135         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2136         SSL_kEECDH,
2137         SSL_aRSA,
2138         SSL_AES256,
2139         SSL_SHA1,
2140         SSL_TLSV1,
2141         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2142         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2143         256,
2144         256,
2145         },
2146
2147         /* Cipher C015 */
2148         {
2149         1,
2150         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2151         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2152         SSL_kEECDH,
2153         SSL_aNULL,
2154         SSL_eNULL,
2155         SSL_SHA1,
2156         SSL_TLSV1,
2157         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2158         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2159         0,
2160         0,
2161         },
2162
2163         /* Cipher C016 */
2164         {
2165         1,
2166         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2167         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2168         SSL_kEECDH,
2169         SSL_aNULL,
2170         SSL_RC4,
2171         SSL_SHA1,
2172         SSL_TLSV1,
2173         SSL_NOT_EXP|SSL_MEDIUM,
2174         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2175         128,
2176         128,
2177         },
2178
2179         /* Cipher C017 */
2180         {
2181         1,
2182         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2183         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2184         SSL_kEECDH,
2185         SSL_aNULL,
2186         SSL_3DES,
2187         SSL_SHA1,
2188         SSL_TLSV1,
2189         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2190         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2191         168,
2192         168,
2193         },
2194
2195         /* Cipher C018 */
2196         {
2197         1,
2198         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2199         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2200         SSL_kEECDH,
2201         SSL_aNULL,
2202         SSL_AES128,
2203         SSL_SHA1,
2204         SSL_TLSV1,
2205         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2206         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2207         128,
2208         128,
2209         },
2210
2211         /* Cipher C019 */
2212         {
2213         1,
2214         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2215         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2216         SSL_kEECDH,
2217         SSL_aNULL,
2218         SSL_AES256,
2219         SSL_SHA1,
2220         SSL_TLSV1,
2221         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2222         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2223         256,
2224         256,
2225         },
2226 #endif  /* OPENSSL_NO_ECDH */
2227
2228 #ifndef OPENSSL_NO_SRP
2229         /* Cipher C01A */
2230         {
2231         1,
2232         TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2233         TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2234         SSL_kSRP,
2235         SSL_aNULL,
2236         SSL_3DES,
2237         SSL_SHA1,
2238         SSL_TLSV1,
2239         SSL_NOT_EXP|SSL_HIGH,
2240         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241         168,
2242         168,
2243         },
2244
2245         /* Cipher C01B */
2246         {
2247         1,
2248         TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2249         TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2250         SSL_kSRP,
2251         SSL_aRSA,
2252         SSL_3DES,
2253         SSL_SHA1,
2254         SSL_TLSV1,
2255         SSL_NOT_EXP|SSL_HIGH,
2256         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257         168,
2258         168,
2259         },
2260
2261         /* Cipher C01C */
2262         {
2263         1,
2264         TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2265         TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2266         SSL_kSRP,
2267         SSL_aDSS,
2268         SSL_3DES,
2269         SSL_SHA1,
2270         SSL_TLSV1,
2271         SSL_NOT_EXP|SSL_HIGH,
2272         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273         168,
2274         168,
2275         },
2276
2277         /* Cipher C01D */
2278         {
2279         1,
2280         TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2281         TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2282         SSL_kSRP,
2283         SSL_aNULL,
2284         SSL_AES128,
2285         SSL_SHA1,
2286         SSL_TLSV1,
2287         SSL_NOT_EXP|SSL_HIGH,
2288         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289         128,
2290         128,
2291         },
2292
2293         /* Cipher C01E */
2294         {
2295         1,
2296         TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2297         TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2298         SSL_kSRP,
2299         SSL_aRSA,
2300         SSL_AES128,
2301         SSL_SHA1,
2302         SSL_TLSV1,
2303         SSL_NOT_EXP|SSL_HIGH,
2304         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305         128,
2306         128,
2307         },
2308
2309         /* Cipher C01F */
2310         {
2311         1,
2312         TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2313         TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2314         SSL_kSRP,
2315         SSL_aDSS,
2316         SSL_AES128,
2317         SSL_SHA1,
2318         SSL_TLSV1,
2319         SSL_NOT_EXP|SSL_HIGH,
2320         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321         128,
2322         128,
2323         },
2324
2325         /* Cipher C020 */
2326         {
2327         1,
2328         TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2329         TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2330         SSL_kSRP,
2331         SSL_aNULL,
2332         SSL_AES256,
2333         SSL_SHA1,
2334         SSL_TLSV1,
2335         SSL_NOT_EXP|SSL_HIGH,
2336         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337         256,
2338         256,
2339         },
2340
2341         /* Cipher C021 */
2342         {
2343         1,
2344         TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2345         TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2346         SSL_kSRP,
2347         SSL_aRSA,
2348         SSL_AES256,
2349         SSL_SHA1,
2350         SSL_TLSV1,
