Add SRP.
[openssl.git] / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663         {
664         1,
665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
666         SSL3_CK_KRB5_DES_64_CBC_SHA,
667         SSL_kKRB5,
668         SSL_aKRB5,
669         SSL_DES,
670         SSL_SHA1,
671         SSL_SSLV3,
672         SSL_NOT_EXP|SSL_LOW,
673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674         56,
675         56,
676         },
677
678 /* Cipher 1F */
679         {
680         1,
681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
683         SSL_kKRB5,
684         SSL_aKRB5,
685         SSL_3DES,
686         SSL_SHA1,
687         SSL_SSLV3,
688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690         168,
691         168,
692         },
693
694 /* Cipher 20 */
695         {
696         1,
697         SSL3_TXT_KRB5_RC4_128_SHA,
698         SSL3_CK_KRB5_RC4_128_SHA,
699         SSL_kKRB5,
700         SSL_aKRB5,
701         SSL_RC4,
702         SSL_SHA1,
703         SSL_SSLV3,
704         SSL_NOT_EXP|SSL_MEDIUM,
705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706         128,
707         128,
708         },
709
710 /* Cipher 21 */
711         {
712         1,
713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715         SSL_kKRB5,
716         SSL_aKRB5,
717         SSL_IDEA,
718         SSL_SHA1,
719         SSL_SSLV3,
720         SSL_NOT_EXP|SSL_MEDIUM,
721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722         128,
723         128,
724         },
725
726 /* Cipher 22 */
727         {
728         1,
729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
730         SSL3_CK_KRB5_DES_64_CBC_MD5,
731         SSL_kKRB5,
732         SSL_aKRB5,
733         SSL_DES,
734         SSL_MD5,
735         SSL_SSLV3,
736         SSL_NOT_EXP|SSL_LOW,
737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738         56,
739         56,
740         },
741
742 /* Cipher 23 */
743         {
744         1,
745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
747         SSL_kKRB5,
748         SSL_aKRB5,
749         SSL_3DES,
750         SSL_MD5,
751         SSL_SSLV3,
752         SSL_NOT_EXP|SSL_HIGH,
753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754         168,
755         168,
756         },
757
758 /* Cipher 24 */
759         {
760         1,
761         SSL3_TXT_KRB5_RC4_128_MD5,
762         SSL3_CK_KRB5_RC4_128_MD5,
763         SSL_kKRB5,
764         SSL_aKRB5,
765         SSL_RC4,
766         SSL_MD5,
767         SSL_SSLV3,
768         SSL_NOT_EXP|SSL_MEDIUM,
769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770         128,
771         128,
772         },
773
774 /* Cipher 25 */
775         {
776         1,
777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779         SSL_kKRB5,
780         SSL_aKRB5,
781         SSL_IDEA,
782         SSL_MD5,
783         SSL_SSLV3,
784         SSL_NOT_EXP|SSL_MEDIUM,
785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786         128,
787         128,
788         },
789
790 /* Cipher 26 */
791         {
792         1,
793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
794         SSL3_CK_KRB5_DES_40_CBC_SHA,
795         SSL_kKRB5,
796         SSL_aKRB5,
797         SSL_DES,
798         SSL_SHA1,
799         SSL_SSLV3,
800         SSL_EXPORT|SSL_EXP40,
801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802         40,
803         56,
804         },
805
806 /* Cipher 27 */
807         {
808         1,
809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
811         SSL_kKRB5,
812         SSL_aKRB5,
813         SSL_RC2,
814         SSL_SHA1,
815         SSL_SSLV3,
816         SSL_EXPORT|SSL_EXP40,
817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818         40,
819         128,
820         },
821
822 /* Cipher 28 */
823         {
824         1,
825         SSL3_TXT_KRB5_RC4_40_SHA,
826         SSL3_CK_KRB5_RC4_40_SHA,
827         SSL_kKRB5,
828         SSL_aKRB5,
829         SSL_RC4,
830         SSL_SHA1,
831         SSL_SSLV3,
832         SSL_EXPORT|SSL_EXP40,
833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834         40,
835         128,
836         },
837
838 /* Cipher 29 */
839         {
840         1,
841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
842         SSL3_CK_KRB5_DES_40_CBC_MD5,
843         SSL_kKRB5,
844         SSL_aKRB5,
845         SSL_DES,
846         SSL_MD5,
847         SSL_SSLV3,
848         SSL_EXPORT|SSL_EXP40,
849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850         40,
851         56,
852         },
853
854 /* Cipher 2A */
855         {
856         1,
857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
859         SSL_kKRB5,
860         SSL_aKRB5,
861         SSL_RC2,
862         SSL_MD5,
863         SSL_SSLV3,
864         SSL_EXPORT|SSL_EXP40,
865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866         40,
867         128,
868         },
869
870 /* Cipher 2B */
871         {
872         1,
873         SSL3_TXT_KRB5_RC4_40_MD5,
874         SSL3_CK_KRB5_RC4_40_MD5,
875         SSL_kKRB5,
876         SSL_aKRB5,
877         SSL_RC4,
878         SSL_MD5,
879         SSL_SSLV3,
880         SSL_EXPORT|SSL_EXP40,
881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882         40,
883         128,
884         },
885 #endif  /* OPENSSL_NO_KRB5 */
886
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889         {
890         1,
891         TLS1_TXT_RSA_WITH_AES_128_SHA,
892         TLS1_CK_RSA_WITH_AES_128_SHA,
893         SSL_kRSA,
894         SSL_aRSA,
895         SSL_AES128,
896         SSL_SHA1,
897         SSL_TLSV1,
898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900         128,
901         128,
902         },
903 /* Cipher 30 */
904         {
905         0,
906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908         SSL_kDHd,
909         SSL_aDH,
910         SSL_AES128,
911         SSL_SHA1,
912         SSL_TLSV1,
913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915         128,
916         128,
917         },
918 /* Cipher 31 */
919         {
920         0,
921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923         SSL_kDHr,
924         SSL_aDH,
925         SSL_AES128,
926         SSL_SHA1,
927         SSL_TLSV1,
928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930         128,
931         128,
932         },
933 /* Cipher 32 */
934         {
935         1,
936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938         SSL_kEDH,
939         SSL_aDSS,
940         SSL_AES128,
941         SSL_SHA1,
942         SSL_TLSV1,
943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945         128,
946         128,
947         },
948 /* Cipher 33 */
949         {
950         1,
951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953         SSL_kEDH,
954         SSL_aRSA,
955         SSL_AES128,
956         SSL_SHA1,
957         SSL_TLSV1,
958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960         128,
961         128,
962         },
963 /* Cipher 34 */
964         {
965         1,
966         TLS1_TXT_ADH_WITH_AES_128_SHA,
967         TLS1_CK_ADH_WITH_AES_128_SHA,
968         SSL_kEDH,
969         SSL_aNULL,
970         SSL_AES128,
971         SSL_SHA1,
972         SSL_TLSV1,
973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975         128,
976         128,
977         },
978
979 /* Cipher 35 */
980         {
981         1,
982         TLS1_TXT_RSA_WITH_AES_256_SHA,
983         TLS1_CK_RSA_WITH_AES_256_SHA,
984         SSL_kRSA,
985         SSL_aRSA,
986         SSL_AES256,
987         SSL_SHA1,
988         SSL_TLSV1,
989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991         256,
992         256,
993         },
994 /* Cipher 36 */
995         {
996         0,
997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073
1074 #ifndef OPENSSL_NO_CAMELLIA
1075         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076
1077         /* Cipher 41 */
1078         {
1079         1,
1080         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082         SSL_kRSA,
1083         SSL_aRSA,
1084         SSL_CAMELLIA128,
1085         SSL_SHA1,
1086         SSL_TLSV1,
1087         SSL_NOT_EXP|SSL_HIGH,
1088         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089         128,
1090         128,
1091         },
1092
1093         /* Cipher 42 */
1094         {
1095         0, /* not implemented (non-ephemeral DH) */
1096         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098         SSL_kDHd,
1099         SSL_aDH,
1100         SSL_CAMELLIA128,
1101         SSL_SHA1,
1102         SSL_TLSV1,
1103         SSL_NOT_EXP|SSL_HIGH,
1104         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105         128,
1106         128,
1107         },
1108
1109         /* Cipher 43 */
1110         {
1111         0, /* not implemented (non-ephemeral DH) */
1112         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114         SSL_kDHr,
1115         SSL_aDH,
1116         SSL_CAMELLIA128,
1117         SSL_SHA1,
1118         SSL_TLSV1,
1119         SSL_NOT_EXP|SSL_HIGH,
1120         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121         128,
1122         128,
1123         },
1124
1125         /* Cipher 44 */
1126         {
1127         1,
1128         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130         SSL_kEDH,
1131         SSL_aDSS,
1132         SSL_CAMELLIA128,
1133         SSL_SHA1,
1134         SSL_TLSV1,
1135         SSL_NOT_EXP|SSL_HIGH,
1136         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137         128,
1138         128,
1139         },
1140
1141         /* Cipher 45 */
1142         {
1143         1,
1144         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146         SSL_kEDH,
1147         SSL_aRSA,
1148         SSL_CAMELLIA128,
1149         SSL_SHA1,
1150         SSL_TLSV1,
1151         SSL_NOT_EXP|SSL_HIGH,
1152         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153         128,
1154         128,
1155         },
1156
1157         /* Cipher 46 */
1158         {
1159         1,
1160         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162         SSL_kEDH,
1163         SSL_aNULL,
1164         SSL_CAMELLIA128,
1165         SSL_SHA1,
1166         SSL_TLSV1,
1167         SSL_NOT_EXP|SSL_HIGH,
1168         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169         128,
1170         128,
1171         },
1172 #endif /* OPENSSL_NO_CAMELLIA */
1173
1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175         /* New TLS Export CipherSuites from expired ID */
1176 #if 0
1177         /* Cipher 60 */
1178         {
1179         1,
1180         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182         SSL_kRSA,
1183         SSL_aRSA,
1184         SSL_RC4,
1185         SSL_MD5,
1186         SSL_TLSV1,
1187         SSL_EXPORT|SSL_EXP56,
1188         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189         56,
1190         128,
1191         },
1192
1193         /* Cipher 61 */
1194         {
1195         1,
1196         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198         SSL_kRSA,
1199         SSL_aRSA,
1200         SSL_RC2,
1201         SSL_MD5,
1202         SSL_TLSV1,
1203         SSL_EXPORT|SSL_EXP56,
1204         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205         56,
1206         128,
