This commit was manufactured by cvs2svn to create branch
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663         {
664         1,
665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
666         SSL3_CK_KRB5_DES_64_CBC_SHA,
667         SSL_kKRB5,
668         SSL_aKRB5,
669         SSL_DES,
670         SSL_SHA1,
671         SSL_SSLV3,
672         SSL_NOT_EXP|SSL_LOW,
673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674         56,
675         56,
676         },
677
678 /* Cipher 1F */
679         {
680         1,
681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
683         SSL_kKRB5,
684         SSL_aKRB5,
685         SSL_3DES,
686         SSL_SHA1,
687         SSL_SSLV3,
688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690         168,
691         168,
692         },
693
694 /* Cipher 20 */
695         {
696         1,
697         SSL3_TXT_KRB5_RC4_128_SHA,
698         SSL3_CK_KRB5_RC4_128_SHA,
699         SSL_kKRB5,
700         SSL_aKRB5,
701         SSL_RC4,
702         SSL_SHA1,
703         SSL_SSLV3,
704         SSL_NOT_EXP|SSL_MEDIUM,
705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706         128,
707         128,
708         },
709
710 /* Cipher 21 */
711         {
712         1,
713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715         SSL_kKRB5,
716         SSL_aKRB5,
717         SSL_IDEA,
718         SSL_SHA1,
719         SSL_SSLV3,
720         SSL_NOT_EXP|SSL_MEDIUM,
721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722         128,
723         128,
724         },
725
726 /* Cipher 22 */
727         {
728         1,
729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
730         SSL3_CK_KRB5_DES_64_CBC_MD5,
731         SSL_kKRB5,
732         SSL_aKRB5,
733         SSL_DES,
734         SSL_MD5,
735         SSL_SSLV3,
736         SSL_NOT_EXP|SSL_LOW,
737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738         56,
739         56,
740         },
741
742 /* Cipher 23 */
743         {
744         1,
745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
747         SSL_kKRB5,
748         SSL_aKRB5,
749         SSL_3DES,
750         SSL_MD5,
751         SSL_SSLV3,
752         SSL_NOT_EXP|SSL_HIGH,
753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754         168,
755         168,
756         },
757
758 /* Cipher 24 */
759         {
760         1,
761         SSL3_TXT_KRB5_RC4_128_MD5,
762         SSL3_CK_KRB5_RC4_128_MD5,
763         SSL_kKRB5,
764         SSL_aKRB5,
765         SSL_RC4,
766         SSL_MD5,
767         SSL_SSLV3,
768         SSL_NOT_EXP|SSL_MEDIUM,
769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770         128,
771         128,
772         },
773
774 /* Cipher 25 */
775         {
776         1,
777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779         SSL_kKRB5,
780         SSL_aKRB5,
781         SSL_IDEA,
782         SSL_MD5,
783         SSL_SSLV3,
784         SSL_NOT_EXP|SSL_MEDIUM,
785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786         128,
787         128,
788         },
789
790 /* Cipher 26 */
791         {
792         1,
793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
794         SSL3_CK_KRB5_DES_40_CBC_SHA,
795         SSL_kKRB5,
796         SSL_aKRB5,
797         SSL_DES,
798         SSL_SHA1,
799         SSL_SSLV3,
800         SSL_EXPORT|SSL_EXP40,
801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802         40,
803         56,
804         },
805
806 /* Cipher 27 */
807         {
808         1,
809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
811         SSL_kKRB5,
812         SSL_aKRB5,
813         SSL_RC2,
814         SSL_SHA1,
815         SSL_SSLV3,
816         SSL_EXPORT|SSL_EXP40,
817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818         40,
819         128,
820         },
821
822 /* Cipher 28 */
823         {
824         1,
825         SSL3_TXT_KRB5_RC4_40_SHA,
826         SSL3_CK_KRB5_RC4_40_SHA,
827         SSL_kKRB5,
828         SSL_aKRB5,
829         SSL_RC4,
830         SSL_SHA1,
831         SSL_SSLV3,
832         SSL_EXPORT|SSL_EXP40,
833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834         40,
835         128,
836         },
837
838 /* Cipher 29 */
839         {
840         1,
841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
842         SSL3_CK_KRB5_DES_40_CBC_MD5,
843         SSL_kKRB5,
844         SSL_aKRB5,
845         SSL_DES,
846         SSL_MD5,
847         SSL_SSLV3,
848         SSL_EXPORT|SSL_EXP40,
849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850         40,
851         56,
852         },
853
854 /* Cipher 2A */
855         {
856         1,
857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
859         SSL_kKRB5,
860         SSL_aKRB5,
861         SSL_RC2,
862         SSL_MD5,
863         SSL_SSLV3,
864         SSL_EXPORT|SSL_EXP40,
865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866         40,
867         128,
868         },
869
870 /* Cipher 2B */
871         {
872         1,
873         SSL3_TXT_KRB5_RC4_40_MD5,
874         SSL3_CK_KRB5_RC4_40_MD5,
875         SSL_kKRB5,
876         SSL_aKRB5,
877         SSL_RC4,
878         SSL_MD5,
879         SSL_SSLV3,
880         SSL_EXPORT|SSL_EXP40,
881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882         40,
883         128,
884         },
885 #endif  /* OPENSSL_NO_KRB5 */
886
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889         {
890         1,
891         TLS1_TXT_RSA_WITH_AES_128_SHA,
892         TLS1_CK_RSA_WITH_AES_128_SHA,
893         SSL_kRSA,
894         SSL_aRSA,
895         SSL_AES128,
896         SSL_SHA1,
897         SSL_TLSV1,
898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900         128,
901         128,
902         },
903 /* Cipher 30 */
904         {
905         0,
906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908         SSL_kDHd,
909         SSL_aDH,
910         SSL_AES128,
911         SSL_SHA1,
912         SSL_TLSV1,
913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915         128,
916         128,
917         },
918 /* Cipher 31 */
919         {
920         0,
921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923         SSL_kDHr,
924         SSL_aDH,
925         SSL_AES128,
926         SSL_SHA1,
927         SSL_TLSV1,
928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930         128,
931         128,
932         },
933 /* Cipher 32 */
934         {
935         1,
936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938         SSL_kEDH,
939         SSL_aDSS,
940         SSL_AES128,
941         SSL_SHA1,
942         SSL_TLSV1,
943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945         128,
946         128,
947         },
948 /* Cipher 33 */
949         {
950         1,
951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953         SSL_kEDH,
954         SSL_aRSA,
955         SSL_AES128,
956         SSL_SHA1,
957         SSL_TLSV1,
958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960         128,
961         128,
962         },
963 /* Cipher 34 */
964         {
965         1,
966         TLS1_TXT_ADH_WITH_AES_128_SHA,
967         TLS1_CK_ADH_WITH_AES_128_SHA,
968         SSL_kEDH,
969         SSL_aNULL,
970         SSL_AES128,
971         SSL_SHA1,
972         SSL_TLSV1,
973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975         128,
976         128,
977         },
978
979 /* Cipher 35 */
980         {
981         1,
982         TLS1_TXT_RSA_WITH_AES_256_SHA,
983         TLS1_CK_RSA_WITH_AES_256_SHA,
984         SSL_kRSA,
985         SSL_aRSA,
986         SSL_AES256,
987         SSL_SHA1,
988         SSL_TLSV1,
989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991         256,
992         256,
993         },
994 /* Cipher 36 */
995         {
996         0,
997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073
1074 #ifndef OPENSSL_NO_CAMELLIA
1075         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076
1077         /* Cipher 41 */
1078         {
1079         1,
1080         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082         SSL_kRSA,
1083         SSL_aRSA,
1084         SSL_CAMELLIA128,
1085         SSL_SHA1,
1086         SSL_TLSV1,
1087         SSL_NOT_EXP|SSL_HIGH,
1088         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089         128,
1090         128,
1091         },
1092
1093         /* Cipher 42 */
1094         {
1095         0, /* not implemented (non-ephemeral DH) */
1096         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098         SSL_kDHd,
1099         SSL_aDH,
1100         SSL_CAMELLIA128,
1101         SSL_SHA1,
1102         SSL_TLSV1,
1103         SSL_NOT_EXP|SSL_HIGH,
1104         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105         128,
1106         128,
1107         },
1108
1109         /* Cipher 43 */
1110         {
1111         0, /* not implemented (non-ephemeral DH) */
1112         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114         SSL_kDHr,
1115         SSL_aDH,
1116         SSL_CAMELLIA128,
1117         SSL_SHA1,
1118         SSL_TLSV1,
1119         SSL_NOT_EXP|SSL_HIGH,
1120         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121         128,
1122         128,
1123         },
1124
1125         /* Cipher 44 */
1126         {
1127         1,
1128         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130         SSL_kEDH,
1131         SSL_aDSS,
1132         SSL_CAMELLIA128,
1133         SSL_SHA1,
1134         SSL_TLSV1,
1135         SSL_NOT_EXP|SSL_HIGH,
1136         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137         128,
1138         128,
1139         },
1140
1141         /* Cipher 45 */
1142         {
1143         1,
1144         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146         SSL_kEDH,
1147         SSL_aRSA,
1148         SSL_CAMELLIA128,
1149         SSL_SHA1,
1150         SSL_TLSV1,
1151         SSL_NOT_EXP|SSL_HIGH,
1152         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153         128,
1154         128,
1155         },
1156
1157         /* Cipher 46 */
1158         {
1159         1,
1160         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162         SSL_kEDH,
1163         SSL_aNULL,
1164         SSL_CAMELLIA128,
1165         SSL_SHA1,
1166         SSL_TLSV1,
1167         SSL_NOT_EXP|SSL_HIGH,
1168         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169         128,