2351         SSL_NOT_EXP|SSL_HIGH,
2352         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353         256,
2354         256,
2355         },
2356
2357         /* Cipher C022 */
2358         {
2359         1,
2360         TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2361         TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2362         SSL_kSRP,
2363         SSL_aDSS,
2364         SSL_AES256,
2365         SSL_SHA1,
2366         SSL_TLSV1,
2367         SSL_NOT_EXP|SSL_HIGH,
2368         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369         256,
2370         256,
2371         },
2372 #endif  /* OPENSSL_NO_SRP */
2373 #ifndef OPENSSL_NO_ECDH
2374
2375         /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2376
2377         /* Cipher C023 */
2378         {
2379         1,
2380         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2381         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2382         SSL_kEECDH,
2383         SSL_aECDSA,
2384         SSL_AES128,
2385         SSL_SHA256,
2386         SSL_TLSV1_2,
2387         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2388         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2389         128,
2390         128,
2391         },
2392
2393         /* Cipher C024 */
2394         {
2395         1,
2396         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2397         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2398         SSL_kEECDH,
2399         SSL_aECDSA,
2400         SSL_AES256,
2401         SSL_SHA384,
2402         SSL_TLSV1_2,
2403         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2404         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2405         256,
2406         256,
2407         },
2408
2409         /* Cipher C025 */
2410         {
2411         1,
2412         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2413         TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2414         SSL_kECDHe,
2415         SSL_aECDH,
2416         SSL_AES128,
2417         SSL_SHA256,
2418         SSL_TLSV1_2,
2419         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2420         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2421         128,
2422         128,
2423         },
2424
2425         /* Cipher C026 */
2426         {
2427         1,
2428         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2429         TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2430         SSL_kECDHe,
2431         SSL_aECDH,
2432         SSL_AES256,
2433         SSL_SHA384,
2434         SSL_TLSV1_2,
2435         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2436         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2437         256,
2438         256,
2439         },
2440
2441         /* Cipher C027 */
2442         {
2443         1,
2444         TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2445         TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2446         SSL_kEECDH,
2447         SSL_aRSA,
2448         SSL_AES128,
2449         SSL_SHA256,
2450         SSL_TLSV1_2,
2451         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2452         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2453         128,
2454         128,
2455         },
2456
2457         /* Cipher C028 */
2458         {
2459         1,
2460         TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2461         TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2462         SSL_kEECDH,
2463         SSL_aRSA,
2464         SSL_AES256,
2465         SSL_SHA384,
2466         SSL_TLSV1_2,
2467         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2468         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2469         256,
2470         256,
2471         },
2472
2473         /* Cipher C029 */
2474         {
2475         1,
2476         TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2477         TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2478         SSL_kECDHe,
2479         SSL_aECDH,
2480         SSL_AES128,
2481         SSL_SHA256,
2482         SSL_TLSV1_2,
2483         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2484         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2485         128,
2486         128,
2487         },
2488
2489         /* Cipher C02A */
2490         {
2491         1,
2492         TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2493         TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2494         SSL_kECDHe,
2495         SSL_aECDH,
2496         SSL_AES256,
2497         SSL_SHA384,
2498         SSL_TLSV1_2,
2499         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2500         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2501         256,
2502         256,
2503         },
2504
2505 #endif /* OPENSSL_NO_ECDH */
2506
2507
2508 #ifdef TEMP_GOST_TLS
2509 /* Cipher FF00 */
2510         {
2511         1,
2512         "GOST-MD5",
2513         0x0300ff00,
2514         SSL_kRSA,
2515         SSL_aRSA,
2516         SSL_eGOST2814789CNT,
2517         SSL_MD5,
2518         SSL_TLSV1,
2519         SSL_NOT_EXP|SSL_HIGH,
2520         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2521         256,
2522         256,
2523         },
2524         {
2525         1,
2526         "GOST-GOST94",
2527         0x0300ff01,
2528         SSL_kRSA,
2529         SSL_aRSA,
2530         SSL_eGOST2814789CNT,
2531         SSL_GOST94,
2532         SSL_TLSV1,
2533         SSL_NOT_EXP|SSL_HIGH,
2534         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2535         256,
2536         256
2537         },
2538         {
2539         1,
2540         "GOST-GOST89MAC",
2541         0x0300ff02,
2542         SSL_kRSA,
2543         SSL_aRSA,
2544         SSL_eGOST2814789CNT,
2545         SSL_GOST89MAC,
2546         SSL_TLSV1,
2547         SSL_NOT_EXP|SSL_HIGH,
2548         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2549         256,
2550         256
2551         },
2552         {
2553         1,
2554         "GOST-GOST89STREAM",
2555         0x0300ff03,
2556         SSL_kRSA,
2557         SSL_aRSA,
2558         SSL_eGOST2814789CNT,
2559         SSL_GOST89MAC,
2560         SSL_TLSV1,
2561         SSL_NOT_EXP|SSL_HIGH,
2562         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2563         256,
2564         256
2565         },
2566 #endif
2567
2568 /* end of list */
2569         };
2570
2571 SSL3_ENC_METHOD SSLv3_enc_data={
2572         ssl3_enc,
2573         n_ssl3_mac,