1207         },
1208 #endif
1209
1210         /* Cipher 62 */
1211         {
1212         1,
1213         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215         SSL_kRSA,
1216         SSL_aRSA,
1217         SSL_DES,
1218         SSL_SHA1,
1219         SSL_TLSV1,
1220         SSL_EXPORT|SSL_EXP56,
1221         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222         56,
1223         56,
1224         },
1225
1226         /* Cipher 63 */
1227         {
1228         1,
1229         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231         SSL_kEDH,
1232         SSL_aDSS,
1233         SSL_DES,
1234         SSL_SHA1,
1235         SSL_TLSV1,
1236         SSL_EXPORT|SSL_EXP56,
1237         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238         56,
1239         56,
1240         },
1241
1242         /* Cipher 64 */
1243         {
1244         1,
1245         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247         SSL_kRSA,
1248         SSL_aRSA,
1249         SSL_RC4,
1250         SSL_SHA1,
1251         SSL_TLSV1,
1252         SSL_EXPORT|SSL_EXP56,
1253         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254         56,
1255         128,
1256         },
1257
1258         /* Cipher 65 */
1259         {
1260         1,
1261         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263         SSL_kEDH,
1264         SSL_aDSS,
1265         SSL_RC4,
1266         SSL_SHA1,
1267         SSL_TLSV1,
1268         SSL_EXPORT|SSL_EXP56,
1269         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270         56,
1271         128,
1272         },
1273
1274         /* Cipher 66 */
1275         {
1276         1,
1277         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279         SSL_kEDH,
1280         SSL_aDSS,
1281         SSL_RC4,
1282         SSL_SHA1,
1283         SSL_TLSV1,
1284         SSL_NOT_EXP|SSL_MEDIUM,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         128,
1287         128,
1288         },
1289 #endif
1290         {
1291         1,
1292         "GOST94-GOST89-GOST89",
1293         0x3000080,
1294         SSL_kGOST,
1295         SSL_aGOST94,
1296         SSL_eGOST2814789CNT,
1297         SSL_GOST89MAC,
1298         SSL_TLSV1,
1299         SSL_NOT_EXP|SSL_HIGH,
1300         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301         256,
1302         256
1303         },
1304         {
1305         1,
1306         "GOST2001-GOST89-GOST89",
1307         0x3000081,
1308         SSL_kGOST,
1309         SSL_aGOST01,
1310         SSL_eGOST2814789CNT,
1311         SSL_GOST89MAC,
1312         SSL_TLSV1,
1313         SSL_NOT_EXP|SSL_HIGH,
1314         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315         256,
1316         256
1317         },
1318         {
1319         1,
1320         "GOST94-NULL-GOST94",
1321         0x3000082,
1322         SSL_kGOST,
1323         SSL_aGOST94,
1324         SSL_eNULL,
1325         SSL_GOST94,
1326         SSL_TLSV1,
1327         SSL_NOT_EXP|SSL_STRONG_NONE,
1328         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329         0,
1330         0
1331         },
1332         {
1333         1,
1334         "GOST2001-NULL-GOST94",
1335         0x3000083,
1336         SSL_kGOST,
1337         SSL_aGOST01,
1338         SSL_eNULL,
1339         SSL_GOST94,
1340         SSL_TLSV1,
1341         SSL_NOT_EXP|SSL_STRONG_NONE,
1342         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343         0,
1344         0
1345         },
1346
1347 #ifndef OPENSSL_NO_CAMELLIA
1348         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349
1350         /* Cipher 84 */
1351         {
1352         1,
1353         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355         SSL_kRSA,
1356         SSL_aRSA,
1357         SSL_CAMELLIA256,
1358         SSL_SHA1,
1359         SSL_TLSV1,
1360         SSL_NOT_EXP|SSL_HIGH,
1361         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362         256,
1363         256,
1364         },
1365         /* Cipher 85 */
1366         {
1367         0, /* not implemented (non-ephemeral DH) */
1368         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370         SSL_kDHd,
1371         SSL_aDH,
1372         SSL_CAMELLIA256,
1373         SSL_SHA1,
1374         SSL_TLSV1,
1375         SSL_NOT_EXP|SSL_HIGH,
1376         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377         256,
1378         256,
1379         },
1380
1381         /* Cipher 86 */
1382         {
1383         0, /* not implemented (non-ephemeral DH) */
1384         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386         SSL_kDHr,
1387         SSL_aDH,
1388         SSL_CAMELLIA256,
1389         SSL_SHA1,
1390         SSL_TLSV1,
1391         SSL_NOT_EXP|SSL_HIGH,
1392         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393         256,
1394         256,
1395         },
1396
1397         /* Cipher 87 */
1398         {
1399         1,
1400         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402         SSL_kEDH,
1403         SSL_aDSS,
1404         SSL_CAMELLIA256,
1405         SSL_SHA1,
1406         SSL_TLSV1,
1407         SSL_NOT_EXP|SSL_HIGH,
1408         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409         256,
1410         256,
1411         },
1412
1413         /* Cipher 88 */
1414         {
1415         1,
1416         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418         SSL_kEDH,
1419         SSL_aRSA,
1420         SSL_CAMELLIA256,
1421         SSL_SHA1,
1422         SSL_TLSV1,
1423         SSL_NOT_EXP|SSL_HIGH,
1424         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425         256,
1426         256,
1427         },
1428
1429         /* Cipher 89 */
1430         {
1431         1,
1432         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434         SSL_kEDH,
1435         SSL_aNULL,
1436         SSL_CAMELLIA256,
1437         SSL_SHA1,
1438         SSL_TLSV1,
1439         SSL_NOT_EXP|SSL_HIGH,
1440         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441         256,
1442         256,
1443         },
1444 #endif /* OPENSSL_NO_CAMELLIA */
1445
1446 #ifndef OPENSSL_NO_PSK
1447         /* Cipher 8A */
1448         {
1449         1,
1450         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451         TLS1_CK_PSK_WITH_RC4_128_SHA,
1452         SSL_kPSK,
1453         SSL_aPSK,
1454         SSL_RC4,
1455         SSL_SHA1,
1456         SSL_TLSV1,
1457         SSL_NOT_EXP|SSL_MEDIUM,
1458         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459         128,
1460         128,
1461         },
1462
1463         /* Cipher 8B */
1464         {
1465         1,
1466         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468         SSL_kPSK,
1469         SSL_aPSK,
1470         SSL_3DES,
1471         SSL_SHA1,
1472         SSL_TLSV1,
1473         SSL_NOT_EXP|SSL_HIGH,
1474         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475         168,
1476         168,
1477         },
1478
1479         /* Cipher 8C */
1480         {
1481         1,
1482         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484         SSL_kPSK,
1485         SSL_aPSK,
1486         SSL_AES128,
1487         SSL_SHA1,
1488         SSL_TLSV1,
1489         SSL_NOT_EXP|SSL_HIGH,
1490         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491         128,
1492         128,
1493         },
1494
1495         /* Cipher 8D */
1496         {
1497         1,
1498         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500         SSL_kPSK,
1501         SSL_aPSK,
1502         SSL_AES256,
1503         SSL_SHA1,
1504         SSL_TLSV1,
1505         SSL_NOT_EXP|SSL_HIGH,
1506         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507         256,
1508         256,
1509         },
1510 #endif  /* OPENSSL_NO_PSK */
1511
1512 #ifndef OPENSSL_NO_SEED
1513         /* SEED ciphersuites from RFC4162 */
1514
1515         /* Cipher 96 */
1516         {
1517         1,
1518         TLS1_TXT_RSA_WITH_SEED_SHA,
1519         TLS1_CK_RSA_WITH_SEED_SHA,
1520         SSL_kRSA,
1521         SSL_aRSA,
1522         SSL_SEED,
1523         SSL_SHA1,
1524         SSL_TLSV1,
1525         SSL_NOT_EXP|SSL_MEDIUM,
1526         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527         128,
1528         128,
1529         },
1530
1531         /* Cipher 97 */
1532         {
1533         0, /* not implemented (non-ephemeral DH) */
1534         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536         SSL_kDHd,
1537         SSL_aDH,
1538         SSL_SEED,
1539         SSL_SHA1,
1540         SSL_TLSV1,
1541         SSL_NOT_EXP|SSL_MEDIUM,
1542         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543         128,
1544         128,
1545         },
1546
1547         /* Cipher 98 */
1548         {
1549         0, /* not implemented (non-ephemeral DH) */
1550         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552         SSL_kDHr,
1553         SSL_aDH,
1554         SSL_SEED,
1555         SSL_SHA1,
1556         SSL_TLSV1,
1557         SSL_NOT_EXP|SSL_MEDIUM,
1558         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559         128,
1560         128,
1561         },
1562
1563         /* Cipher 99 */
1564         {
1565         1,
1566         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568         SSL_kEDH,
1569         SSL_aDSS,
1570         SSL_SEED,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_MEDIUM,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         128,
1576         128,
1577         },
1578
1579         /* Cipher 9A */
1580         {
1581         1,
1582         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584         SSL_kEDH,
1585         SSL_aRSA,
1586         SSL_SEED,
1587         SSL_SHA1,
1588         SSL_TLSV1,
1589         SSL_NOT_EXP|SSL_MEDIUM,
1590         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591         128,
1592         128,
1593         },
1594
1595         /* Cipher 9B */
1596         {
1597         1,
1598         TLS1_TXT_ADH_WITH_SEED_SHA,
1599         TLS1_CK_ADH_WITH_SEED_SHA,
1600         SSL_kEDH,
1601         SSL_aNULL,
1602         SSL_SEED,
1603         SSL_SHA1,
1604         SSL_TLSV1,
1605         SSL_NOT_EXP|SSL_MEDIUM,
1606         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607         128,
1608         128,
1609         },
1610
1611 #endif /* OPENSSL_NO_SEED */
1612
1613 #ifndef OPENSSL_NO_ECDH
1614         /* Cipher C001 */
1615         {
1616         1,
1617         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619         SSL_kECDHe,
1620         SSL_aECDH,
1621         SSL_eNULL,
1622         SSL_SHA1,
1623         SSL_TLSV1,
1624         SSL_NOT_EXP|SSL_STRONG_NONE,
1625         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626         0,
1627         0,
1628         },
1629
1630         /* Cipher C002 */
1631         {
1632         1,
1633         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635         SSL_kECDHe,
1636         SSL_aECDH,
1637         SSL_RC4,
1638         SSL_SHA1,
1639         SSL_TLSV1,
1640         SSL_NOT_EXP|SSL_MEDIUM,
1641         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642         128,
1643         128,
1644         },
1645
1646         /* Cipher C003 */
1647         {
1648         1,
