Return per-certificate chain if extra chain is NULL.
[openssl.git] / ssl / ssl_ciph.c
index a9d11ca..33b7d08 100644 (file)
 
 #include <stdio.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 #include "ssl_locl.h"
 
 #define SSL_ENC_DES_IDX                0
 #define SSL_ENC_AES256_IDX     7
 #define SSL_ENC_CAMELLIA128_IDX        8
 #define SSL_ENC_CAMELLIA256_IDX        9
-#define SSL_ENC_NUM_IDX                10
+#define SSL_ENC_GOST89_IDX     10
+#define SSL_ENC_SEED_IDX       11
+#define SSL_ENC_AES128GCM_IDX  12
+#define SSL_ENC_AES256GCM_IDX  13
+#define SSL_ENC_NUM_IDX                14
 
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-       NULL,NULL,NULL,NULL,NULL,NULL,
+       NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
        };
 
 #define SSL_COMP_NULL_IDX      0
@@ -170,9 +179,34 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 
 #define SSL_MD_MD5_IDX 0
 #define SSL_MD_SHA1_IDX        1
-#define SSL_MD_NUM_IDX 2
+#define SSL_MD_GOST94_IDX 2
+#define SSL_MD_GOST89MAC_IDX 3
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_SHA384_IDX 5
+/*Constant SSL_MAX_DIGEST equal to size of digests array should be 
+ * defined in the
+ * ssl_locl.h */
+#define SSL_MD_NUM_IDX SSL_MAX_DIGEST 
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-       NULL,NULL,
+       NULL,NULL,NULL,NULL,NULL,NULL
+       };
+/* PKEY_TYPE for GOST89MAC is known in advance, but, because
+ * implementation is engine-provided, we'll fill it only if
+ * corresponding EVP_PKEY_METHOD is found 
+ */
+static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
+       EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
+       EVP_PKEY_HMAC,EVP_PKEY_HMAC
+       };
+
+static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
+       0,0,0,0,0,0
+       };
+
+static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
+       SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
+       SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+       SSL_HANDSHAKE_MAC_SHA384
        };
 
 #define CIPHER_ADD     1
@@ -183,7 +217,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
 
 typedef struct cipher_order_st
        {
-       SSL_CIPHER *cipher;
+       const SSL_CIPHER *cipher;
        int active;
        int dead;
        struct cipher_order_st *next,*prev;
@@ -196,30 +230,33 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
 
        /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-       {0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+       {0,SSL_TXT_CMPDEF,0,  SSL_kDHE|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
 
        /* key exchange aliases
         * (some of those using only a single bit here combine
         * multiple key exchange algs according to the RFCs,
-        * e.g. kEDH combines DHE_DSS and DHE_RSA) */
+        * e.g. kDHE combines DHE_DSS and DHE_RSA) */
        {0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
 
-       {0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-       {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-       {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-       {0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kEDH,0,    SSL_kDHE,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kDHE,0,    SSL_kDHE,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kDHE,0,0,0,0,0,0,0,0},
 
        {0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
 
        {0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kEECDH,0,  SSL_kECDHE,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kECDHE,0,  SSL_kECDHE,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,0,0,0,0,0,0,0,0},
 
         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
-
+       {0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
 
        /* server authentication aliases */
        {0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
@@ -232,17 +269,22 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
        {0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
         {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
-
+       {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
+       {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
+       {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
 
        /* aliases combining key exchange and server authentication */
-       {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-       {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_EDH,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_DHE,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_EECDH,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ECDHE,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
        {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
        {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
-       {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
-       {0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ADH,0,     SSL_kDHE,SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_AECDH,0,   SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
+       {0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
 
 
        /* symmetric encryption aliases */
@@ -251,10 +293,12 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
        {0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
        {0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
+       {0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
        {0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
-       {0,SSL_TXT_AES128,0,  0,0,SSL_AES128,0,0,0,0,0,0},
-       {0,SSL_TXT_AES256,0,  0,0,SSL_AES256,0,0,0,0,0,0},
-       {0,SSL_TXT_AES,0,     0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
+       {0,SSL_TXT_AES128,0,  0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
+       {0,SSL_TXT_AES256,0,  0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
+       {0,SSL_TXT_AES,0,     0,0,SSL_AES,0,0,0,0,0,0},
+       {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
@@ -263,11 +307,16 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
        {0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
        {0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
+       {0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
+       {0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
+       {0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
+       {0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
 