2574         ssl3_setup_key_block,
2575         ssl3_generate_master_secret,
2576         ssl3_change_cipher_state,
2577         ssl3_final_finish_mac,
2578         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2579         ssl3_cert_verify_mac,
2580         SSL3_MD_CLIENT_FINISHED_CONST,4,
2581         SSL3_MD_SERVER_FINISHED_CONST,4,
2582         ssl3_alert_code,
2583         };
2584
2585 long ssl3_default_timeout(void)
2586         {
2587         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2588          * is way too long for http, the cache would over fill */
2589         return(60*60*2);
2590         }
2591
2592 int ssl3_num_ciphers(void)
2593         {
2594         return(SSL3_NUM_CIPHERS);
2595         }
2596
2597 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2598         {
2599         if (u < SSL3_NUM_CIPHERS)
2600                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2601         else
2602                 return(NULL);
2603         }
2604
2605 int ssl3_pending(const SSL *s)
2606         {
2607         if (s->rstate == SSL_ST_READ_BODY)
2608                 return 0;
2609         
2610         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2611         }
2612
2613 int ssl3_new(SSL *s)
2614         {
2615         SSL3_STATE *s3;
2616
2617         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2618         memset(s3,0,sizeof *s3);
2619         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2620         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2621
2622         s->s3=s3;
2623
2624 #ifndef OPENSSL_NO_SRP
2625         SSL_SRP_CTX_init(s);
2626 #endif
2627         s->method->ssl_clear(s);
2628         return(1);
2629 err:
2630         return(0);
2631         }
2632
2633 void ssl3_free(SSL *s)
2634         {
2635         if(s == NULL)
2636             return;
2637
2638 #ifdef TLSEXT_TYPE_opaque_prf_input
2639         if (s->s3->client_opaque_prf_input != NULL)
2640                 OPENSSL_free(s->s3->client_opaque_prf_input);
2641         if (s->s3->server_opaque_prf_input != NULL)
2642                 OPENSSL_free(s->s3->server_opaque_prf_input);
2643 #endif
2644
2645         ssl3_cleanup_key_block(s);
2646         if (s->s3->rbuf.buf != NULL)
2647                 ssl3_release_read_buffer(s);
2648         if (s->s3->wbuf.buf != NULL)
2649                 ssl3_release_write_buffer(s);
2650         if (s->s3->rrec.comp != NULL)
2651                 OPENSSL_free(s->s3->rrec.comp);
2652 #ifndef OPENSSL_NO_DH
2653         if (s->s3->tmp.dh != NULL)
2654                 DH_free(s->s3->tmp.dh);
2655 #endif
2656 #ifndef OPENSSL_NO_ECDH
2657         if (s->s3->tmp.ecdh != NULL)
2658                 EC_KEY_free(s->s3->tmp.ecdh);
2659 #endif
2660
2661         if (s->s3->tmp.ca_names != NULL)
2662                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2663         if (s->s3->handshake_buffer) {
2664                 BIO_free(s->s3->handshake_buffer);
2665         }
2666         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2667 #ifndef OPENSSL_NO_SRP
2668         SSL_SRP_CTX_free(s);
2669 #endif
2670         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2671         OPENSSL_free(s->s3);
2672         s->s3=NULL;
2673         }
2674
2675 void ssl3_clear(SSL *s)
2676         {
2677         unsigned char *rp,*wp;
2678         size_t rlen, wlen;
2679
2680 #ifdef TLSEXT_TYPE_opaque_prf_input
2681         if (s->s3->client_opaque_prf_input != NULL)
2682                 OPENSSL_free(s->s3->client_opaque_prf_input);
2683         s->s3->client_opaque_prf_input = NULL;
2684         if (s->s3->server_opaque_prf_input != NULL)
2685                 OPENSSL_free(s->s3->server_opaque_prf_input);
2686         s->s3->server_opaque_prf_input = NULL;
2687 #endif
2688
2689         ssl3_cleanup_key_block(s);
2690         if (s->s3->tmp.ca_names != NULL)
2691                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2692
2693         if (s->s3->rrec.comp != NULL)
2694                 {
2695                 OPENSSL_free(s->s3->rrec.comp);
2696                 s->s3->rrec.comp=NULL;
2697                 }
2698 #ifndef OPENSSL_NO_DH
2699         if (s->s3->tmp.dh != NULL)
2700                 DH_free(s->s3->tmp.dh);
2701 #endif
2702 #ifndef OPENSSL_NO_ECDH
2703         if (s->s3->tmp.ecdh != NULL)
2704                 EC_KEY_free(s->s3->tmp.ecdh);
2705 #endif
2706
2707         rp = s->s3->rbuf.buf;
2708         wp = s->s3->wbuf.buf;
2709         rlen = s->s3->rbuf.len;
2710         wlen = s->s3->wbuf.len;
2711         if (s->s3->handshake_buffer) {
2712                 BIO_free(s->s3->handshake_buffer);
2713                 s->s3->handshake_buffer = NULL;
2714         }
2715         if (s->s3->handshake_dgst) {
2716                 ssl3_free_digest_list(s);
2717         }       
2718         memset(s->s3,0,sizeof *s->s3);
2719         s->s3->rbuf.buf = rp;
2720         s->s3->wbuf.buf = wp;
2721         s->s3->rbuf.len = rlen;
2722         s->s3->wbuf.len = wlen;
2723
2724         ssl_free_wbio_buffer(s);
2725
2726         s->packet_length=0;
2727         s->s3->renegotiate=0;
2728         s->s3->total_renegotiations=0;
2729         s->s3->num_renegotiations=0;
2730         s->s3->in_read_app_data=0;
2731         s->version=SSL3_VERSION;
2732
2733 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2734         if (s->next_proto_negotiated)
2735                 {
2736                 OPENSSL_free(s->next_proto_negotiated);
2737                 s->next_proto_negotiated = NULL;
2738                 s->next_proto_negotiated_len = 0;
2739                 }
2740 #endif
2741         }
2742
2743 #ifndef OPENSSL_NO_SRP
2744 static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
2745         {
2746         return BUF_strdup(s->srp_ctx.info) ;
2747         }
2748 #endif
2749
2750 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2751         {
2752         int ret=0;
2753
2754 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2755         if (
2756 #ifndef OPENSSL_NO_RSA
2757             cmd == SSL_CTRL_SET_TMP_RSA ||
2758             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2759 #endif
2760 #ifndef OPENSSL_NO_DSA
2761             cmd == SSL_CTRL_SET_TMP_DH ||
2762             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2763 #endif
2764                 0)
2765                 {
2766                 if (!ssl_cert_inst(&s->cert))
2767                         {
2768                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2769                         return(0);
