Add support for application defined signature algorithms for use with
[openssl.git] / ssl / s3_lib.c
index 59d68c42ac5ce3e48093a0ee99c896de386d403b..dad84dca007bb5438cbf2be620f9ec0267c2aeae 100644 (file)
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-#include "../crypto/ec/ec_lcl.h"
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
 #include <openssl/md5.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
@@ -335,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* The DH ciphers */
 /* Cipher 0B */
        {
-       0,
+       1,
        SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
        SSL3_CK_DH_DSS_DES_40_CBC_SHA,
        SSL_kDHd,
@@ -351,7 +346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 /* Cipher 0C */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
        SSL3_CK_DH_DSS_DES_64_CBC_SHA,
        SSL_kDHd,
@@ -367,7 +362,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 /* Cipher 0D */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
        SSL_kDHd,
@@ -383,7 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 /* Cipher 0E */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
        SSL3_CK_DH_RSA_DES_40_CBC_SHA,
        SSL_kDHr,
@@ -399,7 +394,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 /* Cipher 0F */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
        SSL3_CK_DH_RSA_DES_64_CBC_SHA,
        SSL_kDHr,
@@ -415,7 +410,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 /* Cipher 10 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
        SSL_kDHr,
@@ -902,7 +897,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 30 */
        {
-       0,
+       1,
        TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
        TLS1_CK_DH_DSS_WITH_AES_128_SHA,
        SSL_kDHd,
@@ -917,7 +912,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 31 */
        {
-       0,
+       1,
        TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
        TLS1_CK_DH_RSA_WITH_AES_128_SHA,
        SSL_kDHr,
@@ -993,7 +988,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
 /* Cipher 36 */
        {
-       0,
+       1,
        TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
        TLS1_CK_DH_DSS_WITH_AES_256_SHA,
        SSL_kDHd,
@@ -1009,7 +1004,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 /* Cipher 37 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
        TLS1_CK_DH_RSA_WITH_AES_256_SHA,
        SSL_kDHr,
@@ -1081,7 +1076,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_eNULL,
        SSL_SHA256,
-       SSL_SSLV3,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
@@ -1097,7 +1092,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1113,7 +1108,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1122,14 +1117,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 3E */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
        TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-       SSL_kDHr,
+       SSL_kDHd,
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1138,14 +1133,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 3F */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
        TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
        SSL_kDHr,
        SSL_aDH,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1161,7 +1156,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1189,7 +1184,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 42 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
        SSL_kDHd,
@@ -1205,7 +1200,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 43 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
        SSL_kDHr,
@@ -1395,7 +1390,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1404,14 +1399,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 68 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
        TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-       SSL_kDHr,
+       SSL_kDHd,
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1420,14 +1415,14 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 69 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
        TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
        SSL_kDHr,
        SSL_aDH,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1443,7 +1438,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aDSS,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1459,7 +1454,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1475,7 +1470,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
@@ -1491,7 +1486,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA256,
-       SSL_TLSV1,
+       SSL_TLSV1_2,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
@@ -1577,7 +1572,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        },
        /* Cipher 85 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
        SSL_kDHd,
@@ -1593,7 +1588,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 86 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
        SSL_kDHr,
@@ -1743,7 +1738,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 97 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_DSS_WITH_SEED_SHA,
        TLS1_CK_DH_DSS_WITH_SEED_SHA,
        SSL_kDHd,
@@ -1759,7 +1754,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
        /* Cipher 98 */
        {
-       0, /* not implemented (non-ephemeral DH) */
+       1,
        TLS1_TXT_DH_RSA_WITH_SEED_SHA,
        TLS1_CK_DH_RSA_WITH_SEED_SHA,
        SSL_kDHr,
@@ -1823,6 +1818,200 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 #endif /* OPENSSL_NO_SEED */
 
+       /* GCM ciphersuites from RFC5288 */
+
+       /* Cipher 9C */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher 9D */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher 9E */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher 9F */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A0 */
+       {
+       1,
+       TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A1 */
+       {
+       1,
+       TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A2 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A3 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A4 */
+       {
+       1,
+       TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A5 */
+       {
+       1,
+       TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A6 */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A7 */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
        {
@@ -2475,7 +2664,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
        TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-       SSL_kECDHe,
+       SSL_kECDHr,
        SSL_aECDH,
        SSL_AES128,
        SSL_SHA256,
@@ -2491,7 +2680,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
        TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-       SSL_kECDHe,
+       SSL_kECDHr,
        SSL_aECDH,
        SSL_AES256,
        SSL_SHA384,
@@ -2502,6 +2691,136 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        256,
        },
 