        /* protocol version aliases */
        {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
        {0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
        {0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
+       {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
 
        /* export flag */
        {0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
@@ -279,7 +328,58 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
        {0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
        {0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
+       /* FIPS 140-2 approved ciphersuite */
+       {0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
+
+        /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
+       {0,SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,0,
+         SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+       {0,SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,0,
+         SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+       {0,SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,0,
+         SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
+       {0,SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,0,
+         SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+       {0,SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,0,
+         SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+       {0,SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,0,
+         SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
+
        };
+/* Search for public key algorithm with given name and 
+ * return its pkey_id if it is available. Otherwise return 0
+ */
+#ifdef OPENSSL_NO_ENGINE
+
+static int get_optional_pkey_id(const char *pkey_name)
+       {
+       const EVP_PKEY_ASN1_METHOD *ameth;
+       int pkey_id=0;
+       ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
+       if (ameth) 
+               {
+               EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
+               }               
+       return pkey_id;
+       }
+
+#else
+
+static int get_optional_pkey_id(const char *pkey_name)
+       {
+       const EVP_PKEY_ASN1_METHOD *ameth;
+       ENGINE *tmpeng = NULL;
+       int pkey_id=0;
+       ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
+       if (ameth)
+               {
+               EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
+               }
+       if (tmpeng) ENGINE_finish(tmpeng);
+       return pkey_id;
+       }
+
+#endif
 
 void ssl_load_ciphers(void)
        {
@@ -305,14 +405,50 @@ void ssl_load_ciphers(void)
          EVP_get_cipherbyname(SN_camellia_128_cbc);
        ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
          EVP_get_cipherbyname(SN_camellia_256_cbc);
+       ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
+         EVP_get_cipherbyname(SN_gost89_cnt);
+       ssl_cipher_methods[SSL_ENC_SEED_IDX]=
+         EVP_get_cipherbyname(SN_seed_cbc);
+
+       ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
+         EVP_get_cipherbyname(SN_aes_128_gcm);
+       ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
+         EVP_get_cipherbyname(SN_aes_256_gcm);
 
        ssl_digest_methods[SSL_MD_MD5_IDX]=
                EVP_get_digestbyname(SN_md5);
+       ssl_mac_secret_size[SSL_MD_MD5_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
+       OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
        ssl_digest_methods[SSL_MD_SHA1_IDX]=
                EVP_get_digestbyname(SN_sha1);
+       ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
+       OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
+       ssl_digest_methods[SSL_MD_GOST94_IDX]=
+               EVP_get_digestbyname(SN_id_GostR3411_94);
+       if (ssl_digest_methods[SSL_MD_GOST94_IDX])
+               {       
+               ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
+                       EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
+               OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
+               }
+       ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
+               EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
+               ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+               if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+                       ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
+               }               
+
+       ssl_digest_methods[SSL_MD_SHA256_IDX]=
+               EVP_get_digestbyname(SN_sha256);
+       ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+       ssl_digest_methods[SSL_MD_SHA384_IDX]=
+               EVP_get_digestbyname(SN_sha384);
+       ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
        }
-
-
 #ifndef OPENSSL_NO_COMP
 
 static int sk_comp_cmp(const SSL_COMP * const *a,
@@ -354,6 +490,7 @@ static void load_builtin_compressions(void)
                                                sk_SSL_COMP_push(ssl_comp_methods,comp);
                                                }
                                        }
+                                       sk_SSL_COMP_sort(ssl_comp_methods);
                                }
                        MemCheck_on();
                        }
@@ -367,10 +504,10 @@ static void load_builtin_compressions(void)
 #endif
 