2770                         }
2771                 }
2772 #endif
2773
2774         switch (cmd)
2775                 {
2776         case SSL_CTRL_GET_SESSION_REUSED:
2777                 ret=s->hit;
2778                 break;
2779         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2780                 break;
2781         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2782                 ret=s->s3->num_renegotiations;
2783                 break;
2784         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2785                 ret=s->s3->num_renegotiations;
2786                 s->s3->num_renegotiations=0;
2787                 break;
2788         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2789                 ret=s->s3->total_renegotiations;
2790                 break;
2791         case SSL_CTRL_GET_FLAGS:
2792                 ret=(int)(s->s3->flags);
2793                 break;
2794 #ifndef OPENSSL_NO_RSA
2795         case SSL_CTRL_NEED_TMP_RSA:
2796                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2797                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2798                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2799                         ret = 1;
2800                 break;
2801         case SSL_CTRL_SET_TMP_RSA:
2802                 {
2803                         RSA *rsa = (RSA *)parg;
2804                         if (rsa == NULL)
2805                                 {
2806                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2807                                 return(ret);
2808                                 }
2809                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2810                                 {
2811                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2812                                 return(ret);
2813                                 }
2814                         if (s->cert->rsa_tmp != NULL)
2815                                 RSA_free(s->cert->rsa_tmp);
2816                         s->cert->rsa_tmp = rsa;
2817                         ret = 1;
2818                 }
2819                 break;
2820         case SSL_CTRL_SET_TMP_RSA_CB:
2821                 {
2822                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2823                 return(ret);
2824                 }
2825                 break;
2826 #endif
2827 #ifndef OPENSSL_NO_DH
2828         case SSL_CTRL_SET_TMP_DH:
2829                 {
2830                         DH *dh = (DH *)parg;
2831                         if (dh == NULL)
2832                                 {
2833                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2834                                 return(ret);
2835                                 }
2836                         if ((dh = DHparams_dup(dh)) == NULL)
2837                                 {
2838                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2839                                 return(ret);
2840                                 }
2841                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
2842                                 {
2843                                 if (!DH_generate_key(dh))
2844                                         {
2845                                         DH_free(dh);
2846                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2847                                         return(ret);
2848                                         }
2849                                 }
2850                         if (s->cert->dh_tmp != NULL)
2851                                 DH_free(s->cert->dh_tmp);
2852                         s->cert->dh_tmp = dh;
2853                         ret = 1;
2854                 }
2855                 break;
2856         case SSL_CTRL_SET_TMP_DH_CB:
2857                 {
2858                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2859                 return(ret);
2860                 }
2861                 break;
2862 #endif
2863 #ifndef OPENSSL_NO_ECDH
2864         case SSL_CTRL_SET_TMP_ECDH:
2865                 {
2866                 EC_KEY *ecdh = NULL;
2867                         
2868                 if (parg == NULL)
2869                         {
2870                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2871                         return(ret);
2872                         }
2873                 if (!EC_KEY_up_ref((EC_KEY *)parg))
2874                         {
2875                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2876                         return(ret);
2877                         }
2878                 ecdh = (EC_KEY *)parg;
2879                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2880                         {
2881                         if (!EC_KEY_generate_key(ecdh))
2882                                 {
2883                                 EC_KEY_free(ecdh);
2884                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2885                                 return(ret);
2886                                 }
2887                         }
2888                 if (s->cert->ecdh_tmp != NULL)
2889                         EC_KEY_free(s->cert->ecdh_tmp);
2890                 s->cert->ecdh_tmp = ecdh;
2891                 ret = 1;
2892                 }
2893                 break;
2894         case SSL_CTRL_SET_TMP_ECDH_CB:
2895                 {
2896                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2897                 return(ret);
2898                 }
2899                 break;
2900 #endif /* !OPENSSL_NO_ECDH */
2901 #ifndef OPENSSL_NO_TLSEXT
2902         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2903                 if (larg == TLSEXT_NAMETYPE_host_name)
2904                         {
2905                         if (s->tlsext_hostname != NULL) 
2906                                 OPENSSL_free(s->tlsext_hostname);
2907                         s->tlsext_hostname = NULL;
2908
2909                         ret = 1;
2910                         if (parg == NULL) 
2911                                 break;
2912                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2913                                 {
2914                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2915                                 return 0;
2916                                 }
