Enable TLS 1.2 ciphers in DTLS 1.2.
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #include <openssl/md5.h>
156 #ifndef OPENSSL_NO_DH
157 #include <openssl/dh.h>
158 #endif
159
160 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
161
162 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
163
164 /* list of available SSLv3 ciphers (sorted by id) */
165 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
166
167 /* The RSA ciphers */
168 /* Cipher 01 */
169         {
170         1,
171         SSL3_TXT_RSA_NULL_MD5,
172         SSL3_CK_RSA_NULL_MD5,
173         SSL_kRSA,
174         SSL_aRSA,
175         SSL_eNULL,
176         SSL_MD5,
177         SSL_SSLV3,
178         SSL_NOT_EXP|SSL_STRONG_NONE,
179         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
180         0,
181         0,
182         },
183
184 /* Cipher 02 */
185         {
186         1,
187         SSL3_TXT_RSA_NULL_SHA,
188         SSL3_CK_RSA_NULL_SHA,
189         SSL_kRSA,
190         SSL_aRSA,
191         SSL_eNULL,
192         SSL_SHA1,
193         SSL_SSLV3,
194         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
195         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
196         0,
197         0,
198         },
199
200 /* Cipher 03 */
201         {
202         1,
203         SSL3_TXT_RSA_RC4_40_MD5,
204         SSL3_CK_RSA_RC4_40_MD5,
205         SSL_kRSA,
206         SSL_aRSA,
207         SSL_RC4,
208         SSL_MD5,
209         SSL_SSLV3,
210         SSL_EXPORT|SSL_EXP40,
211         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
212         40,
213         128,
214         },
215
216 /* Cipher 04 */
217         {
218         1,
219         SSL3_TXT_RSA_RC4_128_MD5,
220         SSL3_CK_RSA_RC4_128_MD5,
221         SSL_kRSA,
222         SSL_aRSA,
223         SSL_RC4,
224         SSL_MD5,
225         SSL_SSLV3,
226         SSL_NOT_EXP|SSL_MEDIUM,
227         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
228         128,
229         128,
230         },
231
232 /* Cipher 05 */
233         {
234         1,
235         SSL3_TXT_RSA_RC4_128_SHA,
236         SSL3_CK_RSA_RC4_128_SHA,
237         SSL_kRSA,
238         SSL_aRSA,
239         SSL_RC4,
240         SSL_SHA1,
241         SSL_SSLV3,
242         SSL_NOT_EXP|SSL_MEDIUM,
243         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
244         128,
245         128,
246         },
247
248 /* Cipher 06 */
249         {
250         1,
251         SSL3_TXT_RSA_RC2_40_MD5,
252         SSL3_CK_RSA_RC2_40_MD5,
253         SSL_kRSA,
254         SSL_aRSA,
255         SSL_RC2,
256         SSL_MD5,
257         SSL_SSLV3,
258         SSL_EXPORT|SSL_EXP40,
259         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
260         40,
261         128,
262         },
263
264 /* Cipher 07 */
265 #ifndef OPENSSL_NO_IDEA
266         {
267         1,
268         SSL3_TXT_RSA_IDEA_128_SHA,
269         SSL3_CK_RSA_IDEA_128_SHA,
270         SSL_kRSA,
271         SSL_aRSA,
272         SSL_IDEA,
273         SSL_SHA1,
274         SSL_SSLV3,
275         SSL_NOT_EXP|SSL_MEDIUM,
276         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
277         128,
278         128,
279         },
280 #endif
281
282 /* Cipher 08 */
283         {
284         1,
285         SSL3_TXT_RSA_DES_40_CBC_SHA,
286         SSL3_CK_RSA_DES_40_CBC_SHA,
287         SSL_kRSA,
288         SSL_aRSA,
289         SSL_DES,
290         SSL_SHA1,
291         SSL_SSLV3,
292         SSL_EXPORT|SSL_EXP40,
293         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
294         40,
295         56,
296         },
297
298 /* Cipher 09 */
299         {
300         1,
301         SSL3_TXT_RSA_DES_64_CBC_SHA,
302         SSL3_CK_RSA_DES_64_CBC_SHA,
303         SSL_kRSA,
304         SSL_aRSA,
305         SSL_DES,
306         SSL_SHA1,
307         SSL_SSLV3,
308         SSL_NOT_EXP|SSL_LOW,
309         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
310         56,
311         56,
312         },
313
314 /* Cipher 0A */
315         {
316         1,
317         SSL3_TXT_RSA_DES_192_CBC3_SHA,
318         SSL3_CK_RSA_DES_192_CBC3_SHA,
319         SSL_kRSA,
320         SSL_aRSA,
321         SSL_3DES,
322         SSL_SHA1,
323         SSL_SSLV3,
324         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
325         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
326         168,
327         168,
328         },
329
330 /* The DH ciphers */
331 /* Cipher 0B */
332         {
333         1,
334         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
335         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
336         SSL_kDHd,
337         SSL_aDH,
338         SSL_DES,
339         SSL_SHA1,
340         SSL_SSLV3,
341         SSL_EXPORT|SSL_EXP40,
342         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
343         40,
344         56,
345         },
346
347 /* Cipher 0C */
348         {
349         1,
350         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
351         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
352         SSL_kDHd,
353         SSL_aDH,
354         SSL_DES,
355         SSL_SHA1,
356         SSL_SSLV3,
357         SSL_NOT_EXP|SSL_LOW,
358         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
359         56,
360         56,
361         },
362
363 /* Cipher 0D */
364         {
365         1,
366         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
367         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
368         SSL_kDHd,
369         SSL_aDH,
370         SSL_3DES,
371         SSL_SHA1,
372         SSL_SSLV3,
373         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
374         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
375         168,
376         168,
377         },
378
379 /* Cipher 0E */
380         {
381         1,
382         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
383         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
384         SSL_kDHr,
385         SSL_aDH,
386         SSL_DES,
387         SSL_SHA1,
388         SSL_SSLV3,
389         SSL_EXPORT|SSL_EXP40,
390         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
391         40,
392         56,
393         },
394
395 /* Cipher 0F */
396         {
397         1,
398         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
399         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
400         SSL_kDHr,
401         SSL_aDH,
402         SSL_DES,
403         SSL_SHA1,
404         SSL_SSLV3,
405         SSL_NOT_EXP|SSL_LOW,
406         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
407         56,
408         56,
409         },
410
411 /* Cipher 10 */
412         {
413         1,
414         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
415         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
416         SSL_kDHr,
417         SSL_aDH,
418         SSL_3DES,
419         SSL_SHA1,
420         SSL_SSLV3,
421         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
422         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
423         168,
424         168,
425         },
426
427 /* The Ephemeral DH ciphers */
428 /* Cipher 11 */
429         {
430         1,
431         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
432         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
433         SSL_kEDH,
434         SSL_aDSS,
435         SSL_DES,
436         SSL_SHA1,
437         SSL_SSLV3,
438         SSL_EXPORT|SSL_EXP40,
439         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
440         40,
441         56,
442         },
443
444 /* Cipher 12 */
445         {
446         1,
447         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
448         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
449         SSL_kEDH,
450         SSL_aDSS,
451         SSL_DES,
452         SSL_SHA1,
453         SSL_SSLV3,
454         SSL_NOT_EXP|SSL_LOW,
455         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
456         56,
457         56,
458         },
459
460 /* Cipher 13 */
461         {
462         1,
463         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
464         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
465         SSL_kEDH,
466         SSL_aDSS,
467         SSL_3DES,
468         SSL_SHA1,
469         SSL_SSLV3,
470         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
471         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
472         168,
473         168,
474         },
475
476 /* Cipher 14 */
477         {
478         1,
479         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
480         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
481         SSL_kEDH,
482         SSL_aRSA,
483         SSL_DES,
484         SSL_SHA1,
485         SSL_SSLV3,
486         SSL_EXPORT|SSL_EXP40,
487         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
488         40,
489         56,
490         },
491
492 /* Cipher 15 */
493         {
494         1,
495         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
496         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
497         SSL_kEDH,
498         SSL_aRSA,
499         SSL_DES,
500         SSL_SHA1,
501         SSL_SSLV3,
502         SSL_NOT_EXP|SSL_LOW,
503         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
504         56,
505         56,
506         },
507
508 /* Cipher 16 */
509         {
510         1,
511         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
512         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
513         SSL_kEDH,
514         SSL_aRSA,
515         SSL_3DES,
516         SSL_SHA1,
517         SSL_SSLV3,
518         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
519         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
520         168,
521         168,
522         },
523
524 /* Cipher 17 */
525         {
526         1,
527         SSL3_TXT_ADH_RC4_40_MD5,
528         SSL3_CK_ADH_RC4_40_MD5,
529         SSL_kEDH,
530         SSL_aNULL,
531         SSL_RC4,
532         SSL_MD5,
533         SSL_SSLV3,
534         SSL_EXPORT|SSL_EXP40,
535         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
536         40,
537         128,
538         },
539
540 /* Cipher 18 */
541         {
542         1,
543         SSL3_TXT_ADH_RC4_128_MD5,
544         SSL3_CK_ADH_RC4_128_MD5,
545         SSL_kEDH,
546         SSL_aNULL,
547         SSL_RC4,
548         SSL_MD5,
549         SSL_SSLV3,
550         SSL_NOT_EXP|SSL_MEDIUM,
551         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
552         128,
553         128,
554         },
555
556 /* Cipher 19 */
557         {
558         1,
559         SSL3_TXT_ADH_DES_40_CBC_SHA,
560         SSL3_CK_ADH_DES_40_CBC_SHA,
561         SSL_kEDH,
562         SSL_aNULL,
563         SSL_DES,
564         SSL_SHA1,
565         SSL_SSLV3,
566         SSL_EXPORT|SSL_EXP40,
567         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
568         40,
569         128,
570         },
571
572 /* Cipher 1A */
573         {
574         1,
575         SSL3_TXT_ADH_DES_64_CBC_SHA,
576         SSL3_CK_ADH_DES_64_CBC_SHA,
577         SSL_kEDH,
578         SSL_aNULL,
579         SSL_DES,
580         SSL_SHA1,
581         SSL_SSLV3,
582         SSL_NOT_EXP|SSL_LOW,
583         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
584         56,
585         56,
586         },
587
588 /* Cipher 1B */
589         {
590         1,
591         SSL3_TXT_ADH_DES_192_CBC_SHA,
592         SSL3_CK_ADH_DES_192_CBC_SHA,
593         SSL_kEDH,
594         SSL_aNULL,
595         SSL_3DES,
596         SSL_SHA1,
597         SSL_SSLV3,
598         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
599         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
600         168,
601         168,
602         },
603
604 /* Fortezza ciphersuite from SSL 3.0 spec */
605 #if 0
606 /* Cipher 1C */
607         {
608         0,
609         SSL3_TXT_FZA_DMS_NULL_SHA,
610         SSL3_CK_FZA_DMS_NULL_SHA,
611         SSL_kFZA,
612         SSL_aFZA,
613         SSL_eNULL,
614         SSL_SHA1,
615         SSL_SSLV3,
616         SSL_NOT_EXP|SSL_STRONG_NONE,
617         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
618         0,
619         0,
620         },
621
622 /* Cipher 1D */
623         {
624         0,
625         SSL3_TXT_FZA_DMS_FZA_SHA,
626         SSL3_CK_FZA_DMS_FZA_SHA,
627         SSL_kFZA,
628         SSL_aFZA,
629         SSL_eFZA,
630         SSL_SHA1,
631         SSL_SSLV3,
632         SSL_NOT_EXP|SSL_STRONG_NONE,
633         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
634         0,
635         0,
636         },
637
638 /* Cipher 1E */
639         {
640         0,
641         SSL3_TXT_FZA_DMS_RC4_SHA,
642         SSL3_CK_FZA_DMS_RC4_SHA,
643         SSL_kFZA,
644         SSL_aFZA,
645         SSL_RC4,
646         SSL_SHA1,
647         SSL_SSLV3,
648         SSL_NOT_EXP|SSL_MEDIUM,
649         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
650         128,
651         128,
652         },
653 #endif
654
655 #ifndef OPENSSL_NO_KRB5
656 /* The Kerberos ciphers*/
657 /* Cipher 1E */
658         {
659         1,
660         SSL3_TXT_KRB5_DES_64_CBC_SHA,
661         SSL3_CK_KRB5_DES_64_CBC_SHA,
662         SSL_kKRB5,
663         SSL_aKRB5,
664         SSL_DES,
665         SSL_SHA1,
666         SSL_SSLV3,
667         SSL_NOT_EXP|SSL_LOW,
668         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
669         56,
670         56,
671         },
672
673 /* Cipher 1F */
674         {
675         1,
676         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
677         SSL3_CK_KRB5_DES_192_CBC3_SHA,
678         SSL_kKRB5,
679         SSL_aKRB5,
680         SSL_3DES,
681         SSL_SHA1,
682         SSL_SSLV3,
683         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
684         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
685         168,
686         168,
687         },
688
689 /* Cipher 20 */
690         {
691         1,
692         SSL3_TXT_KRB5_RC4_128_SHA,
693         SSL3_CK_KRB5_RC4_128_SHA,
694         SSL_kKRB5,
695         SSL_aKRB5,
696         SSL_RC4,
697         SSL_SHA1,
698         SSL_SSLV3,
699         SSL_NOT_EXP|SSL_MEDIUM,
700         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
701         128,
702         128,
703         },
704
705 /* Cipher 21 */
706         {
707         1,
708         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
709         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
710         SSL_kKRB5,
711         SSL_aKRB5,
712         SSL_IDEA,
713         SSL_SHA1,
714         SSL_SSLV3,
715         SSL_NOT_EXP|SSL_MEDIUM,
716         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
717         128,
718         128,
719         },
720
721 /* Cipher 22 */
722         {
723         1,
724         SSL3_TXT_KRB5_DES_64_CBC_MD5,
725         SSL3_CK_KRB5_DES_64_CBC_MD5,
726         SSL_kKRB5,
727         SSL_aKRB5,
728         SSL_DES,
729         SSL_MD5,
730         SSL_SSLV3,
731         SSL_NOT_EXP|SSL_LOW,
732         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
733         56,
734         56,
735         },
736
737 /* Cipher 23 */
738         {
739         1,
740         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
741         SSL3_CK_KRB5_DES_192_CBC3_MD5,
742         SSL_kKRB5,
743         SSL_aKRB5,
744         SSL_3DES,
745         SSL_MD5,
746         SSL_SSLV3,
747         SSL_NOT_EXP|SSL_HIGH,
748         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
749         168,
750         168,
751         },
752
753 /* Cipher 24 */
754         {
755         1,
756         SSL3_TXT_KRB5_RC4_128_MD5,
757         SSL3_CK_KRB5_RC4_128_MD5,
758         SSL_kKRB5,
759         SSL_aKRB5,
760         SSL_RC4,
761         SSL_MD5,
762         SSL_SSLV3,
763         SSL_NOT_EXP|SSL_MEDIUM,
764         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
765         128,
766         128,
767         },
768
769 /* Cipher 25 */
770         {
771         1,
772         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
773         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
774         SSL_kKRB5,
775         SSL_aKRB5,
776         SSL_IDEA,
777         SSL_MD5,
778         SSL_SSLV3,
779         SSL_NOT_EXP|SSL_MEDIUM,
780         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
781         128,
782         128,
783         },
784
785 /* Cipher 26 */
786         {
787         1,
788         SSL3_TXT_KRB5_DES_40_CBC_SHA,
789         SSL3_CK_KRB5_DES_40_CBC_SHA,
790         SSL_kKRB5,
791         SSL_aKRB5,
792         SSL_DES,
793         SSL_SHA1,
794         SSL_SSLV3,
795         SSL_EXPORT|SSL_EXP40,
796         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
797         40,
798         56,
799         },
800
801 /* Cipher 27 */
802         {
803         1,
804         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
805         SSL3_CK_KRB5_RC2_40_CBC_SHA,
806         SSL_kKRB5,
807         SSL_aKRB5,
808         SSL_RC2,
809         SSL_SHA1,
810         SSL_SSLV3,
811         SSL_EXPORT|SSL_EXP40,
812         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
813         40,
814         128,
815         },
816
817 /* Cipher 28 */
818         {
819         1,
820         SSL3_TXT_KRB5_RC4_40_SHA,
821         SSL3_CK_KRB5_RC4_40_SHA,
822         SSL_kKRB5,
823         SSL_aKRB5,
824         SSL_RC4,
825         SSL_SHA1,
826         SSL_SSLV3,
827         SSL_EXPORT|SSL_EXP40,
828         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
829         40,
830         128,
831         },
832
833 /* Cipher 29 */
834         {
835         1,