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-            const EVP_MD **md, SSL_COMP **comp)
+            const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp, int use_etm)
        {
        int i;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
 
        c=s->cipher;
        if (c == NULL) return(0);
@@ -427,6 +564,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_CAMELLIA256:
                i=SSL_ENC_CAMELLIA256_IDX;
                break;
+       case SSL_eGOST2814789CNT:
+               i=SSL_ENC_GOST89_IDX;
+               break;
+       case SSL_SEED:
+               i=SSL_ENC_SEED_IDX;
+               break;
+       case SSL_AES128GCM:
+               i=SSL_ENC_AES128GCM_IDX;
+               break;
+       case SSL_AES256GCM:
+               i=SSL_ENC_AES256GCM_IDX;
+               break;
        default:
                i= -1;
                break;
@@ -450,21 +599,95 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SHA1:
                i=SSL_MD_SHA1_IDX;
                break;
+       case SSL_SHA256:
+               i=SSL_MD_SHA256_IDX;
+               break;
+       case SSL_SHA384:
+               i=SSL_MD_SHA384_IDX;
+               break;
+       case SSL_GOST94:
+               i = SSL_MD_GOST94_IDX;
+               break;
+       case SSL_GOST89MAC:
+               i = SSL_MD_GOST89MAC_IDX;
+               break;
        default:
                i= -1;
                break;
                }
        if ((i < 0) || (i > SSL_MD_NUM_IDX))
-               *md=NULL;
+       {
+               *md=NULL; 
+               if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
+               if (mac_secret_size!=NULL) *mac_secret_size = 0;
+               if (c->algorithm_mac == SSL_AEAD)
+                       mac_pkey_type = NULL;
+       }
        else
+       {
                *md=ssl_digest_methods[i];
+               if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
+               if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
+       }
+
+       if ((*enc != NULL) &&
+           (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+           (!mac_pkey_type||*mac_pkey_type != NID_undef))
+               {
+               const EVP_CIPHER *evp;
+
+               if (use_etm)
+                       return 1;
 
-       if ((*enc != NULL) && (*md != NULL))
+               if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
+                   s->ssl_version < TLS1_VERSION)
+                       return 1;
+
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return 1;
+#endif
+
+               if      (c->algorithm_enc == SSL_RC4 &&
+                        c->algorithm_mac == SSL_MD5 &&
+                        (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+                       *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_AES128 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_AES256 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_AES128 &&
+                        c->algorithm_mac == SSL_SHA256 &&
+                        (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
+                       *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_AES256 &&
+                        c->algorithm_mac == SSL_SHA256 &&
+                        (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+                       *enc = evp, *md = NULL;
                return(1);
+               }
        else
                return(0);
        }
 
+int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 
+{
+       if (idx <0||idx>=SSL_MD_NUM_IDX) 
+               {
+               return 0;
+               }
+       *mask = ssl_handshake_digest_flag[idx];
+       if (*mask)
+               *md = ssl_digest_methods[idx];
+       else
+               *md = NULL;
+       return 1;
+}
+
 #define ITEM_SEP(a) \
        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
 
@@ -476,7 +699,7 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
                *head=curr->next;
        if (curr->prev != NULL)
                curr->prev->next=curr->next;
-       if (curr->next != NULL) /* should always be true */
+       if (curr->next != NULL)
                curr->next->prev=curr->prev;
        (*tail)->next=curr;
        curr->prev= *tail;
@@ -484,6 +707,22 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
        *tail=curr;
        }
 
