727827f91d3e68df6a8f1fe859ac4e46d0a6a82b
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663         {
664         1,
665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
666         SSL3_CK_KRB5_DES_64_CBC_SHA,
667         SSL_kKRB5,
668         SSL_aKRB5,
669         SSL_DES,
670         SSL_SHA1,
671         SSL_SSLV3,
672         SSL_NOT_EXP|SSL_LOW,
673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674         56,
675         56,
676         },
677
678 /* Cipher 1F */
679         {
680         1,
681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
683         SSL_kKRB5,
684         SSL_aKRB5,
685         SSL_3DES,
686         SSL_SHA1,
687         SSL_SSLV3,
688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690         168,
691         168,
692         },
693
694 /* Cipher 20 */
695         {
696         1,
697         SSL3_TXT_KRB5_RC4_128_SHA,
698         SSL3_CK_KRB5_RC4_128_SHA,
699         SSL_kKRB5,
700         SSL_aKRB5,
701         SSL_RC4,
702         SSL_SHA1,
703         SSL_SSLV3,
704         SSL_NOT_EXP|SSL_MEDIUM,
705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706         128,
707         128,
708         },
709
710 /* Cipher 21 */
711         {
712         1,
713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715         SSL_kKRB5,
716         SSL_aKRB5,
717         SSL_IDEA,
718         SSL_SHA1,
719         SSL_SSLV3,
720         SSL_NOT_EXP|SSL_MEDIUM,
721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722         128,
723         128,
724         },
725
726 /* Cipher 22 */
727         {
728         1,
729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
730         SSL3_CK_KRB5_DES_64_CBC_MD5,
731         SSL_kKRB5,
732         SSL_aKRB5,
733         SSL_DES,
734         SSL_MD5,
735         SSL_SSLV3,
736         SSL_NOT_EXP|SSL_LOW,
737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738         56,
739         56,
740         },
741
742 /* Cipher 23 */
743         {
744         1,
745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
747         SSL_kKRB5,
748         SSL_aKRB5,
749         SSL_3DES,
750         SSL_MD5,
751         SSL_SSLV3,
752         SSL_NOT_EXP|SSL_HIGH,
753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754         168,
755         168,
756         },
757
758 /* Cipher 24 */
759         {
760         1,
761         SSL3_TXT_KRB5_RC4_128_MD5,
762         SSL3_CK_KRB5_RC4_128_MD5,
763         SSL_kKRB5,
764         SSL_aKRB5,
765         SSL_RC4,
766         SSL_MD5,
767         SSL_SSLV3,
768         SSL_NOT_EXP|SSL_MEDIUM,
769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770         128,
771         128,
772         },
773
774 /* Cipher 25 */
775         {
776         1,
777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779         SSL_kKRB5,
780         SSL_aKRB5,
781         SSL_IDEA,
782         SSL_MD5,
783         SSL_SSLV3,
784         SSL_NOT_EXP|SSL_MEDIUM,
785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786         128,
787         128,
788         },
789
790 /* Cipher 26 */
791         {
792         1,
793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
794         SSL3_CK_KRB5_DES_40_CBC_SHA,
795         SSL_kKRB5,
796         SSL_aKRB5,
797         SSL_DES,
798         SSL_SHA1,
799         SSL_SSLV3,
800         SSL_EXPORT|SSL_EXP40,
801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802         40,
803         56,
804         },
805
806 /* Cipher 27 */
807         {
808         1,
809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
811         SSL_kKRB5,
812         SSL_aKRB5,
813         SSL_RC2,
814         SSL_SHA1,
815         SSL_SSLV3,
816         SSL_EXPORT|SSL_EXP40,
817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818         40,
819         128,
820         },
821
822 /* Cipher 28 */
823         {
824         1,
825         SSL3_TXT_KRB5_RC4_40_SHA,
826         SSL3_CK_KRB5_RC4_40_SHA,
827         SSL_kKRB5,
828         SSL_aKRB5,
829         SSL_RC4,
830         SSL_SHA1,
831         SSL_SSLV3,
832         SSL_EXPORT|SSL_EXP40,
833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834         40,
835         128,
836         },
837
838 /* Cipher 29 */
839         {
840         1,
841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
842         SSL3_CK_KRB5_DES_40_CBC_MD5,
843         SSL_kKRB5,
844         SSL_aKRB5,
845         SSL_DES,
846         SSL_MD5,
847         SSL_SSLV3,
848         SSL_EXPORT|SSL_EXP40,
849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850         40,
851         56,
852         },
853
854 /* Cipher 2A */
855         {
856         1,
857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
859         SSL_kKRB5,
860         SSL_aKRB5,
861         SSL_RC2,
862         SSL_MD5,
863         SSL_SSLV3,
864         SSL_EXPORT|SSL_EXP40,
865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866         40,
867         128,
868         },
869
870 /* Cipher 2B */
871         {
872         1,
873         SSL3_TXT_KRB5_RC4_40_MD5,
874         SSL3_CK_KRB5_RC4_40_MD5,
875         SSL_kKRB5,
876         SSL_aKRB5,
877         SSL_RC4,
878         SSL_MD5,
879         SSL_SSLV3,
880         SSL_EXPORT|SSL_EXP40,
881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882         40,
883         128,
884         },
885 #endif  /* OPENSSL_NO_KRB5 */
886
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889         {
890         1,
891         TLS1_TXT_RSA_WITH_AES_128_SHA,
892         TLS1_CK_RSA_WITH_AES_128_SHA,
893         SSL_kRSA,
894         SSL_aRSA,
895         SSL_AES128,
896         SSL_SHA1,
897         SSL_TLSV1,
898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900         128,
901         128,
902         },
903 /* Cipher 30 */
904         {
905         0,
906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908         SSL_kDHd,
909         SSL_aDH,
910         SSL_AES128,
911         SSL_SHA1,
912         SSL_TLSV1,
913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915         128,
916         128,
917         },
918 /* Cipher 31 */
919         {
920         0,
921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923         SSL_kDHr,
924         SSL_aDH,
925         SSL_AES128,
926         SSL_SHA1,
927         SSL_TLSV1,
928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930         128,
931         128,
932         },
933 /* Cipher 32 */
934         {
935         1,
936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938         SSL_kEDH,
939         SSL_aDSS,
940         SSL_AES128,
941         SSL_SHA1,
942         SSL_TLSV1,
943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945         128,
946         128,
947         },
948 /* Cipher 33 */
949         {
950         1,
951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953         SSL_kEDH,
954         SSL_aRSA,
955         SSL_AES128,
956         SSL_SHA1,
957         SSL_TLSV1,
958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960         128,
961         128,
962         },
963 /* Cipher 34 */
964         {
965         1,
966         TLS1_TXT_ADH_WITH_AES_128_SHA,
967         TLS1_CK_ADH_WITH_AES_128_SHA,
968         SSL_kEDH,
969         SSL_aNULL,
970         SSL_AES128,
971         SSL_SHA1,
972         SSL_TLSV1,
973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975         128,
976         128,
977         },
978
979 /* Cipher 35 */
980         {
981         1,
982         TLS1_TXT_RSA_WITH_AES_256_SHA,
983         TLS1_CK_RSA_WITH_AES_256_SHA,
984         SSL_kRSA,
985         SSL_aRSA,
986         SSL_AES256,
987         SSL_SHA1,
988         SSL_TLSV1,
989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991         256,
992         256,
993         },
994 /* Cipher 36 */
995         {
996         0,
997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073
1074 #ifndef OPENSSL_NO_CAMELLIA
1075         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076
1077         /* Cipher 41 */
1078         {
1079         1,
1080         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082         SSL_kRSA,
1083         SSL_aRSA,
1084         SSL_CAMELLIA128,
1085         SSL_SHA1,
1086         SSL_TLSV1,
1087         SSL_NOT_EXP|SSL_HIGH,
1088         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089         128,
1090         128,
1091         },
1092
1093         /* Cipher 42 */
1094         {
1095         0, /* not implemented (non-ephemeral DH) */
1096         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098         SSL_kDHd,
1099         SSL_aDH,
1100         SSL_CAMELLIA128,
1101         SSL_SHA1,
1102         SSL_TLSV1,
1103         SSL_NOT_EXP|SSL_HIGH,
1104         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105         128,
1106         128,
1107         },
1108
1109         /* Cipher 43 */
1110         {
1111         0, /* not implemented (non-ephemeral DH) */
1112         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114         SSL_kDHr,
1115         SSL_aDH,
1116         SSL_CAMELLIA128,
1117         SSL_SHA1,
1118         SSL_TLSV1,
1119         SSL_NOT_EXP|SSL_HIGH,
1120         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121         128,
1122         128,
1123         },
1124
1125         /* Cipher 44 */
1126         {
1127         1,
1128         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130         SSL_kEDH,
1131         SSL_aDSS,
1132         SSL_CAMELLIA128,
1133         SSL_SHA1,
1134         SSL_TLSV1,
1135         SSL_NOT_EXP|SSL_HIGH,
1136         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137         128,
1138         128,
1139         },
1140
1141         /* Cipher 45 */
1142         {
1143         1,
1144         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146         SSL_kEDH,
1147         SSL_aRSA,
1148         SSL_CAMELLIA128,
1149         SSL_SHA1,
1150         SSL_TLSV1,
1151         SSL_NOT_EXP|SSL_HIGH,
1152         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153         128,
1154         128,
1155         },
1156
1157         /* Cipher 46 */
1158         {
1159         1,
1160         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162         SSL_kEDH,
1163         SSL_aNULL,
1164         SSL_CAMELLIA128,
1165         SSL_SHA1,
1166         SSL_TLSV1,