1170         128,
1171         },
1172 #endif /* OPENSSL_NO_CAMELLIA */
1173
1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175         /* New TLS Export CipherSuites from expired ID */
1176 #if 0
1177         /* Cipher 60 */
1178         {
1179         1,
1180         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182         SSL_kRSA,
1183         SSL_aRSA,
1184         SSL_RC4,
1185         SSL_MD5,
1186         SSL_TLSV1,
1187         SSL_EXPORT|SSL_EXP56,
1188         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189         56,
1190         128,
1191         },
1192
1193         /* Cipher 61 */
1194         {
1195         1,
1196         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198         SSL_kRSA,
1199         SSL_aRSA,
1200         SSL_RC2,
1201         SSL_MD5,
1202         SSL_TLSV1,
1203         SSL_EXPORT|SSL_EXP56,
1204         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205         56,
1206         128,
1207         },
1208 #endif
1209
1210         /* Cipher 62 */
1211         {
1212         1,
1213         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215         SSL_kRSA,
1216         SSL_aRSA,
1217         SSL_DES,
1218         SSL_SHA1,
1219         SSL_TLSV1,
1220         SSL_EXPORT|SSL_EXP56,
1221         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222         56,
1223         56,
1224         },
1225
1226         /* Cipher 63 */
1227         {
1228         1,
1229         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231         SSL_kEDH,
1232         SSL_aDSS,
1233         SSL_DES,
1234         SSL_SHA1,
1235         SSL_TLSV1,
1236         SSL_EXPORT|SSL_EXP56,
1237         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238         56,
1239         56,
1240         },
1241
1242         /* Cipher 64 */
1243         {
1244         1,
1245         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247         SSL_kRSA,
1248         SSL_aRSA,
1249         SSL_RC4,
1250         SSL_SHA1,
1251         SSL_TLSV1,
1252         SSL_EXPORT|SSL_EXP56,
1253         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254         56,
1255         128,
1256         },
1257
1258         /* Cipher 65 */
1259         {
1260         1,
1261         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263         SSL_kEDH,
1264         SSL_aDSS,
1265         SSL_RC4,
1266         SSL_SHA1,
1267         SSL_TLSV1,
1268         SSL_EXPORT|SSL_EXP56,
1269         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270         56,
1271         128,
1272         },
1273
1274         /* Cipher 66 */
1275         {
1276         1,
1277         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279         SSL_kEDH,
1280         SSL_aDSS,
1281         SSL_RC4,
1282         SSL_SHA1,
1283         SSL_TLSV1,
1284         SSL_NOT_EXP|SSL_MEDIUM,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         128,
1287         128,
1288         },
1289 #endif
1290         {
1291         1,
1292         "GOST94-GOST89-GOST89",
1293         0x3000080,
1294         SSL_kGOST,
1295         SSL_aGOST94,
1296         SSL_eGOST2814789CNT,
1297         SSL_GOST89MAC,
1298         SSL_TLSV1,
1299         SSL_NOT_EXP|SSL_HIGH,
1300         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301         256,
1302         256
1303         },
1304         {
1305         1,
1306         "GOST2001-GOST89-GOST89",
1307         0x3000081,
1308         SSL_kGOST,
1309         SSL_aGOST01,
1310         SSL_eGOST2814789CNT,
1311         SSL_GOST89MAC,
1312         SSL_TLSV1,
1313         SSL_NOT_EXP|SSL_HIGH,
1314         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315         256,
1316         256
1317         },
1318         {
1319         1,
1320         "GOST94-NULL-GOST94",
1321         0x3000082,
1322         SSL_kGOST,
1323         SSL_aGOST94,
1324         SSL_eNULL,
1325         SSL_GOST94,
1326         SSL_TLSV1,
1327         SSL_NOT_EXP|SSL_STRONG_NONE,
1328         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329         0,
1330         0
1331         },
1332         {
1333         1,
1334         "GOST2001-NULL-GOST94",
1335         0x3000083,
1336         SSL_kGOST,
1337         SSL_aGOST01,
1338         SSL_eNULL,
1339         SSL_GOST94,
1340         SSL_TLSV1,
1341         SSL_NOT_EXP|SSL_STRONG_NONE,
1342         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343         0,
1344         0
1345         },
1346
1347 #ifndef OPENSSL_NO_CAMELLIA
1348         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349
1350         /* Cipher 84 */
1351         {
1352         1,
1353         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355         SSL_kRSA,
1356         SSL_aRSA,
1357         SSL_CAMELLIA256,
1358         SSL_SHA1,
1359         SSL_TLSV1,
1360         SSL_NOT_EXP|SSL_HIGH,
1361         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362         256,
1363         256,
1364         },
1365         /* Cipher 85 */
1366         {
1367         0, /* not implemented (non-ephemeral DH) */
1368         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370         SSL_kDHd,
1371         SSL_aDH,
1372         SSL_CAMELLIA256,
1373         SSL_SHA1,
1374         SSL_TLSV1,
1375         SSL_NOT_EXP|SSL_HIGH,
1376         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377         256,
1378         256,
1379         },
1380
1381         /* Cipher 86 */
1382         {
1383         0, /* not implemented (non-ephemeral DH) */
1384         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386         SSL_kDHr,
1387         SSL_aDH,
1388         SSL_CAMELLIA256,
1389         SSL_SHA1,
1390         SSL_TLSV1,
1391         SSL_NOT_EXP|SSL_HIGH,
1392         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393         256,
1394         256,
1395         },
1396
1397         /* Cipher 87 */
1398         {
1399         1,
1400         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402         SSL_kEDH,
1403         SSL_aDSS,
1404         SSL_CAMELLIA256,
1405         SSL_SHA1,
1406         SSL_TLSV1,
1407         SSL_NOT_EXP|SSL_HIGH,
1408         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409         256,
1410         256,
1411         },
1412
1413         /* Cipher 88 */
1414         {
1415         1,
1416         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418         SSL_kEDH,
1419         SSL_aRSA,
1420         SSL_CAMELLIA256,
1421         SSL_SHA1,
1422         SSL_TLSV1,
1423         SSL_NOT_EXP|SSL_HIGH,
1424         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425         256,
1426         256,
1427         },
1428
1429         /* Cipher 89 */
1430         {
1431         1,
1432         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434         SSL_kEDH,
1435         SSL_aNULL,
1436         SSL_CAMELLIA256,
1437         SSL_SHA1,
1438         SSL_TLSV1,
1439         SSL_NOT_EXP|SSL_HIGH,
1440         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441         256,
1442         256,
1443         },
1444 #endif /* OPENSSL_NO_CAMELLIA */
1445
1446 #ifndef OPENSSL_NO_PSK
1447         /* Cipher 8A */
1448         {
1449         1,
1450         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451         TLS1_CK_PSK_WITH_RC4_128_SHA,
1452         SSL_kPSK,
1453         SSL_aPSK,
1454         SSL_RC4,
1455         SSL_SHA1,
1456         SSL_TLSV1,
1457         SSL_NOT_EXP|SSL_MEDIUM,
1458         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459         128,
1460         128,
1461         },
1462
1463         /* Cipher 8B */
1464         {
1465         1,
1466         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468         SSL_kPSK,
1469         SSL_aPSK,
1470         SSL_3DES,
1471         SSL_SHA1,
1472         SSL_TLSV1,
1473         SSL_NOT_EXP|SSL_HIGH,
1474         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475         168,
1476         168,
1477         },
1478
1479         /* Cipher 8C */
1480         {
1481         1,
1482         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484         SSL_kPSK,
1485         SSL_aPSK,
1486         SSL_AES128,
1487         SSL_SHA1,
1488         SSL_TLSV1,
1489         SSL_NOT_EXP|SSL_HIGH,
1490         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491         128,
1492         128,
1493         },
1494
1495         /* Cipher 8D */
1496         {
1497         1,
1498         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500         SSL_kPSK,
1501         SSL_aPSK,
1502         SSL_AES256,
1503         SSL_SHA1,
1504         SSL_TLSV1,
1505         SSL_NOT_EXP|SSL_HIGH,
1506         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507         256,
1508         256,
1509         },
1510 #endif  /* OPENSSL_NO_PSK */
1511
1512 #ifndef OPENSSL_NO_SEED
1513         /* SEED ciphersuites from RFC4162 */
1514
1515         /* Cipher 96 */
1516         {
1517         1,
1518         TLS1_TXT_RSA_WITH_SEED_SHA,
1519         TLS1_CK_RSA_WITH_SEED_SHA,
1520         SSL_kRSA,
1521         SSL_aRSA,
1522         SSL_SEED,
1523         SSL_SHA1,
1524         SSL_TLSV1,
1525         SSL_NOT_EXP|SSL_MEDIUM,
1526         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527         128,
1528         128,
1529         },
1530
1531         /* Cipher 97 */
1532         {
1533         0, /* not implemented (non-ephemeral DH) */
1534         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536         SSL_kDHd,
1537         SSL_aDH,
1538         SSL_SEED,
1539         SSL_SHA1,
1540         SSL_TLSV1,
1541         SSL_NOT_EXP|SSL_MEDIUM,
1542         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543         128,
1544         128,
1545         },
1546
1547         /* Cipher 98 */
1548         {
1549         0, /* not implemented (non-ephemeral DH) */
1550         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552         SSL_kDHr,
1553         SSL_aDH,
1554         SSL_SEED,
1555         SSL_SHA1,
1556         SSL_TLSV1,
1557         SSL_NOT_EXP|SSL_MEDIUM,
1558         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559         128,
1560         128,
1561         },
1562
1563         /* Cipher 99 */
1564         {
1565         1,
1566         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568         SSL_kEDH,
1569         SSL_aDSS,