2917                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2918                                 {
2919                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2920                                 return 0;
2921                                 }
2922                         }
2923                 else
2924                         {
2925                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2926                         return 0;
2927                         }
2928                 break;
2929         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2930                 s->tlsext_debug_arg=parg;
2931                 ret = 1;
2932                 break;
2933
2934 #ifdef TLSEXT_TYPE_opaque_prf_input
2935         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2936                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2937                                    * (including the cert chain and everything) */
2938                         {
2939                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2940                         break;
2941                         }
2942                 if (s->tlsext_opaque_prf_input != NULL)
2943                         OPENSSL_free(s->tlsext_opaque_prf_input);
2944                 if ((size_t)larg == 0)
2945                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2946                 else
2947                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2948                 if (s->tlsext_opaque_prf_input != NULL)
2949                         {
2950                         s->tlsext_opaque_prf_input_len = (size_t)larg;
2951                         ret = 1;
2952                         }
2953                 else
2954                         s->tlsext_opaque_prf_input_len = 0;
2955                 break;
2956 #endif
2957
2958         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2959                 s->tlsext_status_type=larg;
2960                 ret = 1;
2961                 break;
2962
2963         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2964                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2965                 ret = 1;
2966                 break;
2967
2968         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2969                 s->tlsext_ocsp_exts = parg;
2970                 ret = 1;
2971                 break;
2972
2973         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2974                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2975                 ret = 1;
2976                 break;
2977
2978         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2979                 s->tlsext_ocsp_ids = parg;
2980                 ret = 1;
2981                 break;
2982
2983         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2984                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2985                 return s->tlsext_ocsp_resplen;
2986                 
2987         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2988                 if (s->tlsext_ocsp_resp)
2989                         OPENSSL_free(s->tlsext_ocsp_resp);
2990                 s->tlsext_ocsp_resp = parg;
2991                 s->tlsext_ocsp_resplen = larg;
2992                 ret = 1;
2993                 break;
2994
2995 #endif /* !OPENSSL_NO_TLSEXT */
2996         default:
2997                 break;
2998                 }
2999         return(ret);
3000         }
3001
3002 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3003         {
3004         int ret=0;
3005
3006 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3007         if (
3008 #ifndef OPENSSL_NO_RSA
3009             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3010 #endif
3011 #ifndef OPENSSL_NO_DSA
3012             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3013 #endif
3014                 0)
3015                 {
3016                 if (!ssl_cert_inst(&s->cert))
3017                         {
3018                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3019                         return(0);
3020                         }
3021                 }
3022 #endif
3023
3024         switch (cmd)
3025                 {
3026 #ifndef OPENSSL_NO_RSA
3027         case SSL_CTRL_SET_TMP_RSA_CB:
3028                 {
3029                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3030                 }
3031                 break;
3032 #endif
3033 #ifndef OPENSSL_NO_DH
3034         case SSL_CTRL_SET_TMP_DH_CB:
3035                 {
3036                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3037                 }
3038                 break;
3039 #endif
3040 #ifndef OPENSSL_NO_ECDH
3041         case SSL_CTRL_SET_TMP_ECDH_CB:
3042                 {
3043                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3044                 }
3045                 break;
3046 #endif
3047 #ifndef OPENSSL_NO_TLSEXT
3048         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3049                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3050                                         unsigned char *, int, void *))fp;
3051                 break;
3052 #endif
3053         case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3054                 {
3055                 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3056                 }
3057                 break;
3058         default:
3059                 break;
3060                 }
3061         return(ret);
3062         }
3063
3064 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3065         {
3066         CERT *cert;
3067
3068         cert=ctx->cert;
3069
3070         switch (cmd)
3071                 {
3072 #ifndef OPENSSL_NO_RSA
3073         case SSL_CTRL_NEED_TMP_RSA:
3074                 if (    (cert->rsa_tmp == NULL) &&
3075                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3076                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3077                         )
3078                         return(1);
3079                 else
3080                         return(0);
3081                 /* break; */
3082         case SSL_CTRL_SET_TMP_RSA:
3083                 {
3084                 RSA *rsa;
3085                 int i;
3086
3087                 rsa=(RSA *)parg;
3088                 i=1;
3089                 if (rsa == NULL)
3090                         i=0;
3091                 else
3092                         {
3093                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3094                                 i=0;