1649         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651         SSL_kECDHe,
1652         SSL_aECDH,
1653         SSL_3DES,
1654         SSL_SHA1,
1655         SSL_TLSV1,
1656         SSL_NOT_EXP|SSL_HIGH,
1657         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658         168,
1659         168,
1660         },
1661
1662         /* Cipher C004 */
1663         {
1664         1,
1665         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667         SSL_kECDHe,
1668         SSL_aECDH,
1669         SSL_AES128,
1670         SSL_SHA1,
1671         SSL_TLSV1,
1672         SSL_NOT_EXP|SSL_HIGH,
1673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674         128,
1675         128,
1676         },
1677
1678         /* Cipher C005 */
1679         {
1680         1,
1681         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683         SSL_kECDHe,
1684         SSL_aECDH,
1685         SSL_AES256,
1686         SSL_SHA1,
1687         SSL_TLSV1,
1688         SSL_NOT_EXP|SSL_HIGH,
1689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690         256,
1691         256,
1692         },
1693
1694         /* Cipher C006 */
1695         {
1696         1,
1697         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699         SSL_kEECDH,
1700         SSL_aECDSA,
1701         SSL_eNULL,
1702         SSL_SHA1,
1703         SSL_TLSV1,
1704         SSL_NOT_EXP|SSL_STRONG_NONE,
1705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706         0,
1707         0,
1708         },
1709
1710         /* Cipher C007 */
1711         {
1712         1,
1713         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715         SSL_kEECDH,
1716         SSL_aECDSA,
1717         SSL_RC4,
1718         SSL_SHA1,
1719         SSL_TLSV1,
1720         SSL_NOT_EXP|SSL_MEDIUM,
1721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722         128,
1723         128,
1724         },
1725
1726         /* Cipher C008 */
1727         {
1728         1,
1729         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731         SSL_kEECDH,
1732         SSL_aECDSA,
1733         SSL_3DES,
1734         SSL_SHA1,
1735         SSL_TLSV1,
1736         SSL_NOT_EXP|SSL_HIGH,
1737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738         168,
1739         168,
1740         },
1741
1742         /* Cipher C009 */
1743         {
1744         1,
1745         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747         SSL_kEECDH,
1748         SSL_aECDSA,
1749         SSL_AES128,
1750         SSL_SHA1,
1751         SSL_TLSV1,
1752         SSL_NOT_EXP|SSL_HIGH,
1753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754         128,
1755         128,
1756         },
1757
1758         /* Cipher C00A */
1759         {
1760         1,
1761         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763         SSL_kEECDH,
1764         SSL_aECDSA,
1765         SSL_AES256,
1766         SSL_SHA1,
1767         SSL_TLSV1,
1768         SSL_NOT_EXP|SSL_HIGH,
1769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770         256,
1771         256,
1772         },
1773
1774         /* Cipher C00B */
1775         {
1776         1,
1777         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779         SSL_kECDHr,
1780         SSL_aECDH,
1781         SSL_eNULL,
1782         SSL_SHA1,
1783         SSL_TLSV1,
1784         SSL_NOT_EXP|SSL_STRONG_NONE,
1785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786         0,
1787         0,
1788         },
1789
1790         /* Cipher C00C */
1791         {
1792         1,
1793         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795         SSL_kECDHr,
1796         SSL_aECDH,
1797         SSL_RC4,
1798         SSL_SHA1,
1799         SSL_TLSV1,
1800         SSL_NOT_EXP|SSL_MEDIUM,
1801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802         128,
1803         128,
1804         },
1805
1806         /* Cipher C00D */
1807         {
1808         1,
1809         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811         SSL_kECDHr,
1812         SSL_aECDH,
1813         SSL_3DES,
1814         SSL_SHA1,
1815         SSL_TLSV1,
1816         SSL_NOT_EXP|SSL_HIGH,
1817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818         168,
1819         168,
1820         },
1821
1822         /* Cipher C00E */
1823         {
1824         1,
1825         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827         SSL_kECDHr,
1828         SSL_aECDH,
1829         SSL_AES128,
1830         SSL_SHA1,
1831         SSL_TLSV1,
1832         SSL_NOT_EXP|SSL_HIGH,
1833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834         128,
1835         128,
1836         },
1837
1838         /* Cipher C00F */
1839         {
1840         1,
1841         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843         SSL_kECDHr,
1844         SSL_aECDH,
1845         SSL_AES256,
1846         SSL_SHA1,
1847         SSL_TLSV1,
1848         SSL_NOT_EXP|SSL_HIGH,
1849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850         256,
1851         256,
1852         },
1853
1854         /* Cipher C010 */
1855         {
1856         1,
1857         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859         SSL_kEECDH,
1860         SSL_aRSA,
1861         SSL_eNULL,
1862         SSL_SHA1,
1863         SSL_TLSV1,
1864         SSL_NOT_EXP|SSL_STRONG_NONE,
1865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866         0,
1867         0,
1868         },
1869
1870         /* Cipher C011 */
1871         {
1872         1,
1873         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875         SSL_kEECDH,
1876         SSL_aRSA,
1877         SSL_RC4,
1878         SSL_SHA1,
1879         SSL_TLSV1,
1880         SSL_NOT_EXP|SSL_MEDIUM,
1881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882         128,
1883         128,
1884         },
1885
1886         /* Cipher C012 */
1887         {
1888         1,
1889         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891         SSL_kEECDH,
1892         SSL_aRSA,
1893         SSL_3DES,
1894         SSL_SHA1,
1895         SSL_TLSV1,
1896         SSL_NOT_EXP|SSL_HIGH,
1897         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898         168,
1899         168,
1900         },
1901
1902         /* Cipher C013 */
1903         {
1904         1,
1905         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907         SSL_kEECDH,
1908         SSL_aRSA,
1909         SSL_AES128,
1910         SSL_SHA1,
1911         SSL_TLSV1,
1912         SSL_NOT_EXP|SSL_HIGH,
1913         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914         128,
1915         128,
1916         },
1917
1918         /* Cipher C014 */
1919         {
1920         1,
1921         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923         SSL_kEECDH,
1924         SSL_aRSA,
1925         SSL_AES256,
1926         SSL_SHA1,
1927         SSL_TLSV1,
1928         SSL_NOT_EXP|SSL_HIGH,
1929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930         256,
1931         256,
1932         },
1933
1934         /* Cipher C015 */
1935         {
1936         1,
1937         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939         SSL_kEECDH,
1940         SSL_aNULL,
1941         SSL_eNULL,
1942         SSL_SHA1,
1943         SSL_TLSV1,
1944         SSL_NOT_EXP|SSL_STRONG_NONE,
1945         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946         0,
1947         0,
1948         },
1949
1950         /* Cipher C016 */
1951         {
1952         1,
1953         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955         SSL_kEECDH,
1956         SSL_aNULL,
1957         SSL_RC4,
1958         SSL_SHA1,
1959         SSL_TLSV1,
1960         SSL_NOT_EXP|SSL_MEDIUM,
1961         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962         128,
1963         128,
1964         },
1965
1966         /* Cipher C017 */
1967         {
1968         1,
1969         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971         SSL_kEECDH,
1972         SSL_aNULL,
1973         SSL_3DES,
1974         SSL_SHA1,
1975         SSL_TLSV1,
1976         SSL_NOT_EXP|SSL_HIGH,
1977         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978         168,
1979         168,
1980         },
1981
1982         /* Cipher C018 */
1983         {
1984         1,
1985         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987         SSL_kEECDH,
1988         SSL_aNULL,
1989         SSL_AES128,
1990         SSL_SHA1,
1991         SSL_TLSV1,
1992         SSL_NOT_EXP|SSL_HIGH,
1993         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994         128,
1995         128,
1996         },
1997
1998         /* Cipher C019 */
1999         {
2000         1,
2001         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003         SSL_kEECDH,
2004         SSL_aNULL,
2005         SSL_AES256,
2006         SSL_SHA1,
2007         SSL_TLSV1,
2008         SSL_NOT_EXP|SSL_HIGH,
2009         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010         256,
2011         256,
2012         },
2013 #endif  /* OPENSSL_NO_ECDH */
2014
2015 #ifndef OPENSSL_NO_SRP
2016         /* Cipher C01A */
2017         {
2018         1,
2019         TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2020         TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2021         SSL_kSRP,
2022         SSL_aNULL,
2023         SSL_3DES,
2024         SSL_SHA1,
2025         SSL_TLSV1,
2026         SSL_NOT_EXP|SSL_HIGH,
2027         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028         168,
2029         168,
2030         },
2031
2032         /* Cipher C01B */
2033         {
2034         1,
2035         TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2036         TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2037         SSL_kSRP,
2038         SSL_aRSA,
2039         SSL_3DES,
2040         SSL_SHA1,
2041         SSL_TLSV1,
2042         SSL_NOT_EXP|SSL_HIGH,
2043         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2044         168,
2045         168,
2046         },
2047
2048         /* Cipher C01C */
2049         {
2050         1,
2051         TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2052         TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2053         SSL_kSRP,
2054         SSL_aDSS,
2055         SSL_3DES,
2056         SSL_SHA1,
2057         SSL_TLSV1,
2058         SSL_NOT_EXP|SSL_HIGH,
2059         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2060         168,
2061         168,
2062         },
2063
2064         /* Cipher C01D */
2065         {
2066         1,
2067         TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2068         TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2069         SSL_kSRP,
2070         SSL_aNULL,
2071         SSL_AES128,
2072         SSL_SHA1,
2073         SSL_TLSV1,
2074         SSL_NOT_EXP|SSL_HIGH,
2075         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2076         128,
2077         128,
2078         },
2079
2080         /* Cipher C01E */
2081         {
2082         1,
2083         TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2084         TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2085         SSL_kSRP,
2086         SSL_aRSA,
2087         SSL_AES128,
2088         SSL_SHA1,
2089         SSL_TLSV1,
2090         SSL_NOT_EXP|SSL_HIGH,