1167         SSL_NOT_EXP|SSL_HIGH,
1168         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169         128,
1170         128,
1171         },
1172 #endif /* OPENSSL_NO_CAMELLIA */
1173
1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175         /* New TLS Export CipherSuites from expired ID */
1176 #if 0
1177         /* Cipher 60 */
1178         {
1179         1,
1180         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182         SSL_kRSA,
1183         SSL_aRSA,
1184         SSL_RC4,
1185         SSL_MD5,
1186         SSL_TLSV1,
1187         SSL_EXPORT|SSL_EXP56,
1188         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189         56,
1190         128,
1191         },
1192
1193         /* Cipher 61 */
1194         {
1195         1,
1196         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198         SSL_kRSA,
1199         SSL_aRSA,
1200         SSL_RC2,
1201         SSL_MD5,
1202         SSL_TLSV1,
1203         SSL_EXPORT|SSL_EXP56,
1204         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205         56,
1206         128,
1207         },
1208 #endif
1209
1210         /* Cipher 62 */
1211         {
1212         1,
1213         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215         SSL_kRSA,
1216         SSL_aRSA,
1217         SSL_DES,
1218         SSL_SHA1,
1219         SSL_TLSV1,
1220         SSL_EXPORT|SSL_EXP56,
1221         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222         56,
1223         56,
1224         },
1225
1226         /* Cipher 63 */
1227         {
1228         1,
1229         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231         SSL_kEDH,
1232         SSL_aDSS,
1233         SSL_DES,
1234         SSL_SHA1,
1235         SSL_TLSV1,
1236         SSL_EXPORT|SSL_EXP56,
1237         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238         56,
1239         56,
1240         },
1241
1242         /* Cipher 64 */
1243         {
1244         1,
1245         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247         SSL_kRSA,
1248         SSL_aRSA,
1249         SSL_RC4,
1250         SSL_SHA1,
1251         SSL_TLSV1,
1252         SSL_EXPORT|SSL_EXP56,
1253         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254         56,
1255         128,
1256         },
1257
1258         /* Cipher 65 */
1259         {
1260         1,
1261         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263         SSL_kEDH,
1264         SSL_aDSS,
1265         SSL_RC4,
1266         SSL_SHA1,
1267         SSL_TLSV1,
1268         SSL_EXPORT|SSL_EXP56,
1269         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270         56,
1271         128,
1272         },
1273
1274         /* Cipher 66 */
1275         {
1276         1,
1277         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279         SSL_kEDH,
1280         SSL_aDSS,
1281         SSL_RC4,
1282         SSL_SHA1,
1283         SSL_TLSV1,
1284         SSL_NOT_EXP|SSL_MEDIUM,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         128,
1287         128,
1288         },
1289 #endif
1290         {
1291         1,
1292         "GOST94-GOST89-GOST89",
1293         0x3000080,
1294         SSL_kGOST,
1295         SSL_aGOST94,
1296         SSL_eGOST2814789CNT,
1297         SSL_GOST89MAC,
1298         SSL_TLSV1,
1299         SSL_NOT_EXP|SSL_HIGH,
1300         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301         256,
1302         256
1303         },
1304         {
1305         1,
1306         "GOST2001-GOST89-GOST89",
1307         0x3000081,
1308         SSL_kGOST,
1309         SSL_aGOST01,
1310         SSL_eGOST2814789CNT,
1311         SSL_GOST89MAC,
1312         SSL_TLSV1,
1313         SSL_NOT_EXP|SSL_HIGH,
1314         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315         256,
1316         256
1317         },
1318         {
1319         1,
1320         "GOST94-NULL-GOST94",
1321         0x3000082,
1322         SSL_kGOST,
1323         SSL_aGOST94,
1324         SSL_eNULL,
1325         SSL_GOST94,
1326         SSL_TLSV1,
1327         SSL_NOT_EXP|SSL_STRONG_NONE,
1328         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329         0,
1330         0
1331         },
1332         {
1333         1,
1334         "GOST2001-NULL-GOST94",
1335         0x3000083,
1336         SSL_kGOST,
1337         SSL_aGOST01,
1338         SSL_eNULL,
1339         SSL_GOST94,
1340         SSL_TLSV1,
1341         SSL_NOT_EXP|SSL_STRONG_NONE,
1342         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343         0,
1344         0
1345         },
1346
1347 #ifndef OPENSSL_NO_CAMELLIA
1348         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349
1350         /* Cipher 84 */
1351         {
1352         1,
1353         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355         SSL_kRSA,
1356         SSL_aRSA,
1357         SSL_CAMELLIA256,
1358         SSL_SHA1,
1359         SSL_TLSV1,
1360         SSL_NOT_EXP|SSL_HIGH,
1361         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362         256,
1363         256,
1364         },
1365         /* Cipher 85 */
1366         {
1367         0, /* not implemented (non-ephemeral DH) */
1368         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370         SSL_kDHd,
1371         SSL_aDH,
1372         SSL_CAMELLIA256,
1373         SSL_SHA1,
1374         SSL_TLSV1,
1375         SSL_NOT_EXP|SSL_HIGH,
1376         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377         256,
1378         256,
1379         },
1380
1381         /* Cipher 86 */
1382         {
1383         0, /* not implemented (non-ephemeral DH) */
1384         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386         SSL_kDHr,
1387         SSL_aDH,
1388         SSL_CAMELLIA256,
1389         SSL_SHA1,
1390         SSL_TLSV1,
1391         SSL_NOT_EXP|SSL_HIGH,
1392         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393         256,
1394         256,
1395         },
1396
1397         /* Cipher 87 */
1398         {
1399         1,
1400         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402         SSL_kEDH,
1403         SSL_aDSS,
1404         SSL_CAMELLIA256,
1405         SSL_SHA1,
1406         SSL_TLSV1,
1407         SSL_NOT_EXP|SSL_HIGH,
1408         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409         256,
1410         256,
1411         },
1412
1413         /* Cipher 88 */
1414         {
1415         1,
1416         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418         SSL_kEDH,
1419         SSL_aRSA,
1420         SSL_CAMELLIA256,
1421         SSL_SHA1,
1422         SSL_TLSV1,
1423         SSL_NOT_EXP|SSL_HIGH,
1424         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425         256,
1426         256,
1427         },
1428
1429         /* Cipher 89 */
1430         {
1431         1,
1432         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434         SSL_kEDH,
1435         SSL_aNULL,
1436         SSL_CAMELLIA256,
1437         SSL_SHA1,
1438         SSL_TLSV1,
1439         SSL_NOT_EXP|SSL_HIGH,
1440         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441         256,
1442         256,
1443         },
1444 #endif /* OPENSSL_NO_CAMELLIA */
1445
1446 #ifndef OPENSSL_NO_PSK
1447         /* Cipher 8A */
1448         {
1449         1,
1450         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451         TLS1_CK_PSK_WITH_RC4_128_SHA,
1452         SSL_kPSK,
1453         SSL_aPSK,
1454         SSL_RC4,
1455         SSL_SHA1,
1456         SSL_TLSV1,
1457         SSL_NOT_EXP|SSL_MEDIUM,
1458         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459         128,
1460         128,
1461         },
1462
1463         /* Cipher 8B */
1464         {
1465         1,
1466         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468         SSL_kPSK,
1469         SSL_aPSK,
1470         SSL_3DES,
1471         SSL_SHA1,
1472         SSL_TLSV1,
1473         SSL_NOT_EXP|SSL_HIGH,
1474         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475         168,
1476         168,
1477         },
1478
1479         /* Cipher 8C */
1480         {
1481         1,
1482         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484         SSL_kPSK,
1485         SSL_aPSK,
1486         SSL_AES128,
1487         SSL_SHA1,
1488         SSL_TLSV1,
1489         SSL_NOT_EXP|SSL_HIGH,
1490         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491         128,
1492         128,
1493         },
1494
1495         /* Cipher 8D */
1496         {
1497         1,
1498         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500         SSL_kPSK,
1501         SSL_aPSK,
1502         SSL_AES256,
1503         SSL_SHA1,
1504         SSL_TLSV1,
1505         SSL_NOT_EXP|SSL_HIGH,
1506         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507         256,
1508         256,
1509         },
1510 #endif  /* OPENSSL_NO_PSK */
1511
1512 #ifndef OPENSSL_NO_SEED
1513         /* SEED ciphersuites from RFC4162 */
1514
1515         /* Cipher 96 */
1516         {
1517         1,
1518         TLS1_TXT_RSA_WITH_SEED_SHA,
1519         TLS1_CK_RSA_WITH_SEED_SHA,
1520         SSL_kRSA,
1521         SSL_aRSA,
1522         SSL_SEED,
1523         SSL_SHA1,
1524         SSL_TLSV1,
1525         SSL_NOT_EXP|SSL_MEDIUM,
1526         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527         128,
1528         128,
1529         },
1530
1531         /* Cipher 97 */
1532         {
1533         0, /* not implemented (non-ephemeral DH) */
1534         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536         SSL_kDHd,
1537         SSL_aDH,
1538         SSL_SEED,
1539         SSL_SHA1,
1540         SSL_TLSV1,
1541         SSL_NOT_EXP|SSL_MEDIUM,
1542         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543         128,
1544         128,
1545         },
1546
1547         /* Cipher 98 */
1548         {
1549         0, /* not implemented (non-ephemeral DH) */
1550         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552         SSL_kDHr,
1553         SSL_aDH,
1554         SSL_SEED,
1555         SSL_SHA1,
1556         SSL_TLSV1,
1557         SSL_NOT_EXP|SSL_MEDIUM,
1558         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559         128,