836         SSL3_TXT_KRB5_DES_40_CBC_MD5,
837         SSL3_CK_KRB5_DES_40_CBC_MD5,
838         SSL_kKRB5,
839         SSL_aKRB5,
840         SSL_DES,
841         SSL_MD5,
842         SSL_SSLV3,
843         SSL_EXPORT|SSL_EXP40,
844         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
845         40,
846         56,
847         },
848
849 /* Cipher 2A */
850         {
851         1,
852         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
853         SSL3_CK_KRB5_RC2_40_CBC_MD5,
854         SSL_kKRB5,
855         SSL_aKRB5,
856         SSL_RC2,
857         SSL_MD5,
858         SSL_SSLV3,
859         SSL_EXPORT|SSL_EXP40,
860         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
861         40,
862         128,
863         },
864
865 /* Cipher 2B */
866         {
867         1,
868         SSL3_TXT_KRB5_RC4_40_MD5,
869         SSL3_CK_KRB5_RC4_40_MD5,
870         SSL_kKRB5,
871         SSL_aKRB5,
872         SSL_RC4,
873         SSL_MD5,
874         SSL_SSLV3,
875         SSL_EXPORT|SSL_EXP40,
876         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
877         40,
878         128,
879         },
880 #endif  /* OPENSSL_NO_KRB5 */
881
882 /* New AES ciphersuites */
883 /* Cipher 2F */
884         {
885         1,
886         TLS1_TXT_RSA_WITH_AES_128_SHA,
887         TLS1_CK_RSA_WITH_AES_128_SHA,
888         SSL_kRSA,
889         SSL_aRSA,
890         SSL_AES128,
891         SSL_SHA1,
892         SSL_TLSV1,
893         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
894         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
895         128,
896         128,
897         },
898 /* Cipher 30 */
899         {
900         1,
901         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
902         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
903         SSL_kDHd,
904         SSL_aDH,
905         SSL_AES128,
906         SSL_SHA1,
907         SSL_TLSV1,
908         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
909         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
910         128,
911         128,
912         },
913 /* Cipher 31 */
914         {
915         1,
916         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
917         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
918         SSL_kDHr,
919         SSL_aDH,
920         SSL_AES128,
921         SSL_SHA1,
922         SSL_TLSV1,
923         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
924         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
925         128,
926         128,
927         },
928 /* Cipher 32 */
929         {
930         1,
931         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
932         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
933         SSL_kEDH,
934         SSL_aDSS,
935         SSL_AES128,
936         SSL_SHA1,
937         SSL_TLSV1,
938         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
939         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
940         128,
941         128,
942         },
943 /* Cipher 33 */
944         {
945         1,
946         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
947         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
948         SSL_kEDH,
949         SSL_aRSA,
950         SSL_AES128,
951         SSL_SHA1,
952         SSL_TLSV1,
953         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
954         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
955         128,
956         128,
957         },
958 /* Cipher 34 */
959         {
960         1,
961         TLS1_TXT_ADH_WITH_AES_128_SHA,
962         TLS1_CK_ADH_WITH_AES_128_SHA,
963         SSL_kEDH,
964         SSL_aNULL,
965         SSL_AES128,
966         SSL_SHA1,
967         SSL_TLSV1,
968         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
969         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
970         128,
971         128,
972         },
973
974 /* Cipher 35 */
975         {
976         1,
977         TLS1_TXT_RSA_WITH_AES_256_SHA,
978         TLS1_CK_RSA_WITH_AES_256_SHA,
979         SSL_kRSA,
980         SSL_aRSA,
981         SSL_AES256,
982         SSL_SHA1,
983         SSL_TLSV1,
984         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
985         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
986         256,
987         256,
988         },
989 /* Cipher 36 */
990         {
991         1,
992         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
993         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
994         SSL_kDHd,
995         SSL_aDH,
996         SSL_AES256,
997         SSL_SHA1,
998         SSL_TLSV1,
999         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1000         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1001         256,
1002         256,
1003         },
1004
1005 /* Cipher 37 */
1006         {
1007         1,
1008         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1009         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1010         SSL_kDHr,
1011         SSL_aDH,
1012         SSL_AES256,
1013         SSL_SHA1,
1014         SSL_TLSV1,
1015         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1016         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1017         256,
1018         256,
1019         },
1020
1021 /* Cipher 38 */
1022         {
1023         1,
1024         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1025         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1026         SSL_kEDH,
1027         SSL_aDSS,
1028         SSL_AES256,
1029         SSL_SHA1,
1030         SSL_TLSV1,
1031         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1032         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1033         256,
1034         256,
1035         },
1036
1037 /* Cipher 39 */
1038         {
1039         1,
1040         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1041         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1042         SSL_kEDH,
1043         SSL_aRSA,
1044         SSL_AES256,
1045         SSL_SHA1,
1046         SSL_TLSV1,
1047         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1048         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1049         256,
1050         256,
1051         },
1052
1053         /* Cipher 3A */
1054         {
1055         1,
1056         TLS1_TXT_ADH_WITH_AES_256_SHA,
1057         TLS1_CK_ADH_WITH_AES_256_SHA,
1058         SSL_kEDH,
1059         SSL_aNULL,
1060         SSL_AES256,
1061         SSL_SHA1,
1062         SSL_TLSV1,
1063         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1064         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1065         256,
1066         256,
1067         },
1068
1069         /* TLS v1.2 ciphersuites */
1070         /* Cipher 3B */
1071         {
1072         1,
1073         TLS1_TXT_RSA_WITH_NULL_SHA256,
1074         TLS1_CK_RSA_WITH_NULL_SHA256,
1075         SSL_kRSA,
1076         SSL_aRSA,
1077         SSL_eNULL,
1078         SSL_SHA256,
1079         SSL_TLSV1_2,
1080         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1081         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1082         0,
1083         0,
1084         },
1085
1086         /* Cipher 3C */
1087         {
1088         1,
1089         TLS1_TXT_RSA_WITH_AES_128_SHA256,
1090         TLS1_CK_RSA_WITH_AES_128_SHA256,
1091         SSL_kRSA,
1092         SSL_aRSA,
1093         SSL_AES128,
1094         SSL_SHA256,
1095         SSL_TLSV1_2,
1096         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1097         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1098         128,
1099         128,
1100         },
1101
1102         /* Cipher 3D */
1103         {
1104         1,
1105         TLS1_TXT_RSA_WITH_AES_256_SHA256,
1106         TLS1_CK_RSA_WITH_AES_256_SHA256,
1107         SSL_kRSA,
1108         SSL_aRSA,
1109         SSL_AES256,
1110         SSL_SHA256,
1111         SSL_TLSV1_2,
1112         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1113         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1114         256,
1115         256,
1116         },
1117
1118         /* Cipher 3E */
1119         {
1120         1,
1121         TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1122         TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1123         SSL_kDHd,
1124         SSL_aDH,
1125         SSL_AES128,
1126         SSL_SHA256,
1127         SSL_TLSV1_2,
1128         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1129         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1130         128,
1131         128,
1132         },
1133
1134         /* Cipher 3F */
1135         {
1136         1,
1137         TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1138         TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1139         SSL_kDHr,
1140         SSL_aDH,
1141         SSL_AES128,
1142         SSL_SHA256,
1143         SSL_TLSV1_2,
1144         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1145         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1146         128,
1147         128,
1148         },
1149
1150         /* Cipher 40 */
1151         {
1152         1,
1153         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1154         TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1155         SSL_kEDH,
1156         SSL_aDSS,
1157         SSL_AES128,
1158         SSL_SHA256,
1159         SSL_TLSV1_2,
1160         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1161         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1162         128,
1163         128,
1164         },
1165
1166 #ifndef OPENSSL_NO_CAMELLIA
1167         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1168
1169         /* Cipher 41 */
1170         {
1171         1,
1172         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1173         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1174         SSL_kRSA,
1175         SSL_aRSA,
1176         SSL_CAMELLIA128,
1177         SSL_SHA1,
1178         SSL_TLSV1,
1179         SSL_NOT_EXP|SSL_HIGH,
1180         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1181         128,
1182         128,
1183         },
1184
1185         /* Cipher 42 */
1186         {
1187         1,
1188         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1189         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1190         SSL_kDHd,
1191         SSL_aDH,
1192         SSL_CAMELLIA128,
1193         SSL_SHA1,
1194         SSL_TLSV1,
1195         SSL_NOT_EXP|SSL_HIGH,
1196         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1197         128,
1198         128,
1199         },
1200
1201         /* Cipher 43 */
1202         {
1203         1,
1204         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1205         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1206         SSL_kDHr,
1207         SSL_aDH,
1208         SSL_CAMELLIA128,
1209         SSL_SHA1,
1210         SSL_TLSV1,
1211         SSL_NOT_EXP|SSL_HIGH,
1212         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1213         128,
1214         128,
1215         },
1216
1217         /* Cipher 44 */
1218         {
1219         1,
1220         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1221         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1222         SSL_kEDH,
1223         SSL_aDSS,
1224         SSL_CAMELLIA128,
1225         SSL_SHA1,
1226         SSL_TLSV1,
1227         SSL_NOT_EXP|SSL_HIGH,
1228         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1229         128,
1230         128,
1231         },
1232
1233         /* Cipher 45 */
1234         {
1235         1,
1236         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1237         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1238         SSL_kEDH,
1239         SSL_aRSA,
1240         SSL_CAMELLIA128,
1241         SSL_SHA1,
1242         SSL_TLSV1,
1243         SSL_NOT_EXP|SSL_HIGH,
1244         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1245         128,
1246         128,
1247         },
1248
1249         /* Cipher 46 */
1250         {
1251         1,
1252         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1253         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1254         SSL_kEDH,
1255         SSL_aNULL,
1256         SSL_CAMELLIA128,
1257         SSL_SHA1,
1258         SSL_TLSV1,
1259         SSL_NOT_EXP|SSL_HIGH,
1260         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1261         128,
1262         128,
1263         },
1264 #endif /* OPENSSL_NO_CAMELLIA */
1265
1266 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1267         /* New TLS Export CipherSuites from expired ID */
1268 #if 0
1269         /* Cipher 60 */
1270         {
1271         1,
1272         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1273         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1274         SSL_kRSA,
1275         SSL_aRSA,
1276         SSL_RC4,
1277         SSL_MD5,
1278         SSL_TLSV1,
1279         SSL_EXPORT|SSL_EXP56,
1280         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1281         56,
1282         128,
1283         },
1284
1285         /* Cipher 61 */
1286         {
1287         1,
1288         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1289         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1290         SSL_kRSA,
1291         SSL_aRSA,
1292         SSL_RC2,
1293         SSL_MD5,
1294         SSL_TLSV1,
1295         SSL_EXPORT|SSL_EXP56,
1296         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1297         56,
1298         128,
1299         },
1300 #endif
1301
1302         /* Cipher 62 */
1303         {
1304         1,
1305         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1306         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1307         SSL_kRSA,
1308         SSL_aRSA,
1309         SSL_DES,
1310         SSL_SHA1,
1311         SSL_TLSV1,
1312         SSL_EXPORT|SSL_EXP56,
1313         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1314         56,
1315         56,
1316         },
1317
1318         /* Cipher 63 */
1319         {
1320         1,
1321         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1322         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1323         SSL_kEDH,
1324         SSL_aDSS,
1325         SSL_DES,
1326         SSL_SHA1,
1327         SSL_TLSV1,
1328         SSL_EXPORT|SSL_EXP56,
1329         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1330         56,
1331         56,
1332         },
1333
1334         /* Cipher 64 */
1335         {
1336         1,
1337         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1338         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1339         SSL_kRSA,
1340         SSL_aRSA,
1341         SSL_RC4,
1342         SSL_SHA1,
1343         SSL_TLSV1,
1344         SSL_EXPORT|SSL_EXP56,
1345         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1346         56,
1347         128,
1348         },
1349
1350         /* Cipher 65 */
1351         {
1352         1,
1353         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1354         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1355         SSL_kEDH,
1356         SSL_aDSS,
1357         SSL_RC4,
1358         SSL_SHA1,
1359         SSL_TLSV1,
1360         SSL_EXPORT|SSL_EXP56,
1361         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362         56,
1363         128,
1364         },
1365
1366         /* Cipher 66 */
1367         {
1368         1,
1369         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1370         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1371         SSL_kEDH,
1372         SSL_aDSS,
1373         SSL_RC4,
1374         SSL_SHA1,
1375         SSL_TLSV1,
1376         SSL_NOT_EXP|SSL_MEDIUM,
1377         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1378         128,
1379         128,
1380         },
1381 #endif
1382
1383         /* TLS v1.2 ciphersuites */
1384         /* Cipher 67 */
1385         {
1386         1,
1387         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1388         TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1389         SSL_kEDH,
1390         SSL_aRSA,
1391         SSL_AES128,
1392         SSL_SHA256,
1393         SSL_TLSV1_2,
1394         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1396         128,
1397         128,
1398         },
1399
1400         /* Cipher 68 */
1401         {
1402         1,
1403         TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1404         TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1405         SSL_kDHd,
1406         SSL_aDH,
1407         SSL_AES256,
1408         SSL_SHA256,
1409         SSL_TLSV1_2,
1410         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1412         256,
1413         256,
1414         },
1415
1416         /* Cipher 69 */
1417         {
1418         1,
1419         TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1420         TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1421         SSL_kDHr,
1422         SSL_aDH,
1423         SSL_AES256,
1424         SSL_SHA256,
1425         SSL_TLSV1_2,
1426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1428         256,
1429         256,
1430         },
1431
1432         /* Cipher 6A */
1433         {
1434         1,
1435         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1436         TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1437         SSL_kEDH,
1438         SSL_aDSS,
1439         SSL_AES256,
1440         SSL_SHA256,
1441         SSL_TLSV1_2,