2091         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2092         128,
2093         128,
2094         },
2095
2096         /* Cipher C01F */
2097         {
2098         1,
2099         TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2100         TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2101         SSL_kSRP,
2102         SSL_aDSS,
2103         SSL_AES128,
2104         SSL_SHA1,
2105         SSL_TLSV1,
2106         SSL_NOT_EXP|SSL_HIGH,
2107         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2108         128,
2109         128,
2110         },
2111
2112         /* Cipher C020 */
2113         {
2114         1,
2115         TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2116         TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2117         SSL_kSRP,
2118         SSL_aNULL,
2119         SSL_AES256,
2120         SSL_SHA1,
2121         SSL_TLSV1,
2122         SSL_NOT_EXP|SSL_HIGH,
2123         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2124         256,
2125         256,
2126         },
2127
2128         /* Cipher C021 */
2129         {
2130         1,
2131         TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2132         TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2133         SSL_kSRP,
2134         SSL_aRSA,
2135         SSL_AES256,
2136         SSL_SHA1,
2137         SSL_TLSV1,
2138         SSL_NOT_EXP|SSL_HIGH,
2139         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2140         256,
2141         256,
2142         },
2143
2144         /* Cipher C022 */
2145         {
2146         1,
2147         TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2148         TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2149         SSL_kSRP,
2150         SSL_aDSS,
2151         SSL_AES256,
2152         SSL_SHA1,
2153         SSL_TLSV1,
2154         SSL_NOT_EXP|SSL_HIGH,
2155         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2156         256,
2157         256,
2158         },
2159 #endif  /* OPENSSL_NO_SRP */
2160
2161 #ifdef TEMP_GOST_TLS
2162 /* Cipher FF00 */
2163         {
2164         1,
2165         "GOST-MD5",
2166         0x0300ff00,
2167         SSL_kRSA,
2168         SSL_aRSA,
2169         SSL_eGOST2814789CNT,
2170         SSL_MD5,
2171         SSL_TLSV1,
2172         SSL_NOT_EXP|SSL_HIGH,
2173         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2174         256,
2175         256,
2176         },
2177         {
2178         1,
2179         "GOST-GOST94",
2180         0x0300ff01,
2181         SSL_kRSA,
2182         SSL_aRSA,
2183         SSL_eGOST2814789CNT,
2184         SSL_GOST94,
2185         SSL_TLSV1,
2186         SSL_NOT_EXP|SSL_HIGH,
2187         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2188         256,
2189         256
2190         },
2191         {
2192         1,
2193         "GOST-GOST89MAC",
2194         0x0300ff02,
2195         SSL_kRSA,
2196         SSL_aRSA,
2197         SSL_eGOST2814789CNT,
2198         SSL_GOST89MAC,
2199         SSL_TLSV1,
2200         SSL_NOT_EXP|SSL_HIGH,
2201         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2202         256,
2203         256
2204         },
2205         {
2206         1,
2207         "GOST-GOST89STREAM",
2208         0x0300ff03,
2209         SSL_kRSA,
2210         SSL_aRSA,
2211         SSL_eGOST2814789CNT,
2212         SSL_GOST89MAC,
2213         SSL_TLSV1,
2214         SSL_NOT_EXP|SSL_HIGH,
2215         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2216         256,
2217         256
2218         },
2219 #endif
2220
2221 /* end of list */
2222         };
2223
2224 SSL3_ENC_METHOD SSLv3_enc_data={
2225         ssl3_enc,
2226         n_ssl3_mac,
2227         ssl3_setup_key_block,
2228         ssl3_generate_master_secret,
2229         ssl3_change_cipher_state,
2230         ssl3_final_finish_mac,
2231         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2232         ssl3_cert_verify_mac,
2233         SSL3_MD_CLIENT_FINISHED_CONST,4,
2234         SSL3_MD_SERVER_FINISHED_CONST,4,
2235         ssl3_alert_code,
2236         };
2237
2238 long ssl3_default_timeout(void)
2239         {
2240         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2241          * is way too long for http, the cache would over fill */
2242         return(60*60*2);
2243         }
2244
2245 int ssl3_num_ciphers(void)
2246         {
2247         return(SSL3_NUM_CIPHERS);
2248         }
2249
2250 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2251         {
2252         if (u < SSL3_NUM_CIPHERS)
2253                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2254         else
2255                 return(NULL);
2256         }
2257
2258 int ssl3_pending(const SSL *s)
2259         {
2260         if (s->rstate == SSL_ST_READ_BODY)
2261                 return 0;
2262         
2263         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2264         }
2265
2266 int ssl3_new(SSL *s)
2267         {
2268         SSL3_STATE *s3;
2269
2270         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2271         memset(s3,0,sizeof *s3);
2272         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2273         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2274
2275         s->s3=s3;
2276
2277 #ifndef OPENSSL_NO_SRP
2278         SSL_SRP_CTX_init(s);
2279 #endif
2280         s->method->ssl_clear(s);
2281         return(1);
2282 err:
2283         return(0);
2284         }
2285
2286 void ssl3_free(SSL *s)
2287         {
2288         if(s == NULL)
2289             return;
2290
2291 #ifdef TLSEXT_TYPE_opaque_prf_input
2292         if (s->s3->client_opaque_prf_input != NULL)
2293                 OPENSSL_free(s->s3->client_opaque_prf_input);
2294         if (s->s3->server_opaque_prf_input != NULL)
2295                 OPENSSL_free(s->s3->server_opaque_prf_input);
2296 #endif
2297
2298         ssl3_cleanup_key_block(s);
2299         if (s->s3->rbuf.buf != NULL)
2300                 ssl3_release_read_buffer(s);
2301         if (s->s3->wbuf.buf != NULL)
2302                 ssl3_release_write_buffer(s);
2303         if (s->s3->rrec.comp != NULL)
2304                 OPENSSL_free(s->s3->rrec.comp);
2305 #ifndef OPENSSL_NO_DH
2306         if (s->s3->tmp.dh != NULL)
2307                 DH_free(s->s3->tmp.dh);
2308 #endif
2309 #ifndef OPENSSL_NO_ECDH
2310         if (s->s3->tmp.ecdh != NULL)
2311                 EC_KEY_free(s->s3->tmp.ecdh);
2312 #endif
2313
2314         if (s->s3->tmp.ca_names != NULL)
2315                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2316         if (s->s3->handshake_buffer) {
2317                 BIO_free(s->s3->handshake_buffer);
2318         }
2319         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2320 #ifndef OPENSSL_NO_SRP
2321         SSL_SRP_CTX_free(s);
2322 #endif
2323         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2324         OPENSSL_free(s->s3);
2325         s->s3=NULL;
2326         }
2327
2328 void ssl3_clear(SSL *s)
2329         {
2330         unsigned char *rp,*wp;
2331         size_t rlen, wlen;
2332
2333 #ifdef TLSEXT_TYPE_opaque_prf_input
2334         if (s->s3->client_opaque_prf_input != NULL)
2335                 OPENSSL_free(s->s3->client_opaque_prf_input);
2336         s->s3->client_opaque_prf_input = NULL;
2337         if (s->s3->server_opaque_prf_input != NULL)
2338                 OPENSSL_free(s->s3->server_opaque_prf_input);
2339         s->s3->server_opaque_prf_input = NULL;
2340 #endif
2341
2342         ssl3_cleanup_key_block(s);
2343         if (s->s3->tmp.ca_names != NULL)
2344                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2345
2346         if (s->s3->rrec.comp != NULL)
2347                 {
2348                 OPENSSL_free(s->s3->rrec.comp);
2349                 s->s3->rrec.comp=NULL;
2350                 }
2351 #ifndef OPENSSL_NO_DH
2352         if (s->s3->tmp.dh != NULL)
2353                 DH_free(s->s3->tmp.dh);
2354 #endif
2355 #ifndef OPENSSL_NO_ECDH
2356         if (s->s3->tmp.ecdh != NULL)
2357                 EC_KEY_free(s->s3->tmp.ecdh);
2358 #endif
2359
2360         rp = s->s3->rbuf.buf;
2361         wp = s->s3->wbuf.buf;
2362         rlen = s->s3->rbuf.len;
2363         wlen = s->s3->wbuf.len;
2364         if (s->s3->handshake_buffer) {
2365                 BIO_free(s->s3->handshake_buffer);
2366                 s->s3->handshake_buffer = NULL;
2367         }
2368         if (s->s3->handshake_dgst) {
2369                 ssl3_free_digest_list(s);
2370         }       
2371         memset(s->s3,0,sizeof *s->s3);
2372         s->s3->rbuf.buf = rp;
2373         s->s3->wbuf.buf = wp;
2374         s->s3->rbuf.len = rlen;
2375         s->s3->wbuf.len = wlen;
2376
2377         ssl_free_wbio_buffer(s);
2378
2379         s->packet_length=0;
2380         s->s3->renegotiate=0;
2381         s->s3->total_renegotiations=0;
2382         s->s3->num_renegotiations=0;
2383         s->s3->in_read_app_data=0;
2384         s->version=SSL3_VERSION;
2385         }
2386
2387 #ifndef OPENSSL_NO_SRP
2388 static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
2389         {
2390         return BUF_strdup(s->srp_ctx.info) ;
2391         }
2392 #endif
2393
2394 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2395         {
2396         int ret=0;
2397
2398 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2399         if (
2400 #ifndef OPENSSL_NO_RSA
2401             cmd == SSL_CTRL_SET_TMP_RSA ||
2402             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2403 #endif
2404 #ifndef OPENSSL_NO_DSA
2405             cmd == SSL_CTRL_SET_TMP_DH ||
2406             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2407 #endif
2408                 0)
2409                 {
2410                 if (!ssl_cert_inst(&s->cert))
2411                         {
2412                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2413                         return(0);
2414                         }
2415                 }
2416 #endif
2417
2418         switch (cmd)
2419                 {
2420         case SSL_CTRL_GET_SESSION_REUSED:
2421                 ret=s->hit;
2422                 break;
2423         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2424                 break;
2425         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2426                 ret=s->s3->num_renegotiations;
2427                 break;
2428         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2429                 ret=s->s3->num_renegotiations;
2430                 s->s3->num_renegotiations=0;
2431                 break;
2432         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2433                 ret=s->s3->total_renegotiations;
2434                 break;
2435         case SSL_CTRL_GET_FLAGS:
2436                 ret=(int)(s->s3->flags);
2437                 break;
2438 #ifndef OPENSSL_NO_RSA
2439         case SSL_CTRL_NEED_TMP_RSA:
2440                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2441                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2442                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2443                         ret = 1;
2444                 break;
2445         case SSL_CTRL_SET_TMP_RSA:
2446                 {
2447                         RSA *rsa = (RSA *)parg;