+static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+            CIPHER_ORDER **tail)
+       {
+       if (curr == *head) return;
+       if (curr == *tail)
+               *tail=curr->prev;
+       if (curr->next != NULL)
+               curr->next->prev=curr->prev;
+       if (curr->prev != NULL)
+               curr->prev->next=curr->next;
+       (*head)->prev=curr;
+       curr->next= *head;
+       curr->prev=NULL;
+       *head=curr;
+       }
+
 static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
        {
        *mkey = 0;
@@ -499,10 +738,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
 #ifdef OPENSSL_NO_DSA
        *auth |= SSL_aDSS;
 #endif
-       *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
-       *auth |= SSL_aDH;
 #ifdef OPENSSL_NO_DH
-       *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
+       *mkey |= SSL_kDHr|SSL_kDHd|SSL_kDHE;
        *auth |= SSL_aDH;
 #endif
 #ifdef OPENSSL_NO_KRB5
@@ -520,9 +757,26 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *mkey |= SSL_kPSK;
        *auth |= SSL_aPSK;
 #endif
+#ifdef OPENSSL_NO_SRP
+       *mkey |= SSL_kSRP;
+#endif
+       /* Check for presence of GOST 34.10 algorithms, and if they
+        * do not present, disable  appropriate auth and key exchange */
+       if (!get_optional_pkey_id("gost94")) {
+               *auth |= SSL_aGOST94;
+       }
+       if (!get_optional_pkey_id("gost2001")) {
+               *auth |= SSL_aGOST01;
+       }
+       /* Disable GOST key exchange if no GOST signature algs are available * */
+       if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
+               *mkey |= SSL_kGOST;
+       }       
 #ifdef SSL_FORBID_ENULL
        *enc |= SSL_eNULL;
 #endif
+               
+
 
        *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
        *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
@@ -531,11 +785,20 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
+       *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
+       *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
+       *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
+       *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
 
        *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
+       *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
+       *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
+       *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
+       *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
+
        }
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
@@ -547,7 +810,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
        int i, co_list_num;
-       SSL_CIPHER *c;
+       const SSL_CIPHER *c;
 
        /*
         * We have num_of_ciphers descriptions compiled in, depending on the
@@ -563,6 +826,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                c = ssl_method->get_cipher(i);
                /* drop those that use any of that is not available */
                if ((c != NULL) && c->valid &&
+#ifdef OPENSSL_FIPS
+                   (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
                    !(c->algorithm_mkey & disabled_mkey) &&
                    !(c->algorithm_auth & disabled_auth) &&
                    !(c->algorithm_enc & disabled_enc) &&
@@ -586,23 +852,31 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
        /*
         * Prepare linked list from list entries
         */     
-       for (i = 1; i < co_list_num - 1; i++)
-               {
-               co_list[i].prev = &(co_list[i-1]);
-               co_list[i].next = &(co_list[i+1]);
-               }
        if (co_list_num > 0)
                {
-               (*head_p) = &(co_list[0]);
-               (*head_p)->prev = NULL;
-               (*head_p)->next = &(co_list[1]);
-               (*tail_p) = &(co_list[co_list_num - 1]);
-               (*tail_p)->prev = &(co_list[co_list_num - 2]);
-               (*tail_p)->next = NULL;
+               co_list[0].prev = NULL;
+
+               if (co_list_num > 1)
+                       {
+                       co_list[0].next = &co_list[1];
+                       
+                       for (i = 1; i < co_list_num - 1; i++)
+                               {
+                               co_list[i].prev = &co_list[i - 1];
+                               co_list[i].next = &co_list[i + 1];
+                               }
+
+                       co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
+                       }
+               
+               co_list[co_list_num - 1].next = NULL;
+
+               *head_p = &co_list[0];
+               *tail_p = &co_list[co_list_num - 1];
                }
        }
 
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
                         int num_of_group_aliases,
                         unsigned long disabled_mkey, unsigned long disabled_auth,
                         unsigned long disabled_enc, unsigned long disabled_mac,
@@ -610,7 +884,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
                        CIPHER_ORDER *head)
        {
        CIPHER_ORDER *ciph_curr;
-       SSL_CIPHER **ca_curr;
+       const SSL_CIPHER **ca_curr;
        int i;
        unsigned long mask_mkey = ~disabled_mkey;
        unsigned long mask_auth = ~disabled_auth;
@@ -679,22 +953,38 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                int rule, int strength_bits,
                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
        {
-       CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
-       SSL_CIPHER *cp;
+       CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
+       const SSL_CIPHER *cp;
+       int reverse = 0;
 
 #ifdef CIPHER_DEBUG
        printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
                rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
 #endif
 