1442         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1443         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1444         256,
1445         256,
1446         },
1447
1448         /* Cipher 6B */
1449         {
1450         1,
1451         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1452         TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1453         SSL_kEDH,
1454         SSL_aRSA,
1455         SSL_AES256,
1456         SSL_SHA256,
1457         SSL_TLSV1_2,
1458         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1459         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1460         256,
1461         256,
1462         },
1463
1464         /* Cipher 6C */
1465         {
1466         1,
1467         TLS1_TXT_ADH_WITH_AES_128_SHA256,
1468         TLS1_CK_ADH_WITH_AES_128_SHA256,
1469         SSL_kEDH,
1470         SSL_aNULL,
1471         SSL_AES128,
1472         SSL_SHA256,
1473         SSL_TLSV1_2,
1474         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1475         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1476         128,
1477         128,
1478         },
1479
1480         /* Cipher 6D */
1481         {
1482         1,
1483         TLS1_TXT_ADH_WITH_AES_256_SHA256,
1484         TLS1_CK_ADH_WITH_AES_256_SHA256,
1485         SSL_kEDH,
1486         SSL_aNULL,
1487         SSL_AES256,
1488         SSL_SHA256,
1489         SSL_TLSV1_2,
1490         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1491         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1492         256,
1493         256,
1494         },
1495
1496         /* GOST Ciphersuites */
1497
1498         {
1499         1,
1500         "GOST94-GOST89-GOST89",
1501         0x3000080,
1502         SSL_kGOST,
1503         SSL_aGOST94,
1504         SSL_eGOST2814789CNT,
1505         SSL_GOST89MAC,
1506         SSL_TLSV1,
1507         SSL_NOT_EXP|SSL_HIGH,
1508         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1509         256,
1510         256
1511         },
1512         {
1513         1,
1514         "GOST2001-GOST89-GOST89",
1515         0x3000081,
1516         SSL_kGOST,
1517         SSL_aGOST01,
1518         SSL_eGOST2814789CNT,
1519         SSL_GOST89MAC,
1520         SSL_TLSV1,
1521         SSL_NOT_EXP|SSL_HIGH,
1522         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1523         256,
1524         256
1525         },
1526         {
1527         1,
1528         "GOST94-NULL-GOST94",
1529         0x3000082,
1530         SSL_kGOST,
1531         SSL_aGOST94,
1532         SSL_eNULL,
1533         SSL_GOST94,
1534         SSL_TLSV1,
1535         SSL_NOT_EXP|SSL_STRONG_NONE,
1536         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1537         0,
1538         0
1539         },
1540         {
1541         1,
1542         "GOST2001-NULL-GOST94",
1543         0x3000083,
1544         SSL_kGOST,
1545         SSL_aGOST01,
1546         SSL_eNULL,
1547         SSL_GOST94,
1548         SSL_TLSV1,
1549         SSL_NOT_EXP|SSL_STRONG_NONE,
1550         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1551         0,
1552         0
1553         },
1554
1555 #ifndef OPENSSL_NO_CAMELLIA
1556         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1557
1558         /* Cipher 84 */
1559         {
1560         1,
1561         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1562         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1563         SSL_kRSA,
1564         SSL_aRSA,
1565         SSL_CAMELLIA256,
1566         SSL_SHA1,
1567         SSL_TLSV1,
1568         SSL_NOT_EXP|SSL_HIGH,
1569         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1570         256,
1571         256,
1572         },
1573         /* Cipher 85 */
1574         {
1575         1,
1576         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1577         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1578         SSL_kDHd,
1579         SSL_aDH,
1580         SSL_CAMELLIA256,
1581         SSL_SHA1,
1582         SSL_TLSV1,
1583         SSL_NOT_EXP|SSL_HIGH,
1584         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1585         256,
1586         256,
1587         },
1588
1589         /* Cipher 86 */
1590         {
1591         1,
1592         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1593         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1594         SSL_kDHr,
1595         SSL_aDH,
1596         SSL_CAMELLIA256,
1597         SSL_SHA1,
1598         SSL_TLSV1,
1599         SSL_NOT_EXP|SSL_HIGH,
1600         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1601         256,
1602         256,
1603         },
1604
1605         /* Cipher 87 */
1606         {
1607         1,
1608         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1609         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1610         SSL_kEDH,
1611         SSL_aDSS,
1612         SSL_CAMELLIA256,
1613         SSL_SHA1,
1614         SSL_TLSV1,
1615         SSL_NOT_EXP|SSL_HIGH,
1616         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1617         256,
1618         256,
1619         },
1620
1621         /* Cipher 88 */
1622         {
1623         1,
1624         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1625         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1626         SSL_kEDH,
1627         SSL_aRSA,
1628         SSL_CAMELLIA256,
1629         SSL_SHA1,
1630         SSL_TLSV1,
1631         SSL_NOT_EXP|SSL_HIGH,
1632         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1633         256,
1634         256,
1635         },
1636
1637         /* Cipher 89 */
1638         {
1639         1,
1640         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1641         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1642         SSL_kEDH,
1643         SSL_aNULL,
1644         SSL_CAMELLIA256,
1645         SSL_SHA1,
1646         SSL_TLSV1,
1647         SSL_NOT_EXP|SSL_HIGH,
1648         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1649         256,
1650         256,
1651         },
1652 #endif /* OPENSSL_NO_CAMELLIA */
1653
1654 #ifndef OPENSSL_NO_PSK
1655         /* Cipher 8A */
1656         {
1657         1,
1658         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1659         TLS1_CK_PSK_WITH_RC4_128_SHA,
1660         SSL_kPSK,
1661         SSL_aPSK,
1662         SSL_RC4,
1663         SSL_SHA1,
1664         SSL_TLSV1,
1665         SSL_NOT_EXP|SSL_MEDIUM,
1666         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1667         128,
1668         128,
1669         },
1670
1671         /* Cipher 8B */
1672         {
1673         1,
1674         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1675         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1676         SSL_kPSK,
1677         SSL_aPSK,
1678         SSL_3DES,
1679         SSL_SHA1,
1680         SSL_TLSV1,
1681         SSL_NOT_EXP|SSL_HIGH,
1682         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1683         168,
1684         168,
1685         },
1686
1687         /* Cipher 8C */
1688         {
1689         1,
1690         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1691         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1692         SSL_kPSK,
1693         SSL_aPSK,
1694         SSL_AES128,
1695         SSL_SHA1,
1696         SSL_TLSV1,
1697         SSL_NOT_EXP|SSL_HIGH,
1698         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1699         128,
1700         128,
1701         },
1702
1703         /* Cipher 8D */
1704         {
1705         1,
1706         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1707         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1708         SSL_kPSK,
1709         SSL_aPSK,
1710         SSL_AES256,
1711         SSL_SHA1,
1712         SSL_TLSV1,
1713         SSL_NOT_EXP|SSL_HIGH,
1714         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1715         256,
1716         256,
1717         },
1718 #endif  /* OPENSSL_NO_PSK */
1719
1720 #ifndef OPENSSL_NO_SEED
1721         /* SEED ciphersuites from RFC4162 */
1722
1723         /* Cipher 96 */
1724         {
1725         1,
1726         TLS1_TXT_RSA_WITH_SEED_SHA,
1727         TLS1_CK_RSA_WITH_SEED_SHA,
1728         SSL_kRSA,
1729         SSL_aRSA,
1730         SSL_SEED,
1731         SSL_SHA1,
1732         SSL_TLSV1,
1733         SSL_NOT_EXP|SSL_MEDIUM,
1734         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1735         128,
1736         128,
1737         },
1738
1739         /* Cipher 97 */
1740         {
1741         1,
1742         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1743         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1744         SSL_kDHd,
1745         SSL_aDH,
1746         SSL_SEED,
1747         SSL_SHA1,
1748         SSL_TLSV1,
1749         SSL_NOT_EXP|SSL_MEDIUM,
1750         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1751         128,
1752         128,
1753         },
1754
1755         /* Cipher 98 */
1756         {
1757         1,
1758         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1759         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1760         SSL_kDHr,
1761         SSL_aDH,
1762         SSL_SEED,
1763         SSL_SHA1,
1764         SSL_TLSV1,
1765         SSL_NOT_EXP|SSL_MEDIUM,
1766         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1767         128,
1768         128,
1769         },
1770
1771         /* Cipher 99 */
1772         {
1773         1,
1774         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1775         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1776         SSL_kEDH,
1777         SSL_aDSS,
1778         SSL_SEED,
1779         SSL_SHA1,
1780         SSL_TLSV1,
1781         SSL_NOT_EXP|SSL_MEDIUM,
1782         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1783         128,
1784         128,
1785         },
1786
1787         /* Cipher 9A */
1788         {
1789         1,
1790         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1791         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1792         SSL_kEDH,
1793         SSL_aRSA,
1794         SSL_SEED,
1795         SSL_SHA1,
1796         SSL_TLSV1,
1797         SSL_NOT_EXP|SSL_MEDIUM,
1798         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1799         128,
1800         128,
1801         },
1802
1803         /* Cipher 9B */
1804         {
1805         1,
1806         TLS1_TXT_ADH_WITH_SEED_SHA,
1807         TLS1_CK_ADH_WITH_SEED_SHA,
1808         SSL_kEDH,
1809         SSL_aNULL,
1810         SSL_SEED,
1811         SSL_SHA1,
1812         SSL_TLSV1,
1813         SSL_NOT_EXP|SSL_MEDIUM,
1814         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1815         128,
1816         128,
1817         },
1818
1819 #endif /* OPENSSL_NO_SEED */
1820
1821         /* GCM ciphersuites from RFC5288 */
1822
1823         /* Cipher 9C */
1824         {
1825         1,
1826         TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1827         TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1828         SSL_kRSA,
1829         SSL_aRSA,
1830         SSL_AES128GCM,
1831         SSL_AEAD,
1832         SSL_TLSV1_2,
1833         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1834         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1835         128,
1836         128,
1837         },
1838
1839         /* Cipher 9D */
1840         {
1841         1,
1842         TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1843         TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1844         SSL_kRSA,
1845         SSL_aRSA,
1846         SSL_AES256GCM,
1847         SSL_AEAD,
1848         SSL_TLSV1_2,
1849         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1850         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1851         256,
1852         256,
1853         },
1854
1855         /* Cipher 9E */
1856         {
1857         1,
1858         TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1859         TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1860         SSL_kEDH,
1861         SSL_aRSA,
1862         SSL_AES128GCM,
1863         SSL_AEAD,
1864         SSL_TLSV1_2,
1865         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1866         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1867         128,
1868         128,
1869         },
1870
1871         /* Cipher 9F */
1872         {
1873         1,
1874         TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1875         TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1876         SSL_kEDH,
1877         SSL_aRSA,
1878         SSL_AES256GCM,
1879         SSL_AEAD,
1880         SSL_TLSV1_2,
1881         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1882         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1883         256,
1884         256,
1885         },
1886
1887         /* Cipher A0 */
1888         {
1889         1,
1890         TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1891         TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1892         SSL_kDHr,
1893         SSL_aDH,
1894         SSL_AES128GCM,
1895         SSL_AEAD,
1896         SSL_TLSV1_2,
1897         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1898         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1899         128,
1900         128,
1901         },
1902
1903         /* Cipher A1 */
1904         {
1905         1,
1906         TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1907         TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1908         SSL_kDHr,
1909         SSL_aDH,
1910         SSL_AES256GCM,
1911         SSL_AEAD,
1912         SSL_TLSV1_2,
1913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1914         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1915         256,
1916         256,
1917         },
1918
1919         /* Cipher A2 */
1920         {
1921         1,
1922         TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1923         TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1924         SSL_kEDH,
1925         SSL_aDSS,
1926         SSL_AES128GCM,
1927         SSL_AEAD,
1928         SSL_TLSV1_2,
1929         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1930         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1931         128,
1932         128,
1933         },
1934
1935         /* Cipher A3 */
1936         {
1937         1,
1938         TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1939         TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1940         SSL_kEDH,
1941         SSL_aDSS,
1942         SSL_AES256GCM,
1943         SSL_AEAD,
1944         SSL_TLSV1_2,
1945         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1946         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1947         256,
1948         256,
1949         },
1950
1951         /* Cipher A4 */
1952         {
1953         1,
1954         TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1955         TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1956         SSL_kDHd,
1957         SSL_aDH,
1958         SSL_AES128GCM,
1959         SSL_AEAD,
1960         SSL_TLSV1_2,
1961         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1962         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1963         128,
1964         128,
1965         },
1966
1967         /* Cipher A5 */
1968         {
1969         1,
1970         TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1971         TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1972         SSL_kDHd,
1973         SSL_aDH,
1974         SSL_AES256GCM,
1975         SSL_AEAD,
1976         SSL_TLSV1_2,
1977         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1978         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1979         256,
1980         256,
1981         },
1982
1983         /* Cipher A6 */
1984         {
1985         1,
1986         TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1987         TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1988         SSL_kEDH,
1989         SSL_aNULL,
1990         SSL_AES128GCM,
1991         SSL_AEAD,
1992         SSL_TLSV1_2,
1993         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1994         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1995         128,
1996         128,
1997         },
1998
1999         /* Cipher A7 */
2000         {
2001         1,
2002         TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2003         TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2004         SSL_kEDH,
2005         SSL_aNULL,
2006         SSL_AES256GCM,
2007         SSL_AEAD,
2008         SSL_TLSV1_2,
2009         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2010         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2011         256,
2012         256,
2013         },
2014 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2015         {
2016         1,
2017         "SCSV",
2018         SSL3_CK_SCSV,
2019         0,
2020         0,
2021         0,
2022         0,
2023         0,
2024         0,
2025         0,
2026         0,
2027         0
2028         },
2029 #endif
2030
2031 #ifndef OPENSSL_NO_ECDH
2032         /* Cipher C001 */
2033         {
2034         1,
2035         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2036         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2037         SSL_kECDHe,
2038         SSL_aECDH,
2039         SSL_eNULL,
2040         SSL_SHA1,
2041         SSL_TLSV1,
2042         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2043         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2044         0,
2045         0,
2046         },
2047