1560         128,
1561         },
1562
1563         /* Cipher 99 */
1564         {
1565         1,
1566         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568         SSL_kEDH,
1569         SSL_aDSS,
1570         SSL_SEED,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_MEDIUM,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         128,
1576         128,
1577         },
1578
1579         /* Cipher 9A */
1580         {
1581         1,
1582         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584         SSL_kEDH,
1585         SSL_aRSA,
1586         SSL_SEED,
1587         SSL_SHA1,
1588         SSL_TLSV1,
1589         SSL_NOT_EXP|SSL_MEDIUM,
1590         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591         128,
1592         128,
1593         },
1594
1595         /* Cipher 9B */
1596         {
1597         1,
1598         TLS1_TXT_ADH_WITH_SEED_SHA,
1599         TLS1_CK_ADH_WITH_SEED_SHA,
1600         SSL_kEDH,
1601         SSL_aNULL,
1602         SSL_SEED,
1603         SSL_SHA1,
1604         SSL_TLSV1,
1605         SSL_NOT_EXP|SSL_MEDIUM,
1606         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607         128,
1608         128,
1609         },
1610
1611 #endif /* OPENSSL_NO_SEED */
1612
1613 #ifndef OPENSSL_NO_ECDH
1614         /* Cipher C001 */
1615         {
1616         1,
1617         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619         SSL_kECDHe,
1620         SSL_aECDH,
1621         SSL_eNULL,
1622         SSL_SHA1,
1623         SSL_TLSV1,
1624         SSL_NOT_EXP|SSL_STRONG_NONE,
1625         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626         0,
1627         0,
1628         },
1629
1630         /* Cipher C002 */
1631         {
1632         1,
1633         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635         SSL_kECDHe,
1636         SSL_aECDH,
1637         SSL_RC4,
1638         SSL_SHA1,
1639         SSL_TLSV1,
1640         SSL_NOT_EXP|SSL_MEDIUM,
1641         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642         128,
1643         128,
1644         },
1645
1646         /* Cipher C003 */
1647         {
1648         1,
1649         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651         SSL_kECDHe,
1652         SSL_aECDH,
1653         SSL_3DES,
1654         SSL_SHA1,
1655         SSL_TLSV1,
1656         SSL_NOT_EXP|SSL_HIGH,
1657         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658         168,
1659         168,
1660         },
1661
1662         /* Cipher C004 */
1663         {
1664         1,
1665         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667         SSL_kECDHe,
1668         SSL_aECDH,
1669         SSL_AES128,
1670         SSL_SHA1,
1671         SSL_TLSV1,
1672         SSL_NOT_EXP|SSL_HIGH,
1673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674         128,
1675         128,
1676         },
1677
1678         /* Cipher C005 */
1679         {
1680         1,
1681         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683         SSL_kECDHe,
1684         SSL_aECDH,
1685         SSL_AES256,
1686         SSL_SHA1,
1687         SSL_TLSV1,
1688         SSL_NOT_EXP|SSL_HIGH,
1689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690         256,
1691         256,
1692         },
1693
1694         /* Cipher C006 */
1695         {
1696         1,
1697         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699         SSL_kEECDH,
1700         SSL_aECDSA,
1701         SSL_eNULL,
1702         SSL_SHA1,
1703         SSL_TLSV1,
1704         SSL_NOT_EXP|SSL_STRONG_NONE,
1705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706         0,
1707         0,
1708         },
1709
1710         /* Cipher C007 */
1711         {
1712         1,
1713         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715         SSL_kEECDH,
1716         SSL_aECDSA,
1717         SSL_RC4,
1718         SSL_SHA1,
1719         SSL_TLSV1,
1720         SSL_NOT_EXP|SSL_MEDIUM,
1721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722         128,
1723         128,
1724         },
1725
1726         /* Cipher C008 */
1727         {
1728         1,
1729         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731         SSL_kEECDH,
1732         SSL_aECDSA,
1733         SSL_3DES,
1734         SSL_SHA1,
1735         SSL_TLSV1,
1736         SSL_NOT_EXP|SSL_HIGH,
1737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738         168,
1739         168,
1740         },
1741
1742         /* Cipher C009 */
1743         {
1744         1,
1745         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747         SSL_kEECDH,
1748         SSL_aECDSA,
1749         SSL_AES128,
1750         SSL_SHA1,
1751         SSL_TLSV1,
1752         SSL_NOT_EXP|SSL_HIGH,
1753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754         128,
1755         128,
1756         },
1757
1758         /* Cipher C00A */
1759         {
1760         1,
1761         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763         SSL_kEECDH,
1764         SSL_aECDSA,
1765         SSL_AES256,
1766         SSL_SHA1,
1767         SSL_TLSV1,
1768         SSL_NOT_EXP|SSL_HIGH,
1769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770         256,
1771         256,
1772         },
1773
1774         /* Cipher C00B */
1775         {
1776         1,
1777         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779         SSL_kECDHr,
1780         SSL_aECDH,
1781         SSL_eNULL,
1782         SSL_SHA1,
1783         SSL_TLSV1,
1784         SSL_NOT_EXP|SSL_STRONG_NONE,
1785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786         0,
1787         0,
1788         },
1789
1790         /* Cipher C00C */
1791         {
1792         1,
1793         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795         SSL_kECDHr,
1796         SSL_aECDH,
1797         SSL_RC4,
1798         SSL_SHA1,
1799         SSL_TLSV1,
1800         SSL_NOT_EXP|SSL_MEDIUM,
1801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802         128,
1803         128,
1804         },
1805
1806         /* Cipher C00D */
1807         {
1808         1,
1809         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811         SSL_kECDHr,
1812         SSL_aECDH,
1813         SSL_3DES,
1814         SSL_SHA1,
1815         SSL_TLSV1,
1816         SSL_NOT_EXP|SSL_HIGH,
1817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818         168,
1819         168,
1820         },
1821
1822         /* Cipher C00E */
1823         {
1824         1,
1825         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827         SSL_kECDHr,
1828         SSL_aECDH,
1829         SSL_AES128,
1830         SSL_SHA1,
1831         SSL_TLSV1,
1832         SSL_NOT_EXP|SSL_HIGH,
1833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834         128,
1835         128,
1836         },
1837
1838         /* Cipher C00F */
1839         {
1840         1,
1841         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843         SSL_kECDHr,
1844         SSL_aECDH,
1845         SSL_AES256,
1846         SSL_SHA1,
1847         SSL_TLSV1,
1848         SSL_NOT_EXP|SSL_HIGH,
1849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850         256,
1851         256,
1852         },
1853
1854         /* Cipher C010 */
1855         {
1856         1,
1857         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859         SSL_kEECDH,
1860         SSL_aRSA,
1861         SSL_eNULL,
1862         SSL_SHA1,
1863         SSL_TLSV1,
1864         SSL_NOT_EXP|SSL_STRONG_NONE,
1865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866         0,
1867         0,
1868         },
1869
1870         /* Cipher C011 */
1871         {
1872         1,
1873         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875         SSL_kEECDH,
1876         SSL_aRSA,
1877         SSL_RC4,
1878         SSL_SHA1,
1879         SSL_TLSV1,
1880         SSL_NOT_EXP|SSL_MEDIUM,
1881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882         128,
1883         128,
1884         },
1885
1886         /* Cipher C012 */
1887         {
1888         1,
1889         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891         SSL_kEECDH,
1892         SSL_aRSA,
1893         SSL_3DES,
1894         SSL_SHA1,
1895         SSL_TLSV1,
1896         SSL_NOT_EXP|SSL_HIGH,
1897         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898         168,
1899         168,
1900         },
1901
1902         /* Cipher C013 */
1903         {
1904         1,
1905         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907         SSL_kEECDH,
1908         SSL_aRSA,
1909         SSL_AES128,
1910         SSL_SHA1,
1911         SSL_TLSV1,
1912         SSL_NOT_EXP|SSL_HIGH,
1913         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914         128,
1915         128,
1916         },
1917
1918         /* Cipher C014 */
1919         {
1920         1,
1921         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923         SSL_kEECDH,
1924         SSL_aRSA,
1925         SSL_AES256,
1926         SSL_SHA1,
1927         SSL_TLSV1,
1928         SSL_NOT_EXP|SSL_HIGH,
1929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930         256,
1931         256,
1932         },
1933
1934         /* Cipher C015 */
1935         {
1936         1,
1937         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939         SSL_kEECDH,
1940         SSL_aNULL,
1941         SSL_eNULL,
1942         SSL_SHA1,
1943         SSL_TLSV1,
1944         SSL_NOT_EXP|SSL_STRONG_NONE,
1945         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946         0,
1947         0,
1948         },
1949
1950         /* Cipher C016 */
1951         {
1952         1,
1953         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955         SSL_kEECDH,
1956         SSL_aNULL,
1957         SSL_RC4,
1958         SSL_SHA1,
1959         SSL_TLSV1,
1960         SSL_NOT_EXP|SSL_MEDIUM,
1961         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962         128,
1963         128,
1964         },
1965
1966         /* Cipher C017 */
1967         {
1968         1,
1969         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971         SSL_kEECDH,
1972         SSL_aNULL,
1973         SSL_3DES,
1974         SSL_SHA1,
1975         SSL_TLSV1,