1570         SSL_SEED,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_MEDIUM,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         128,
1576         128,
1577         },
1578
1579         /* Cipher 9A */
1580         {
1581         1,
1582         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584         SSL_kEDH,
1585         SSL_aRSA,
1586         SSL_SEED,
1587         SSL_SHA1,
1588         SSL_TLSV1,
1589         SSL_NOT_EXP|SSL_MEDIUM,
1590         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591         128,
1592         128,
1593         },
1594
1595         /* Cipher 9B */
1596         {
1597         1,
1598         TLS1_TXT_ADH_WITH_SEED_SHA,
1599         TLS1_CK_ADH_WITH_SEED_SHA,
1600         SSL_kEDH,
1601         SSL_aNULL,
1602         SSL_SEED,
1603         SSL_SHA1,
1604         SSL_TLSV1,
1605         SSL_NOT_EXP|SSL_MEDIUM,
1606         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607         128,
1608         128,
1609         },
1610
1611 #endif /* OPENSSL_NO_SEED */
1612
1613 #ifndef OPENSSL_NO_ECDH
1614         /* Cipher C001 */
1615         {
1616         1,
1617         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619         SSL_kECDHe,
1620         SSL_aECDH,
1621         SSL_eNULL,
1622         SSL_SHA1,
1623         SSL_TLSV1,
1624         SSL_NOT_EXP|SSL_STRONG_NONE,
1625         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626         0,
1627         0,
1628         },
1629
1630         /* Cipher C002 */
1631         {
1632         1,
1633         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635         SSL_kECDHe,
1636         SSL_aECDH,
1637         SSL_RC4,
1638         SSL_SHA1,
1639         SSL_TLSV1,
1640         SSL_NOT_EXP|SSL_MEDIUM,
1641         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642         128,
1643         128,
1644         },
1645
1646         /* Cipher C003 */
1647         {
1648         1,
1649         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651         SSL_kECDHe,
1652         SSL_aECDH,
1653         SSL_3DES,
1654         SSL_SHA1,
1655         SSL_TLSV1,
1656         SSL_NOT_EXP|SSL_HIGH,
1657         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658         168,
1659         168,
1660         },
1661
1662         /* Cipher C004 */
1663         {
1664         1,
1665         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667         SSL_kECDHe,
1668         SSL_aECDH,
1669         SSL_AES128,
1670         SSL_SHA1,
1671         SSL_TLSV1,
1672         SSL_NOT_EXP|SSL_HIGH,
1673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674         128,
1675         128,
1676         },
1677
1678         /* Cipher C005 */
1679         {
1680         1,
1681         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683         SSL_kECDHe,
1684         SSL_aECDH,
1685         SSL_AES256,
1686         SSL_SHA1,
1687         SSL_TLSV1,
1688         SSL_NOT_EXP|SSL_HIGH,
1689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690         256,
1691         256,
1692         },
1693
1694         /* Cipher C006 */
1695         {
1696         1,
1697         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699         SSL_kEECDH,
1700         SSL_aECDSA,
1701         SSL_eNULL,
1702         SSL_SHA1,
1703         SSL_TLSV1,
1704         SSL_NOT_EXP|SSL_STRONG_NONE,
1705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706         0,
1707         0,
1708         },
1709
1710         /* Cipher C007 */
1711         {
1712         1,
1713         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715         SSL_kEECDH,
1716         SSL_aECDSA,
1717         SSL_RC4,
1718         SSL_SHA1,
1719         SSL_TLSV1,
1720         SSL_NOT_EXP|SSL_MEDIUM,
1721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722         128,
1723         128,
1724         },
1725
1726         /* Cipher C008 */
1727         {
1728         1,
1729         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731         SSL_kEECDH,
1732         SSL_aECDSA,
1733         SSL_3DES,
1734         SSL_SHA1,
1735         SSL_TLSV1,
1736         SSL_NOT_EXP|SSL_HIGH,
1737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738         168,
1739         168,
1740         },
1741
1742         /* Cipher C009 */
1743         {
1744         1,
1745         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747         SSL_kEECDH,
1748         SSL_aECDSA,
1749         SSL_AES128,
1750         SSL_SHA1,
1751         SSL_TLSV1,
1752         SSL_NOT_EXP|SSL_HIGH,
1753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754         128,
1755         128,
1756         },
1757
1758         /* Cipher C00A */
1759         {
1760         1,
1761         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763         SSL_kEECDH,
1764         SSL_aECDSA,
1765         SSL_AES256,
1766         SSL_SHA1,
1767         SSL_TLSV1,
1768         SSL_NOT_EXP|SSL_HIGH,
1769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770         256,
1771         256,
1772         },
1773
1774         /* Cipher C00B */
1775         {
1776         1,
1777         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779         SSL_kECDHr,
1780         SSL_aECDH,
1781         SSL_eNULL,
1782         SSL_SHA1,
1783         SSL_TLSV1,
1784         SSL_NOT_EXP|SSL_STRONG_NONE,
1785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786         0,
1787         0,
1788         },
1789
1790         /* Cipher C00C */
1791         {
1792         1,
1793         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795         SSL_kECDHr,
1796         SSL_aECDH,
1797         SSL_RC4,
1798         SSL_SHA1,
1799         SSL_TLSV1,
1800         SSL_NOT_EXP|SSL_MEDIUM,
1801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802         128,
1803         128,
1804         },
1805
1806         /* Cipher C00D */
1807         {
1808         1,
1809         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811         SSL_kECDHr,
1812         SSL_aECDH,
1813         SSL_3DES,
1814         SSL_SHA1,
1815         SSL_TLSV1,
1816         SSL_NOT_EXP|SSL_HIGH,
1817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818         168,
1819         168,
1820         },
1821
1822         /* Cipher C00E */
1823         {
1824         1,
1825         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827         SSL_kECDHr,
1828         SSL_aECDH,
1829         SSL_AES128,
1830         SSL_SHA1,
1831         SSL_TLSV1,
1832         SSL_NOT_EXP|SSL_HIGH,
1833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834         128,
1835         128,
1836         },
1837
1838         /* Cipher C00F */
1839         {
1840         1,
1841         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843         SSL_kECDHr,
1844         SSL_aECDH,
1845         SSL_AES256,
1846         SSL_SHA1,
1847         SSL_TLSV1,
1848         SSL_NOT_EXP|SSL_HIGH,
1849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850         256,
1851         256,
1852         },
1853
1854         /* Cipher C010 */
1855         {
1856         1,
1857         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859         SSL_kEECDH,
1860         SSL_aRSA,
1861         SSL_eNULL,
1862         SSL_SHA1,
1863         SSL_TLSV1,
1864         SSL_NOT_EXP|SSL_STRONG_NONE,
1865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866         0,
1867         0,
1868         },
1869
1870         /* Cipher C011 */
1871         {
1872         1,
1873         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875         SSL_kEECDH,
1876         SSL_aRSA,
1877         SSL_RC4,
1878         SSL_SHA1,
1879         SSL_TLSV1,
1880         SSL_NOT_EXP|SSL_MEDIUM,
1881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882         128,
1883         128,
1884         },
1885
1886         /* Cipher C012 */
1887         {
1888         1,
1889         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891         SSL_kEECDH,
1892         SSL_aRSA,
1893         SSL_3DES,
1894         SSL_SHA1,
1895         SSL_TLSV1,
1896         SSL_NOT_EXP|SSL_HIGH,
1897         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898         168,
1899         168,
1900         },
1901
1902         /* Cipher C013 */
1903         {
1904         1,
1905         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907         SSL_kEECDH,
1908         SSL_aRSA,
1909         SSL_AES128,
1910         SSL_SHA1,
1911         SSL_TLSV1,
1912         SSL_NOT_EXP|SSL_HIGH,
1913         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914         128,
1915         128,
1916         },
1917
1918         /* Cipher C014 */
1919         {
1920         1,
1921         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923         SSL_kEECDH,
1924         SSL_aRSA,
1925         SSL_AES256,
1926         SSL_SHA1,
1927         SSL_TLSV1,
1928         SSL_NOT_EXP|SSL_HIGH,
1929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930         256,
1931         256,
1932         },
1933
1934         /* Cipher C015 */
1935         {
1936         1,
1937         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939         SSL_kEECDH,
1940         SSL_aNULL,
1941         SSL_eNULL,
1942         SSL_SHA1,
1943         SSL_TLSV1,
1944         SSL_NOT_EXP|SSL_STRONG_NONE,
1945         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946         0,
1947         0,
1948         },
1949
1950         /* Cipher C016 */
1951         {
1952         1,
1953         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955         SSL_kEECDH,
1956         SSL_aNULL,
1957         SSL_RC4,
1958         SSL_SHA1,
1959         SSL_TLSV1,
1960         SSL_NOT_EXP|SSL_MEDIUM,
1961         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962         128,
1963         128,
1964         },
1965
1966         /* Cipher C017 */
1967         {
1968         1,
1969         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971         SSL_kEECDH,
1972         SSL_aNULL,
1973         SSL_3DES,
1974         SSL_SHA1,
1975         SSL_TLSV1,
1976         SSL_NOT_EXP|SSL_HIGH,
1977         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978         168,
1979         168,
1980         },
1981
1982         /* Cipher C018 */
1983         {
1984         1,
1985         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987         SSL_kEECDH,
1988         SSL_aNULL,
1989         SSL_AES128,
1990         SSL_SHA1,
1991         SSL_TLSV1,