2448                         if (rsa == NULL)
2449                                 {
2450                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2451                                 return(ret);
2452                                 }
2453                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2454                                 {
2455                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2456                                 return(ret);
2457                                 }
2458                         if (s->cert->rsa_tmp != NULL)
2459                                 RSA_free(s->cert->rsa_tmp);
2460                         s->cert->rsa_tmp = rsa;
2461                         ret = 1;
2462                 }
2463                 break;
2464         case SSL_CTRL_SET_TMP_RSA_CB:
2465                 {
2466                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2467                 return(ret);
2468                 }
2469                 break;
2470 #endif
2471 #ifndef OPENSSL_NO_DH
2472         case SSL_CTRL_SET_TMP_DH:
2473                 {
2474                         DH *dh = (DH *)parg;
2475                         if (dh == NULL)
2476                                 {
2477                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2478                                 return(ret);
2479                                 }
2480                         if ((dh = DHparams_dup(dh)) == NULL)
2481                                 {
2482                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2483                                 return(ret);
2484                                 }
2485                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
2486                                 {
2487                                 if (!DH_generate_key(dh))
2488                                         {
2489                                         DH_free(dh);
2490                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2491                                         return(ret);
2492                                         }
2493                                 }
2494                         if (s->cert->dh_tmp != NULL)
2495                                 DH_free(s->cert->dh_tmp);
2496                         s->cert->dh_tmp = dh;
2497                         ret = 1;
2498                 }
2499                 break;
2500         case SSL_CTRL_SET_TMP_DH_CB:
2501                 {
2502                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2503                 return(ret);
2504                 }
2505                 break;
2506 #endif
2507 #ifndef OPENSSL_NO_ECDH
2508         case SSL_CTRL_SET_TMP_ECDH:
2509                 {
2510                 EC_KEY *ecdh = NULL;
2511                         
2512                 if (parg == NULL)
2513                         {
2514                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2515                         return(ret);
2516                         }
2517                 if (!EC_KEY_up_ref((EC_KEY *)parg))
2518                         {
2519                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2520                         return(ret);
2521                         }
2522                 ecdh = (EC_KEY *)parg;
2523                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2524                         {
2525                         if (!EC_KEY_generate_key(ecdh))
2526                                 {
2527                                 EC_KEY_free(ecdh);
2528                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2529                                 return(ret);
2530                                 }
2531                         }
2532                 if (s->cert->ecdh_tmp != NULL)
2533                         EC_KEY_free(s->cert->ecdh_tmp);
2534                 s->cert->ecdh_tmp = ecdh;
2535                 ret = 1;
2536                 }
2537                 break;
2538         case SSL_CTRL_SET_TMP_ECDH_CB:
2539                 {
2540                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2541                 return(ret);
2542                 }
2543                 break;
2544 #endif /* !OPENSSL_NO_ECDH */
2545 #ifndef OPENSSL_NO_TLSEXT
2546         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2547                 if (larg == TLSEXT_NAMETYPE_host_name)
2548                         {
2549                         if (s->tlsext_hostname != NULL) 
2550                                 OPENSSL_free(s->tlsext_hostname);
2551                         s->tlsext_hostname = NULL;
2552
2553                         ret = 1;
2554                         if (parg == NULL) 
2555                                 break;
2556                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2557                                 {
2558                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2559                                 return 0;
2560                                 }
2561                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2562                                 {
2563                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2564                                 return 0;
2565                                 }
2566                         }
2567                 else
2568                         {
2569                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2570                         return 0;
2571                         }
2572                 break;
2573         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2574                 s->tlsext_debug_arg=parg;
2575                 ret = 1;
2576                 break;
2577
2578 #ifdef TLSEXT_TYPE_opaque_prf_input
2579         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2580                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2581                                    * (including the cert chain and everything) */
2582                         {
2583                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2584                         break;
2585                         }
2586                 if (s->tlsext_opaque_prf_input != NULL)
2587                         OPENSSL_free(s->tlsext_opaque_prf_input);
2588                 if ((size_t)larg == 0)
2589                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2590                 else
2591                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2592                 if (s->tlsext_opaque_prf_input != NULL)
2593                         {
2594                         s->tlsext_opaque_prf_input_len = (size_t)larg;
2595                         ret = 1;
2596                         }
2597                 else
2598                         s->tlsext_opaque_prf_input_len = 0;
2599                 break;
2600 #endif
2601
2602         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2603                 s->tlsext_status_type=larg;
2604                 ret = 1;
2605                 break;
2606
2607         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2608                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2609                 ret = 1;
2610                 break;
2611
2612         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2613                 s->tlsext_ocsp_exts = parg;
2614                 ret = 1;
2615                 break;
2616
2617         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2618                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2619                 ret = 1;
2620                 break;
2621
2622         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2623                 s->tlsext_ocsp_ids = parg;
2624                 ret = 1;
2625                 break;
2626
2627         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2628                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2629                 return s->tlsext_ocsp_resplen;
2630                 
2631         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2632                 if (s->tlsext_ocsp_resp)
2633                         OPENSSL_free(s->tlsext_ocsp_resp);
2634                 s->tlsext_ocsp_resp = parg;
2635                 s->tlsext_ocsp_resplen = larg;
2636                 ret = 1;
2637                 break;
2638
2639 #endif /* !OPENSSL_NO_TLSEXT */
2640         default:
2641                 break;
2642                 }
2643         return(ret);
2644         }
2645
2646 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2647         {
2648         int ret=0;
2649
2650 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2651         if (
2652 #ifndef OPENSSL_NO_RSA
2653             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2654 #endif
2655 #ifndef OPENSSL_NO_DSA
2656             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2657 #endif
2658                 0)
2659                 {
2660                 if (!ssl_cert_inst(&s->cert))
2661                         {
2662                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2663                         return(0);
2664                         }
2665                 }
2666 #endif
2667
2668         switch (cmd)
2669                 {
2670 #ifndef OPENSSL_NO_RSA
2671         case SSL_CTRL_SET_TMP_RSA_CB:
2672                 {
2673                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2674                 }
2675                 break;
2676 #endif
2677 #ifndef OPENSSL_NO_DH
2678         case SSL_CTRL_SET_TMP_DH_CB:
2679                 {
2680                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2681                 }
2682                 break;
2683 #endif
2684 #ifndef OPENSSL_NO_ECDH
2685         case SSL_CTRL_SET_TMP_ECDH_CB:
2686                 {
2687                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2688                 }
2689                 break;
2690 #endif
2691 #ifndef OPENSSL_NO_TLSEXT
2692         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2693                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2694                                         unsigned char *, int, void *))fp;
2695                 break;
2696 #endif
2697         default:
2698                 break;
2699                 }
2700         return(ret);
2701         }
2702
2703 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2704         {
2705         CERT *cert;
2706
2707         cert=ctx->cert;
2708
2709         switch (cmd)
2710                 {
2711 #ifndef OPENSSL_NO_RSA
2712         case SSL_CTRL_NEED_TMP_RSA:
2713                 if (    (cert->rsa_tmp == NULL) &&
2714                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2715                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2716                         )
2717                         return(1);
2718                 else
2719                         return(0);
2720                 /* break; */
2721         case SSL_CTRL_SET_TMP_RSA:
2722                 {
2723                 RSA *rsa;
2724                 int i;
2725
2726                 rsa=(RSA *)parg;
2727                 i=1;
2728                 if (rsa == NULL)
2729                         i=0;
2730                 else
2731                         {