1976         SSL_NOT_EXP|SSL_HIGH,
1977         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978         168,
1979         168,
1980         },
1981
1982         /* Cipher C018 */
1983         {
1984         1,
1985         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987         SSL_kEECDH,
1988         SSL_aNULL,
1989         SSL_AES128,
1990         SSL_SHA1,
1991         SSL_TLSV1,
1992         SSL_NOT_EXP|SSL_HIGH,
1993         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994         128,
1995         128,
1996         },
1997
1998         /* Cipher C019 */
1999         {
2000         1,
2001         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003         SSL_kEECDH,
2004         SSL_aNULL,
2005         SSL_AES256,
2006         SSL_SHA1,
2007         SSL_TLSV1,
2008         SSL_NOT_EXP|SSL_HIGH,
2009         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010         256,
2011         256,
2012         },
2013 #endif  /* OPENSSL_NO_ECDH */
2014
2015 #ifdef TEMP_GOST_TLS
2016 /* Cipher FF00 */
2017         {
2018         1,
2019         "GOST-MD5",
2020         0x0300ff00,
2021         SSL_kRSA,
2022         SSL_aRSA,
2023         SSL_eGOST2814789CNT,
2024         SSL_MD5,
2025         SSL_TLSV1,
2026         SSL_NOT_EXP|SSL_HIGH,
2027         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028         256,
2029         256,
2030         },
2031         {
2032         1,
2033         "GOST-GOST94",
2034         0x0300ff01,
2035         SSL_kRSA,
2036         SSL_aRSA,
2037         SSL_eGOST2814789CNT,
2038         SSL_GOST94,
2039         SSL_TLSV1,
2040         SSL_NOT_EXP|SSL_HIGH,
2041         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042         256,
2043         256
2044         },
2045         {
2046         1,
2047         "GOST-GOST89MAC",
2048         0x0300ff02,
2049         SSL_kRSA,
2050         SSL_aRSA,
2051         SSL_eGOST2814789CNT,
2052         SSL_GOST89MAC,
2053         SSL_TLSV1,
2054         SSL_NOT_EXP|SSL_HIGH,
2055         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056         256,
2057         256
2058         },
2059         {
2060         1,
2061         "GOST-GOST89STREAM",
2062         0x0300ff03,
2063         SSL_kRSA,
2064         SSL_aRSA,
2065         SSL_eGOST2814789CNT,
2066         SSL_GOST89MAC,
2067         SSL_TLSV1,
2068         SSL_NOT_EXP|SSL_HIGH,
2069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070         256,
2071         256
2072         },
2073 #endif
2074
2075 /* end of list */
2076         };
2077
2078 SSL3_ENC_METHOD SSLv3_enc_data={
2079         ssl3_enc,
2080         n_ssl3_mac,
2081         ssl3_setup_key_block,
2082         ssl3_generate_master_secret,
2083         ssl3_change_cipher_state,
2084         ssl3_final_finish_mac,
2085         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086         ssl3_cert_verify_mac,
2087         SSL3_MD_CLIENT_FINISHED_CONST,4,
2088         SSL3_MD_SERVER_FINISHED_CONST,4,
2089         ssl3_alert_code,
2090         };
2091
2092 long ssl3_default_timeout(void)
2093         {
2094         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095          * is way too long for http, the cache would over fill */
2096         return(60*60*2);
2097         }
2098
2099 int ssl3_num_ciphers(void)
2100         {
2101         return(SSL3_NUM_CIPHERS);
2102         }
2103
2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105         {
2106         if (u < SSL3_NUM_CIPHERS)
2107                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108         else
2109                 return(NULL);
2110         }
2111
2112 int ssl3_pending(const SSL *s)
2113         {
2114         if (s->rstate == SSL_ST_READ_BODY)
2115                 return 0;
2116         
2117         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118         }
2119
2120 int ssl3_new(SSL *s)
2121         {
2122         SSL3_STATE *s3;
2123
2124         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125         memset(s3,0,sizeof *s3);
2126         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128
2129         s->s3=s3;
2130
2131         s->method->ssl_clear(s);
2132         return(1);
2133 err:
2134         return(0);
2135         }
2136
2137 void ssl3_free(SSL *s)
2138         {
2139         if(s == NULL)
2140             return;
2141
2142 #ifdef TLSEXT_TYPE_opaque_prf_input
2143         if (s->s3->client_opaque_prf_input != NULL)
2144                 OPENSSL_free(s->s3->client_opaque_prf_input);
2145         if (s->s3->server_opaque_prf_input != NULL)
2146                 OPENSSL_free(s->s3->server_opaque_prf_input);
2147 #endif
2148
2149         ssl3_cleanup_key_block(s);
2150         if (s->s3->rbuf.buf != NULL)
2151                 ssl3_release_read_buffer(s);
2152         if (s->s3->wbuf.buf != NULL)
2153                 ssl3_release_write_buffer(s);
2154         if (s->s3->rrec.comp != NULL)
2155                 OPENSSL_free(s->s3->rrec.comp);
2156 #ifndef OPENSSL_NO_DH
2157         if (s->s3->tmp.dh != NULL)
2158                 DH_free(s->s3->tmp.dh);
2159 #endif
2160 #ifndef OPENSSL_NO_ECDH
2161         if (s->s3->tmp.ecdh != NULL)
2162                 EC_KEY_free(s->s3->tmp.ecdh);
2163 #endif
2164
2165         if (s->s3->tmp.ca_names != NULL)
2166                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167         if (s->s3->handshake_buffer) {
2168                 BIO_free(s->s3->handshake_buffer);
2169         }
2170         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172         OPENSSL_free(s->s3);
2173         s->s3=NULL;
2174         }
2175
2176 void ssl3_clear(SSL *s)
2177         {
2178         unsigned char *rp,*wp;
2179         size_t rlen, wlen;
2180
2181 #ifdef TLSEXT_TYPE_opaque_prf_input
2182         if (s->s3->client_opaque_prf_input != NULL)
2183                 OPENSSL_free(s->s3->client_opaque_prf_input);
2184         s->s3->client_opaque_prf_input = NULL;
2185         if (s->s3->server_opaque_prf_input != NULL)
2186                 OPENSSL_free(s->s3->server_opaque_prf_input);
2187         s->s3->server_opaque_prf_input = NULL;
2188 #endif
2189
2190         ssl3_cleanup_key_block(s);
2191         if (s->s3->tmp.ca_names != NULL)
2192                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2193
2194         if (s->s3->rrec.comp != NULL)
2195                 {
2196                 OPENSSL_free(s->s3->rrec.comp);
2197                 s->s3->rrec.comp=NULL;
2198                 }
2199 #ifndef OPENSSL_NO_DH
2200         if (s->s3->tmp.dh != NULL)
2201                 DH_free(s->s3->tmp.dh);
2202 #endif
2203 #ifndef OPENSSL_NO_ECDH
2204         if (s->s3->tmp.ecdh != NULL)
2205                 EC_KEY_free(s->s3->tmp.ecdh);
2206 #endif
2207
2208         rp = s->s3->rbuf.buf;
2209         wp = s->s3->wbuf.buf;
2210         rlen = s->s3->rbuf.len;
2211         wlen = s->s3->wbuf.len;
2212         if (s->s3->handshake_buffer) {
2213                 BIO_free(s->s3->handshake_buffer);
2214         }
2215         if (s->s3->handshake_dgst) {
2216                 ssl3_free_digest_list(s);
2217         }       
2218         memset(s->s3,0,sizeof *s->s3);
2219         s->s3->rbuf.buf = rp;
2220         s->s3->wbuf.buf = wp;
2221         s->s3->rbuf.len = rlen;
2222         s->s3->wbuf.len = wlen;
2223
2224         ssl_free_wbio_buffer(s);
2225
2226         s->packet_length=0;
2227         s->s3->renegotiate=0;
2228         s->s3->total_renegotiations=0;
2229         s->s3->num_renegotiations=0;
2230         s->s3->in_read_app_data=0;
2231         s->version=SSL3_VERSION;
2232         }
2233
2234 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2235         {
2236         int ret=0;
2237
2238 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2239         if (
2240 #ifndef OPENSSL_NO_RSA
2241             cmd == SSL_CTRL_SET_TMP_RSA ||
2242             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2243 #endif
2244 #ifndef OPENSSL_NO_DSA
2245             cmd == SSL_CTRL_SET_TMP_DH ||
2246             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2247 #endif
2248                 0)
2249                 {
2250                 if (!ssl_cert_inst(&s->cert))
2251                         {
2252                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2253                         return(0);
2254                         }
2255                 }
2256 #endif
2257
2258         switch (cmd)
2259                 {
2260         case SSL_CTRL_GET_SESSION_REUSED:
2261                 ret=s->hit;
2262                 break;
2263         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2264                 break;
2265         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2266                 ret=s->s3->num_renegotiations;
2267                 break;
2268         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2269                 ret=s->s3->num_renegotiations;
2270                 s->s3->num_renegotiations=0;
2271                 break;
2272         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2273                 ret=s->s3->total_renegotiations;
2274                 break;
2275         case SSL_CTRL_GET_FLAGS:
2276                 ret=(int)(s->s3->flags);
2277                 break;
2278 #ifndef OPENSSL_NO_RSA
2279         case SSL_CTRL_NEED_TMP_RSA:
2280                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2281                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2282                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2283                         ret = 1;
2284                 break;
2285         case SSL_CTRL_SET_TMP_RSA:
2286                 {
2287                         RSA *rsa = (RSA *)parg;
2288                         if (rsa == NULL)
2289                                 {
2290                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2291                                 return(ret);
2292                                 }
2293                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2294                                 {
2295                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2296                                 return(ret);
2297                                 }