-       curr = head = *head_p;
-       curr2 = head;
-       tail2 = tail = *tail_p;
+       if (rule == CIPHER_DEL)
+               reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
+
+       head = *head_p;
+       tail = *tail_p;
+
+       if (reverse)
+               {
+               curr = tail;
+               last = head;
+               }
+       else
+               {
+               curr = head;
+               last = tail;
+               }
+
+       curr2 = curr;
        for (;;)
                {
-               if ((curr == NULL) || (curr == tail2)) break;
+               if ((curr == NULL) || (curr == last)) break;
                curr = curr2;
-               curr2 = curr->next;
+               curr2 = reverse ? curr->prev : curr->next;
 
                cp = curr->cipher;
 
@@ -712,7 +1002,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 #ifdef CIPHER_DEBUG
                        printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
 #endif
-
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+                       if (cipher_id && cipher_id != cp->id)
+                               continue;
+#endif
                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                                continue;
                        if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -736,6 +1029,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                /* add the cipher if it has not been added yet. */
                if (rule == CIPHER_ADD)
                        {
+                       /* reverse == 0 */
                        if (!curr->active)
                                {
                                ll_append_tail(&head, curr, &tail);
@@ -745,15 +1039,27 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                /* Move the added cipher to this location */
                else if (rule == CIPHER_ORD)
                        {
+                       /* reverse == 0 */
                        if (curr->active)
                                {
                                ll_append_tail(&head, curr, &tail);
                                }
                        }
                else if (rule == CIPHER_DEL)
-                       curr->active = 0;
+                       {
+                       /* reverse == 1 */
+                       if (curr->active)
+                               {
+                               /* most recently deleted ciphersuites get best positions
+                                * for any future CIPHER_ADD (note that the CIPHER_DEL loop
+                                * works in reverse to maintain the order) */
+                               ll_append_head(&head, curr, &tail);
+                               curr->active = 0;
+                               }
+                       }
                else if (rule == CIPHER_KILL)
                        {
+                       /* reverse == 0 */
                        if (head == curr)
                                head = curr->next;
                        else
@@ -827,10 +1133,10 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
 
 static int ssl_cipher_process_rulestr(const char *rule_str,
                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
-                SSL_CIPHER **ca_list)
+                const SSL_CIPHER **ca_list)
        {
        unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
-       const char *l, *start, *buf;
+       const char *l, *buf;
        int j, multi, found, rule, retval, ok, buflen;
        unsigned long cipher_id = 0;
        char ch;
@@ -867,7 +1173,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                alg_ssl = 0;
                algo_strength = 0;
 
-               start=l;
                for (;;)
                        {
                        ch = *l;
@@ -877,9 +1182,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        while ( ((ch >= 'A') && (ch <= 'Z')) ||
                                ((ch >= '0') && (ch <= '9')) ||
                                ((ch >= 'a') && (ch <= 'z')) ||
-                                (ch == '-'))
+                                (ch == '-') || (ch == '.'))
 #else
-                       while ( isalnum(ch) || (ch == '-'))
+                       while ( isalnum(ch) || (ch == '-') || (ch == '.'))
 #endif
                                 {
                                 ch = *(++l);
@@ -1075,24 +1380,89 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
        return(retval);
        }
+#ifndef OPENSSL_NO_EC
+static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
+                                       const char **prule_str)
+       {
+       unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+       if (!strcmp(*prule_str, "SUITEB128"))
+               suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+       else if (!strcmp(*prule_str, "SUITEB128ONLY"))
+               suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
+       else if (!strcmp(*prule_str, "SUITEB128C2"))
+               {
+               suiteb_comb2 = 1;
+               suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+               }
+       else if (!strcmp(*prule_str, "SUITEB192"))
+               suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+
+       if (suiteb_flags)
+               {
+               c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
+               c->cert_flags |= suiteb_flags;
+               }
+       else
+               suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+
+       if (!suiteb_flags)
+               return 1;
+       /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
+
+       if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS))
+               {
+               if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+                       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+                               SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
+               else
+                       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+                               SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+               return 0;
+               }
+
+       switch(suiteb_flags)
+               {
+       case SSL_CERT_FLAG_SUITEB_128_LOS:
+               if (suiteb_comb2)
+                       *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+               else
+                       *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
+               break;
+       case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+               *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
+               break;
+       case SSL_CERT_FLAG_SUITEB_192_LOS:
+               *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+               break;
+               }
+       /* Set auto ECDH parameter determination */
+       c->ecdh_tmp_auto = 1;
+       return 1;
+       }
+#endif
+
 