+       /* GCM based TLS v1.2 ciphersuites from RFC5289 */
+
+       /* Cipher C02B */
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher C02C */
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher C02D */
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher C02E */
+       {
+       1,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher C02F */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher C030 */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher C031 */
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher C032 */
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
 #endif /* OPENSSL_NO_ECDH */
 
 
@@ -2580,6 +2899,9 @@ SSL3_ENC_METHOD SSLv3_enc_data={
        SSL3_MD_CLIENT_FINISHED_CONST,4,
        SSL3_MD_SERVER_FINISHED_CONST,4,
        ssl3_alert_code,
+       (int (*)(SSL *, unsigned char *, size_t, const char *,
+                size_t, const unsigned char *, size_t,
+                int use_context))ssl_undefined_function,
        };
 
 long ssl3_default_timeout(void)
@@ -2666,6 +2988,10 @@ void ssl3_free(SSL *s)
        if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
 #ifndef OPENSSL_NO_SRP
        SSL_SRP_CTX_free(s);
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+       if (s->s3->tlsext_authz_client_types != NULL)
+               OPENSSL_free(s->s3->tlsext_authz_client_types);
 #endif
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
@@ -2676,6 +3002,7 @@ void ssl3_clear(SSL *s)
        {
        unsigned char *rp,*wp;
        size_t rlen, wlen;
+       int init_extra;
 
 #ifdef TLSEXT_TYPE_opaque_prf_input
        if (s->s3->client_opaque_prf_input != NULL)
@@ -2697,17 +3024,31 @@ void ssl3_clear(SSL *s)
                }
 #ifndef OPENSSL_NO_DH
        if (s->s3->tmp.dh != NULL)
+               {
                DH_free(s->s3->tmp.dh);
+               s->s3->tmp.dh = NULL;
+               }
 #endif
 #ifndef OPENSSL_NO_ECDH
        if (s->s3->tmp.ecdh != NULL)
+               {
                EC_KEY_free(s->s3->tmp.ecdh);
+               s->s3->tmp.ecdh = NULL;
+               }
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+       if (s->s3->tlsext_authz_client_types != NULL)
+               {
+               OPENSSL_free(s->s3->tlsext_authz_client_types);
+               s->s3->tlsext_authz_client_types = NULL;
+               }
 #endif
 
        rp = s->s3->rbuf.buf;
        wp = s->s3->wbuf.buf;
        rlen = s->s3->rbuf.len;
        wlen = s->s3->wbuf.len;
+       init_extra = s->s3->init_extra;
        if (s->s3->handshake_buffer) {
                BIO_free(s->s3->handshake_buffer);
                s->s3->handshake_buffer = NULL;
@@ -2720,6 +3061,7 @@ void ssl3_clear(SSL *s)
        s->s3->wbuf.buf = wp;
        s->s3->rbuf.len = rlen;
        s->s3->wbuf.len = wlen;
+       s->s3->init_extra = init_extra;
 
        ssl_free_wbio_buffer(s);
 