2298                         if (s->cert->rsa_tmp != NULL)
2299                                 RSA_free(s->cert->rsa_tmp);
2300                         s->cert->rsa_tmp = rsa;
2301                         ret = 1;
2302                 }
2303                 break;
2304         case SSL_CTRL_SET_TMP_RSA_CB:
2305                 {
2306                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2307                 return(ret);
2308                 }
2309                 break;
2310 #endif
2311 #ifndef OPENSSL_NO_DH
2312         case SSL_CTRL_SET_TMP_DH:
2313                 {
2314                         DH *dh = (DH *)parg;
2315                         if (dh == NULL)
2316                                 {
2317                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2318                                 return(ret);
2319                                 }
2320                         if ((dh = DHparams_dup(dh)) == NULL)
2321                                 {
2322                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2323                                 return(ret);
2324                                 }
2325                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
2326                                 {
2327                                 if (!DH_generate_key(dh))
2328                                         {
2329                                         DH_free(dh);
2330                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2331                                         return(ret);
2332                                         }
2333                                 }
2334                         if (s->cert->dh_tmp != NULL)
2335                                 DH_free(s->cert->dh_tmp);
2336                         s->cert->dh_tmp = dh;
2337                         ret = 1;
2338                 }
2339                 break;
2340         case SSL_CTRL_SET_TMP_DH_CB:
2341                 {
2342                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2343                 return(ret);
2344                 }
2345                 break;
2346 #endif
2347 #ifndef OPENSSL_NO_ECDH
2348         case SSL_CTRL_SET_TMP_ECDH:
2349                 {
2350                 EC_KEY *ecdh = NULL;
2351                         
2352                 if (parg == NULL)
2353                         {
2354                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2355                         return(ret);
2356                         }
2357                 if (!EC_KEY_up_ref((EC_KEY *)parg))
2358                         {
2359                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2360                         return(ret);
2361                         }
2362                 ecdh = (EC_KEY *)parg;
2363                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2364                         {
2365                         if (!EC_KEY_generate_key(ecdh))
2366                                 {
2367                                 EC_KEY_free(ecdh);
2368                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2369                                 return(ret);
2370                                 }
2371                         }
2372                 if (s->cert->ecdh_tmp != NULL)
2373                         EC_KEY_free(s->cert->ecdh_tmp);
2374                 s->cert->ecdh_tmp = ecdh;
2375                 ret = 1;
2376                 }
2377                 break;
2378         case SSL_CTRL_SET_TMP_ECDH_CB:
2379                 {
2380                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2381                 return(ret);
2382                 }
2383                 break;
2384 #endif /* !OPENSSL_NO_ECDH */
2385 #ifndef OPENSSL_NO_TLSEXT
2386         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2387                 if (larg == TLSEXT_NAMETYPE_host_name)
2388                         {
2389                         if (s->tlsext_hostname != NULL) 
2390                                 OPENSSL_free(s->tlsext_hostname);
2391                         s->tlsext_hostname = NULL;
2392
2393                         ret = 1;
2394                         if (parg == NULL) 
2395                                 break;
2396                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2397                                 {
2398                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2399                                 return 0;
2400                                 }
2401                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2402                                 {
2403                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2404                                 return 0;
2405                                 }
2406                         }
2407                 else
2408                         {
2409                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2410                         return 0;
2411                         }
2412                 break;
2413         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2414                 s->tlsext_debug_arg=parg;
2415                 ret = 1;
2416                 break;
2417
2418 #ifdef TLSEXT_TYPE_opaque_prf_input
2419         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2420                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2421                                    * (including the cert chain and everything) */
2422                         {
2423                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2424                         break;
2425                         }
2426                 if (s->tlsext_opaque_prf_input != NULL)
2427                         OPENSSL_free(s->tlsext_opaque_prf_input);
2428                 if ((size_t)larg == 0)
2429                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2430                 else
2431                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2432                 if (s->tlsext_opaque_prf_input != NULL)
2433                         {
2434                         s->tlsext_opaque_prf_input_len = (size_t)larg;
2435                         ret = 1;
2436                         }
2437                 else
2438                         s->tlsext_opaque_prf_input_len = 0;
2439                 break;
2440 #endif
2441
2442         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2443                 s->tlsext_status_type=larg;
2444                 ret = 1;
2445                 break;
2446
2447         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2448                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2449                 ret = 1;
2450                 break;
2451
2452         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2453                 s->tlsext_ocsp_exts = parg;
2454                 ret = 1;
2455                 break;
2456
2457         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2458                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2459                 ret = 1;
2460                 break;
2461
2462         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2463                 s->tlsext_ocsp_ids = parg;
2464                 ret = 1;
2465                 break;
2466
2467         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2468                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2469                 return s->tlsext_ocsp_resplen;
2470                 
2471         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2472                 if (s->tlsext_ocsp_resp)
2473                         OPENSSL_free(s->tlsext_ocsp_resp);
2474                 s->tlsext_ocsp_resp = parg;
2475                 s->tlsext_ocsp_resplen = larg;
2476                 ret = 1;
2477                 break;
2478
2479 #endif /* !OPENSSL_NO_TLSEXT */
2480         default:
2481                 break;
2482                 }
2483         return(ret);
2484         }
2485
2486 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2487         {
2488         int ret=0;
2489
2490 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2491         if (
2492 #ifndef OPENSSL_NO_RSA
2493             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2494 #endif
2495 #ifndef OPENSSL_NO_DSA
2496             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2497 #endif
2498                 0)
2499                 {
2500                 if (!ssl_cert_inst(&s->cert))
2501                         {
2502                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2503                         return(0);
2504                         }
2505                 }
2506 #endif
2507
2508         switch (cmd)
2509                 {
2510 #ifndef OPENSSL_NO_RSA
2511         case SSL_CTRL_SET_TMP_RSA_CB:
2512                 {
2513                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2514                 }
2515                 break;
2516 #endif
2517 #ifndef OPENSSL_NO_DH
2518         case SSL_CTRL_SET_TMP_DH_CB:
2519                 {
2520                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2521                 }
2522                 break;
2523 #endif
2524 #ifndef OPENSSL_NO_ECDH
2525         case SSL_CTRL_SET_TMP_ECDH_CB:
2526                 {
2527                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2528                 }
2529                 break;
2530 #endif
2531 #ifndef OPENSSL_NO_TLSEXT
2532         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2533                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2534                                         unsigned char *, int, void *))fp;
2535                 break;
2536 #endif
2537         default:
2538                 break;
2539                 }
2540         return(ret);
2541         }
2542
2543 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2544         {
2545         CERT *cert;
2546
2547         cert=ctx->cert;
2548
2549         switch (cmd)
2550                 {
2551 #ifndef OPENSSL_NO_RSA
2552         case SSL_CTRL_NEED_TMP_RSA:
2553                 if (    (cert->rsa_tmp == NULL) &&