3095                         }
3096                 if (!i)
3097                         {
3098                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
3099                         return(0);
3100                         }
3101                 else
3102                         {
3103                         if (cert->rsa_tmp != NULL)
3104                                 RSA_free(cert->rsa_tmp);
3105                         cert->rsa_tmp=rsa;
3106                         return(1);
3107                         }
3108                 }
3109                 /* break; */
3110         case SSL_CTRL_SET_TMP_RSA_CB:
3111                 {
3112                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3113                 return(0);
3114                 }
3115                 break;
3116 #endif
3117 #ifndef OPENSSL_NO_DH
3118         case SSL_CTRL_SET_TMP_DH:
3119                 {
3120                 DH *new=NULL,*dh;
3121
3122                 dh=(DH *)parg;
3123                 if ((new=DHparams_dup(dh)) == NULL)
3124                         {
3125                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3126                         return 0;
3127                         }
3128                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3129                         {
3130                         if (!DH_generate_key(new))
3131                                 {
3132                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3133                                 DH_free(new);
3134                                 return 0;
3135                                 }
3136                         }
3137                 if (cert->dh_tmp != NULL)
3138                         DH_free(cert->dh_tmp);
3139                 cert->dh_tmp=new;
3140                 return 1;
3141                 }
3142                 /*break; */
3143         case SSL_CTRL_SET_TMP_DH_CB:
3144                 {
3145                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3146                 return(0);
3147                 }
3148                 break;
3149 #endif
3150 #ifndef OPENSSL_NO_ECDH
3151         case SSL_CTRL_SET_TMP_ECDH:
3152                 {
3153                 EC_KEY *ecdh = NULL;
3154                         
3155                 if (parg == NULL)
3156                         {
3157                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3158                         return 0;
3159                         }
3160                 ecdh = EC_KEY_dup((EC_KEY *)parg);
3161                 if (ecdh == NULL)
3162                         {
3163                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3164                         return 0;
3165                         }
3166                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3167                         {
3168                         if (!EC_KEY_generate_key(ecdh))
3169                                 {
3170                                 EC_KEY_free(ecdh);
3171                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3172                                 return 0;
3173                                 }
3174                         }
3175
3176                 if (cert->ecdh_tmp != NULL)
3177                         {
3178                         EC_KEY_free(cert->ecdh_tmp);
3179                         }
3180                 cert->ecdh_tmp = ecdh;
3181                 return 1;
3182                 }
3183                 /* break; */
3184         case SSL_CTRL_SET_TMP_ECDH_CB:
3185                 {
3186                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3187                 return(0);
3188                 }
3189                 break;
3190 #endif /* !OPENSSL_NO_ECDH */
3191 #ifndef OPENSSL_NO_TLSEXT
3192         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3193                 ctx->tlsext_servername_arg=parg;
3194                 break;
3195         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3196         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3197                 {
3198                 unsigned char *keys = parg;
3199                 if (!keys)
3200                         return 48;
3201                 if (larg != 48)
3202                         {
3203                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3204                         return 0;
3205                         }
3206                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3207                         {
3208                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
3209                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3210                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3211                         }
3212                 else
3213                         {
3214                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
3215                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3216                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3217                         }
3218                 return 1;
3219                 }
3220
3221 #ifdef TLSEXT_TYPE_opaque_prf_input
3222         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3223                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
3224                 return 1;
3225 #endif
3226
3227         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3228                 ctx->tlsext_status_arg=parg;
3229                 return 1;
3230                 break;
3231
3232 #ifndef OPENSSL_NO_SRP
3233         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3234                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3235                 if (ctx->srp_ctx.login != NULL)
3236                         OPENSSL_free(ctx->srp_ctx.login);
3237                 ctx->srp_ctx.login = NULL;
3238                 if (parg == NULL)
3239                         break;
3240                 if (strlen((char *)parg) > 254)
3241                         {
3242                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3243                         return 0;
3244                         } 
3245                 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3246                         {
3247                         SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3248                         return 0;
3249                         }
3250                 break;