2048         /* Cipher C002 */
2049         {
2050         1,
2051         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2052         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2053         SSL_kECDHe,
2054         SSL_aECDH,
2055         SSL_RC4,
2056         SSL_SHA1,
2057         SSL_TLSV1,
2058         SSL_NOT_EXP|SSL_MEDIUM,
2059         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2060         128,
2061         128,
2062         },
2063
2064         /* Cipher C003 */
2065         {
2066         1,
2067         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2068         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2069         SSL_kECDHe,
2070         SSL_aECDH,
2071         SSL_3DES,
2072         SSL_SHA1,
2073         SSL_TLSV1,
2074         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2075         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2076         168,
2077         168,
2078         },
2079
2080         /* Cipher C004 */
2081         {
2082         1,
2083         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2084         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2085         SSL_kECDHe,
2086         SSL_aECDH,
2087         SSL_AES128,
2088         SSL_SHA1,
2089         SSL_TLSV1,
2090         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2091         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2092         128,
2093         128,
2094         },
2095
2096         /* Cipher C005 */
2097         {
2098         1,
2099         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2100         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2101         SSL_kECDHe,
2102         SSL_aECDH,
2103         SSL_AES256,
2104         SSL_SHA1,
2105         SSL_TLSV1,
2106         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2107         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2108         256,
2109         256,
2110         },
2111
2112         /* Cipher C006 */
2113         {
2114         1,
2115         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2116         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2117         SSL_kEECDH,
2118         SSL_aECDSA,
2119         SSL_eNULL,
2120         SSL_SHA1,
2121         SSL_TLSV1,
2122         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2123         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2124         0,
2125         0,
2126         },
2127
2128         /* Cipher C007 */
2129         {
2130         1,
2131         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2132         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2133         SSL_kEECDH,
2134         SSL_aECDSA,
2135         SSL_RC4,
2136         SSL_SHA1,
2137         SSL_TLSV1,
2138         SSL_NOT_EXP|SSL_MEDIUM,
2139         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2140         128,
2141         128,
2142         },
2143
2144         /* Cipher C008 */
2145         {
2146         1,
2147         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2148         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2149         SSL_kEECDH,
2150         SSL_aECDSA,
2151         SSL_3DES,
2152         SSL_SHA1,
2153         SSL_TLSV1,
2154         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2155         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2156         168,
2157         168,
2158         },
2159
2160         /* Cipher C009 */
2161         {
2162         1,
2163         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2164         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2165         SSL_kEECDH,
2166         SSL_aECDSA,
2167         SSL_AES128,
2168         SSL_SHA1,
2169         SSL_TLSV1,
2170         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2171         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2172         128,
2173         128,
2174         },
2175
2176         /* Cipher C00A */
2177         {
2178         1,
2179         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2180         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2181         SSL_kEECDH,
2182         SSL_aECDSA,
2183         SSL_AES256,
2184         SSL_SHA1,
2185         SSL_TLSV1,
2186         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2187         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2188         256,
2189         256,
2190         },
2191
2192         /* Cipher C00B */
2193         {
2194         1,
2195         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2196         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2197         SSL_kECDHr,
2198         SSL_aECDH,
2199         SSL_eNULL,
2200         SSL_SHA1,
2201         SSL_TLSV1,
2202         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2203         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2204         0,
2205         0,
2206         },
2207
2208         /* Cipher C00C */
2209         {
2210         1,
2211         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2212         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2213         SSL_kECDHr,
2214         SSL_aECDH,
2215         SSL_RC4,
2216         SSL_SHA1,
2217         SSL_TLSV1,
2218         SSL_NOT_EXP|SSL_MEDIUM,
2219         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2220         128,
2221         128,
2222         },
2223
2224         /* Cipher C00D */
2225         {
2226         1,
2227         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2228         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2229         SSL_kECDHr,
2230         SSL_aECDH,
2231         SSL_3DES,
2232         SSL_SHA1,
2233         SSL_TLSV1,
2234         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2235         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2236         168,
2237         168,
2238         },
2239
2240         /* Cipher C00E */
2241         {
2242         1,
2243         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2244         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2245         SSL_kECDHr,
2246         SSL_aECDH,
2247         SSL_AES128,
2248         SSL_SHA1,
2249         SSL_TLSV1,
2250         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2251         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2252         128,
2253         128,
2254         },
2255
2256         /* Cipher C00F */
2257         {
2258         1,
2259         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2260         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2261         SSL_kECDHr,
2262         SSL_aECDH,
2263         SSL_AES256,
2264         SSL_SHA1,
2265         SSL_TLSV1,
2266         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2267         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2268         256,
2269         256,
2270         },
2271
2272         /* Cipher C010 */
2273         {
2274         1,
2275         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2276         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2277         SSL_kEECDH,
2278         SSL_aRSA,
2279         SSL_eNULL,
2280         SSL_SHA1,
2281         SSL_TLSV1,
2282         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2283         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2284         0,
2285         0,
2286         },
2287
2288         /* Cipher C011 */
2289         {
2290         1,
2291         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2292         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2293         SSL_kEECDH,
2294         SSL_aRSA,
2295         SSL_RC4,
2296         SSL_SHA1,
2297         SSL_TLSV1,
2298         SSL_NOT_EXP|SSL_MEDIUM,
2299         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2300         128,
2301         128,
2302         },
2303
2304         /* Cipher C012 */
2305         {
2306         1,
2307         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2308         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2309         SSL_kEECDH,
2310         SSL_aRSA,
2311         SSL_3DES,
2312         SSL_SHA1,
2313         SSL_TLSV1,
2314         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2315         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2316         168,
2317         168,
2318         },
2319
2320         /* Cipher C013 */
2321         {
2322         1,
2323         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2324         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2325         SSL_kEECDH,
2326         SSL_aRSA,
2327         SSL_AES128,
2328         SSL_SHA1,
2329         SSL_TLSV1,
2330         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2331         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2332         128,
2333         128,
2334         },
2335
2336         /* Cipher C014 */
2337         {
2338         1,
2339         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2340         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2341         SSL_kEECDH,
2342         SSL_aRSA,
2343         SSL_AES256,
2344         SSL_SHA1,
2345         SSL_TLSV1,
2346         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2348         256,
2349         256,
2350         },
2351
2352         /* Cipher C015 */
2353         {
2354         1,
2355         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2356         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2357         SSL_kEECDH,
2358         SSL_aNULL,
2359         SSL_eNULL,
2360         SSL_SHA1,
2361         SSL_TLSV1,
2362         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2364         0,
2365         0,
2366         },
2367
2368         /* Cipher C016 */
2369         {
2370         1,
2371         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2372         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2373         SSL_kEECDH,
2374         SSL_aNULL,
2375         SSL_RC4,
2376         SSL_SHA1,
2377         SSL_TLSV1,
2378         SSL_NOT_EXP|SSL_MEDIUM,
2379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2380         128,
2381         128,
2382         },
2383
2384         /* Cipher C017 */
2385         {
2386         1,
2387         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2388         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2389         SSL_kEECDH,
2390         SSL_aNULL,
2391         SSL_3DES,
2392         SSL_SHA1,
2393         SSL_TLSV1,
2394         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2396         168,
2397         168,
2398         },
2399
2400         /* Cipher C018 */
2401         {
2402         1,
2403         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2404         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2405         SSL_kEECDH,
2406         SSL_aNULL,
2407         SSL_AES128,
2408         SSL_SHA1,
2409         SSL_TLSV1,
2410         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2412         128,
2413         128,
2414         },
2415
2416         /* Cipher C019 */
2417         {
2418         1,
2419         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2420         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2421         SSL_kEECDH,
2422         SSL_aNULL,
2423         SSL_AES256,
2424         SSL_SHA1,
2425         SSL_TLSV1,
2426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2428         256,
2429         256,
2430         },
2431 #endif  /* OPENSSL_NO_ECDH */
2432
2433 #ifndef OPENSSL_NO_SRP
2434         /* Cipher C01A */
2435         {
2436         1,
2437         TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2438         TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2439         SSL_kSRP,
2440         SSL_aNULL,
2441         SSL_3DES,
2442         SSL_SHA1,
2443         SSL_TLSV1,
2444         SSL_NOT_EXP|SSL_HIGH,
2445         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2446         168,
2447         168,
2448         },
2449
2450         /* Cipher C01B */
2451         {
2452         1,
2453         TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2454         TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2455         SSL_kSRP,
2456         SSL_aRSA,
2457         SSL_3DES,
2458         SSL_SHA1,
2459         SSL_TLSV1,
2460         SSL_NOT_EXP|SSL_HIGH,
2461         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2462         168,
2463         168,
2464         },
2465
2466         /* Cipher C01C */
2467         {
2468         1,
2469         TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2470         TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2471         SSL_kSRP,
2472         SSL_aDSS,
2473         SSL_3DES,
2474         SSL_SHA1,
2475         SSL_TLSV1,
2476         SSL_NOT_EXP|SSL_HIGH,
2477         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2478         168,
2479         168,
2480         },
2481
2482         /* Cipher C01D */
2483         {
2484         1,
2485         TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2486         TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2487         SSL_kSRP,
2488         SSL_aNULL,
2489         SSL_AES128,
2490         SSL_SHA1,
2491         SSL_TLSV1,
2492         SSL_NOT_EXP|SSL_HIGH,
2493         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2494         128,
2495         128,
2496         },
2497
2498         /* Cipher C01E */
2499         {
2500         1,
2501         TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2502         TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2503         SSL_kSRP,
2504         SSL_aRSA,
2505         SSL_AES128,
2506         SSL_SHA1,
2507         SSL_TLSV1,
2508         SSL_NOT_EXP|SSL_HIGH,
2509         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2510         128,
2511         128,
2512         },
2513
2514         /* Cipher C01F */
2515         {
2516         1,
2517         TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2518         TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2519         SSL_kSRP,
2520         SSL_aDSS,
2521         SSL_AES128,
2522         SSL_SHA1,
2523         SSL_TLSV1,
2524         SSL_NOT_EXP|SSL_HIGH,
2525         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2526         128,
2527         128,
2528         },
2529
2530         /* Cipher C020 */
2531         {
2532         1,
2533         TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2534         TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2535         SSL_kSRP,
2536         SSL_aNULL,
2537         SSL_AES256,
2538         SSL_SHA1,
2539         SSL_TLSV1,
2540         SSL_NOT_EXP|SSL_HIGH,
2541         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2542         256,
2543         256,
2544         },
2545
2546         /* Cipher C021 */
2547         {
2548         1,
2549         TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2550         TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2551         SSL_kSRP,
2552         SSL_aRSA,
2553         SSL_AES256,
2554         SSL_SHA1,
2555         SSL_TLSV1,
2556         SSL_NOT_EXP|SSL_HIGH,
2557         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2558         256,
2559         256,
2560         },
2561
2562         /* Cipher C022 */
2563         {
2564         1,
2565         TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2566         TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2567         SSL_kSRP,
2568         SSL_aDSS,
2569         SSL_AES256,
2570         SSL_SHA1,
2571         SSL_TLSV1,
2572         SSL_NOT_EXP|SSL_HIGH,
2573         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2574         256,
2575         256,
2576         },
2577 #endif  /* OPENSSL_NO_SRP */
2578 #ifndef OPENSSL_NO_ECDH
2579
2580         /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2581
2582         /* Cipher C023 */
2583         {
2584         1,
2585         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2586         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2587         SSL_kEECDH,
2588         SSL_aECDSA,
2589         SSL_AES128,
2590         SSL_SHA256,
2591         SSL_TLSV1_2,
2592         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2593         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2594         128,
2595         128,
2596         },
2597
2598         /* Cipher C024 */
2599         {
2600         1,
2601         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2602         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2603         SSL_kEECDH,
2604         SSL_aECDSA,
2605         SSL_AES256,
2606         SSL_SHA384,
2607         SSL_TLSV1_2,
2608         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2609         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2610         256,
2611         256,
2612         },
2613
2614         /* Cipher C025 */
2615         {
2616         1,
2617         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2618         TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2619         SSL_kECDHe,
2620         SSL_aECDH,
2621         SSL_AES128,
2622         SSL_SHA256,
2623         SSL_TLSV1_2,
2624         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2625         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2626         128,
2627         128,
2628         },
2629
2630         /* Cipher C026 */
2631         {
2632         1,
2633         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2634         TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2635         SSL_kECDHe,
2636         SSL_aECDH,
2637         SSL_AES256,
2638         SSL_SHA384,