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                STACK_OF(SSL_CIPHER) **cipher_list,
                STACK_OF(SSL_CIPHER) **cipher_list_by_id,
-               const char *rule_str)
+               const char *rule_str, CERT *c)
        {
        int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
        unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
        STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
        const char *rule_p;
        CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-       SSL_CIPHER **ca_list = NULL;
+       const SSL_CIPHER **ca_list = NULL;
 
        /*
         * Return with error if nothing to do.
         */
        if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
                return NULL;
+#ifndef OPENSSL_NO_EC
+       if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+               return NULL;
+#endif
 
        /*
         * To reduce the work to do we only want to process the compiled
@@ -1123,12 +1493,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 
        /* Now arrange all ciphers by preference: */
 
-       /* Temporarily enabled AES first (preferred cipher) */
+       /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
+       ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+       ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+
+       /* AES is our preferred symmetric cipher */
        ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 
-       /* Temporarily enable everything else */
+       /* Temporarily enable everything else for sorting */
        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 
+       /* Low priority for MD5 */
+       ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
+
        /* Move anonymous ciphers to the end.  Usually, these will remain disabled.
         * (For applications that allow them, they aren't too bad, but we prefer
         * authenticated ciphers.) */
@@ -1139,6 +1516,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
        ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
        ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+       ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
 
        /* RC4 is sort-of broken -- move the the end */
        ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
@@ -1165,8 +1543,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
        num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-       ca_list =
-               (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+       ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
        if (ca_list == NULL)
                {
                OPENSSL_free(co_list);
@@ -1174,8 +1551,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                return(NULL);   /* Failure */
                }
        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
-                                  disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
-                                  head);
+                                  disabled_mkey, disabled_auth, disabled_enc,
+                                  disabled_mac, disabled_ssl, head);
 
        /*
         * If the rule_string begins with DEFAULT, apply the default rule
@@ -1195,7 +1572,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        if (ok && (strlen(rule_p) > 0))
                ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
 
-       OPENSSL_free(ca_list);  /* Not needed anymore */
+       OPENSSL_free((void *)ca_list);  /* Not needed anymore */
 
        if (!ok)
                {       /* Rule processing failure */
@@ -1219,7 +1596,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        for (curr = head; curr != NULL; curr = curr->next)
                {
+#ifdef OPENSSL_FIPS
+               if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
                if (curr->active)
+#endif
                        {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
@@ -1241,17 +1622,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        if (*cipher_list_by_id != NULL)
                sk_SSL_CIPHER_free(*cipher_list_by_id);
        *cipher_list_by_id = tmp_cipher_list;
-       sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+       (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
 
+       sk_SSL_CIPHER_sort(*cipher_list_by_id);
        return(cipherstack);
        }
 
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        {
        int is_export,pkl,kl;
        const char *ver,*exp_str;
        const char *kx,*au,*enc,*mac;
-       unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
+       unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
 #ifdef KSSL_DEBUG
        static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
 #else
@@ -1264,7 +1646,6 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        alg_mac = cipher->algorithm_mac;
        alg_ssl = cipher->algorithm_ssl;
 
-       alg_s=cipher->algo_strength;
        alg2=cipher->algorithm2;
 
        is_export=SSL_C_IS_EXPORT(cipher);
@@ -1276,6 +1657,8 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
                ver="SSLv2";
        else if (alg_ssl & SSL_SSLV3)
                ver="SSLv3";
+       else if (alg_ssl & SSL_TLSV1_2)
+               ver="TLSv1.2";
        else
                ver="unknown";
 