2732                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2733                                 i=0;
2734                         }
2735                 if (!i)
2736                         {
2737                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2738                         return(0);
2739                         }
2740                 else
2741                         {
2742                         if (cert->rsa_tmp != NULL)
2743                                 RSA_free(cert->rsa_tmp);
2744                         cert->rsa_tmp=rsa;
2745                         return(1);
2746                         }
2747                 }
2748                 /* break; */
2749         case SSL_CTRL_SET_TMP_RSA_CB:
2750                 {
2751                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2752                 return(0);
2753                 }
2754                 break;
2755 #endif
2756 #ifndef OPENSSL_NO_DH
2757         case SSL_CTRL_SET_TMP_DH:
2758                 {
2759                 DH *new=NULL,*dh;
2760
2761                 dh=(DH *)parg;
2762                 if ((new=DHparams_dup(dh)) == NULL)
2763                         {
2764                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2765                         return 0;
2766                         }
2767                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2768                         {
2769                         if (!DH_generate_key(new))
2770                                 {
2771                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2772                                 DH_free(new);
2773                                 return 0;
2774                                 }
2775                         }
2776                 if (cert->dh_tmp != NULL)
2777                         DH_free(cert->dh_tmp);
2778                 cert->dh_tmp=new;
2779                 return 1;
2780                 }
2781                 /*break; */
2782         case SSL_CTRL_SET_TMP_DH_CB:
2783                 {
2784                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2785                 return(0);
2786                 }
2787                 break;
2788 #endif
2789 #ifndef OPENSSL_NO_ECDH
2790         case SSL_CTRL_SET_TMP_ECDH:
2791                 {
2792                 EC_KEY *ecdh = NULL;
2793                         
2794                 if (parg == NULL)
2795                         {
2796                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2797                         return 0;
2798                         }
2799                 ecdh = EC_KEY_dup((EC_KEY *)parg);
2800                 if (ecdh == NULL)
2801                         {
2802                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2803                         return 0;
2804                         }
2805                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2806                         {
2807                         if (!EC_KEY_generate_key(ecdh))
2808                                 {
2809                                 EC_KEY_free(ecdh);
2810                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2811                                 return 0;
2812                                 }
2813                         }
2814
2815                 if (cert->ecdh_tmp != NULL)
2816                         {
2817                         EC_KEY_free(cert->ecdh_tmp);
2818                         }
2819                 cert->ecdh_tmp = ecdh;
2820                 return 1;
2821                 }
2822                 /* break; */
2823         case SSL_CTRL_SET_TMP_ECDH_CB:
2824                 {
2825                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2826                 return(0);
2827                 }
2828                 break;
2829 #endif /* !OPENSSL_NO_ECDH */
2830 #ifndef OPENSSL_NO_TLSEXT
2831         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2832                 ctx->tlsext_servername_arg=parg;
2833                 break;
2834         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2835         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2836                 {
2837                 unsigned char *keys = parg;
2838                 if (!keys)
2839                         return 48;
2840                 if (larg != 48)
2841                         {
2842                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2843                         return 0;
2844                         }
2845                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2846                         {
2847                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
2848                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2849                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2850                         }
2851                 else
2852                         {
2853                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
2854                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2855                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2856                         }
2857                 return 1;
2858                 }
2859
2860 #ifdef TLSEXT_TYPE_opaque_prf_input
2861         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2862                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2863                 return 1;
2864 #endif
2865
2866         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2867                 ctx->tlsext_status_arg=parg;
2868                 return 1;
2869                 break;
2870
2871 #ifndef OPENSSL_NO_SRP
2872         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
2873                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
2874                 if (ctx->srp_ctx.login != NULL)
2875                         OPENSSL_free(ctx->srp_ctx.login);
2876                 ctx->srp_ctx.login = NULL;
2877                 if (parg == NULL)
2878                         break;
2879                 if (strlen((char *)parg) > 254)
2880                         {
2881                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
2882                         return 0;
2883                         } 
2884                 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
2885                         {
2886                         SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
2887                         return 0;
2888                         }
2889                 break;
2890         case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
2891                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
2892                 ctx->srp_ctx.info=parg;
2893                 break;
2894         case SSL_CTRL_SET_SRP_ARG:
2895                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
2896                 ctx->srp_ctx.SRP_cb_arg=parg;
2897                 break;
2898
2899         case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
2900                 ctx->srp_ctx.strength=larg;
2901                 break;
2902 #endif
2903 #endif /* !OPENSSL_NO_TLSEXT */
2904
2905         /* A Thawte special :-) */
2906         case SSL_CTRL_EXTRA_CHAIN_CERT:
2907                 if (ctx->extra_certs == NULL)
2908                         {
2909                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2910                                 return(0);
2911                         }
2912                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2913                 break;
2914
2915         default:
2916                 return(0);
2917                 }
2918         return(1);
2919         }
2920
2921 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2922         {
2923         CERT *cert;
2924
2925         cert=ctx->cert;
2926
2927         switch (cmd)
2928                 {
2929 #ifndef OPENSSL_NO_RSA
2930         case SSL_CTRL_SET_TMP_RSA_CB:
2931                 {
2932                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2933                 }
2934                 break;
2935 #endif
2936 #ifndef OPENSSL_NO_DH
2937         case SSL_CTRL_SET_TMP_DH_CB:
2938                 {
2939                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2940                 }
2941                 break;
2942 #endif
2943 #ifndef OPENSSL_NO_ECDH
2944         case SSL_CTRL_SET_TMP_ECDH_CB:
2945                 {
2946                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2947                 }
2948                 break;
2949 #endif
2950 #ifndef OPENSSL_NO_TLSEXT
2951         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2952                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2953                 break;
2954
2955 #ifdef TLSEXT_TYPE_opaque_prf_input
2956         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2957                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2958                 break;
2959 #endif
2960
2961         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2962                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2963                 break;
2964
2965         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2966                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
2967                                                 unsigned char *,
2968                                                 EVP_CIPHER_CTX *,
2969                                                 HMAC_CTX *, int))fp;
2970                 break;
2971
2972 #ifndef OPENSSL_NO_SRP
2973         case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
2974                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
2975                 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
2976                 break;
2977         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
2978                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
2979                 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
2980                 break;
2981         case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
2982                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
2983                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
2984                 break;
2985         case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB:
2986                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
2987                 ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp;
2988                 break;
2989 #endif
2990 #endif
2991         default:
2992                 return(0);
2993                 }
2994         return(1);
2995         }
2996
2997 /* This function needs to check if the ciphers required are actually
2998  * available */
2999 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3000         {
3001         SSL_CIPHER c;
3002         const SSL_CIPHER *cp;
3003         unsigned long id;
3004
3005         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3006         c.id=id;
3007         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3008         if (cp == NULL || cp->valid == 0)
3009                 return NULL;
3010         else
3011                 return cp;
3012         }
3013