2639         SSL_TLSV1_2,
2640         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2641         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2642         256,
2643         256,
2644         },
2645
2646         /* Cipher C027 */
2647         {
2648         1,
2649         TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2650         TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2651         SSL_kEECDH,
2652         SSL_aRSA,
2653         SSL_AES128,
2654         SSL_SHA256,
2655         SSL_TLSV1_2,
2656         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2657         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2658         128,
2659         128,
2660         },
2661
2662         /* Cipher C028 */
2663         {
2664         1,
2665         TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2666         TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2667         SSL_kEECDH,
2668         SSL_aRSA,
2669         SSL_AES256,
2670         SSL_SHA384,
2671         SSL_TLSV1_2,
2672         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2673         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2674         256,
2675         256,
2676         },
2677
2678         /* Cipher C029 */
2679         {
2680         1,
2681         TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2682         TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2683         SSL_kECDHr,
2684         SSL_aECDH,
2685         SSL_AES128,
2686         SSL_SHA256,
2687         SSL_TLSV1_2,
2688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2689         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2690         128,
2691         128,
2692         },
2693
2694         /* Cipher C02A */
2695         {
2696         1,
2697         TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2698         TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2699         SSL_kECDHr,
2700         SSL_aECDH,
2701         SSL_AES256,
2702         SSL_SHA384,
2703         SSL_TLSV1_2,
2704         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2705         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2706         256,
2707         256,
2708         },
2709
2710         /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2711
2712         /* Cipher C02B */
2713         {
2714         1,
2715         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2716         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2717         SSL_kEECDH,
2718         SSL_aECDSA,
2719         SSL_AES128GCM,
2720         SSL_AEAD,
2721         SSL_TLSV1_2,
2722         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2723         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2724         128,
2725         128,
2726         },
2727
2728         /* Cipher C02C */
2729         {
2730         1,
2731         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2732         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2733         SSL_kEECDH,
2734         SSL_aECDSA,
2735         SSL_AES256GCM,
2736         SSL_AEAD,
2737         SSL_TLSV1_2,
2738         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2739         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2740         256,
2741         256,
2742         },
2743
2744         /* Cipher C02D */
2745         {
2746         1,
2747         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2748         TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2749         SSL_kECDHe,
2750         SSL_aECDH,
2751         SSL_AES128GCM,
2752         SSL_AEAD,
2753         SSL_TLSV1_2,
2754         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2755         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2756         128,
2757         128,
2758         },
2759
2760         /* Cipher C02E */
2761         {
2762         1,
2763         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2764         TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2765         SSL_kECDHe,
2766         SSL_aECDH,
2767         SSL_AES256GCM,
2768         SSL_AEAD,
2769         SSL_TLSV1_2,
2770         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2771         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2772         256,
2773         256,
2774         },
2775
2776         /* Cipher C02F */
2777         {
2778         1,
2779         TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2780         TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2781         SSL_kEECDH,
2782         SSL_aRSA,
2783         SSL_AES128GCM,
2784         SSL_AEAD,
2785         SSL_TLSV1_2,
2786         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2787         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2788         128,
2789         128,
2790         },
2791
2792         /* Cipher C030 */
2793         {
2794         1,
2795         TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2796         TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2797         SSL_kEECDH,
2798         SSL_aRSA,
2799         SSL_AES256GCM,
2800         SSL_AEAD,
2801         SSL_TLSV1_2,
2802         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2803         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2804         256,
2805         256,
2806         },
2807
2808         /* Cipher C031 */
2809         {
2810         1,
2811         TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2812         TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2813         SSL_kECDHr,
2814         SSL_aECDH,
2815         SSL_AES128GCM,
2816         SSL_AEAD,
2817         SSL_TLSV1_2,
2818         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2819         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2820         128,
2821         128,
2822         },
2823
2824         /* Cipher C032 */
2825         {
2826         1,
2827         TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2828         TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2829         SSL_kECDHr,
2830         SSL_aECDH,
2831         SSL_AES256GCM,
2832         SSL_AEAD,
2833         SSL_TLSV1_2,
2834         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2835         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2836         256,
2837         256,
2838         },
2839
2840 #endif /* OPENSSL_NO_ECDH */
2841
2842
2843 #ifdef TEMP_GOST_TLS
2844 /* Cipher FF00 */
2845         {
2846         1,
2847         "GOST-MD5",
2848         0x0300ff00,
2849         SSL_kRSA,
2850         SSL_aRSA,
2851         SSL_eGOST2814789CNT,
2852         SSL_MD5,
2853         SSL_TLSV1,
2854         SSL_NOT_EXP|SSL_HIGH,
2855         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2856         256,
2857         256,
2858         },
2859         {
2860         1,
2861         "GOST-GOST94",
2862         0x0300ff01,
2863         SSL_kRSA,
2864         SSL_aRSA,
2865         SSL_eGOST2814789CNT,
2866         SSL_GOST94,
2867         SSL_TLSV1,
2868         SSL_NOT_EXP|SSL_HIGH,
2869         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2870         256,
2871         256
2872         },
2873         {
2874         1,
2875         "GOST-GOST89MAC",
2876         0x0300ff02,
2877         SSL_kRSA,
2878         SSL_aRSA,
2879         SSL_eGOST2814789CNT,
2880         SSL_GOST89MAC,
2881         SSL_TLSV1,
2882         SSL_NOT_EXP|SSL_HIGH,
2883         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2884         256,
2885         256
2886         },
2887         {
2888         1,
2889         "GOST-GOST89STREAM",
2890         0x0300ff03,
2891         SSL_kRSA,
2892         SSL_aRSA,
2893         SSL_eGOST2814789CNT,
2894         SSL_GOST89MAC,
2895         SSL_TLSV1,
2896         SSL_NOT_EXP|SSL_HIGH,
2897         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2898         256,
2899         256
2900         },
2901 #endif
2902
2903 /* end of list */
2904         };
2905
2906 SSL3_ENC_METHOD SSLv3_enc_data={
2907         ssl3_enc,
2908         n_ssl3_mac,
2909         ssl3_setup_key_block,
2910         ssl3_generate_master_secret,
2911         ssl3_change_cipher_state,
2912         ssl3_final_finish_mac,
2913         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2914         ssl3_cert_verify_mac,
2915         SSL3_MD_CLIENT_FINISHED_CONST,4,
2916         SSL3_MD_SERVER_FINISHED_CONST,4,
2917         ssl3_alert_code,
2918         (int (*)(SSL *, unsigned char *, size_t, const char *,
2919                  size_t, const unsigned char *, size_t,
2920                  int use_context))ssl_undefined_function,
2921         0,
2922         SSL3_HM_HEADER_LENGTH,
2923         ssl3_set_handshake_header,
2924         ssl3_handshake_write
2925         };
2926
2927 long ssl3_default_timeout(void)
2928         {
2929         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2930          * is way too long for http, the cache would over fill */
2931         return(60*60*2);
2932         }
2933
2934 int ssl3_num_ciphers(void)
2935         {
2936         return(SSL3_NUM_CIPHERS);
2937         }
2938
2939 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2940         {
2941         if (u < SSL3_NUM_CIPHERS)
2942                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2943         else
2944                 return(NULL);
2945         }
2946
2947 int ssl3_pending(const SSL *s)
2948         {
2949         if (s->rstate == SSL_ST_READ_BODY)
2950                 return 0;
2951         
2952         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2953         }
2954
2955 void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2956         {
2957         unsigned char *p = (unsigned char *)s->init_buf->data;
2958         *(p++) = htype;
2959         l2n3(len, p);
2960         s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2961         s->init_off = 0;
2962         }
2963
2964 int ssl3_handshake_write(SSL *s)
2965         {
2966         return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2967         }
2968
2969 int ssl3_new(SSL *s)
2970         {
2971         SSL3_STATE *s3;
2972
2973         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2974         memset(s3,0,sizeof *s3);
2975         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2976         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2977
2978         s->s3=s3;
2979
2980 #ifndef OPENSSL_NO_SRP
2981         SSL_SRP_CTX_init(s);
2982 #endif
2983         s->method->ssl_clear(s);
2984         return(1);
2985 err:
2986         return(0);
2987         }
2988
2989 void ssl3_free(SSL *s)
2990         {
2991         if(s == NULL)
2992             return;
2993
2994 #ifdef TLSEXT_TYPE_opaque_prf_input
2995         if (s->s3->client_opaque_prf_input != NULL)
2996                 OPENSSL_free(s->s3->client_opaque_prf_input);
2997         if (s->s3->server_opaque_prf_input != NULL)
2998                 OPENSSL_free(s->s3->server_opaque_prf_input);
2999 #endif
3000
3001         ssl3_cleanup_key_block(s);
3002         if (s->s3->rbuf.buf != NULL)
3003                 ssl3_release_read_buffer(s);
3004         if (s->s3->wbuf.buf != NULL)
3005                 ssl3_release_write_buffer(s);
3006         if (s->s3->rrec.comp != NULL)
3007                 OPENSSL_free(s->s3->rrec.comp);
3008 #ifndef OPENSSL_NO_DH
3009         if (s->s3->tmp.dh != NULL)
3010                 DH_free(s->s3->tmp.dh);
3011 #endif
3012 #ifndef OPENSSL_NO_ECDH
3013         if (s->s3->tmp.ecdh != NULL)
3014                 EC_KEY_free(s->s3->tmp.ecdh);
3015 #endif
3016
3017         if (s->s3->tmp.ca_names != NULL)
3018                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
3019         if (s->s3->handshake_buffer) {
3020                 BIO_free(s->s3->handshake_buffer);
3021         }
3022         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
3023 #ifndef OPENSSL_NO_SRP
3024         SSL_SRP_CTX_free(s);
3025 #endif
3026 #ifndef OPENSSL_NO_TLSEXT
3027         if (s->s3->tlsext_authz_client_types != NULL)
3028                 OPENSSL_free(s->s3->tlsext_authz_client_types);
3029 #endif
3030         OPENSSL_cleanse(s->s3,sizeof *s->s3);
3031         OPENSSL_free(s->s3);
3032         s->s3=NULL;
3033         }
3034
3035 void ssl3_clear(SSL *s)
3036         {
3037         unsigned char *rp,*wp;
3038         size_t rlen, wlen;
3039         int init_extra;
3040
3041 #ifdef TLSEXT_TYPE_opaque_prf_input
3042         if (s->s3->client_opaque_prf_input != NULL)
3043                 OPENSSL_free(s->s3->client_opaque_prf_input);
3044         s->s3->client_opaque_prf_input = NULL;
3045         if (s->s3->server_opaque_prf_input != NULL)
3046                 OPENSSL_free(s->s3->server_opaque_prf_input);
3047         s->s3->server_opaque_prf_input = NULL;
3048 #endif
3049
3050         ssl3_cleanup_key_block(s);
3051         if (s->s3->tmp.ca_names != NULL)
3052                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
3053
3054         if (s->s3->rrec.comp != NULL)
3055                 {
3056                 OPENSSL_free(s->s3->rrec.comp);
3057                 s->s3->rrec.comp=NULL;
3058                 }
3059 #ifndef OPENSSL_NO_DH
3060         if (s->s3->tmp.dh != NULL)
3061                 {
3062                 DH_free(s->s3->tmp.dh);
3063                 s->s3->tmp.dh = NULL;
3064                 }
3065 #endif
3066 #ifndef OPENSSL_NO_ECDH
3067         if (s->s3->tmp.ecdh != NULL)
3068                 {
3069                 EC_KEY_free(s->s3->tmp.ecdh);
3070                 s->s3->tmp.ecdh = NULL;
3071                 }
3072 #endif
3073 #ifndef OPENSSL_NO_TLSEXT
3074         if (s->s3->tlsext_authz_client_types != NULL)
3075                 {
3076                 OPENSSL_free(s->s3->tlsext_authz_client_types);
3077                 s->s3->tlsext_authz_client_types = NULL;
3078                 }
3079 #endif
3080
3081         rp = s->s3->rbuf.buf;
3082         wp = s->s3->wbuf.buf;
3083         rlen = s->s3->rbuf.len;
3084         wlen = s->s3->wbuf.len;
3085         init_extra = s->s3->init_extra;
3086         if (s->s3->handshake_buffer) {
3087                 BIO_free(s->s3->handshake_buffer);
3088                 s->s3->handshake_buffer = NULL;
3089         }
3090         if (s->s3->handshake_dgst) {
3091                 ssl3_free_digest_list(s);
3092         }       
3093         memset(s->s3,0,sizeof *s->s3);
3094         s->s3->rbuf.buf = rp;
3095         s->s3->wbuf.buf = wp;
3096         s->s3->rbuf.len = rlen;
3097         s->s3->wbuf.len = wlen;
3098         s->s3->init_extra = init_extra;
3099
3100         ssl_free_wbio_buffer(s);
3101
3102         s->packet_length=0;
3103         s->s3->renegotiate=0;
3104         s->s3->total_renegotiations=0;
3105         s->s3->num_renegotiations=0;
3106         s->s3->in_read_app_data=0;
3107         s->version=SSL3_VERSION;
3108
3109 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3110         if (s->next_proto_negotiated)
3111                 {
3112                 OPENSSL_free(s->next_proto_negotiated);
3113                 s->next_proto_negotiated = NULL;
3114                 s->next_proto_negotiated_len = 0;
3115                 }
3116 #endif
3117         }
3118
3119 #ifndef OPENSSL_NO_SRP
3120 static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3121         {
3122         return BUF_strdup(s->srp_ctx.info) ;
3123         }
3124 #endif
3125
3126 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
3127
3128 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3129         {
3130         int ret=0;
3131
3132 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3133         if (
3134 #ifndef OPENSSL_NO_RSA
3135             cmd == SSL_CTRL_SET_TMP_RSA ||
3136             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3137 #endif
3138 #ifndef OPENSSL_NO_DSA
3139             cmd == SSL_CTRL_SET_TMP_DH ||
3140             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3141 #endif
3142                 0)
3143                 {
3144                 if (!ssl_cert_inst(&s->cert))
3145                         {
3146                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3147                         return(0);
3148                         }
3149                 }
3150 #endif
3151
3152         switch (cmd)
3153                 {
3154         case SSL_CTRL_GET_SESSION_REUSED:
3155                 ret=s->hit;
3156                 break;
3157         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3158                 break;
3159         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3160                 ret=s->s3->num_renegotiations;
3161                 break;
3162         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3163                 ret=s->s3->num_renegotiations;
3164                 s->s3->num_renegotiations=0;
3165                 break;
3166         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3167                 ret=s->s3->total_renegotiations;
3168                 break;
3169         case SSL_CTRL_GET_FLAGS:
3170                 ret=(int)(s->s3->flags);
3171                 break;
3172 #ifndef OPENSSL_NO_RSA
3173         case SSL_CTRL_NEED_TMP_RSA:
3174                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3175                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3176                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
3177                         ret = 1;
3178                 break;
3179         case SSL_CTRL_SET_TMP_RSA:
3180                 {
3181                         RSA *rsa = (RSA *)parg;
3182                         if (rsa == NULL)
3183                                 {
3184                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3185                                 return(ret);