3251         case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3252                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3253                 ctx->srp_ctx.info=parg;
3254                 break;
3255         case SSL_CTRL_SET_SRP_ARG:
3256                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3257                 ctx->srp_ctx.SRP_cb_arg=parg;
3258                 break;
3259
3260         case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3261                 ctx->srp_ctx.strength=larg;
3262                 break;
3263 #endif
3264 #endif /* !OPENSSL_NO_TLSEXT */
3265
3266         /* A Thawte special :-) */
3267         case SSL_CTRL_EXTRA_CHAIN_CERT:
3268                 if (ctx->extra_certs == NULL)
3269                         {
3270                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3271                                 return(0);
3272                         }
3273                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3274                 break;
3275
3276         default:
3277                 return(0);
3278                 }
3279         return(1);
3280         }
3281
3282 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3283         {
3284         CERT *cert;
3285
3286         cert=ctx->cert;
3287
3288         switch (cmd)
3289                 {
3290 #ifndef OPENSSL_NO_RSA
3291         case SSL_CTRL_SET_TMP_RSA_CB:
3292                 {
3293                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3294                 }
3295                 break;
3296 #endif
3297 #ifndef OPENSSL_NO_DH
3298         case SSL_CTRL_SET_TMP_DH_CB:
3299                 {
3300                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3301                 }
3302                 break;
3303 #endif
3304 #ifndef OPENSSL_NO_ECDH
3305         case SSL_CTRL_SET_TMP_ECDH_CB:
3306                 {
3307                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3308                 }
3309                 break;
3310 #endif
3311 #ifndef OPENSSL_NO_TLSEXT
3312         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3313                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3314                 break;
3315
3316 #ifdef TLSEXT_TYPE_opaque_prf_input
3317         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3318                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
3319                 break;
3320 #endif
3321
3322         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3323                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3324                 break;
3325
3326         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3327                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
3328                                                 unsigned char *,
3329                                                 EVP_CIPHER_CTX *,
3330                                                 HMAC_CTX *, int))fp;
3331                 break;
3332
3333 #ifndef OPENSSL_NO_SRP
3334         case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3335                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3336                 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3337                 break;
3338         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3339                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3340                 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3341                 break;
3342         case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3343                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3344                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3345                 break;
3346         case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB:
3347                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3348                 ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp;
3349                 break;
3350 #endif
3351 #endif
3352         case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3353                 {
3354                 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3355                 }
3356                 break;
3357         default:
3358                 return(0);
3359                 }
3360         return(1);
3361         }
3362
3363 #define DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3364
3365 /* This function needs to check if the ciphers required are actually
3366  * available */
3367 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3368         {
3369         SSL_CIPHER c;
3370         const SSL_CIPHER *cp;
3371         unsigned long id;
3372
3373         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3374         c.id=id;
3375         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3376 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3377 if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3378 #endif
3379         if (cp == NULL || cp->valid == 0)
3380                 return NULL;
3381         else
3382                 return cp;
3383         }
3384
3385 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3386         {
3387         long l;
3388
3389         if (p != NULL)
3390                 {
3391                 l=c->id;
3392                 if ((l & 0xff000000) != 0x03000000) return(0);
3393                 p[0]=((unsigned char)(l>> 8L))&0xFF;
3394                 p[1]=((unsigned char)(l     ))&0xFF;
3395                 }
3396         return(2);
3397         }
3398
3399 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3400              STACK_OF(SSL_CIPHER) *srvr)
3401         {
3402         SSL_CIPHER *c,*ret=NULL;
3403         STACK_OF(SSL_CIPHER) *prio, *allow;
3404         int i,ii,ok;
3405 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3406         unsigned int j;
3407         int ec_ok, ec_nid;
3408         unsigned char ec_search1 = 0, ec_search2 = 0;
3409 #endif
3410         CERT *cert;
3411         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
3412
3413         /* Let's see which ciphers we can support */
3414         cert=s->cert;
3415
3416 #if 0
3417         /* Do not set the compare functions, because this may lead to a
3418          * reordering by "id". We want to keep the original ordering.
3419          * We may pay a price in performance during sk_SSL_CIPHER_find(),
3420          * but would have to pay with the price of sk_SSL_CIPHER_dup().