2554                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2555                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2556                         )
2557                         return(1);
2558                 else
2559                         return(0);
2560                 /* break; */
2561         case SSL_CTRL_SET_TMP_RSA:
2562                 {
2563                 RSA *rsa;
2564                 int i;
2565
2566                 rsa=(RSA *)parg;
2567                 i=1;
2568                 if (rsa == NULL)
2569                         i=0;
2570                 else
2571                         {
2572                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2573                                 i=0;
2574                         }
2575                 if (!i)
2576                         {
2577                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2578                         return(0);
2579                         }
2580                 else
2581                         {
2582                         if (cert->rsa_tmp != NULL)
2583                                 RSA_free(cert->rsa_tmp);
2584                         cert->rsa_tmp=rsa;
2585                         return(1);
2586                         }
2587                 }
2588                 /* break; */
2589         case SSL_CTRL_SET_TMP_RSA_CB:
2590                 {
2591                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2592                 return(0);
2593                 }
2594                 break;
2595 #endif
2596 #ifndef OPENSSL_NO_DH
2597         case SSL_CTRL_SET_TMP_DH:
2598                 {
2599                 DH *new=NULL,*dh;
2600
2601                 dh=(DH *)parg;
2602                 if ((new=DHparams_dup(dh)) == NULL)
2603                         {
2604                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2605                         return 0;
2606                         }
2607                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2608                         {
2609                         if (!DH_generate_key(new))
2610                                 {
2611                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2612                                 DH_free(new);
2613                                 return 0;
2614                                 }
2615                         }
2616                 if (cert->dh_tmp != NULL)
2617                         DH_free(cert->dh_tmp);
2618                 cert->dh_tmp=new;
2619                 return 1;
2620                 }
2621                 /*break; */
2622         case SSL_CTRL_SET_TMP_DH_CB:
2623                 {
2624                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2625                 return(0);
2626                 }
2627                 break;
2628 #endif
2629 #ifndef OPENSSL_NO_ECDH
2630         case SSL_CTRL_SET_TMP_ECDH:
2631                 {
2632                 EC_KEY *ecdh = NULL;
2633                         
2634                 if (parg == NULL)
2635                         {
2636                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2637                         return 0;
2638                         }
2639                 ecdh = EC_KEY_dup((EC_KEY *)parg);
2640                 if (ecdh == NULL)
2641                         {
2642                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2643                         return 0;
2644                         }
2645                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2646                         {
2647                         if (!EC_KEY_generate_key(ecdh))
2648                                 {
2649                                 EC_KEY_free(ecdh);
2650                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2651                                 return 0;
2652                                 }
2653                         }
2654
2655                 if (cert->ecdh_tmp != NULL)
2656                         {
2657                         EC_KEY_free(cert->ecdh_tmp);
2658                         }
2659                 cert->ecdh_tmp = ecdh;
2660                 return 1;
2661                 }
2662                 /* break; */
2663         case SSL_CTRL_SET_TMP_ECDH_CB:
2664                 {
2665                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2666                 return(0);
2667                 }
2668                 break;
2669 #endif /* !OPENSSL_NO_ECDH */
2670 #ifndef OPENSSL_NO_TLSEXT
2671         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2672                 ctx->tlsext_servername_arg=parg;
2673                 break;
2674         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2675         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2676                 {
2677                 unsigned char *keys = parg;
2678                 if (!keys)
2679                         return 48;
2680                 if (larg != 48)
2681                         {
2682                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2683                         return 0;
2684                         }
2685                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2686                         {
2687                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
2688                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2689                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2690                         }
2691                 else
2692                         {
2693                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
2694                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2695                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2696                         }
2697                 return 1;
2698                 }
2699
2700 #ifdef TLSEXT_TYPE_opaque_prf_input
2701         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2702                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2703                 return 1;
2704 #endif
2705
2706         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2707                 ctx->tlsext_status_arg=parg;
2708                 return 1;
2709                 break;
2710
2711 #endif /* !OPENSSL_NO_TLSEXT */
2712
2713         /* A Thawte special :-) */
2714         case SSL_CTRL_EXTRA_CHAIN_CERT:
2715                 if (ctx->extra_certs == NULL)
2716                         {
2717                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2718                                 return(0);
2719                         }
2720                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2721                 break;
2722
2723         default:
2724                 return(0);
2725                 }
2726         return(1);
2727         }
2728
2729 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2730         {
2731         CERT *cert;
2732
2733         cert=ctx->cert;
2734
2735         switch (cmd)
2736                 {
2737 #ifndef OPENSSL_NO_RSA
2738         case SSL_CTRL_SET_TMP_RSA_CB:
2739                 {
2740                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2741                 }
2742                 break;
2743 #endif
2744 #ifndef OPENSSL_NO_DH
2745         case SSL_CTRL_SET_TMP_DH_CB:
2746                 {
2747                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2748                 }
2749                 break;
2750 #endif
2751 #ifndef OPENSSL_NO_ECDH
2752         case SSL_CTRL_SET_TMP_ECDH_CB:
2753                 {
2754                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2755                 }
2756                 break;
2757 #endif
2758 #ifndef OPENSSL_NO_TLSEXT
2759         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2760                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2761                 break;
2762
2763 #ifdef TLSEXT_TYPE_opaque_prf_input
2764         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2765                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2766                 break;
2767 #endif
2768
2769         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2770                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2771                 break;
2772
2773         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2774                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
2775                                                 unsigned char *,
2776                                                 EVP_CIPHER_CTX *,
2777                                                 HMAC_CTX *, int))fp;
2778                 break;
2779
2780 #endif
2781         default:
2782                 return(0);
2783                 }
2784         return(1);
2785         }
2786
2787 /* This function needs to check if the ciphers required are actually
2788  * available */
2789 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2790         {
2791         SSL_CIPHER c;
2792         const SSL_CIPHER *cp;
2793         unsigned long id;
2794
2795         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2796         c.id=id;
2797         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2798         if (cp == NULL || cp->valid == 0)
2799                 return NULL;
2800         else
2801                 return cp;
2802         }
2803
2804 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2805         {
2806         long l;
2807
2808         if (p != NULL)
2809                 {
2810                 l=c->id;
2811                 if ((l & 0xff000000) != 0x03000000) return(0);
2812                 p[0]=((unsigned char)(l>> 8L))&0xFF;
2813                 p[1]=((unsigned char)(l     ))&0xFF;
2814                 }
2815         return(2);
2816         }
2817
2818 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2819              STACK_OF(SSL_CIPHER) *srvr)
2820         {
2821         SSL_CIPHER *c,*ret=NULL;
2822         STACK_OF(SSL_CIPHER) *prio, *allow;
2823         int i,ii,ok;
2824 #ifndef OPENSSL_NO_TLSEXT
2825         unsigned int j;
2826 #ifndef OPENSSL_NO_EC
2827         int ec_ok, ec_nid;
2828         unsigned char ec_search1 = 0, ec_search2 = 0;
2829 #endif /* OPENSSL_NO_EC */
2830 #endif /* OPENSSL_NO_TLSEXT */