3186                                 }
3187                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3188                                 {
3189                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3190                                 return(ret);
3191                                 }
3192                         if (s->cert->rsa_tmp != NULL)
3193                                 RSA_free(s->cert->rsa_tmp);
3194                         s->cert->rsa_tmp = rsa;
3195                         ret = 1;
3196                 }
3197                 break;
3198         case SSL_CTRL_SET_TMP_RSA_CB:
3199                 {
3200                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3201                 return(ret);
3202                 }
3203                 break;
3204 #endif
3205 #ifndef OPENSSL_NO_DH
3206         case SSL_CTRL_SET_TMP_DH:
3207                 {
3208                         DH *dh = (DH *)parg;
3209                         if (dh == NULL)
3210                                 {
3211                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3212                                 return(ret);
3213                                 }
3214                         if ((dh = DHparams_dup(dh)) == NULL)
3215                                 {
3216                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3217                                 return(ret);
3218                                 }
3219                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
3220                                 {
3221                                 if (!DH_generate_key(dh))
3222                                         {
3223                                         DH_free(dh);
3224                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3225                                         return(ret);
3226                                         }
3227                                 }
3228                         if (s->cert->dh_tmp != NULL)
3229                                 DH_free(s->cert->dh_tmp);
3230                         s->cert->dh_tmp = dh;
3231                         ret = 1;
3232                 }
3233                 break;
3234         case SSL_CTRL_SET_TMP_DH_CB:
3235                 {
3236                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3237                 return(ret);
3238                 }
3239                 break;
3240 #endif
3241 #ifndef OPENSSL_NO_ECDH
3242         case SSL_CTRL_SET_TMP_ECDH:
3243                 {
3244                 EC_KEY *ecdh = NULL;
3245                         
3246                 if (parg == NULL)
3247                         {
3248                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3249                         return(ret);
3250                         }
3251                 if (!EC_KEY_up_ref((EC_KEY *)parg))
3252                         {
3253                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3254                         return(ret);
3255                         }
3256                 ecdh = (EC_KEY *)parg;
3257                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
3258                         {
3259                         if (!EC_KEY_generate_key(ecdh))
3260                                 {
3261                                 EC_KEY_free(ecdh);
3262                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3263                                 return(ret);
3264                                 }
3265                         }
3266                 if (s->cert->ecdh_tmp != NULL)
3267                         EC_KEY_free(s->cert->ecdh_tmp);
3268                 s->cert->ecdh_tmp = ecdh;
3269                 ret = 1;
3270                 }
3271                 break;
3272         case SSL_CTRL_SET_TMP_ECDH_CB:
3273                 {
3274                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3275                 return(ret);
3276                 }
3277                 break;
3278 #endif /* !OPENSSL_NO_ECDH */
3279 #ifndef OPENSSL_NO_TLSEXT
3280         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3281                 if (larg == TLSEXT_NAMETYPE_host_name)
3282                         {
3283                         if (s->tlsext_hostname != NULL) 
3284                                 OPENSSL_free(s->tlsext_hostname);
3285                         s->tlsext_hostname = NULL;
3286
3287                         ret = 1;
3288                         if (parg == NULL) 
3289                                 break;
3290                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
3291                                 {
3292                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3293                                 return 0;
3294                                 }
3295                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
3296                                 {
3297                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3298                                 return 0;
3299                                 }
3300                         }
3301                 else
3302                         {
3303                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3304                         return 0;
3305                         }
3306                 break;
3307         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3308                 s->tlsext_debug_arg=parg;
3309                 ret = 1;
3310                 break;
3311
3312 #ifdef TLSEXT_TYPE_opaque_prf_input
3313         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3314                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3315                                    * (including the cert chain and everything) */
3316                         {
3317                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3318                         break;
3319                         }
3320                 if (s->tlsext_opaque_prf_input != NULL)
3321                         OPENSSL_free(s->tlsext_opaque_prf_input);
3322                 if ((size_t)larg == 0)
3323                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3324                 else
3325                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3326                 if (s->tlsext_opaque_prf_input != NULL)
3327                         {
3328                         s->tlsext_opaque_prf_input_len = (size_t)larg;
3329                         ret = 1;
3330                         }
3331                 else
3332                         s->tlsext_opaque_prf_input_len = 0;
3333                 break;
3334 #endif
3335
3336         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3337                 s->tlsext_status_type=larg;
3338                 ret = 1;
3339                 break;
3340
3341         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3342                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3343                 ret = 1;
3344                 break;
3345
3346         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3347                 s->tlsext_ocsp_exts = parg;
3348                 ret = 1;
3349                 break;
3350
3351         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3352                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3353                 ret = 1;
3354                 break;
3355
3356         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3357                 s->tlsext_ocsp_ids = parg;
3358                 ret = 1;
3359                 break;
3360
3361         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3362                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3363                 return s->tlsext_ocsp_resplen;
3364                 
3365         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3366                 if (s->tlsext_ocsp_resp)
3367                         OPENSSL_free(s->tlsext_ocsp_resp);
3368                 s->tlsext_ocsp_resp = parg;
3369                 s->tlsext_ocsp_resplen = larg;
3370                 ret = 1;
3371                 break;
3372
3373 #ifndef OPENSSL_NO_HEARTBEATS
3374         case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3375                 if (SSL_IS_DTLS(s))
3376                         ret = dtls1_heartbeat(s);
3377                 else
3378                         ret = tls1_heartbeat(s);
3379                 break;
3380
3381         case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3382                 ret = s->tlsext_hb_pending;
3383                 break;
3384
3385         case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3386                 if (larg)
3387                         s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3388                 else
3389                         s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3390                 ret = 1;
3391                 break;
3392 #endif
3393
3394 #endif /* !OPENSSL_NO_TLSEXT */
3395
3396         case SSL_CTRL_CHAIN:
3397                 if (larg)
3398                         return ssl_cert_set1_chain(s->cert,
3399                                                 (STACK_OF (X509) *)parg);
3400                 else
3401                         return ssl_cert_set0_chain(s->cert,
3402                                                 (STACK_OF (X509) *)parg);
3403
3404         case SSL_CTRL_CHAIN_CERT:
3405                 if (larg)
3406                         return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
3407                 else
3408                         return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
3409
3410         case SSL_CTRL_GET_CURVES:
3411                 {
3412                 unsigned char *clist;
3413                 size_t clistlen;
3414                 if (!s->session)
3415                         return 0;
3416                 clist = s->session->tlsext_ellipticcurvelist;
3417                 clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3418                 if (parg)
3419                         {
3420                         size_t i;
3421                         int *cptr = parg;
3422                         unsigned int cid, nid;
3423                         for (i = 0; i < clistlen; i++)
3424                                 {
3425                                 n2s(clist, cid);
3426                                 nid = tls1_ec_curve_id2nid(cid);
3427                                 if (nid != 0)
3428                                         cptr[i] = nid;
3429                                 else
3430                                         cptr[i] = TLSEXT_nid_unknown | cid;
3431                                 }
3432                         }
3433                 return (int)clistlen;
3434                 }
3435
3436         case SSL_CTRL_SET_CURVES:
3437                 return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3438                                         &s->tlsext_ellipticcurvelist_length,
3439                                                                 parg, larg);
3440
3441         case SSL_CTRL_SET_CURVES_LIST:
3442                 return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3443                                         &s->tlsext_ellipticcurvelist_length,
3444                                                                 parg);
3445
3446         case SSL_CTRL_GET_SHARED_CURVE:
3447                 return tls1_shared_curve(s, larg);
3448
3449         case SSL_CTRL_SET_ECDH_AUTO:
3450                 s->cert->ecdh_tmp_auto = larg;
3451                 break;
3452
3453         case SSL_CTRL_SET_SIGALGS:
3454                 return tls1_set_sigalgs(s->cert, parg, larg, 0);
3455
3456         case SSL_CTRL_SET_SIGALGS_LIST:
3457                 return tls1_set_sigalgs_list(s->cert, parg, 0);
3458
3459         case SSL_CTRL_SET_CLIENT_SIGALGS:
3460                 return tls1_set_sigalgs(s->cert, parg, larg, 1);
3461
3462         case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3463                 return tls1_set_sigalgs_list(s->cert, parg, 1);
3464
3465         case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3466                 {
3467                 const unsigned char **pctype = parg;
3468                 if (s->server || !s->s3->tmp.cert_req)
3469                         return 0;
3470                 if (s->cert->ctypes)
3471                         {
3472                         if (pctype)
3473                                 *pctype = s->cert->ctypes;
3474                         return (int)s->cert->ctype_num;
3475                         }
3476                 if (pctype)
3477                         *pctype = (unsigned char *)s->s3->tmp.ctype;
3478                 return s->s3->tmp.ctype_num;
3479                 }
3480
3481         case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3482                 if (!s->server)
3483                         return 0;
3484                 return ssl3_set_req_cert_type(s->cert, parg, larg);
3485
3486         case SSL_CTRL_BUILD_CERT_CHAIN:
3487                 return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
3488
3489         case SSL_CTRL_SET_VERIFY_CERT_STORE:
3490                 return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3491
3492         case SSL_CTRL_SET_CHAIN_CERT_STORE:
3493                 return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3494
3495         case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3496                 if (SSL_USE_SIGALGS(s))
3497                         {
3498                         if (s->session && s->session->sess_cert)
3499                                 {
3500                                 const EVP_MD *sig;
3501                                 sig = s->session->sess_cert->peer_key->digest;
3502                                 if (sig)
3503                                         {
3504                                         *(int *)parg = EVP_MD_type(sig);
3505                                         return 1;
3506                                         }
3507                                 }
3508                         return 0;
3509                         }
3510                 /* Might want to do something here for other versions */
3511                 else
3512                         return 0;
3513
3514         case SSL_CTRL_GET_SERVER_TMP_KEY:
3515                 if (s->server || !s->session || !s->session->sess_cert)
3516                         return 0;
3517                 else
3518                         {
3519                         SESS_CERT *sc;
3520                         EVP_PKEY *ptmp;
3521                         int rv = 0;
3522                         sc = s->session->sess_cert;
3523                         if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
3524                                                         && !sc->peer_ecdh_tmp)
3525                                 return 0;
3526                         ptmp = EVP_PKEY_new();
3527                         if (!ptmp)
3528                                 return 0;
3529                         if (0);
3530 #ifndef OPENSSL_NO_RSA
3531                         else if (sc->peer_rsa_tmp)
3532                                 rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
3533 #endif
3534 #ifndef OPENSSL_NO_DH
3535                         else if (sc->peer_dh_tmp)
3536                                 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
3537 #endif
3538 #ifndef OPENSSL_NO_ECDH
3539                         else if (sc->peer_ecdh_tmp)
3540                                 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
3541 #endif
3542                         if (rv)
3543                                 {
3544                                 *(EVP_PKEY **)parg = ptmp;
3545                                 return 1;
3546                                 }
3547                         EVP_PKEY_free(ptmp);
3548                         return 0;
3549                         }
3550
3551         case SSL_CTRL_GET_EC_POINT_FORMATS:
3552                 {
3553                 SSL_SESSION *sess = s->session;
3554                 const unsigned char **pformat = parg;
3555                 if (!sess || !sess->tlsext_ecpointformatlist)
3556                         return 0;
3557                 *pformat = sess->tlsext_ecpointformatlist;
3558                 return (int)sess->tlsext_ecpointformatlist_length;
3559                 }
3560
3561         default:
3562                 break;
3563                 }
3564         return(ret);
3565         }
3566
3567 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3568         {
3569         int ret=0;
3570
3571 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3572         if (
3573 #ifndef OPENSSL_NO_RSA
3574             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3575 #endif
3576 #ifndef OPENSSL_NO_DSA
3577             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3578 #endif
3579                 0)
3580                 {
3581                 if (!ssl_cert_inst(&s->cert))
3582                         {
3583                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3584                         return(0);
3585                         }
3586                 }
3587 #endif
3588
3589         switch (cmd)
3590                 {
3591 #ifndef OPENSSL_NO_RSA
3592         case SSL_CTRL_SET_TMP_RSA_CB:
3593                 {
3594                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3595                 }
3596                 break;
3597 #endif