@@ -2992,7 +3334,92 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                ret = 1;
                break;
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
+               if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+                       ret = dtls1_heartbeat(s);
+               else
+                       ret = tls1_heartbeat(s);
+               break;
+
+       case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
+               ret = s->tlsext_hb_pending;
+               break;
+
+       case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
+               if (larg)
+                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
+               else
+                       s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
+               ret = 1;
+               break;
+#endif
+
 #endif /* !OPENSSL_NO_TLSEXT */
+
+       case SSL_CTRL_CHAIN:
+               if (larg)
+                       return ssl_cert_set1_chain(s->cert,
+                                               (STACK_OF (X509) *)parg);
+               else
+                       return ssl_cert_set0_chain(s->cert,
+                                               (STACK_OF (X509) *)parg);
+
+       case SSL_CTRL_CHAIN_CERT:
+               if (larg)
+                       return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
+               else
+                       return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
+
+       case SSL_CTRL_GET_CURVES:
+               {
+               unsigned char *clist;
+               size_t clistlen;
+               if (!s->session)
+                       return 0;
+               clist = s->session->tlsext_ellipticcurvelist;
+               clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
+               if (parg)
+                       {
+                       size_t i;
+                       int *cptr = parg;
+                       unsigned int cid, nid;
+                       for (i = 0; i < clistlen; i++)
+                               {
+                               n2s(clist, cid);
+                               nid = tls1_ec_curve_id2nid(cid);
+                               if (nid != 0)
+                                       cptr[i] = nid;
+                               else
+                                       cptr[i] = TLSEXT_nid_unknown | cid;
+                               }
+                       }
+               return (int)clistlen;
+               }
+
+       case SSL_CTRL_SET_CURVES:
+               return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+                                       &s->tlsext_ellipticcurvelist_length,
+                                                               parg, larg);
+
+       case SSL_CTRL_SET_CURVES_LIST:
+               return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
+                                       &s->tlsext_ellipticcurvelist_length,
+                                                               parg);
+
+       case SSL_CTRL_GET_SHARED_CURVE:
+               return tls1_shared_curve(s, larg);
+
+       case SSL_CTRL_SET_ECDH_AUTO:
+               s->cert->ecdh_tmp_auto = larg;
+               break;
+
+       case SSL_CTRL_SET_SIGALGS:
+               return tls1_set_sigalgs(s->cert, parg, larg);
+
+       case SSL_CTRL_SET_SIGALGS_LIST:
+               return tls1_set_sigalgs_list(s->cert, parg);
+
        default:
                break;
                }
@@ -3237,7 +3664,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                ctx->srp_ctx.login = NULL;
                if (parg == NULL)
                        break;
-               if (strlen((char *)parg) > 254)
+               if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
                        {
                        SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
                        return 0;
@@ -3261,6 +3688,30 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                ctx->srp_ctx.strength=larg;
                break;
 #endif
+
+       case SSL_CTRL_SET_CURVES:
+               return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+                                       &ctx->tlsext_ellipticcurvelist_length,
+                                                               parg, larg);
+
+       case SSL_CTRL_SET_CURVES_LIST:
+               return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
+                                       &ctx->tlsext_ellipticcurvelist_length,
+                                                               parg);
+       case SSL_CTRL_SET_ECDH_AUTO:
+               ctx->cert->ecdh_tmp_auto = larg;
+               break;
+
+       case SSL_CTRL_SET_SIGALGS:
+               return tls1_set_sigalgs(ctx->cert, parg, larg);
+
+       case SSL_CTRL_SET_SIGALGS_LIST:
+               return tls1_set_sigalgs_list(ctx->cert, parg);
+
+       case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG:
+               ctx->tlsext_authz_server_audit_proof_cb_arg = parg;
+               break;
+
 #endif /* !OPENSSL_NO_TLSEXT */
 
        /* A Thawte special :-) */
@@ -3273,6 +3724,32 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                sk_X509_push(ctx->extra_certs,(X509 *)parg);
                break;
 
+       case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+               *(STACK_OF(X509) **)parg =  ctx->extra_certs;
+               break;
+
+       case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+               if (ctx->extra_certs)
+                       {
+                       sk_X509_pop_free(ctx->extra_certs, X509_free);
+                       ctx->extra_certs = NULL;
+                       }
+               break;
+
+       case SSL_CTRL_CHAIN:
+               if (larg)
+                       return ssl_cert_set1_chain(ctx->cert,
+                                               (STACK_OF (X509) *)parg);
+               else
+                       return ssl_cert_set0_chain(ctx->cert,
+                                               (STACK_OF (X509) *)parg);
+
+       case SSL_CTRL_CHAIN_CERT:
+               if (larg)
+                       return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
+               else
+                       return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
+
        default:
                return(0);
                }
@@ -3343,11 +3820,13 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                ctx->srp_ctx.srp_Mask|=SSL_kSRP;
                ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
                break;
-       case SSL_CTRL_SET_TLS_EXT_SRP_MISSING_CLIENT_USERNAME_CB:
-               ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-               ctx->srp_ctx.SRP_TLS_ext_missing_srp_client_username_callback=(char *(*)(SSL *,void *))fp;
-               break;
 #endif
+
+       case SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB:
+               ctx->tlsext_authz_server_audit_proof_cb =
+                       (int (*)(SSL *, void *))fp;
+               break;
+
 #endif
        case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
                {
@@ -3360,8 +3839,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        return(1);
        }
 