2831         CERT *cert;
2832         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2833
2834         /* Let's see which ciphers we can support */
2835         cert=s->cert;
2836
2837 #if 0
2838         /* Do not set the compare functions, because this may lead to a
2839          * reordering by "id". We want to keep the original ordering.
2840          * We may pay a price in performance during sk_SSL_CIPHER_find(),
2841          * but would have to pay with the price of sk_SSL_CIPHER_dup().
2842          */
2843         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2844         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2845 #endif
2846
2847 #ifdef CIPHER_DEBUG
2848         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2849         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2850                 {
2851                 c=sk_SSL_CIPHER_value(srvr,i);
2852                 printf("%p:%s\n",(void *)c,c->name);
2853                 }
2854         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2855         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2856             {
2857             c=sk_SSL_CIPHER_value(clnt,i);
2858             printf("%p:%s\n",(void *)c,c->name);
2859             }
2860 #endif
2861
2862         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2863                 {
2864                 prio = srvr;
2865                 allow = clnt;
2866                 }
2867         else
2868                 {
2869                 prio = clnt;
2870                 allow = srvr;
2871                 }
2872
2873         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2874                 {
2875                 c=sk_SSL_CIPHER_value(prio,i);
2876
2877                 ssl_set_cert_masks(cert,c);
2878                 mask_k = cert->mask_k;
2879                 mask_a = cert->mask_a;
2880                 emask_k = cert->export_mask_k;
2881                 emask_a = cert->export_mask_a;
2882                         
2883 #ifdef KSSL_DEBUG
2884 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2885 #endif    /* KSSL_DEBUG */
2886
2887                 alg_k=c->algorithm_mkey;
2888                 alg_a=c->algorithm_auth;
2889
2890 #ifndef OPENSSL_NO_KRB5
2891                 if (alg_k & SSL_kKRB5)
2892                         {
2893                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
2894                             continue;
2895                         }
2896 #endif /* OPENSSL_NO_KRB5 */
2897 #ifndef OPENSSL_NO_PSK
2898                 /* with PSK there must be server callback set */
2899                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2900                         continue;
2901 #endif /* OPENSSL_NO_PSK */
2902
2903                 if (SSL_C_IS_EXPORT(c))
2904                         {
2905                         ok = (alg_k & emask_k) && (alg_a & emask_a);
2906 #ifdef CIPHER_DEBUG
2907                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2908                                (void *)c,c->name);
2909 #endif
2910                         }
2911                 else
2912                         {
2913                         ok = (alg_k & mask_k) && (alg_a & mask_a);
2914 #ifdef CIPHER_DEBUG
2915                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2916                                c->name);
2917 #endif
2918                         }
2919
2920 #ifndef OPENSSL_NO_TLSEXT
2921 #ifndef OPENSSL_NO_EC
2922                 if (
2923                         /* if we are considering an ECC cipher suite that uses our certificate */
2924                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2925                         /* and we have an ECC certificate */
2926                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2927                         /* and the client specified a Supported Point Formats extension */
2928                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2929                         /* and our certificate's point is compressed */
2930                         && (
2931                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2932                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2933                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2934                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2935                                 && (
2936                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2937                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2938                                         )
2939                                 )
2940                 )
2941                         {
2942                         ec_ok = 0;
2943                         /* if our certificate's curve is over a field type that the client does not support
2944                          * then do not allow this cipher suite to be negotiated */
2945                         if (
2946                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2947                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2948                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2949                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2950                         )
2951                                 {
2952                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2953                                         {
2954                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2955                                                 {
2956                                                 ec_ok = 1;
2957                                                 break;
2958                                                 }
2959                                         }
2960                                 }
2961                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2962                                 {
2963                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2964                                         {
2965                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2966                                                 {
2967                                                 ec_ok = 1;
2968                                                 break;
2969                                                 }
2970                                         }
2971                                 }
2972                         ok = ok && ec_ok;
2973                         }
2974                 if (
2975                         /* if we are considering an ECC cipher suite that uses our certificate */
2976                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2977                         /* and we have an ECC certificate */
2978                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2979                         /* and the client specified an EllipticCurves extension */
2980                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2981                 )
2982                         {
2983                         ec_ok = 0;
2984                         if (
2985                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2986                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2987                         )
2988                                 {
2989                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2990                                 if ((ec_nid == 0)
2991                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2992                                 )
2993                                         {
2994                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2995                                                 {
2996                                                 ec_search1 = 0xFF;
2997                                                 ec_search2 = 0x01;
2998                                                 }
2999                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3000                                                 {
3001                                                 ec_search1 = 0xFF;
3002                                                 ec_search2 = 0x02;
3003                                                 }
3004                                         }
3005                                 else
3006                                         {
3007                                         ec_search1 = 0x00;
3008                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3009                                         }
3010                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3011                                         {
3012                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3013                                                 {
3014                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3015                                                         {
3016                                                         ec_ok = 1;
3017                                                         break;
3018                                                         }
3019                                                 }
3020                                         }
3021                                 }
3022                         ok = ok && ec_ok;
3023                         }
3024                 if (
3025                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3026                         (alg_k & SSL_kEECDH)
3027                         /* and we have an ephemeral EC key */
3028                         && (s->cert->ecdh_tmp != NULL)
3029                         /* and the client specified an EllipticCurves extension */
3030                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3031                 )
3032                         {
3033                         ec_ok = 0;
3034                         if (s->cert->ecdh_tmp->group != NULL)
3035                                 {
3036                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3037                                 if ((ec_nid == 0)