3014 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3015         {
3016         long l;
3017
3018         if (p != NULL)
3019                 {
3020                 l=c->id;
3021                 if ((l & 0xff000000) != 0x03000000) return(0);
3022                 p[0]=((unsigned char)(l>> 8L))&0xFF;
3023                 p[1]=((unsigned char)(l     ))&0xFF;
3024                 }
3025         return(2);
3026         }
3027
3028 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3029              STACK_OF(SSL_CIPHER) *srvr)
3030         {
3031         SSL_CIPHER *c,*ret=NULL;
3032         STACK_OF(SSL_CIPHER) *prio, *allow;
3033         int i,ii,ok;
3034 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3035         unsigned int j;
3036         int ec_ok, ec_nid;
3037         unsigned char ec_search1 = 0, ec_search2 = 0;
3038 #endif
3039         CERT *cert;
3040         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
3041
3042         /* Let's see which ciphers we can support */
3043         cert=s->cert;
3044
3045 #if 0
3046         /* Do not set the compare functions, because this may lead to a
3047          * reordering by "id". We want to keep the original ordering.
3048          * We may pay a price in performance during sk_SSL_CIPHER_find(),
3049          * but would have to pay with the price of sk_SSL_CIPHER_dup().
3050          */
3051         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3052         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3053 #endif
3054
3055 #ifdef CIPHER_DEBUG
3056         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3057         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3058                 {
3059                 c=sk_SSL_CIPHER_value(srvr,i);
3060                 printf("%p:%s\n",(void *)c,c->name);
3061                 }
3062         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3063         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3064             {
3065             c=sk_SSL_CIPHER_value(clnt,i);
3066             printf("%p:%s\n",(void *)c,c->name);
3067             }
3068 #endif
3069
3070         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
3071                 {
3072                 prio = srvr;
3073                 allow = clnt;
3074                 }
3075         else
3076                 {
3077                 prio = clnt;
3078                 allow = srvr;
3079                 }
3080
3081         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3082                 {
3083                 c=sk_SSL_CIPHER_value(prio,i);
3084
3085                 ssl_set_cert_masks(cert,c);
3086                 mask_k = cert->mask_k;
3087                 mask_a = cert->mask_a;
3088                 emask_k = cert->export_mask_k;
3089                 emask_a = cert->export_mask_a;
3090 #ifndef OPENSSL_NO_SRP
3091                 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3092                 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3093 #endif
3094                         
3095 #ifdef KSSL_DEBUG
3096 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3097 #endif    /* KSSL_DEBUG */
3098
3099                 alg_k=c->algorithm_mkey;
3100                 alg_a=c->algorithm_auth;
3101
3102 #ifndef OPENSSL_NO_KRB5
3103                 if (alg_k & SSL_kKRB5)
3104                         {
3105                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
3106                             continue;
3107                         }
3108 #endif /* OPENSSL_NO_KRB5 */
3109 #ifndef OPENSSL_NO_PSK
3110                 /* with PSK there must be server callback set */
3111                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3112                         continue;
3113 #endif /* OPENSSL_NO_PSK */
3114
3115                 if (SSL_C_IS_EXPORT(c))
3116                         {
3117                         ok = (alg_k & emask_k) && (alg_a & emask_a);
3118 #ifdef CIPHER_DEBUG
3119                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3120                                (void *)c,c->name);
3121 #endif
3122                         }
3123                 else
3124                         {
3125                         ok = (alg_k & mask_k) && (alg_a & mask_a);
3126 #ifdef CIPHER_DEBUG
3127                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3128                                c->name);
3129 #endif
3130                         }
3131
3132 #ifndef OPENSSL_NO_TLSEXT
3133 #ifndef OPENSSL_NO_EC
3134                 if (
3135                         /* if we are considering an ECC cipher suite that uses our certificate */
3136                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3137                         /* and we have an ECC certificate */
3138                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3139                         /* and the client specified a Supported Point Formats extension */
3140                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3141                         /* and our certificate's point is compressed */
3142                         && (
3143                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3144                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3145                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3146                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3147                                 && (
3148                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3149                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3150                                         )
3151                                 )
3152                 )
3153                         {
3154                         ec_ok = 0;
3155                         /* if our certificate's curve is over a field type that the client does not support
3156                          * then do not allow this cipher suite to be negotiated */
3157                         if (
3158                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3159                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3160                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3161                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3162                         )
3163                                 {
3164                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3165                                         {
3166                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3167                                                 {
3168                                                 ec_ok = 1;
3169                                                 break;
3170                                                 }
3171                                         }
3172                                 }
3173                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3174                                 {
3175                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3176                                         {
3177                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3178                                                 {
3179                                                 ec_ok = 1;
3180                                                 break;
3181                                                 }
3182                                         }
3183                                 }
3184                         ok = ok && ec_ok;
3185                         }
3186                 if (
3187                         /* if we are considering an ECC cipher suite that uses our certificate */
3188                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3189                         /* and we have an ECC certificate */
3190                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3191                         /* and the client specified an EllipticCurves extension */
3192                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3193                 )
3194                         {
3195                         ec_ok = 0;
3196                         if (
3197                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3198                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3199                         )
3200                                 {
3201                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3202                                 if ((ec_nid == 0)
3203                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3204                                 )
3205                                         {
3206                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3207                                                 {
3208                                                 ec_search1 = 0xFF;
3209                                                 ec_search2 = 0x01;
3210                                                 }
3211                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3212                                                 {
3213                                                 ec_search1 = 0xFF;
3214                                                 ec_search2 = 0x02;
3215                                                 }
3216                                         }
3217                                 else
3218                                         {
3219                                         ec_search1 = 0x00;
3220                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3221                                         }
3222                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3223                                         {
3224                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3225                                                 {
3226                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3227                                                         {
3228                                                         ec_ok = 1;
3229                                                         break;
3230                                                         }
3231                                                 }
3232                                         }
3233                                 }
3234                         ok = ok && ec_ok;
3235                         }
3236                 if (
3237                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3238                         (alg_k & SSL_kEECDH)
3239                         /* and we have an ephemeral EC key */
3240                         && (s->cert->ecdh_tmp != NULL)
3241                         /* and the client specified an EllipticCurves extension */
3242                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3243                 )
3244                         {
3245                         ec_ok = 0;
3246                         if (s->cert->ecdh_tmp->group != NULL)
3247                                 {
3248                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3249                                 if ((ec_nid == 0)
3250                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3251                                 )