3421          */
3422         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3423         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3424 #endif
3425
3426 #ifdef CIPHER_DEBUG
3427         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3428         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3429                 {
3430                 c=sk_SSL_CIPHER_value(srvr,i);
3431                 printf("%p:%s\n",(void *)c,c->name);
3432                 }
3433         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3434         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3435             {
3436             c=sk_SSL_CIPHER_value(clnt,i);
3437             printf("%p:%s\n",(void *)c,c->name);
3438             }
3439 #endif
3440
3441         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
3442                 {
3443                 prio = srvr;
3444                 allow = clnt;
3445                 }
3446         else
3447                 {
3448                 prio = clnt;
3449                 allow = srvr;
3450                 }
3451
3452         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3453                 {
3454                 c=sk_SSL_CIPHER_value(prio,i);
3455
3456                 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3457                 if ((c->algorithm_ssl & SSL_TLSV1_2) && 
3458                         (TLS1_get_version(s) < TLS1_2_VERSION))
3459                         continue;
3460
3461                 ssl_set_cert_masks(cert,c);
3462                 mask_k = cert->mask_k;
3463                 mask_a = cert->mask_a;
3464                 emask_k = cert->export_mask_k;
3465                 emask_a = cert->export_mask_a;
3466 #ifndef OPENSSL_NO_SRP
3467                 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3468                 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3469 #endif
3470                         
3471 #ifdef KSSL_DEBUG
3472 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3473 #endif    /* KSSL_DEBUG */
3474
3475                 alg_k=c->algorithm_mkey;
3476                 alg_a=c->algorithm_auth;
3477
3478 #ifndef OPENSSL_NO_KRB5
3479                 if (alg_k & SSL_kKRB5)
3480                         {
3481                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
3482                             continue;
3483                         }
3484 #endif /* OPENSSL_NO_KRB5 */
3485 #ifndef OPENSSL_NO_PSK
3486                 /* with PSK there must be server callback set */
3487                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3488                         continue;
3489 #endif /* OPENSSL_NO_PSK */
3490
3491                 if (SSL_C_IS_EXPORT(c))
3492                         {
3493                         ok = (alg_k & emask_k) && (alg_a & emask_a);
3494 #ifdef CIPHER_DEBUG
3495                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3496                                (void *)c,c->name);
3497 #endif
3498                         }
3499                 else
3500                         {
3501                         ok = (alg_k & mask_k) && (alg_a & mask_a);
3502 #ifdef CIPHER_DEBUG
3503                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3504                                c->name);
3505 #endif
3506                         }
3507
3508 #ifndef OPENSSL_NO_TLSEXT
3509 #ifndef OPENSSL_NO_EC
3510                 if (
3511                         /* if we are considering an ECC cipher suite that uses our certificate */
3512                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3513                         /* and we have an ECC certificate */
3514                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3515                         /* and the client specified a Supported Point Formats extension */
3516                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3517                         /* and our certificate's point is compressed */
3518                         && (
3519                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3520                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3521                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3522                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3523                                 && (
3524                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3525                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3526                                         )
3527                                 )
3528                 )
3529                         {
3530                         ec_ok = 0;
3531                         /* if our certificate's curve is over a field type that the client does not support
3532                          * then do not allow this cipher suite to be negotiated */
3533                         if (
3534                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3535                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3536                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3537                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3538                         )
3539                                 {
3540                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3541                                         {
3542                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3543                                                 {
3544                                                 ec_ok = 1;
3545                                                 break;
3546                                                 }
3547                                         }
3548                                 }
3549                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3550                                 {
3551                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3552                                         {
3553                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3554                                                 {
3555                                                 ec_ok = 1;
3556                                                 break;
3557                                                 }
3558                                         }
3559                                 }
3560                         ok = ok && ec_ok;
3561                         }
3562                 if (
3563                         /* if we are considering an ECC cipher suite that uses our certificate */
3564                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3565                         /* and we have an ECC certificate */
3566                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3567                         /* and the client specified an EllipticCurves extension */
3568                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3569                 )
3570                         {
3571                         ec_ok = 0;
3572                         if (
3573                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3574                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3575                         )
3576                                 {
3577                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3578                                 if ((ec_nid == 0)
3579                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3580                                 )
3581                                         {
3582                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3583                                                 {
3584                                                 ec_search1 = 0xFF;
3585                                                 ec_search2 = 0x01;
3586                                                 }
3587                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3588                                                 {
3589                                                 ec_search1 = 0xFF;
3590                                                 ec_search2 = 0x02;
3591                                                 }
3592                                         }
3593                                 else
3594                                         {
3595                                         ec_search1 = 0x00;
3596                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3597                                         }
3598                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3599                                         {
3600                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3601                                                 {
3602                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3603                                                         {
3604                                                         ec_ok = 1;
3605                                                         break;
3606                                                         }
3607                                                 }
3608                                         }
3609                                 }
3610                         ok = ok && ec_ok;
3611                         }
3612                 if (
3613                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3614                         (alg_k & SSL_kEECDH)
3615                         /* and we have an ephemeral EC key */
3616                         && (s->cert->ecdh_tmp != NULL)
3617                         /* and the client specified an EllipticCurves extension */
3618                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3619                 )
3620                         {
3621                         ec_ok = 0;
3622                         if (s->cert->ecdh_tmp->group != NULL)
3623                                 {
3624                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3625                                 if ((ec_nid == 0)
3626                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3627                                 )
3628                                         {
3629                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3630                                                 {
3631                                                 ec_search1 = 0xFF;
3632                                                 ec_search2 = 0x01;
3633                                                 }
3634                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3635                                                 {
3636                                                 ec_search1 = 0xFF;
3637                                                 ec_search2 = 0x02;
3638                                                 }
3639                                         }
3640                                 else
3641                                         {
3642                                         ec_search1 = 0x00;
3643                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3644                                         }
3645                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3646                                         {
3647                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3648                                                 {
3649                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3650                                                         {
3651                                                         ec_ok = 1;
3652                                                         break;
3653                                                 &n