3038                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3039                                 )
3040                                         {
3041                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3042                                                 {
3043                                                 ec_search1 = 0xFF;
3044                                                 ec_search2 = 0x01;
3045                                                 }
3046                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3047                                                 {
3048                                                 ec_search1 = 0xFF;
3049                                                 ec_search2 = 0x02;
3050                                                 }
3051                                         }
3052                                 else
3053                                         {
3054                                         ec_search1 = 0x00;
3055                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3056                                         }
3057                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3058                                         {
3059                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3060                                                 {
3061                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3062                                                         {
3063                                                         ec_ok = 1;
3064                                                         break;
3065                                                         }
3066                                                 }
3067                                         }
3068                                 }
3069                         ok = ok && ec_ok;
3070                         }
3071 #endif /* OPENSSL_NO_EC */
3072 #endif /* OPENSSL_NO_TLSEXT */
3073
3074                 if (!ok) continue;
3075                 ii=sk_SSL_CIPHER_find(allow,c);
3076                 if (ii >= 0)
3077                         {
3078                         ret=sk_SSL_CIPHER_value(allow,ii);
3079                         break;
3080                         }
3081                 }
3082         return(ret);
3083         }
3084
3085 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3086         {
3087         int ret=0;
3088         unsigned long alg_k;
3089
3090         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3091
3092 #ifndef OPENSSL_NO_DH
3093         if (alg_k & (SSL_kDHr|SSL_kEDH))
3094                 {
3095 #  ifndef OPENSSL_NO_RSA
3096                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
3097 #  endif
3098 #  ifndef OPENSSL_NO_DSA
3099                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3100 #  endif
3101                 }
3102         if ((s->version == SSL3_VERSION) &&
3103                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3104                 {
3105 #  ifndef OPENSSL_NO_RSA
3106                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3107 #  endif
3108 #  ifndef OPENSSL_NO_DSA
3109                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3110 #  endif
3111                 }
3112 #endif /* !OPENSSL_NO_DH */
3113 #ifndef OPENSSL_NO_RSA
3114         p[ret++]=SSL3_CT_RSA_SIGN;
3115 #endif
3116 #ifndef OPENSSL_NO_DSA
3117         p[ret++]=SSL3_CT_DSS_SIGN;
3118 #endif
3119 #ifndef OPENSSL_NO_ECDH
3120         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3121                 {
3122                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3123                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3124                 }
3125 #endif
3126
3127 #ifndef OPENSSL_NO_ECDSA
3128         /* ECDSA certs can be used with RSA cipher suites as well 
3129          * so we don't need to check for SSL_kECDH or SSL_kEECDH
3130          */
3131         if (s->version >= TLS1_VERSION)
3132                 {
3133                 p[ret++]=TLS_CT_ECDSA_SIGN;
3134                 }
3135 #endif  
3136         return(ret);
3137         }
3138
3139 int ssl3_shutdown(SSL *s)
3140         {
3141
3142         /* Don't do anything much if we have not done the handshake or
3143          * we don't want to send messages :-) */
3144         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3145                 {
3146                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3147                 return(1);
3148                 }
3149
3150         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3151                 {
3152                 s->shutdown|=SSL_SENT_SHUTDOWN;
3153 #if 1
3154                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3155 #endif
3156                 /* our shutdown alert has been sent now, and if it still needs
3157                  * to be written, s->s3->alert_dispatch will be true */
3158                 }
3159         else if (s->s3->alert_dispatch)
3160                 {
3161                 /* resend it if not sent */
3162 #if 1
3163                 s->method->ssl_dispatch_alert(s);
3164 #endif
3165                 }
3166         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3167                 {
3168                 /* If we are waiting for a close from our peer, we are closed */
3169                 s->method->ssl_read_bytes(s,0,NULL,0,0);
3170                 }
3171
3172         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3173                 !s->s3->alert_dispatch)
3174                 return(1);
3175         else
3176                 return(0);
3177         }
3178
3179 int ssl3_write(SSL *s, const void *buf, int len)
3180         {
3181         int ret,n;
3182
3183 #if 0
3184         if (s->shutdown & SSL_SEND_SHUTDOWN)
3185                 {
3186                 s->rwstate=SSL_NOTHING;
3187                 return(0);
3188                 }
3189 #endif
3190         clear_sys_error();
3191         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3192
3193         /* This is an experimental flag that sends the
3194          * last handshake message in the same packet as the first
3195          * use data - used to see if it helps the TCP protocol during
3196          * session-id reuse */
3197         /* The second test is because the buffer may have been removed */
3198         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3199                 {
3200                 /* First time through, we write into the buffer */
3201                 if (s->s3->delay_buf_pop_ret == 0)
3202                         {
3203                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3204                                              buf,len);
3205                         if (ret <= 0) return(ret);
3206
3207                         s->s3->delay_buf_pop_ret=ret;
3208                         }
3209
3210                 s->rwstate=SSL_WRITING;
3211                 n=BIO_flush(s->wbio);
3212                 if (n <= 0) return(n);
3213                 s->rwstate=SSL_NOTHING;
3214
3215                 /* We have flushed the buffer, so remove it */
3216                 ssl_free_wbio_buffer(s);
3217                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3218
3219                 ret=s->s3->delay_buf_pop_ret;
3220                 s->s3->delay_buf_pop_ret=0;
3221                 }
3222         else
3223                 {
3224                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3225                         buf,len);
3226                 if (ret <= 0) return(ret);
3227                 }
3228
3229         return(ret);
3230         }
3231
3232 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3233         {
3234         int ret;
3235         
3236         clear_sys_error();
3237         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3238         s->s3->in_read_app_data=1;
3239         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3240         if ((ret == -1) && (s->s3->in_read_app_data == 2))
3241                 {
3242                 /* ssl3_read_bytes decided to call s->handshake_func, which
3243                  * called ssl3_read_bytes to read handshake data.
3244                  * However, ssl3_read_bytes actually found application data
3245                  * and thinks that application data makes sense here; so disable
3246                  * handshake processing and try to read application data again. */
3247                 s->in_handshake++;
3248                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3249                 s->in_handshake--;
3250                 }
3251         else
3252                 s->s3->in_read_app_data=0;
3253
3254         return(ret);
3255         }
3256
3257 int ssl3_read(SSL *s, void *buf, int len)
3258         {
3259         return ssl3_read_internal(s, buf, len, 0);
3260         }
3261
3262 int ssl3_peek(SSL *s, void *buf, int len)
3263         {
3264         return ssl3_read_internal(s, buf, len, 1);
3265         }
3266
3267 int ssl3_renegotiate(SSL *s)
3268         {
3269         if (s->handshake_func == NULL)
3270                 return(1);
3271
3272         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3273                 return(0);
3274
3275         s->s3->renegotiate=1;
3276         return(1);
3277         }
3278
3279 int ssl3_renegotiate_check(SSL *s)
3280         {
3281         int ret=0;
3282
3283         if (s->s3->renegotiate)
3284                 {
3285                 if (    (s->s3->rbuf.left == 0) &&
3286                         (s->s3->wbuf.left == 0) &&
3287                         !SSL_in_init(s))
3288                         {
3289 /*
3290 if we are the server, and we have sent a 'RENEGOTIATE' message, we
3291 need to go to SSL_ST_ACCEPT.
3292 */
3293                         /* SSL_ST_ACCEPT */
3294                         s->state=SSL_ST_RENEGOTIATE;
3295                         s->s3->renegotiate=0;
3296                         s->s3->num_renegotiations++;
3297                         s->s3->total_renegotiations++;
3298                         ret=1;
3299                         }
3300                 }
3301         return(ret);
3302         }
3303