@@ -1293,7 +1676,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kKRB5:
                kx="KRB5";
                break;
-       case SSL_kEDH:
+       case SSL_kDHE:
                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                break;
        case SSL_kECDHr:
@@ -1302,12 +1685,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kECDHe:
                kx="ECDH/ECDSA";
                break;
-       case SSL_kEECDH:
+       case SSL_kECDHE:
                kx="ECDH";
                break;
        case SSL_kPSK:
                kx="PSK";
                break;
+       case SSL_kSRP:
+               kx="SRP";
+               break;
        default:
                kx="unknown";
                }
@@ -1370,12 +1756,21 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_AES256:
                enc="AES(256)";
                break;
+       case SSL_AES128GCM:
+               enc="AESGCM(128)";
+               break;
+       case SSL_AES256GCM:
+               enc="AESGCM(256)";
+               break;
        case SSL_CAMELLIA128:
                enc="Camellia(128)";
                break;
        case SSL_CAMELLIA256:
                enc="Camellia(256)";
                break;
+       case SSL_SEED:
+               enc="SEED(128)";
+               break;
        default:
                enc="unknown";
                break;
@@ -1389,6 +1784,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
        case SSL_SHA1:
                mac="SHA1";
                break;
+       case SSL_SHA256:
+               mac="SHA256";
+               break;
+       case SSL_SHA384:
+               mac="SHA384";
+               break;
+       case SSL_AEAD:
+               mac="AEAD";
+               break;
        default:
                mac="unknown";
                break;
@@ -1446,6 +1850,11 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
        return(ret);
        }
 
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+       {
+       return c->id;
+       }
+
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
        {
        SSL_COMP *ctmp;
@@ -1483,6 +1892,11 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
        return(ssl_comp_methods);
        }
 
+void SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths)
+       {
+       ssl_comp_methods = meths;
+       }
+
 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
        {
        SSL_COMP *comp;
@@ -1508,7 +1922,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
        comp->method=cm;
        load_builtin_compressions();
        if (ssl_comp_methods
-               && !sk_SSL_COMP_find(ssl_comp_methods,comp))
+               && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
                {
                OPENSSL_free(comp);
                MemCheck_on();
@@ -1536,5 +1950,60 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
                return comp->name;
        return NULL;
        }
-
 #endif
+/* For a cipher return the index corresponding to the certificate type */
+int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
+       {
+       unsigned long alg_k, alg_a;
+
+       alg_k = c->algorithm_mkey;
+       alg_a = c->algorithm_auth;
+
+       if (alg_k & (SSL_kECDHr|SSL_kECDHe))
+               {
+               /* we don't need to look at SSL_kECDHE
+                * since no certificate is needed for
+                * anon ECDH and for authenticated
+                * ECDHE, the check for the auth
+                * algorithm will set i correctly
+                * NOTE: For ECDH-RSA, we need an ECC
+                * not an RSA cert but for ECDHE-RSA
+                * we need an RSA cert. Placing the
+                * checks for SSL_kECDH before RSA
+                * checks ensures the correct cert is chosen.
+                */
+               return SSL_PKEY_ECC;
+               }
+       else if (alg_a & SSL_aECDSA)
+               return SSL_PKEY_ECC;
+       else if (alg_k & SSL_kDHr)
+               return SSL_PKEY_DH_RSA;
+       else if (alg_k & SSL_kDHd)
+               return SSL_PKEY_DH_DSA;
+       else if (alg_a & SSL_aDSS)
+               return SSL_PKEY_DSA_SIGN;
+       else if (alg_a & SSL_aRSA)
+               return SSL_PKEY_RSA_ENC;
+       else if (alg_a & SSL_aKRB5)
+               /* VRS something else here? */
+               return -1;
+       else if (alg_a & SSL_aGOST94) 
+               return SSL_PKEY_GOST94;
+       else if (alg_a & SSL_aGOST01)
+               return SSL_PKEY_GOST01;
+       return -1;
+       }
+
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
+       {
+       const SSL_CIPHER *c;
+       c = ssl->method->get_cipher_by_char(ptr);
+       if (c == NULL || c->valid == 0)
+               return NULL;
+       return c;
+       }
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
+       {
+       return ssl->method->get_cipher_by_char(ptr);
+       }