3598 #ifndef OPENSSL_NO_DH
3599         case SSL_CTRL_SET_TMP_DH_CB:
3600                 {
3601                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3602                 }
3603                 break;
3604 #endif
3605 #ifndef OPENSSL_NO_ECDH
3606         case SSL_CTRL_SET_TMP_ECDH_CB:
3607                 {
3608                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3609                 }
3610                 break;
3611 #endif
3612 #ifndef OPENSSL_NO_TLSEXT
3613         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3614                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3615                                         unsigned char *, int, void *))fp;
3616                 break;
3617 #endif
3618         case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3619                 {
3620                 s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3621                 }
3622                 break;
3623         default:
3624                 break;
3625                 }
3626         return(ret);
3627         }
3628
3629 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3630         {
3631         CERT *cert;
3632
3633         cert=ctx->cert;
3634
3635         switch (cmd)
3636                 {
3637 #ifndef OPENSSL_NO_RSA
3638         case SSL_CTRL_NEED_TMP_RSA:
3639                 if (    (cert->rsa_tmp == NULL) &&
3640                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3641                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3642                         )
3643                         return(1);
3644                 else
3645                         return(0);
3646                 /* break; */
3647         case SSL_CTRL_SET_TMP_RSA:
3648                 {
3649                 RSA *rsa;
3650                 int i;
3651
3652                 rsa=(RSA *)parg;
3653                 i=1;
3654                 if (rsa == NULL)
3655                         i=0;
3656                 else
3657                         {
3658                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3659                                 i=0;
3660                         }
3661                 if (!i)
3662                         {
3663                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
3664                         return(0);
3665                         }
3666                 else
3667                         {
3668                         if (cert->rsa_tmp != NULL)
3669                                 RSA_free(cert->rsa_tmp);
3670                         cert->rsa_tmp=rsa;
3671                         return(1);
3672                         }
3673                 }
3674                 /* break; */
3675         case SSL_CTRL_SET_TMP_RSA_CB:
3676                 {
3677                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3678                 return(0);
3679                 }
3680                 break;
3681 #endif
3682 #ifndef OPENSSL_NO_DH
3683         case SSL_CTRL_SET_TMP_DH:
3684                 {
3685                 DH *new=NULL,*dh;
3686
3687                 dh=(DH *)parg;
3688                 if ((new=DHparams_dup(dh)) == NULL)
3689                         {
3690                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3691                         return 0;
3692                         }
3693                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3694                         {
3695                         if (!DH_generate_key(new))
3696                                 {
3697                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3698                                 DH_free(new);
3699                                 return 0;
3700                                 }
3701                         }
3702                 if (cert->dh_tmp != NULL)
3703                         DH_free(cert->dh_tmp);
3704                 cert->dh_tmp=new;
3705                 return 1;
3706                 }
3707                 /*break; */
3708         case SSL_CTRL_SET_TMP_DH_CB:
3709                 {
3710                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3711                 return(0);
3712                 }
3713                 break;
3714 #endif
3715 #ifndef OPENSSL_NO_ECDH
3716         case SSL_CTRL_SET_TMP_ECDH:
3717                 {
3718                 EC_KEY *ecdh = NULL;
3719                         
3720                 if (parg == NULL)
3721                         {
3722                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3723                         return 0;
3724                         }
3725                 ecdh = EC_KEY_dup((EC_KEY *)parg);
3726                 if (ecdh == NULL)
3727                         {
3728                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3729                         return 0;
3730                         }
3731                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3732                         {
3733                         if (!EC_KEY_generate_key(ecdh))
3734                                 {
3735                                 EC_KEY_free(ecdh);
3736                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3737                                 return 0;
3738                                 }
3739                         }
3740
3741                 if (cert->ecdh_tmp != NULL)
3742                         {
3743                         EC_KEY_free(cert->ecdh_tmp);
3744                         }
3745                 cert->ecdh_tmp = ecdh;
3746                 return 1;
3747                 }
3748                 /* break; */
3749         case SSL_CTRL_SET_TMP_ECDH_CB:
3750                 {
3751                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3752                 return(0);
3753                 }
3754                 break;
3755 #endif /* !OPENSSL_NO_ECDH */
3756 #ifndef OPENSSL_NO_TLSEXT
3757         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3758                 ctx->tlsext_servername_arg=parg;
3759                 break;
3760         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3761         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3762                 {
3763                 unsigned char *keys = parg;
3764                 if (!keys)
3765                         return 48;
3766                 if (larg != 48)
3767                         {
3768                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3769                         return 0;
3770                         }
3771                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3772                         {
3773                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
3774                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3775                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3776                         }
3777                 else
3778                         {
3779                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
3780                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3781                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3782                         }
3783                 return 1;
3784                 }
3785
3786 #ifdef TLSEXT_TYPE_opaque_prf_input
3787         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3788                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
3789                 return 1;
3790 #endif
3791
3792         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3793                 ctx->tlsext_status_arg=parg;
3794                 return 1;
3795                 break;
3796
3797 #ifndef OPENSSL_NO_SRP
3798         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3799                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3800                 if (ctx->srp_ctx.login != NULL)
3801                         OPENSSL_free(ctx->srp_ctx.login);
3802                 ctx->srp_ctx.login = NULL;
3803                 if (parg == NULL)
3804                         break;
3805                 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
3806                         {
3807                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3808                         return 0;
3809                         } 
3810                 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3811                         {
3812                         SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3813                         return 0;
3814                         }
3815                 break;
3816         case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3817                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3818                 ctx->srp_ctx.info=parg;
3819                 break;
3820         case SSL_CTRL_SET_SRP_ARG:
3821                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3822                 ctx->srp_ctx.SRP_cb_arg=parg;
3823                 break;
3824
3825         case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3826                 ctx->srp_ctx.strength=larg;
3827                 break;
3828 #endif
3829
3830         case SSL_CTRL_SET_CURVES:
3831                 return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3832                                         &ctx->tlsext_ellipticcurvelist_length,
3833                                                                 parg, larg);
3834
3835         case SSL_CTRL_SET_CURVES_LIST:
3836                 return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3837                                         &ctx->tlsext_ellipticcurvelist_length,
3838                                                                 parg);
3839         case SSL_CTRL_SET_ECDH_AUTO:
3840                 ctx->cert->ecdh_tmp_auto = larg;
3841                 break;
3842
3843         case SSL_CTRL_SET_SIGALGS:
3844                 return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3845
3846         case SSL_CTRL_SET_SIGALGS_LIST:
3847                 return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3848
3849         case SSL_CTRL_SET_CLIENT_SIGALGS:
3850                 return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3851
3852         case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3853                 return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3854
3855         case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3856                 return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3857
3858         case SSL_CTRL_BUILD_CERT_CHAIN:
3859                 return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
3860
3861         case SSL_CTRL_SET_VERIFY_CERT_STORE:
3862                 return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3863
3864         case SSL_CTRL_SET_CHAIN_CERT_STORE:
3865                 return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3866
3867         case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
3868                 ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
3869                 break;
3870
3871 #endif /* !OPENSSL_NO_TLSEXT */
3872
3873         /* A Thawte special :-) */
3874         case SSL_CTRL_EXTRA_CHAIN_CERT:
3875                 if (ctx->extra_certs == NULL)
3876                         {
3877                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3878                                 return(0);
3879                         }
3880                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3881                 break;
3882
3883         case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3884                 *(STACK_OF(X509) **)parg =  ctx->extra_certs;
3885                 break;
3886
3887         case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3888                 if (ctx->extra_certs)
3889                         {
3890                         sk_X509_pop_free(ctx->extra_certs, X509_free);
3891                         ctx->extra_certs = NULL;
3892                         }
3893                 break;
3894
3895         case SSL_CTRL_CHAIN:
3896                 if (larg)
3897                         return ssl_cert_set1_chain(ctx->cert,
3898                                                 (STACK_OF (X509) *)parg);
3899                 else
3900                         return ssl_cert_set0_chain(ctx->cert,
3901                                                 (STACK_OF (X509) *)parg);
3902
3903         case SSL_CTRL_CHAIN_CERT:
3904                 if (larg)
3905                         return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
3906                 else
3907                         return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
3908
3909         default:
3910                 return(0);
3911                 }
3912         return(1);
3913         }
3914
3915 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3916         {
3917         CERT *cert;
3918
3919         cert=ctx->cert;
3920
3921         switch (cmd)
3922                 {
3923 #ifndef OPENSSL_NO_RSA
3924         case SSL_CTRL_SET_TMP_RSA_CB:
3925                 {
3926                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3927                 }
3928                 break;
3929 #endif
3930 #ifndef OPENSSL_NO_DH
3931         case SSL_CTRL_SET_TMP_DH_CB:
3932                 {
3933                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3934                 }
3935                 break;
3936 #endif
3937 #ifndef OPENSSL_NO_ECDH
3938         case SSL_CTRL_SET_TMP_ECDH_CB:
3939                 {
3940                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3941                 }
3942                 break;
3943 #endif
3944 #ifndef OPENSSL_NO_TLSEXT
3945         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3946                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3947                 break;
3948
3949 #ifdef TLSEXT_TYPE_opaque_prf_input
3950         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3951                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
3952                 break;
3953 #endif
3954
3955         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3956                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3957                 break;
3958
3959         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3960                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
3961                                                 unsigned char *,
3962                                                 EVP_CIPHER_CTX *,
3963                                                 HMAC_CTX *, int))fp;
3964                 break;
3965
3966 #ifndef OPENSSL_NO_SRP
3967         case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3968                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3969                 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3970                 break;
3971         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3972                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3973                 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3974                 break;
3975         case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3976                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3977                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3978                 break;
3979 #endif
3980
3981         case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB:
3982                 ctx->tlsext_authz_server_audit_proof_cb =
3983                         (int (*)(SSL *, void *))fp;
3984                 break;
3985
3986 #endif
3987         case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
3988                 {
3989                 ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
3990                 }
3991                 break;
3992         default:
3993                 return(0);
3994                 }
3995         return(1);
3996         }
3997
3998 /* This function needs to check if the ciphers required are actually
3999  * available */
4000 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4001         {
4002         SSL_CIPHER c;
4003         const SSL_CIPHER *cp;
4004         unsigned long id;
4005
4006         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
4007         c.id=id;
4008         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4009 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
4010 if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
4011 #endif
4012         return cp;
4013         }
4014
4015 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
4016         {
4017         long l;
4018
4019         if (p != NULL)
4020                 {
4021                 l=c->id;
4022                 if ((l & 0xff000000) != 0x03000000) return(0);
4023                 p[0]=((unsigned char)(l>> 8L))&0xFF;
4024                 p[1]=((unsigned char)(l     ))&0xFF;
4025                 }
4026         return(2);
4027         }
4028
4029 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4030              STACK_OF(SSL_CIPHER) *srvr)
4031         {
4032         SSL_CIPHER *c,*ret=NULL;
4033         STACK_OF(SSL_CIPHER) *prio, *allow;
4034         int i,ii,ok;
4035         CERT *cert;
4036         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
4037
4038         /* Let's see which ciphers we can support */
4039         cert=s->cert;
4040
4041 #if 0
4042         /* Do not set the compare functions, because this may lead to a
4043          * reordering by "id". We want to keep the original ordering.