3252                                         {
3253                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3254                                                 {
3255                                                 ec_search1 = 0xFF;
3256                                                 ec_search2 = 0x01;
3257                                                 }
3258                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3259                                                 {
3260                                                 ec_search1 = 0xFF;
3261                                                 ec_search2 = 0x02;
3262                                                 }
3263                                         }
3264                                 else
3265                                         {
3266                                         ec_search1 = 0x00;
3267                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3268                                         }
3269                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3270                                         {
3271                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3272                                                 {
3273                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3274                                                         {
3275                                                         ec_ok = 1;
3276                                                         break;
3277                                                         }
3278                                                 }
3279                                         }
3280                                 }
3281                         ok = ok && ec_ok;
3282                         }
3283 #endif /* OPENSSL_NO_EC */
3284 #endif /* OPENSSL_NO_TLSEXT */
3285
3286                 if (!ok) continue;
3287                 ii=sk_SSL_CIPHER_find(allow,c);
3288                 if (ii >= 0)
3289                         {
3290                         ret=sk_SSL_CIPHER_value(allow,ii);
3291                         break;
3292                         }
3293                 }
3294         return(ret);
3295         }
3296
3297 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3298         {
3299         int ret=0;
3300         unsigned long alg_k;
3301
3302         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3303
3304 #ifndef OPENSSL_NO_GOST
3305         if (s->version >= TLS1_VERSION)
3306                 {
3307                 if (alg_k & SSL_kGOST)
3308                         {
3309                         p[ret++]=TLS_CT_GOST94_SIGN;
3310                         p[ret++]=TLS_CT_GOST01_SIGN;
3311                         return(ret);
3312                         }
3313                 }
3314 #endif
3315
3316 #ifndef OPENSSL_NO_DH
3317         if (alg_k & (SSL_kDHr|SSL_kEDH))
3318                 {
3319 #  ifndef OPENSSL_NO_RSA
3320                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
3321 #  endif
3322 #  ifndef OPENSSL_NO_DSA
3323                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3324 #  endif
3325                 }
3326         if ((s->version == SSL3_VERSION) &&
3327                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3328                 {
3329 #  ifndef OPENSSL_NO_RSA
3330                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3331 #  endif
3332 #  ifndef OPENSSL_NO_DSA
3333                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3334 #  endif
3335                 }
3336 #endif /* !OPENSSL_NO_DH */
3337 #ifndef OPENSSL_NO_RSA
3338         p[ret++]=SSL3_CT_RSA_SIGN;
3339 #endif
3340 #ifndef OPENSSL_NO_DSA
3341         p[ret++]=SSL3_CT_DSS_SIGN;
3342 #endif
3343 #ifndef OPENSSL_NO_ECDH
3344         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3345                 {
3346                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3347                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3348                 }
3349 #endif
3350
3351 #ifndef OPENSSL_NO_ECDSA
3352         /* ECDSA certs can be used with RSA cipher suites as well 
3353          * so we don't need to check for SSL_kECDH or SSL_kEECDH
3354          */
3355         if (s->version >= TLS1_VERSION)
3356                 {
3357                 p[ret++]=TLS_CT_ECDSA_SIGN;
3358                 }
3359 #endif  
3360         return(ret);
3361         }
3362
3363 int ssl3_shutdown(SSL *s)
3364         {
3365         int ret;
3366
3367         /* Don't do anything much if we have not done the handshake or
3368          * we don't want to send messages :-) */
3369         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3370                 {
3371                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3372                 return(1);
3373                 }
3374
3375         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3376                 {
3377                 s->shutdown|=SSL_SENT_SHUTDOWN;
3378 #if 1
3379                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3380 #endif
3381                 /* our shutdown alert has been sent now, and if it still needs
3382                  * to be written, s->s3->alert_dispatch will be true */
3383                 if (s->s3->alert_dispatch)
3384                         return(-1);     /* return WANT_WRITE */
3385                 }
3386         else if (s->s3->alert_dispatch)
3387                 {
3388                 /* resend it if not sent */
3389 #if 1
3390                 ret=s->method->ssl_dispatch_alert(s);
3391                 if(ret == -1)
3392                         {
3393                         /* we only get to return -1 here the 2nd/Nth
3394                          * invocation, we must  have already signalled
3395                          * return 0 upon a previous invoation,
3396                          * return WANT_WRITE */
3397                         return(ret);
3398                         }
3399 #endif
3400                 }
3401         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3402                 {
3403                 /* If we are waiting for a close from our peer, we are closed */
3404                 s->method->ssl_read_bytes(s,0,NULL,0,0);
3405                 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3406                         {
3407                         return(-1);     /* return WANT_READ */
3408                         }
3409                 }
3410
3411         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3412                 !s->s3->alert_dispatch)
3413                 return(1);
3414         else
3415                 return(0);
3416         }
3417
3418 int ssl3_write(SSL *s, const void *buf, int len)
3419         {
3420         int ret,n;
3421
3422 #if 0
3423         if (s->shutdown & SSL_SEND_SHUTDOWN)
3424                 {
3425                 s->rwstate=SSL_NOTHING;
3426                 return(0);
3427                 }
3428 #endif
3429         clear_sys_error();
3430         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3431
3432         /* This is an experimental flag that sends the
3433          * last handshake message in the same packet as the first
3434          * use data - used to see if it helps the TCP protocol during
3435          * session-id reuse */
3436         /* The second test is because the buffer may have been removed */
3437         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3438                 {
3439                 /* First time through, we write into the buffer */
3440                 if (s->s3->delay_buf_pop_ret == 0)
3441                         {
3442                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3443                                              buf,len);
3444                         if (ret <= 0) return(ret);
3445
3446                         s->s3->delay_buf_pop_ret=ret;
3447                         }
3448
3449                 s->rwstate=SSL_WRITING;
3450                 n=BIO_flush(s->wbio);
3451                 if (n <= 0) return(n);
3452                 s->rwstate=SSL_NOTHING;
3453
3454                 /* We have flushed the buffer, so remove it */
3455                 ssl_free_wbio_buffer(s);
3456                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3457
3458                 ret=s->s3->delay_buf_pop_ret;
3459                 s->s3->delay_buf_pop_ret=0;
3460                 }
3461         else
3462                 {
3463                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3464                         buf,len);
3465                 if (ret <= 0) return(ret);
3466                 }
3467
3468         return(ret);
3469         }
3470
3471 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3472         {
3473         int ret;
3474         
3475         clear_sys_error();
3476         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3477         s->s3->in_read_app_data=1;
3478         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3479         if ((ret == -1) && (s->s3->in_read_app_data == 2))
3480                 {
3481                 /* ssl3_read_bytes decided to call s->handshake_func, which
3482                  * called ssl3_read_bytes to read handshake data.
3483                  * However, ssl3_read_bytes actually found application data
3484                  * and thinks that application data makes sense here; so disable
3485                  * handshake processing and try to read application data again. */
3486                 s->in_handshake++;
3487                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3488                 s->in_handshake--;
3489                 }
3490         else
3491                 s->s3->in_read_app_data=0;
3492
3493         return(ret);
3494         }
3495
3496 int ssl3_read(SSL *s, void *buf, int len)
3497         {
3498         return ssl3_read_internal(s, buf, len, 0);
3499         }
3500
3501 int ssl3_peek(SSL *s, void *buf, int len)
3502         {
3503         return ssl3_read_internal(s, buf, len, 1);
3504         }
3505
3506 int ssl3_renegotiate(SSL *s)
3507         {
3508         if (s->handshake_func == NULL)
3509                 return(1);
3510
3511         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3512                 return(0);
3513
3514         s->s3->renegotiate=1;
3515         return(1);
3516         }
3517
3518 int ssl3_renegotiate_check(SSL *s)
3519         {
3520         int ret=0;
3521
3522         if (s->s3->renegotiate)
3523                 {
3524                 if (    (s->s3->rbuf.left == 0) &&
3525                         (s->s3->wbuf.left == 0) &&
3526                         !SSL_in_init(s))
3527                         {
3528 /*
3529 if we are the server, and we have sent a 'RENEGOTIATE' message, we
3530 need to go to SSL_ST_ACCEPT.
3531 */
3532                         /* SSL_ST_ACCEPT */
3533                         s->state=SSL_ST_RENEGOTIATE;
3534                         s->s3->renegotiate=0;
3535                         s->s3->num_renegotiations++;
3536                         s->s3->total_renegotiations++;
3537                         ret=1;
3538                         }
3539                 }
3540         return(ret);
3541         }