1992         SSL_NOT_EXP|SSL_HIGH,
1993         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994         128,
1995         128,
1996         },
1997
1998         /* Cipher C019 */
1999         {
2000         1,
2001         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003         SSL_kEECDH,
2004         SSL_aNULL,
2005         SSL_AES256,
2006         SSL_SHA1,
2007         SSL_TLSV1,
2008         SSL_NOT_EXP|SSL_HIGH,
2009         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010         256,
2011         256,
2012         },
2013 #endif  /* OPENSSL_NO_ECDH */
2014
2015 #ifdef TEMP_GOST_TLS
2016 /* Cipher FF00 */
2017         {
2018         1,
2019         "GOST-MD5",
2020         0x0300ff00,
2021         SSL_kRSA,
2022         SSL_aRSA,
2023         SSL_eGOST2814789CNT,
2024         SSL_MD5,
2025         SSL_TLSV1,
2026         SSL_NOT_EXP|SSL_HIGH,
2027         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028         256,
2029         256,
2030         },
2031         {
2032         1,
2033         "GOST-GOST94",
2034         0x0300ff01,
2035         SSL_kRSA,
2036         SSL_aRSA,
2037         SSL_eGOST2814789CNT,
2038         SSL_GOST94,
2039         SSL_TLSV1,
2040         SSL_NOT_EXP|SSL_HIGH,
2041         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042         256,
2043         256
2044         },
2045         {
2046         1,
2047         "GOST-GOST89MAC",
2048         0x0300ff02,
2049         SSL_kRSA,
2050         SSL_aRSA,
2051         SSL_eGOST2814789CNT,
2052         SSL_GOST89MAC,
2053         SSL_TLSV1,
2054         SSL_NOT_EXP|SSL_HIGH,
2055         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056         256,
2057         256
2058         },
2059         {
2060         1,
2061         "GOST-GOST89STREAM",
2062         0x0300ff03,
2063         SSL_kRSA,
2064         SSL_aRSA,
2065         SSL_eGOST2814789CNT,
2066         SSL_GOST89MAC,
2067         SSL_TLSV1,
2068         SSL_NOT_EXP|SSL_HIGH,
2069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070         256,
2071         256
2072         },
2073 #endif
2074
2075 /* end of list */
2076         };
2077
2078 SSL3_ENC_METHOD SSLv3_enc_data={
2079         ssl3_enc,
2080         n_ssl3_mac,
2081         ssl3_setup_key_block,
2082         ssl3_generate_master_secret,
2083         ssl3_change_cipher_state,
2084         ssl3_final_finish_mac,
2085         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086         ssl3_cert_verify_mac,
2087         SSL3_MD_CLIENT_FINISHED_CONST,4,
2088         SSL3_MD_SERVER_FINISHED_CONST,4,
2089         ssl3_alert_code,
2090         };
2091
2092 long ssl3_default_timeout(void)
2093         {
2094         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095          * is way too long for http, the cache would over fill */
2096         return(60*60*2);
2097         }
2098
2099 int ssl3_num_ciphers(void)
2100         {
2101         return(SSL3_NUM_CIPHERS);
2102         }
2103
2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105         {
2106         if (u < SSL3_NUM_CIPHERS)
2107                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108         else
2109                 return(NULL);
2110         }
2111
2112 int ssl3_pending(const SSL *s)
2113         {
2114         if (s->rstate == SSL_ST_READ_BODY)
2115                 return 0;
2116         
2117         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118         }
2119
2120 int ssl3_new(SSL *s)
2121         {
2122         SSL3_STATE *s3;
2123
2124         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125         memset(s3,0,sizeof *s3);
2126         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128
2129         s->s3=s3;
2130
2131         s->method->ssl_clear(s);
2132         return(1);
2133 err:
2134         return(0);
2135         }
2136
2137 void ssl3_free(SSL *s)
2138         {
2139         if(s == NULL)
2140             return;
2141
2142 #ifdef TLSEXT_TYPE_opaque_prf_input
2143         if (s->s3->client_opaque_prf_input != NULL)
2144                 OPENSSL_free(s->s3->client_opaque_prf_input);
2145         if (s->s3->server_opaque_prf_input != NULL)
2146                 OPENSSL_free(s->s3->server_opaque_prf_input);
2147 #endif
2148
2149         ssl3_cleanup_key_block(s);
2150         if (s->s3->rbuf.buf != NULL)
2151                 ssl3_release_read_buffer(s);
2152         if (s->s3->wbuf.buf != NULL)
2153                 ssl3_release_write_buffer(s);
2154         if (s->s3->rrec.comp != NULL)
2155                 OPENSSL_free(s->s3->rrec.comp);
2156 #ifndef OPENSSL_NO_DH
2157         if (s->s3->tmp.dh != NULL)
2158                 DH_free(s->s3->tmp.dh);
2159 #endif
2160 #ifndef OPENSSL_NO_ECDH
2161         if (s->s3->tmp.ecdh != NULL)
2162                 EC_KEY_free(s->s3->tmp.ecdh);
2163 #endif
2164
2165         if (s->s3->tmp.ca_names != NULL)
2166                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167         if (s->s3->handshake_buffer) {
2168                 BIO_free(s->s3->handshake_buffer);
2169         }
2170         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172         OPENSSL_free(s->s3);
2173         s->s3=NULL;
2174         }
2175
2176 void ssl3_clear(SSL *s)
2177         {
2178         unsigned char *rp,*wp;
2179         size_t rlen, wlen;
2180
2181 #ifdef TLSEXT_TYPE_opaque_prf_input
2182         if (s->s3->client_opaque_prf_input != NULL)
2183                 OPENSSL_free(s->s3->client_opaque_prf_input);
2184         s->s3->client_opaque_prf_input = NULL;
2185         if (s->s3->server_opaque_prf_input != NULL)
2186                 OPENSSL_free(s->s3->server_opaque_prf_input);
2187         s->s3->server_opaque_prf_input = NULL;
2188 #endif
2189
2190         ssl3_cleanup_key_block(s);
2191         if (s->s3->tmp.ca_names != NULL)
2192                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2193
2194         if (s->s3->rrec.comp != NULL)
2195                 {
2196                 OPENSSL_free(s->s3->rrec.comp);
2197                 s->s3->rrec.comp=NULL;
2198                 }
2199 #ifndef OPENSSL_NO_DH
2200         if (s->s3->tmp.dh != NULL)
2201                 DH_free(s->s3->tmp.dh);
2202 #endif
2203 #ifndef OPENSSL_NO_ECDH
2204         if (s->s3->tmp.ecdh != NULL)
2205                 EC_KEY_free(s->s3->tmp.ecdh);
2206 #endif
2207
2208         rp = s->s3->rbuf.buf;
2209         wp = s->s3->wbuf.buf;
2210         rlen = s->s3->rbuf.len;
2211         wlen = s->s3->wbuf.len;
2212         if (s->s3->handshake_buffer) {
2213                 BIO_free(s->s3->handshake_buffer);
2214                 s->s3->handshake_buffer = NULL;
2215         }
2216         if (s->s3->handshake_dgst) {
2217                 ssl3_free_digest_list(s);
2218         }       
2219         memset(s->s3,0,sizeof *s->s3);
2220         s->s3->rbuf.buf = rp;
2221         s->s3->wbuf.buf = wp;
2222         s->s3->rbuf.len = rlen;
2223         s->s3->wbuf.len = wlen;
2224
2225         ssl_free_wbio_buffer(s);
2226
2227         s->packet_length=0;
2228         s->s3->renegotiate=0;
2229         s->s3->total_renegotiations=0;
2230         s->s3->num_renegotiations=0;
2231         s->s3->in_read_app_data=0;
2232         s->version=SSL3_VERSION;
2233         }
2234
2235 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2236         {
2237         int ret=0;
2238
2239 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2240         if (
2241 #ifndef OPENSSL_NO_RSA
2242             cmd == SSL_CTRL_SET_TMP_RSA ||
2243             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2244 #endif
2245 #ifndef OPENSSL_NO_DSA
2246             cmd == SSL_CTRL_SET_TMP_DH ||
2247             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2248 #endif
2249                 0)
2250                 {
2251                 if (!ssl_cert_inst(&s->cert))
2252                         {
2253                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2254                         return(0);
2255                         }
2256                 }
2257 #endif
2258
2259         switch (cmd)
2260                 {
2261         case SSL_CTRL_GET_SESSION_REUSED:
2262                 ret=s->hit;
2263                 break;
2264         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2265                 break;
2266         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2267                 ret=s->s3->num_renegotiations;
2268                 break;
2269         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2270                 ret=s->s3->num_renegotiations;
2271                 s->s3->num_renegotiations=0;
2272                 break;
2273         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2274                 ret=s->s3->total_renegotiations;
2275                 break;
2276         case SSL_CTRL_GET_FLAGS:
2277                 ret=(int)(s->s3->flags);
2278                 break;
2279 #ifndef OPENSSL_NO_RSA
2280         case SSL_CTRL_NEED_TMP_RSA:
2281                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2282                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2283                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2284                         ret = 1;
2285                 break;
2286         case SSL_CTRL_SET_TMP_RSA:
2287                 {
2288                         RSA *rsa = (RSA *)parg;
2289                         if (rsa == NULL)
2290                                 {
2291                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2292                                 return(ret);
2293                                 }
2294                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2295                                 {
2296                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2297                                 return(ret);
2298                                 }
2299                         if (s->cert->rsa_tmp != NULL)
2300                                 RSA_free(s->cert->rsa_tmp);
2301                         s->cert->rsa_tmp = rsa;
2302                         ret = 1;
2303                 }
2304                 break;
2305         case SSL_CTRL_SET_TMP_RSA_CB:
2306                 {
2307                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2308                 return(ret);
2309                 }
2310                 break;
2311 #endif
2312 #ifndef OPENSSL_NO_DH
2313         case SSL_CTRL_SET_TMP_DH:
2314                 {
2315                         DH *dh = (DH *)parg;
2316                         if (dh == NULL)
2317                                 {
2318                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2319                                 return(ret);
2320                                 }
2321                         if ((dh = DHparams_dup(dh)) == NULL)
2322                                 {
2323                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2324                                 return(ret);
2325                                 }
2326                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
2327                                 {
2328                                 if (!DH_generate_key(dh))
2329                                         {
2330                                         DH_free(dh);
2331                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2332                                         return(ret);
2333                                         }
2334                                 }
2335                         if (s->cert->dh_tmp != NULL)
2336                                 DH_free(s->cert->dh_tmp);
2337                         s->cert->dh_tmp = dh;
2338                         ret = 1;
2339                 }
2340                 break;
2341         case SSL_CTRL_SET_TMP_DH_CB:
2342                 {
2343                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2344                 return(ret);
2345                 }
2346                 break;
2347 #endif
2348 #ifndef OPENSSL_NO_ECDH
2349         case SSL_CTRL_SET_TMP_ECDH:
2350                 {
2351                 EC_KEY *ecdh = NULL;
2352                         
2353                 if (parg == NULL)
2354                         {
2355                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2356                         return(ret);
2357                         }
2358                 if (!EC_KEY_up_ref((EC_KEY *)parg))
2359                         {
2360                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2361                         return(ret);
2362                         }
2363                 ecdh = (EC_KEY *)parg;
2364                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2365                         {
2366                         if (!EC_KEY_generate_key(ecdh))
2367                                 {
2368                                 EC_KEY_free(ecdh);
2369                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2370                                 return(ret);
2371                                 }
2372                         }
2373                 if (s->cert->ecdh_tmp != NULL)
2374                         EC_KEY_free(s->cert->ecdh_tmp);
2375                 s->cert->ecdh_tmp = ecdh;
2376                 ret = 1;
2377                 }
2378                 break;
2379         case SSL_CTRL_SET_TMP_ECDH_CB:
2380                 {
2381                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2382                 return(ret);
2383                 }
2384                 break;
2385 #endif /* !OPENSSL_NO_ECDH */
2386 #ifndef OPENSSL_NO_TLSEXT
2387         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2388                 if (larg == TLSEXT_NAMETYPE_host_name)
2389                         {
2390                         if (s->tlsext_hostname != NULL) 
2391                                 OPENSSL_free(s->tlsext_hostname);
2392                         s->tlsext_hostname = NULL;
2393
2394                         ret = 1;
2395                         if (parg == NULL) 
2396                                 break;
2397                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2398                                 {
2399                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2400                                 return 0;
2401                                 }
2402                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2403                                 {
2404                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2405                                 return 0;
2406                                 }
2407                         }
2408                 else
2409                         {
2410                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2411                         return 0;
2412                         }
2413                 break;
2414         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2415                 s->tlsext_debug_arg=parg;
2416                 ret = 1;
2417                 break;
2418
2419 #ifdef TLSEXT_TYPE_opaque_prf_input
2420         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2421                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2422                                    * (including the cert chain and everything) */
2423                         {
2424                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2425                         break;
2426                         }
2427                 if (s->tlsext_opaque_prf_input != NULL)
2428                         OPENSSL_free(s->tlsext_opaque_prf_input);
2429                 if ((size_t)larg == 0)
2430                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2431                 else
2432                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2433                 if (s->tlsext_opaque_prf_input != NULL)
2434                         {
2435                         s->tlsext_opaque_prf_input_len = (size_t)larg;
2436                         ret = 1;
2437                         }
2438                 else
2439                         s->tlsext_opaque_prf_input_len = 0;
2440                 break;
2441 #endif
2442
2443         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2444                 s->tlsext_status_type=larg;
2445                 ret = 1;
2446                 break;
2447
2448         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2449                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2450                 ret = 1;
2451                 break;
2452
2453         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2454                 s->tlsext_ocsp_exts = parg;
2455                 ret = 1;
2456                 break;
2457
2458         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2459                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2460                 ret = 1;
2461                 break;
2462
2463         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2464                 s->tlsext_ocsp_ids = parg;
2465                 ret = 1;
2466                 break;
2467
2468         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2469                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2470                 return s->tlsext_ocsp_resplen;
2471                 
2472         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2473                 if (s->tlsext_ocsp_resp)
2474                         OPENSSL_free(s->tlsext_ocsp_resp);
2475                 s->tlsext_ocsp_resp = parg;
2476                 s->tlsext_ocsp_resplen = larg;
2477                 ret = 1;
2478                 break;
2479
2480 #endif /* !OPENSSL_NO_TLSEXT */
2481         default:
2482                 break;
2483                 }
2484         return(ret);
2485         }
2486
2487 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2488         {
2489         int ret=0;
2490
2491 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2492         if (
2493 #ifndef OPENSSL_NO_RSA
2494             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2495 #endif
2496 #ifndef OPENSSL_NO_DSA
2497             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2498 #endif
2499                 0)
2500                 {
2501                 if (!ssl_cert_inst(&s->cert))
2502                         {
2503                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2504                         return(0);
2505                         }
2506                 }
2507 #endif
2508
2509         switch (cmd)
2510                 {
2511 #ifndef OPENSSL_NO_RSA
2512         case SSL_CTRL_SET_TMP_RSA_CB:
2513                 {
2514                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2515                 }
2516                 break;
2517 #endif
2518 #ifndef OPENSSL_NO_DH
2519         case SSL_CTRL_SET_TMP_DH_CB:
2520                 {
2521                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2522                 }
2523                 break;
2524 #endif
2525 #ifndef OPENSSL_NO_ECDH
2526         case SSL_CTRL_SET_TMP_ECDH_CB:
2527                 {
2528                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2529                 }
2530                 break;
2531 #endif
2532 #ifndef OPENSSL_NO_TLSEXT
2533         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2534                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2535                                         unsigned char *, int, void *))fp;
2536                 break;
2537 #endif
2538         default:
2539                 break;
2540                 }
2541         return(ret);
2542         }
2543
2544 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2545         {
2546         CERT *cert;
2547
2548         cert=ctx->cert;
2549
2550         switch (cmd)
2551                 {
2552 #ifndef OPENSSL_NO_RSA
2553         case SSL_CTRL_NEED_TMP_RSA:
2554                 if (    (cert->rsa_tmp == NULL) &&
2555                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2556                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2557                         )
2558                         return(1);
2559                 else
2560                         return(0);
2561                 /* break; */
2562         case SSL_CTRL_SET_TMP_RSA:
2563                 {
2564                 RSA *rsa;
2565                 int i;
2566
2567                 rsa=(RSA *)parg;
2568                 i=1;
2569                 if (rsa == NULL)
2570                         i=0;
2571                 else
2572                         {
2573                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2574                                 i=0;
2575                         }
2576                 if (!i)
2577                         {
2578                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2579                         return(0);
2580                         }
2581                 else
2582                         {
2583                         if (cert->rsa_tmp != NULL)
2584                                 RSA_free(cert->rsa_tmp);
2585                         cert->rsa_tmp=rsa;
2586                         return(1);
2587                         }
2588                 }
2589                 /* break; */
2590         case SSL_CTRL_SET_TMP_RSA_CB:
2591                 {
2592                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2593                 return(0);
2594                 }
2595                 break;
2596 #endif
2597 #ifndef OPENSSL_NO_DH
2598         case SSL_CTRL_SET_TMP_DH:
2599                 {
2600                 DH *new=NULL,*dh;
2601
2602                 dh=(DH *)parg;
2603                 if ((new=DHparams_dup(dh)) == NULL)
2604                         {
2605                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2606                         return 0;
2607                         }
2608                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2609                         {
2610                         if (!DH_generate_key(new))
2611                                 {
2612                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2613                                 DH_free(new);
2614                                 return 0;
2615                                 }
2616                         }
2617                 if (cert->dh_tmp != NULL)
2618                         DH_free(cert->dh_tmp);
2619                 cert->dh_tmp=new;
2620                 return 1;
2621                 }
2622                 /*break; */
2623         case SSL_CTRL_SET_TMP_DH_CB:
2624                 {
2625                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2626                 return(0);
2627                 }
2628                 break;
2629 #endif
2630 #ifndef OPENSSL_NO_ECDH
2631         case SSL_CTRL_SET_TMP_ECDH:
2632                 {
2633                 EC_KEY *ecdh = NULL;
2634                         
2635                 if (parg == NULL)
2636                         {
2637                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2638                         return 0;
2639                         }
2640                 ecdh = EC_KEY_dup((EC_KEY *)parg);
2641                 if (ecdh == NULL)
2642                         {
2643                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2644                         return 0;
2645                         }
2646                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2647                         {
2648                         if (!EC_KEY_generate_key(ecdh))
2649                                 {
2650                                 EC_KEY_free(ecdh);
2651                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2652                                 return 0;
2653                                 }
2654                         }
2655
2656                 if (cert->ecdh_tmp != NULL)
2657                         {
2658                         EC_KEY_free(cert->ecdh_tmp);
2659                         }
2660                 cert->ecdh_tmp = ecdh;
2661                 return 1;
2662                 }
2663                 /* break; */
2664         case SSL_CTRL_SET_TMP_ECDH_CB:
2665                 {
2666                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2667                 return(0);
2668                 }
2669                 break;
2670 #endif /* !OPENSSL_NO_ECDH */
2671 #ifndef OPENSSL_NO_TLSEXT
2672         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2673                 ctx->tlsext_servername_arg=parg;
2674                 break;
2675         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2676         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2677                 {
2678                 unsigned char *keys = parg;
2679                 if (!keys)
2680                         return 48;
2681                 if (larg != 48)
2682                         {
2683                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2684                         return 0;
2685                         }
2686                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2687                         {
2688                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
2689                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2690                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2691                         }
2692                 else
2693                         {
2694                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
2695                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2696                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2697                         }
2698                 return 1;
2699                 }
2700
2701 #ifdef TLSEXT_TYPE_opaque_prf_input
2702         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2703                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2704                 return 1;
2705 #endif
2706
2707         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2708                 ctx->tlsext_status_arg=parg;
2709                 return 1;
2710                 break;
2711
2712 #endif /* !OPENSSL_NO_TLSEXT */
2713
2714         /* A Thawte special :-) */
2715         case SSL_CTRL_EXTRA_CHAIN_CERT:
2716                 if (ctx->extra_certs == NULL)
2717                         {
2718                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2719                                 return(0);
2720                         }
2721                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2722                 break;
2723
2724         default:
2725                 return(0);
2726                 }
2727         return(1);
2728         }
2729
2730 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2731         {
2732         CERT *cert;
2733
2734         cert=ctx->cert;
2735
2736         switch (cmd)
2737                 {
2738 #ifndef OPENSSL_NO_RSA
2739         case SSL_CTRL_SET_TMP_RSA_CB:
2740                 {
2741                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2742                 }
2743                 break;
2744 #endif
2745 #ifndef OPENSSL_NO_DH
2746         case SSL_CTRL_SET_TMP_DH_CB:
2747                 {
2748                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2749                 }
2750                 break;
2751 #endif
2752 #ifndef OPENSSL_NO_ECDH
2753         case SSL_CTRL_SET_TMP_ECDH_CB:
2754                 {
2755                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2756                 }
2757                 break;
2758 #endif
2759 #ifndef OPENSSL_NO_TLSEXT
2760         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2761                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2762                 break;
2763
2764 #ifdef TLSEXT_TYPE_opaque_prf_input
2765         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2766                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2767                 break;
2768 #endif
2769
2770         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2771                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2772                 break;
2773
2774         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2775                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
2776                                                 unsigned char *,
2777                                                 EVP_CIPHER_CTX *,
2778                                                 HMAC_CTX *, int))fp;
2779                 break;
2780
2781 #endif
2782         default:
2783                 return(0);
2784                 }
2785         return(1);
2786         }
2787
2788 /* This function needs to check if the ciphers required are actually
2789  * available */
2790 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2791         {
2792         SSL_CIPHER c;
2793         const SSL_CIPHER *cp;
2794         unsigned long id;
2795
2796         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2797         c.id=id;
2798         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2799         if (cp == NULL || cp->valid == 0)
2800                 return NULL;
2801         else
2802                 return cp;
2803         }
2804
2805 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2806         {
2807         long l;
2808
2809         if (p != NULL)
2810                 {
2811                 l=c->id;
2812                 if ((l & 0xff000000) != 0x03000000) return(0);
2813                 p[0]=((unsigned char)(l>> 8L))&0xFF;
2814                 p[1]=((unsigned char)(l     ))&0xFF;
2815                 }
2816         return(2);
2817         }
2818
2819 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2820              STACK_OF(SSL_CIPHER) *srvr)
2821         {
2822         SSL_CIPHER *c,*ret=NULL;
2823         STACK_OF(SSL_CIPHER) *prio, *allow;
2824         int i,ii,ok;
2825 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2826         unsigned int j;
2827         int ec_ok, ec_nid;
2828         unsigned char ec_search1 = 0, ec_search2 = 0;
2829 #endif
2830         CERT *cert;
2831         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2832
2833         /* Let's see which ciphers we can support */
2834         cert=s->cert;
2835
2836 #if 0
2837         /* Do not set the compare functions, because this may lead to a
2838          * reordering by "id". We want to keep the original ordering.
2839          * We may pay a price in performance during sk_SSL_CIPHER_find(),
2840          * but would have to pay with the price of sk_SSL_CIPHER_dup().
2841          */
2842         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2843         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2844 #endif
2845
2846 #ifdef CIPHER_DEBUG
2847         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2848         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2849                 {
2850                 c=sk_SSL_CIPHER_value(srvr,i);
2851                 printf("%p:%s\n",(void *)c,c->name);
2852                 }
2853         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2854         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2855             {
2856             c=sk_SSL_CIPHER_value(clnt,i);
2857             printf("%p:%s\n",(void *)c,c->name);
2858             }
2859 #endif
2860
2861         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2862                 {
2863                 prio = srvr;
2864                 allow = clnt;
2865                 }
2866         else
2867                 {
2868                 prio = clnt;
2869                 allow = srvr;
2870                 }
2871
2872         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2873                 {
2874                 c=sk_SSL_CIPHER_value(prio,i);
2875
2876                 ssl_set_cert_masks(cert,c);
2877                 mask_k = cert->mask_k;
2878                 mask_a = cert->mask_a;
2879                 emask_k = cert->export_mask_k;
2880                 emask_a = cert->export_mask_a;
2881                         
2882 #ifdef KSSL_DEBUG
2883 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2884 #endif    /* KSSL_DEBUG */
2885
2886                 alg_k=c->algorithm_mkey;
2887                 alg_a=c->algorithm_auth;
2888
2889 #ifndef OPENSSL_NO_KRB5
2890                 if (alg_k & SSL_kKRB5)
2891                         {
2892                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
2893                             continue;
2894                         }
2895 #endif /* OPENSSL_NO_KRB5 */
2896 #ifndef OPENSSL_NO_PSK
2897                 /* with PSK there must be server callback set */
2898                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2899                         continue;
2900 #endif /* OPENSSL_NO_PSK */
2901
2902                 if (SSL_C_IS_EXPORT(c))
2903                         {
2904                         ok = (alg_k & emask_k) && (alg_a & emask_a);
2905 #ifdef CIPHER_DEBUG
2906                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2907                                (void *)c,c->name);
2908 #endif
2909                         }
2910                 else
2911                         {
2912                         ok = (alg_k & mask_k) && (alg_a & mask_a);
2913 #ifdef CIPHER_DEBUG
2914                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2915                                c->name);
2916 #endif
2917                         }
2918
2919 #ifndef OPENSSL_NO_TLSEXT
2920 #ifndef OPENSSL_NO_EC
2921                 if (
2922                         /* if we are considering an ECC cipher suite that uses our certificate */
2923                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2924                         /* and we have an ECC certificate */
2925                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2926                         /* and the client specified a Supported Point Formats extension */
2927                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2928                         /* and our certificate's point is compressed */
2929                         && (
2930                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2931                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2932                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2933                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2934                                 && (
2935                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2936                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2937                                         )
2938                                 )
2939                 )
2940                         {
2941                         ec_ok = 0;
2942                         /* if our certificate's curve is over a field type that the client does not support
2943                          * then do not allow this cipher suite to be negotiated */
2944                         if (
2945                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2946                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2947                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2948                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2949                         )
2950                                 {
2951                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2952                                         {
2953                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2954                                                 {
2955                                                 ec_ok = 1;
2956                                                 break;
2957                                                 }
2958                                         }
2959                                 }
2960                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2961                                 {
2962                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2963                                         {
2964                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2965                                                 {
2966                                                 ec_ok = 1;
2967                                                 break;
2968                                                 }
2969                                         }
2970                                 }
2971                         ok = ok && ec_ok;
2972                         }
2973                 if (
2974                         /* if we are considering an ECC cipher suite that uses our certificate */
2975                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2976                         /* and we have an ECC certificate */
2977                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2978                         /* and the client specified an EllipticCurves extension */
2979                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2980                 )
2981                         {
2982                         ec_ok = 0;
2983                         if (
2984                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2985                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2986                         )
2987                                 {
2988                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2989                                 if ((ec_nid == 0)
2990                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2991                                 )
2992                                         {
2993                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2994                                                 {
2995                                                 ec_search1 = 0xFF;
2996                                                 ec_search2 = 0x01;
2997                                                 }
2998                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2999                                                 {
3000                                                 ec_search1 = 0xFF;
3001                                                 ec_search2 = 0x02;
3002                                                 }
3003                                         }
3004                                 else
3005                                         {
3006                                         ec_search1 = 0x00;
3007                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3008                                         }
3009                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3010                                         {
3011                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3012                                                 {
3013                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3014                                                         {
3015                                                         ec_ok = 1;
3016                                                         break;
3017                                                         }
3018                                                 }
3019                                         }
3020                                 }
3021                         ok = ok && ec_ok;
3022                         }
3023                 if (
3024                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3025                         (alg_k & SSL_kEECDH)
3026                         /* and we have an ephemeral EC key */
3027                         && (s->cert->ecdh_tmp != NULL)
3028                         /* and the client specified an EllipticCurves extension */
3029                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3030                 )
3031                         {
3032                         ec_ok = 0;
3033                         if (s->cert->ecdh_tmp->group != NULL)
3034                                 {
3035                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3036                                 if ((ec_nid == 0)
3037                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3038                                 )
3039                                         {
3040                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3041                                                 {
3042                                                 ec_search1 = 0xFF;
3043                                                 ec_search2 = 0x01;
3044                                                 }
3045                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3046                                                 {
3047                                                 ec_search1 = 0xFF;
3048                                                 ec_search2 = 0x02;
3049                                                 }
3050                                         }
3051                                 else
3052                                         {
3053                                         ec_search1 = 0x00;
3054                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3055                                         }
3056                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3057                                         {
3058                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3059                                                 {
3060                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3061                                                         {
3062                                                         ec_ok = 1;
3063                                                         break;
3064                                                         }
3065                                                 }
3066                                         }
3067                                 }
3068                         ok = ok && ec_ok;
3069                         }
3070 #endif /* OPENSSL_NO_EC */
3071 #endif /* OPENSSL_NO_TLSEXT */
3072
3073                 if (!ok) continue;
3074                 ii=sk_SSL_CIPHER_find(allow,c);
3075                 if (ii >= 0)
3076                         {
3077                         ret=sk_SSL_CIPHER_value(allow,ii);
3078                         break;
3079                         }
3080                 }
3081         return(ret);
3082         }
3083
3084 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3085         {
3086         int ret=0;
3087         unsigned long alg_k;
3088
3089         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3090
3091 #ifndef OPENSSL_NO_GOST
3092         if (s->version >= TLS1_VERSION)
3093                 {
3094                 if (alg_k & SSL_kGOST)
3095                         {
3096                         p[ret++]=TLS_CT_GOST94_SIGN;
3097                         p[ret++]=TLS_CT_GOST01_SIGN;
3098                         return(ret);
3099                         }
3100                 }
3101 #endif
3102
3103 #ifndef OPENSSL_NO_DH
3104         if (alg_k & (SSL_kDHr|SSL_kEDH))
3105                 {
3106 #  ifndef OPENSSL_NO_RSA
3107                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
3108 #  endif
3109 #  ifndef OPENSSL_NO_DSA
3110                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3111 #  endif
3112                 }
3113         if ((s->version == SSL3_VERSION) &&
3114                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3115                 {
3116 #  ifndef OPENSSL_NO_RSA
3117                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3118 #  endif
3119 #  ifndef OPENSSL_NO_DSA
3120                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3121 #  endif
3122                 }
3123 #endif /* !OPENSSL_NO_DH */
3124 #ifndef OPENSSL_NO_RSA
3125         p[ret++]=SSL3_CT_RSA_SIGN;
3126 #endif
3127 #ifndef OPENSSL_NO_DSA
3128         p[ret++]=SSL3_CT_DSS_SIGN;
3129 #endif
3130 #ifndef OPENSSL_NO_ECDH
3131         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3132                 {
3133                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3134                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3135                 }
3136 #endif
3137
3138 #ifndef OPENSSL_NO_ECDSA
3139         /* ECDSA certs can be used with RSA cipher suites as well 
3140          * so we don't need to check for SSL_kECDH or SSL_kEECDH
3141          */
3142         if (s->version >= TLS1_VERSION)
3143                 {
3144                 p[ret++]=TLS_CT_ECDSA_SIGN;
3145                 }
3146 #endif  
3147         return(ret);
3148         }
3149
3150 int ssl3_shutdown(SSL *s)
3151         {
3152         int ret;
3153
3154         /* Don't do anything much if we have not done the handshake or
3155          * we don't want to send messages :-) */
3156         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3157                 {
3158                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3159                 return(1);
3160                 }
3161
3162         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3163                 {
3164                 s->shutdown|=SSL_SENT_SHUTDOWN;
3165 #if 1
3166                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3167 #endif
3168                 /* our shutdown alert has been sent now, and if it still needs
3169                  * to be written, s->s3->alert_dispatch will be true */
3170                 if (s->s3->alert_dispatch)
3171                         return(-1);     /* return WANT_WRITE */
3172                 }
3173         else if (s->s3->alert_dispatch)
3174                 {
3175                 /* resend it if not sent */
3176 #if 1
3177                 ret=s->method->ssl_dispatch_alert(s);
3178                 if(ret == -1)
3179                         {
3180                         /* we only get to return -1 here the 2nd/Nth
3181                          * invocation, we must  have already signalled
3182                          * return 0 upon a previous invoation,
3183                          * return WANT_WRITE */
3184                         return(ret);
3185                         }
3186 #endif
3187                 }
3188         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3189                 {
3190                 /* If we are waiting for a close from our peer, we are closed */
3191                 s->method->ssl_read_bytes(s,0,NULL,0,0);
3192                 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3193                         {
3194                         return(-1);     /* return WANT_READ */
3195                         }
3196                 }
3197
3198         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3199                 !s->s3->alert_dispatch)
3200                 return(1);
3201         else
3202                 return(0);
3203         }
3204
3205 int ssl3_write(SSL *s, const void *buf, int len)
3206         {
3207         int ret,n;
3208
3209 #if 0
3210         if (s->shutdown & SSL_SEND_SHUTDOWN)
3211                 {
3212                 s->rwstate=SSL_NOTHING;
3213                 return(0);
3214                 }
3215 #endif
3216         clear_sys_error();
3217         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3218
3219         /* This is an experimental flag that sends the
3220          * last handshake message in the same packet as the first
3221          * use data - used to see if it helps the TCP protocol during
3222          * session-id reuse */
3223         /* The second test is because the buffer may have been removed */
3224         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3225                 {
3226                 /* First time through, we write into the buffer */
3227                 if (s->s3->delay_buf_pop_ret == 0)
3228                         {
3229                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3230                                              buf,len);
3231                         if (ret <= 0) return(ret);
3232
3233                         s->s3->delay_buf_pop_ret=ret;
3234                         }
3235
3236                 s->rwstate=SSL_WRITING;
3237                 n=BIO_flush(s->wbio);
3238                 if (n <= 0) return(n);
3239                 s->rwstate=SSL_NOTHING;
3240
3241                 /* We have flushed the buffer, so remove it */
3242                 ssl_free_wbio_buffer(s);
3243                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3244
3245                 ret=s->s3->delay_buf_pop_ret;
3246                 s->s3->delay_buf_pop_ret=0;
3247                 }
3248         else
3249                 {
3250                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3251                         buf,len);
3252                 if (ret <= 0) return(ret);
3253                 }
3254
3255         return(ret);
3256         }
3257
3258 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3259         {
3260         int ret;
3261         
3262         clear_sys_error();
3263         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3264         s->s3->in_read_app_data=1;
3265         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3266         if ((ret == -1) && (s->s3->in_read_app_data == 2))
3267                 {
3268                 /* ssl3_read_bytes decided to call s->handshake_func, which
3269                  * called ssl3_read_bytes to read handshake data.
3270                  * However, ssl3_read_bytes actually found application data
3271                  * and thinks that application data makes sense here; so disable
3272                  * handshake processing and try to read application data again. */
3273                 s->in_handshake++;
3274                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3275                 s->in_handshake--;
3276                 }
3277         else
3278                 s->s3->in_read_app_data=0;
3279
3280         return(ret);
3281         }
3282
3283 int ssl3_read(SSL *s, void *buf, int len)
3284         {
3285         return ssl3_read_internal(s, buf, len, 0);
3286         }
3287
3288 int ssl3_peek(SSL *s, void *buf, int len)
3289         {
3290         return ssl3_read_internal(s, buf, len, 1);
3291         }
3292
3293 int ssl3_renegotiate(SSL *s)
3294         {
3295         if (s->handshake_func == NULL)
3296                 return(1);
3297
3298         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3299                 return(0);
3300
3301         s->s3->renegotiate=1;
3302         return(1);
3303         }
3304
3305 int ssl3_renegotiate_check(SSL *s)
3306         {
3307         int ret=0;
3308
3309         if (s->s3->renegotiate)
3310                 {
3311                 if (    (s->s3->rbuf.left == 0) &&
3312                         (s->s3->wbuf.left == 0) &&
3313                         !SSL_in_init(s))
3314                         {
3315 /*
3316 if we are the server, and we have sent a 'RENEGOTIATE' message, we
3317 need to go to SSL_ST_ACCEPT.
3318 */
3319                         /* SSL_ST_ACCEPT */
3320                         s->state=SSL_ST_RENEGOTIATE;
3321                         s->s3->renegotiate=0;
3322                         s->s3->num_renegotiations++;
3323                         s->s3->total_renegotiations++;
3324                         ret=1;
3325                         }
3326                 }
3327         return(ret);
3328         }
3329