4044          * We may pay a price in performance during sk_SSL_CIPHER_find(),
4045          * but would have to pay with the price of sk_SSL_CIPHER_dup().
4046          */
4047         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
4048         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
4049 #endif
4050
4051 #ifdef CIPHER_DEBUG
4052         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
4053         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
4054                 {
4055                 c=sk_SSL_CIPHER_value(srvr,i);
4056                 printf("%p:%s\n",(void *)c,c->name);
4057                 }
4058         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
4059         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
4060             {
4061             c=sk_SSL_CIPHER_value(clnt,i);
4062             printf("%p:%s\n",(void *)c,c->name);
4063             }
4064 #endif
4065
4066         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s))
4067                 {
4068                 prio = srvr;
4069                 allow = clnt;
4070                 }
4071         else
4072                 {
4073                 prio = clnt;
4074                 allow = srvr;
4075                 }
4076
4077         tls1_set_cert_validity(s);
4078
4079         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
4080                 {
4081                 c=sk_SSL_CIPHER_value(prio,i);
4082
4083                 /* Skip TLS v1.2 only ciphersuites if not supported */
4084                 if ((c->algorithm_ssl & SSL_TLSV1_2) && 
4085                         !SSL_USE_TLS1_2_CIPHERS(s))
4086                         continue;
4087
4088                 ssl_set_cert_masks(cert,c);
4089                 mask_k = cert->mask_k;
4090                 mask_a = cert->mask_a;
4091                 emask_k = cert->export_mask_k;
4092                 emask_a = cert->export_mask_a;
4093 #ifndef OPENSSL_NO_SRP
4094                 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
4095                 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
4096 #endif
4097                         
4098 #ifdef KSSL_DEBUG
4099 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
4100 #endif    /* KSSL_DEBUG */
4101
4102                 alg_k=c->algorithm_mkey;
4103                 alg_a=c->algorithm_auth;
4104
4105 #ifndef OPENSSL_NO_KRB5
4106                 if (alg_k & SSL_kKRB5)
4107                         {
4108                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
4109                             continue;
4110                         }
4111 #endif /* OPENSSL_NO_KRB5 */
4112 #ifndef OPENSSL_NO_PSK
4113                 /* with PSK there must be server callback set */
4114                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
4115                         continue;
4116 #endif /* OPENSSL_NO_PSK */
4117
4118                 if (SSL_C_IS_EXPORT(c))
4119                         {
4120                         ok = (alg_k & emask_k) && (alg_a & emask_a);
4121 #ifdef CIPHER_DEBUG
4122                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
4123                                (void *)c,c->name);
4124 #endif
4125                         }
4126                 else
4127                         {
4128                         ok = (alg_k & mask_k) && (alg_a & mask_a);
4129 #ifdef CIPHER_DEBUG
4130                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
4131                                c->name);
4132 #endif
4133                         }
4134
4135 #ifndef OPENSSL_NO_TLSEXT
4136 #ifndef OPENSSL_NO_EC
4137                 /* if we are considering an ECC cipher suite that uses
4138                  * an ephemeral EC key check it */
4139                 if (alg_k & SSL_kEECDH)
4140                         ok = ok && tls1_check_ec_tmp_key(s, c->id);
4141 #endif /* OPENSSL_NO_EC */
4142 #endif /* OPENSSL_NO_TLSEXT */
4143
4144                 if (!ok) continue;
4145                 ii=sk_SSL_CIPHER_find(allow,c);
4146                 if (ii >= 0)
4147                         {
4148                         ret=sk_SSL_CIPHER_value(allow,ii);
4149                         break;
4150                         }
4151                 }
4152         return(ret);
4153         }
4154
4155 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4156         {
4157         int ret=0;
4158         const unsigned char *sig;
4159         size_t i, siglen;
4160         int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0;
4161         int nostrict = 1;
4162         unsigned long alg_k;
4163
4164         /* If we have custom certificate types set, use them */
4165         if (s->cert->ctypes)
4166                 {
4167                 memcpy(p, s->cert->ctypes, s->cert->ctype_num);
4168                 return (int)s->cert->ctype_num;
4169                 }
4170         /* get configured sigalgs */
4171         siglen = tls12_get_psigalgs(s, &sig);
4172         if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
4173                 nostrict = 0;
4174         for (i = 0; i < siglen; i+=2, sig+=2)
4175                 {
4176                 switch(sig[1])
4177                         {
4178                 case TLSEXT_signature_rsa:
4179                         have_rsa_sign = 1;
4180                         break;
4181
4182                 case TLSEXT_signature_dsa:
4183                         have_dsa_sign = 1;
4184                         break;
4185
4186                 case TLSEXT_signature_ecdsa:
4187                         have_ecdsa_sign = 1;
4188                         break;
4189                         }
4190                 }
4191
4192         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4193
4194 #ifndef OPENSSL_NO_GOST
4195         if (s->version >= TLS1_VERSION)
4196                 {
4197                 if (alg_k & SSL_kGOST)
4198                         {
4199                         p[ret++]=TLS_CT_GOST94_SIGN;
4200                         p[ret++]=TLS_CT_GOST01_SIGN;
4201                         return(ret);
4202                         }
4203                 }
4204 #endif
4205
4206 #ifndef OPENSSL_NO_DH
4207         if (alg_k & (SSL_kDHr|SSL_kEDH))
4208                 {
4209 #  ifndef OPENSSL_NO_RSA
4210                 /* Since this refers to a certificate signed with an RSA
4211                  * algorithm, only check for rsa signing in strict mode.
4212                  */
4213                 if (nostrict || have_rsa_sign)
4214                         p[ret++]=SSL3_CT_RSA_FIXED_DH;
4215 #  endif
4216 #  ifndef OPENSSL_NO_DSA
4217                 if (nostrict || have_dsa_sign)
4218                         p[ret++]=SSL3_CT_DSS_FIXED_DH;
4219 #  endif
4220                 }
4221         if ((s->version == SSL3_VERSION) &&
4222                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
4223                 {
4224 #  ifndef OPENSSL_NO_RSA
4225                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
4226 #  endif
4227 #  ifndef OPENSSL_NO_DSA
4228                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
4229 #  endif
4230                 }
4231 #endif /* !OPENSSL_NO_DH */
4232 #ifndef OPENSSL_NO_RSA
4233         if (have_rsa_sign)
4234                 p[ret++]=SSL3_CT_RSA_SIGN;
4235 #endif
4236 #ifndef OPENSSL_NO_DSA
4237         if (have_dsa_sign)
4238                 p[ret++]=SSL3_CT_DSS_SIGN;
4239 #endif
4240 #ifndef OPENSSL_NO_ECDH
4241         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
4242                 {
4243                 if (nostrict || have_rsa_sign)
4244                         p[ret++]=TLS_CT_RSA_FIXED_ECDH;
4245                 if (nostrict || have_ecdsa_sign)
4246                         p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
4247                 }
4248 #endif
4249
4250 #ifndef OPENSSL_NO_ECDSA
4251         /* ECDSA certs can be used with RSA cipher suites as well 
4252          * so we don't need to check for SSL_kECDH or SSL_kEECDH
4253          */
4254         if (s->version >= TLS1_VERSION)
4255                 {
4256                 if (have_ecdsa_sign)
4257                         p[ret++]=TLS_CT_ECDSA_SIGN;
4258                 }
4259 #endif  
4260         return(ret);
4261         }
4262
4263 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4264         {
4265         if (c->ctypes)
4266                 {
4267                 OPENSSL_free(c->ctypes);
4268                 c->ctypes = NULL;
4269                 }
4270         if (!p || !len)
4271                 return 1;
4272         if (len > 0xff)
4273                 return 0;
4274         c->ctypes = OPENSSL_malloc(len);
4275         if (!c->ctypes)
4276                 return 0;
4277         memcpy(c->ctypes, p, len);
4278         c->ctype_num = len;
4279         return 1;
4280         }
4281
4282 int ssl3_shutdown(SSL *s)
4283         {
4284         int ret;
4285
4286         /* Don't do anything much if we have not done the handshake or
4287          * we don't want to send messages :-) */
4288         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
4289                 {
4290                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4291                 return(1);
4292                 }
4293
4294         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
4295                 {
4296                 s->shutdown|=SSL_SENT_SHUTDOWN;
4297 #if 1
4298                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
4299 #endif
4300                 /* our shutdown alert has been sent now, and if it still needs
4301                  * to be written, s->s3->alert_dispatch will be true */
4302                 if (s->s3->alert_dispatch)
4303                         return(-1);     /* return WANT_WRITE */
4304                 }
4305         else if (s->s3->alert_dispatch)
4306                 {
4307                 /* resend it if not sent */
4308 #if 1
4309                 ret=s->method->ssl_dispatch_alert(s);
4310                 if(ret == -1)
4311                         {
4312                         /* we only get to return -1 here the 2nd/Nth
4313                          * invocation, we must  have already signalled
4314                          * return 0 upon a previous invoation,
4315                          * return WANT_WRITE */
4316                         return(ret);
4317                         }
4318 #endif
4319                 }
4320         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4321                 {
4322                 /* If we are waiting for a close from our peer, we are closed */
4323                 s->method->ssl_read_bytes(s,0,NULL,0,0);
4324                 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4325                         {
4326                         return(-1);     /* return WANT_READ */
4327                         }
4328                 }
4329
4330         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4331                 !s->s3->alert_dispatch)
4332                 return(1);
4333         else
4334                 return(0);
4335         }
4336
4337 int ssl3_write(SSL *s, const void *buf, int len)
4338         {
4339         int ret,n;
4340
4341 #if 0
4342         if (s->shutdown & SSL_SEND_SHUTDOWN)
4343                 {
4344                 s->rwstate=SSL_NOTHING;
4345                 return(0);
4346                 }
4347 #endif
4348         clear_sys_error();
4349         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4350
4351         /* This is an experimental flag that sends the
4352          * last handshake message in the same packet as the first
4353          * use data - used to see if it helps the TCP protocol during
4354          * session-id reuse */
4355         /* The second test is because the buffer may have been removed */
4356         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
4357                 {
4358                 /* First time through, we write into the buffer */
4359                 if (s->s3->delay_buf_pop_ret == 0)
4360                         {
4361