-#define DEBUG_PRINT_UNKNOWN_CIPHERSUITES
-
 /* This function needs to check if the ciphers required are actually
  * available */
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
@@ -3402,11 +3879,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
        SSL_CIPHER *c,*ret=NULL;
        STACK_OF(SSL_CIPHER) *prio, *allow;
        int i,ii,ok;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
-       unsigned int j;
-       int ec_ok, ec_nid;
-       unsigned char ec_search1 = 0, ec_search2 = 0;
-#endif
        CERT *cert;
        unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
 
@@ -3507,155 +3979,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 
 #ifndef OPENSSL_NO_TLSEXT
 #ifndef OPENSSL_NO_EC
-               if (
-                       /* if we are considering an ECC cipher suite that uses our certificate */
-                       (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-                       /* and we have an ECC certificate */
-                       && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-                       /* and the client specified a Supported Point Formats extension */
-                       && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
-                       /* and our certificate's point is compressed */
-                       && (
-                               (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
-                               && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
-                               && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
-                               && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
-                               && (
-                                       (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
-                                       || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
-                                       )
-                               )
-               )
-                       {
-                       ec_ok = 0;
-                       /* if our certificate's curve is over a field type that the client does not support
-                        * then do not allow this cipher suite to be negotiated */
-                       if (
-                               (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-                               && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
-                               && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
-                               && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
-                       )
-                               {
-                               for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
-                                       {
-                                       if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
-                                               {
-                                               ec_ok = 1;
-                                               break;
-                                               }
-                                       }
-                               }
-                       else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
-                               {
-                               for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
-                                       {
-                                       if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
-                                               {
-                                               ec_ok = 1;
-                                               break;
-                                               }
-                                       }
-                               }
-                       ok = ok && ec_ok;
-                       }
-               if (
-                       /* if we are considering an ECC cipher suite that uses our certificate */
-                       (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-                       /* and we have an ECC certificate */
-                       && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-                       /* and the client specified an EllipticCurves extension */
-                       && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
-               )
-                       {
-                       ec_ok = 0;
-                       if (
-                               (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-                               && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
-                       )
-                               {
-                               ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
-                               if ((ec_nid == 0)
-                                       && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
-                               )
-                                       {
-                                       if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
-                                               {
-                                               ec_search1 = 0xFF;
-                                               ec_search2 = 0x01;
-                                               }
-                                       else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
-                                               {
-                                               ec_search1 = 0xFF;
-                                               ec_search2 = 0x02;
-                                               }
-                                       }
-                               else
-                                       {
-                                       ec_search1 = 0x00;
-                                       ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-                                       }
-                               if ((ec_search1 != 0) || (ec_search2 != 0))
-                                       {
-                                       for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
-                                               {
-                                               if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
-                                                       {
-                                                       ec_ok = 1;
-                                                       break;
-                                                       }
-                                               }
-                                       }
-                               }
-                       ok = ok && ec_ok;
-                       }
-               if (
-                       /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
-                       (alg_k & SSL_kEECDH)
-                       /* and we have an ephemeral EC key */
-                       && (s->cert->ecdh_tmp != NULL)
-                       /* and the client specified an EllipticCurves extension */
-                       && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
-               )
-                       {
-                       ec_ok = 0;
-                       if (s->cert->ecdh_tmp->group != NULL)
-                               {
-                               ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
-                               if ((ec_nid == 0)
-                                       && (s->cert->ecdh_tmp->group->meth != NULL)
-                               )
-                                       {
-                                       if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
-                                               {
-                                               ec_search1 = 0xFF;
-                                               ec_search2 = 0x01;
-                                               }
-                                       else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
-                                               {
-                                               ec_search1 = 0xFF;
-                                               ec_search2 = 0x02;
-                                               }
-                                       }
-                               else
-                                       {
-                                       ec_search1 = 0x00;
-                                       ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-                                       }
-                               if ((ec_search1 != 0) || (ec_search2 != 0))
-                                       {
-                                       for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
-                                               {
-                                               if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
-                                                       {
-                                                       ec_ok = 1;
-                                                       break;
-                                                       }
-                                               }
-                                       }
-                               }
-                       ok = ok && ec_ok;
-                       }
+               /* if we are considering an ECC cipher suite that uses our
+                * certificate check it */
+               if (alg_a & (SSL_aECDSA|SSL_aECDH))
+                       ok = ok && tls1_check_ec_server_key(s);
+               /* if we are considering an ECC cipher suite that uses
+                * an ephemeral EC key check it */
+               if (alg_k & SSL_kEECDH)
+                       ok = ok && tls1_check_ec_tmp_key(s);
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */