xref: /openbsd-src/lib/libssl/s3_lib.c (revision 4c1e55dc91edd6e69ccc60ce855900fbc12cf34f)
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164 
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166 
167 #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168 
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171 
172 /* The RSA ciphers */
173 /* Cipher 01 */
174 	{
175 	1,
176 	SSL3_TXT_RSA_NULL_MD5,
177 	SSL3_CK_RSA_NULL_MD5,
178 	SSL_kRSA,
179 	SSL_aRSA,
180 	SSL_eNULL,
181 	SSL_MD5,
182 	SSL_SSLV3,
183 	SSL_NOT_EXP|SSL_STRONG_NONE,
184 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 	0,
186 	0,
187 	},
188 
189 /* Cipher 02 */
190 	{
191 	1,
192 	SSL3_TXT_RSA_NULL_SHA,
193 	SSL3_CK_RSA_NULL_SHA,
194 	SSL_kRSA,
195 	SSL_aRSA,
196 	SSL_eNULL,
197 	SSL_SHA1,
198 	SSL_SSLV3,
199 	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 	0,
202 	0,
203 	},
204 
205 /* Cipher 03 */
206 	{
207 	1,
208 	SSL3_TXT_RSA_RC4_40_MD5,
209 	SSL3_CK_RSA_RC4_40_MD5,
210 	SSL_kRSA,
211 	SSL_aRSA,
212 	SSL_RC4,
213 	SSL_MD5,
214 	SSL_SSLV3,
215 	SSL_EXPORT|SSL_EXP40,
216 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 	40,
218 	128,
219 	},
220 
221 /* Cipher 04 */
222 	{
223 	1,
224 	SSL3_TXT_RSA_RC4_128_MD5,
225 	SSL3_CK_RSA_RC4_128_MD5,
226 	SSL_kRSA,
227 	SSL_aRSA,
228 	SSL_RC4,
229 	SSL_MD5,
230 	SSL_SSLV3,
231 	SSL_NOT_EXP|SSL_MEDIUM,
232 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 	128,
234 	128,
235 	},
236 
237 /* Cipher 05 */
238 	{
239 	1,
240 	SSL3_TXT_RSA_RC4_128_SHA,
241 	SSL3_CK_RSA_RC4_128_SHA,
242 	SSL_kRSA,
243 	SSL_aRSA,
244 	SSL_RC4,
245 	SSL_SHA1,
246 	SSL_SSLV3,
247 	SSL_NOT_EXP|SSL_MEDIUM,
248 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 	128,
250 	128,
251 	},
252 
253 /* Cipher 06 */
254 	{
255 	1,
256 	SSL3_TXT_RSA_RC2_40_MD5,
257 	SSL3_CK_RSA_RC2_40_MD5,
258 	SSL_kRSA,
259 	SSL_aRSA,
260 	SSL_RC2,
261 	SSL_MD5,
262 	SSL_SSLV3,
263 	SSL_EXPORT|SSL_EXP40,
264 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 	40,
266 	128,
267 	},
268 
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271 	{
272 	1,
273 	SSL3_TXT_RSA_IDEA_128_SHA,
274 	SSL3_CK_RSA_IDEA_128_SHA,
275 	SSL_kRSA,
276 	SSL_aRSA,
277 	SSL_IDEA,
278 	SSL_SHA1,
279 	SSL_SSLV3,
280 	SSL_NOT_EXP|SSL_MEDIUM,
281 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 	128,
283 	128,
284 	},
285 #endif
286 
287 /* Cipher 08 */
288 	{
289 	1,
290 	SSL3_TXT_RSA_DES_40_CBC_SHA,
291 	SSL3_CK_RSA_DES_40_CBC_SHA,
292 	SSL_kRSA,
293 	SSL_aRSA,
294 	SSL_DES,
295 	SSL_SHA1,
296 	SSL_SSLV3,
297 	SSL_EXPORT|SSL_EXP40,
298 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 	40,
300 	56,
301 	},
302 
303 /* Cipher 09 */
304 	{
305 	1,
306 	SSL3_TXT_RSA_DES_64_CBC_SHA,
307 	SSL3_CK_RSA_DES_64_CBC_SHA,
308 	SSL_kRSA,
309 	SSL_aRSA,
310 	SSL_DES,
311 	SSL_SHA1,
312 	SSL_SSLV3,
313 	SSL_NOT_EXP|SSL_LOW,
314 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 	56,
316 	56,
317 	},
318 
319 /* Cipher 0A */
320 	{
321 	1,
322 	SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 	SSL3_CK_RSA_DES_192_CBC3_SHA,
324 	SSL_kRSA,
325 	SSL_aRSA,
326 	SSL_3DES,
327 	SSL_SHA1,
328 	SSL_SSLV3,
329 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 	168,
332 	168,
333 	},
334 
335 /* The DH ciphers */
336 /* Cipher 0B */
337 	{
338 	0,
339 	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 	SSL_kDHd,
342 	SSL_aDH,
343 	SSL_DES,
344 	SSL_SHA1,
345 	SSL_SSLV3,
346 	SSL_EXPORT|SSL_EXP40,
347 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 	40,
349 	56,
350 	},
351 
352 /* Cipher 0C */
353 	{
354 	0, /* not implemented (non-ephemeral DH) */
355 	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 	SSL_kDHd,
358 	SSL_aDH,
359 	SSL_DES,
360 	SSL_SHA1,
361 	SSL_SSLV3,
362 	SSL_NOT_EXP|SSL_LOW,
363 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 	56,
365 	56,
366 	},
367 
368 /* Cipher 0D */
369 	{
370 	0, /* not implemented (non-ephemeral DH) */
371 	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 	SSL_kDHd,
374 	SSL_aDH,
375 	SSL_3DES,
376 	SSL_SHA1,
377 	SSL_SSLV3,
378 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 	168,
381 	168,
382 	},
383 
384 /* Cipher 0E */
385 	{
386 	0, /* not implemented (non-ephemeral DH) */
387 	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 	SSL_kDHr,
390 	SSL_aDH,
391 	SSL_DES,
392 	SSL_SHA1,
393 	SSL_SSLV3,
394 	SSL_EXPORT|SSL_EXP40,
395 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 	40,
397 	56,
398 	},
399 
400 /* Cipher 0F */
401 	{
402 	0, /* not implemented (non-ephemeral DH) */
403 	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 	SSL_kDHr,
406 	SSL_aDH,
407 	SSL_DES,
408 	SSL_SHA1,
409 	SSL_SSLV3,
410 	SSL_NOT_EXP|SSL_LOW,
411 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 	56,
413 	56,
414 	},
415 
416 /* Cipher 10 */
417 	{
418 	0, /* not implemented (non-ephemeral DH) */
419 	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 	SSL_kDHr,
422 	SSL_aDH,
423 	SSL_3DES,
424 	SSL_SHA1,
425 	SSL_SSLV3,
426 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 	168,
429 	168,
430 	},
431 
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434 	{
435 	1,
436 	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 	SSL_kEDH,
439 	SSL_aDSS,
440 	SSL_DES,
441 	SSL_SHA1,
442 	SSL_SSLV3,
443 	SSL_EXPORT|SSL_EXP40,
444 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 	40,
446 	56,
447 	},
448 
449 /* Cipher 12 */
450 	{
451 	1,
452 	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 	SSL_kEDH,
455 	SSL_aDSS,
456 	SSL_DES,
457 	SSL_SHA1,
458 	SSL_SSLV3,
459 	SSL_NOT_EXP|SSL_LOW,
460 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 	56,
462 	56,
463 	},
464 
465 /* Cipher 13 */
466 	{
467 	1,
468 	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 	SSL_kEDH,
471 	SSL_aDSS,
472 	SSL_3DES,
473 	SSL_SHA1,
474 	SSL_SSLV3,
475 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 	168,
478 	168,
479 	},
480 
481 /* Cipher 14 */
482 	{
483 	1,
484 	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 	SSL_kEDH,
487 	SSL_aRSA,
488 	SSL_DES,
489 	SSL_SHA1,
490 	SSL_SSLV3,
491 	SSL_EXPORT|SSL_EXP40,
492 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 	40,
494 	56,
495 	},
496 
497 /* Cipher 15 */
498 	{
499 	1,
500 	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 	SSL_kEDH,
503 	SSL_aRSA,
504 	SSL_DES,
505 	SSL_SHA1,
506 	SSL_SSLV3,
507 	SSL_NOT_EXP|SSL_LOW,
508 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 	56,
510 	56,
511 	},
512 
513 /* Cipher 16 */
514 	{
515 	1,
516 	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 	SSL_kEDH,
519 	SSL_aRSA,
520 	SSL_3DES,
521 	SSL_SHA1,
522 	SSL_SSLV3,
523 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 	168,
526 	168,
527 	},
528 
529 /* Cipher 17 */
530 	{
531 	1,
532 	SSL3_TXT_ADH_RC4_40_MD5,
533 	SSL3_CK_ADH_RC4_40_MD5,
534 	SSL_kEDH,
535 	SSL_aNULL,
536 	SSL_RC4,
537 	SSL_MD5,
538 	SSL_SSLV3,
539 	SSL_EXPORT|SSL_EXP40,
540 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 	40,
542 	128,
543 	},
544 
545 /* Cipher 18 */
546 	{
547 	1,
548 	SSL3_TXT_ADH_RC4_128_MD5,
549 	SSL3_CK_ADH_RC4_128_MD5,
550 	SSL_kEDH,
551 	SSL_aNULL,
552 	SSL_RC4,
553 	SSL_MD5,
554 	SSL_SSLV3,
555 	SSL_NOT_EXP|SSL_MEDIUM,
556 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 	128,
558 	128,
559 	},
560 
561 /* Cipher 19 */
562 	{
563 	1,
564 	SSL3_TXT_ADH_DES_40_CBC_SHA,
565 	SSL3_CK_ADH_DES_40_CBC_SHA,
566 	SSL_kEDH,
567 	SSL_aNULL,
568 	SSL_DES,
569 	SSL_SHA1,
570 	SSL_SSLV3,
571 	SSL_EXPORT|SSL_EXP40,
572 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 	40,
574 	128,
575 	},
576 
577 /* Cipher 1A */
578 	{
579 	1,
580 	SSL3_TXT_ADH_DES_64_CBC_SHA,
581 	SSL3_CK_ADH_DES_64_CBC_SHA,
582 	SSL_kEDH,
583 	SSL_aNULL,
584 	SSL_DES,
585 	SSL_SHA1,
586 	SSL_SSLV3,
587 	SSL_NOT_EXP|SSL_LOW,
588 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 	56,
590 	56,
591 	},
592 
593 /* Cipher 1B */
594 	{
595 	1,
596 	SSL3_TXT_ADH_DES_192_CBC_SHA,
597 	SSL3_CK_ADH_DES_192_CBC_SHA,
598 	SSL_kEDH,
599 	SSL_aNULL,
600 	SSL_3DES,
601 	SSL_SHA1,
602 	SSL_SSLV3,
603 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 	168,
606 	168,
607 	},
608 
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612 	{
613 	0,
614 	SSL3_TXT_FZA_DMS_NULL_SHA,
615 	SSL3_CK_FZA_DMS_NULL_SHA,
616 	SSL_kFZA,
617 	SSL_aFZA,
618 	SSL_eNULL,
619 	SSL_SHA1,
620 	SSL_SSLV3,
621 	SSL_NOT_EXP|SSL_STRONG_NONE,
622 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 	0,
624 	0,
625 	},
626 
627 /* Cipher 1D */
628 	{
629 	0,
630 	SSL3_TXT_FZA_DMS_FZA_SHA,
631 	SSL3_CK_FZA_DMS_FZA_SHA,
632 	SSL_kFZA,
633 	SSL_aFZA,
634 	SSL_eFZA,
635 	SSL_SHA1,
636 	SSL_SSLV3,
637 	SSL_NOT_EXP|SSL_STRONG_NONE,
638 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 	0,
640 	0,
641 	},
642 
643 /* Cipher 1E */
644 	{
645 	0,
646 	SSL3_TXT_FZA_DMS_RC4_SHA,
647 	SSL3_CK_FZA_DMS_RC4_SHA,
648 	SSL_kFZA,
649 	SSL_aFZA,
650 	SSL_RC4,
651 	SSL_SHA1,
652 	SSL_SSLV3,
653 	SSL_NOT_EXP|SSL_MEDIUM,
654 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 	128,
656 	128,
657 	},
658 #endif
659 
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663 	{
664 	1,
665 	SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 	SSL3_CK_KRB5_DES_64_CBC_SHA,
667 	SSL_kKRB5,
668 	SSL_aKRB5,
669 	SSL_DES,
670 	SSL_SHA1,
671 	SSL_SSLV3,
672 	SSL_NOT_EXP|SSL_LOW,
673 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 	56,
675 	56,
676 	},
677 
678 /* Cipher 1F */
679 	{
680 	1,
681 	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 	SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 	SSL_kKRB5,
684 	SSL_aKRB5,
685 	SSL_3DES,
686 	SSL_SHA1,
687 	SSL_SSLV3,
688 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 	168,
691 	168,
692 	},
693 
694 /* Cipher 20 */
695 	{
696 	1,
697 	SSL3_TXT_KRB5_RC4_128_SHA,
698 	SSL3_CK_KRB5_RC4_128_SHA,
699 	SSL_kKRB5,
700 	SSL_aKRB5,
701 	SSL_RC4,
702 	SSL_SHA1,
703 	SSL_SSLV3,
704 	SSL_NOT_EXP|SSL_MEDIUM,
705 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 	128,
707 	128,
708 	},
709 
710 /* Cipher 21 */
711 	{
712 	1,
713 	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 	SSL_kKRB5,
716 	SSL_aKRB5,
717 	SSL_IDEA,
718 	SSL_SHA1,
719 	SSL_SSLV3,
720 	SSL_NOT_EXP|SSL_MEDIUM,
721 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 	128,
723 	128,
724 	},
725 
726 /* Cipher 22 */
727 	{
728 	1,
729 	SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 	SSL3_CK_KRB5_DES_64_CBC_MD5,
731 	SSL_kKRB5,
732 	SSL_aKRB5,
733 	SSL_DES,
734 	SSL_MD5,
735 	SSL_SSLV3,
736 	SSL_NOT_EXP|SSL_LOW,
737 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 	56,
739 	56,
740 	},
741 
742 /* Cipher 23 */
743 	{
744 	1,
745 	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 	SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 	SSL_kKRB5,
748 	SSL_aKRB5,
749 	SSL_3DES,
750 	SSL_MD5,
751 	SSL_SSLV3,
752 	SSL_NOT_EXP|SSL_HIGH,
753 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 	168,
755 	168,
756 	},
757 
758 /* Cipher 24 */
759 	{
760 	1,
761 	SSL3_TXT_KRB5_RC4_128_MD5,
762 	SSL3_CK_KRB5_RC4_128_MD5,
763 	SSL_kKRB5,
764 	SSL_aKRB5,
765 	SSL_RC4,
766 	SSL_MD5,
767 	SSL_SSLV3,
768 	SSL_NOT_EXP|SSL_MEDIUM,
769 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 	128,
771 	128,
772 	},
773 
774 /* Cipher 25 */
775 	{
776 	1,
777 	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 	SSL_kKRB5,
780 	SSL_aKRB5,
781 	SSL_IDEA,
782 	SSL_MD5,
783 	SSL_SSLV3,
784 	SSL_NOT_EXP|SSL_MEDIUM,
785 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 	128,
787 	128,
788 	},
789 
790 /* Cipher 26 */
791 	{
792 	1,
793 	SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 	SSL3_CK_KRB5_DES_40_CBC_SHA,
795 	SSL_kKRB5,
796 	SSL_aKRB5,
797 	SSL_DES,
798 	SSL_SHA1,
799 	SSL_SSLV3,
800 	SSL_EXPORT|SSL_EXP40,
801 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 	40,
803 	56,
804 	},
805 
806 /* Cipher 27 */
807 	{
808 	1,
809 	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 	SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 	SSL_kKRB5,
812 	SSL_aKRB5,
813 	SSL_RC2,
814 	SSL_SHA1,
815 	SSL_SSLV3,
816 	SSL_EXPORT|SSL_EXP40,
817 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 	40,
819 	128,
820 	},
821 
822 /* Cipher 28 */
823 	{
824 	1,
825 	SSL3_TXT_KRB5_RC4_40_SHA,
826 	SSL3_CK_KRB5_RC4_40_SHA,
827 	SSL_kKRB5,
828 	SSL_aKRB5,
829 	SSL_RC4,
830 	SSL_SHA1,
831 	SSL_SSLV3,
832 	SSL_EXPORT|SSL_EXP40,
833 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 	40,
835 	128,
836 	},
837 
838 /* Cipher 29 */
839 	{
840 	1,
841 	SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 	SSL3_CK_KRB5_DES_40_CBC_MD5,
843 	SSL_kKRB5,
844 	SSL_aKRB5,
845 	SSL_DES,
846 	SSL_MD5,
847 	SSL_SSLV3,
848 	SSL_EXPORT|SSL_EXP40,
849 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 	40,
851 	56,
852 	},
853 
854 /* Cipher 2A */
855 	{
856 	1,
857 	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 	SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 	SSL_kKRB5,
860 	SSL_aKRB5,
861 	SSL_RC2,
862 	SSL_MD5,
863 	SSL_SSLV3,
864 	SSL_EXPORT|SSL_EXP40,
865 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 	40,
867 	128,
868 	},
869 
870 /* Cipher 2B */
871 	{
872 	1,
873 	SSL3_TXT_KRB5_RC4_40_MD5,
874 	SSL3_CK_KRB5_RC4_40_MD5,
875 	SSL_kKRB5,
876 	SSL_aKRB5,
877 	SSL_RC4,
878 	SSL_MD5,
879 	SSL_SSLV3,
880 	SSL_EXPORT|SSL_EXP40,
881 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 	40,
883 	128,
884 	},
885 #endif	/* OPENSSL_NO_KRB5 */
886 
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889 	{
890 	1,
891 	TLS1_TXT_RSA_WITH_AES_128_SHA,
892 	TLS1_CK_RSA_WITH_AES_128_SHA,
893 	SSL_kRSA,
894 	SSL_aRSA,
895 	SSL_AES128,
896 	SSL_SHA1,
897 	SSL_TLSV1,
898 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 	128,
901 	128,
902 	},
903 /* Cipher 30 */
904 	{
905 	0,
906 	TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 	TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 	SSL_kDHd,
909 	SSL_aDH,
910 	SSL_AES128,
911 	SSL_SHA1,
912 	SSL_TLSV1,
913 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 	128,
916 	128,
917 	},
918 /* Cipher 31 */
919 	{
920 	0,
921 	TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 	TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 	SSL_kDHr,
924 	SSL_aDH,
925 	SSL_AES128,
926 	SSL_SHA1,
927 	SSL_TLSV1,
928 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 	128,
931 	128,
932 	},
933 /* Cipher 32 */
934 	{
935 	1,
936 	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 	SSL_kEDH,
939 	SSL_aDSS,
940 	SSL_AES128,
941 	SSL_SHA1,
942 	SSL_TLSV1,
943 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 	128,
946 	128,
947 	},
948 /* Cipher 33 */
949 	{
950 	1,
951 	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 	SSL_kEDH,
954 	SSL_aRSA,
955 	SSL_AES128,
956 	SSL_SHA1,
957 	SSL_TLSV1,
958 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 	128,
961 	128,
962 	},
963 /* Cipher 34 */
964 	{
965 	1,
966 	TLS1_TXT_ADH_WITH_AES_128_SHA,
967 	TLS1_CK_ADH_WITH_AES_128_SHA,
968 	SSL_kEDH,
969 	SSL_aNULL,
970 	SSL_AES128,
971 	SSL_SHA1,
972 	SSL_TLSV1,
973 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 	128,
976 	128,
977 	},
978 
979 /* Cipher 35 */
980 	{
981 	1,
982 	TLS1_TXT_RSA_WITH_AES_256_SHA,
983 	TLS1_CK_RSA_WITH_AES_256_SHA,
984 	SSL_kRSA,
985 	SSL_aRSA,
986 	SSL_AES256,
987 	SSL_SHA1,
988 	SSL_TLSV1,
989 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 	256,
992 	256,
993 	},
994 /* Cipher 36 */
995 	{
996 	0,
997 	TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 	TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 	SSL_kDHd,
1000 	SSL_aDH,
1001 	SSL_AES256,
1002 	SSL_SHA1,
1003 	SSL_TLSV1,
1004 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 	256,
1007 	256,
1008 	},
1009 
1010 /* Cipher 37 */
1011 	{
1012 	0, /* not implemented (non-ephemeral DH) */
1013 	TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 	TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 	SSL_kDHr,
1016 	SSL_aDH,
1017 	SSL_AES256,
1018 	SSL_SHA1,
1019 	SSL_TLSV1,
1020 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 	256,
1023 	256,
1024 	},
1025 
1026 /* Cipher 38 */
1027 	{
1028 	1,
1029 	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 	SSL_kEDH,
1032 	SSL_aDSS,
1033 	SSL_AES256,
1034 	SSL_SHA1,
1035 	SSL_TLSV1,
1036 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 	256,
1039 	256,
1040 	},
1041 
1042 /* Cipher 39 */
1043 	{
1044 	1,
1045 	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 	SSL_kEDH,
1048 	SSL_aRSA,
1049 	SSL_AES256,
1050 	SSL_SHA1,
1051 	SSL_TLSV1,
1052 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 	256,
1055 	256,
1056 	},
1057 
1058 	/* Cipher 3A */
1059 	{
1060 	1,
1061 	TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 	TLS1_CK_ADH_WITH_AES_256_SHA,
1063 	SSL_kEDH,
1064 	SSL_aNULL,
1065 	SSL_AES256,
1066 	SSL_SHA1,
1067 	SSL_TLSV1,
1068 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 	256,
1071 	256,
1072 	},
1073 
1074 #ifndef OPENSSL_NO_CAMELLIA
1075 	/* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076 
1077 	/* Cipher 41 */
1078 	{
1079 	1,
1080 	TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081 	TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082 	SSL_kRSA,
1083 	SSL_aRSA,
1084 	SSL_CAMELLIA128,
1085 	SSL_SHA1,
1086 	SSL_TLSV1,
1087 	SSL_NOT_EXP|SSL_HIGH,
1088 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089 	128,
1090 	128,
1091 	},
1092 
1093 	/* Cipher 42 */
1094 	{
1095 	0, /* not implemented (non-ephemeral DH) */
1096 	TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097 	TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098 	SSL_kDHd,
1099 	SSL_aDH,
1100 	SSL_CAMELLIA128,
1101 	SSL_SHA1,
1102 	SSL_TLSV1,
1103 	SSL_NOT_EXP|SSL_HIGH,
1104 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105 	128,
1106 	128,
1107 	},
1108 
1109 	/* Cipher 43 */
1110 	{
1111 	0, /* not implemented (non-ephemeral DH) */
1112 	TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113 	TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114 	SSL_kDHr,
1115 	SSL_aDH,
1116 	SSL_CAMELLIA128,
1117 	SSL_SHA1,
1118 	SSL_TLSV1,
1119 	SSL_NOT_EXP|SSL_HIGH,
1120 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121 	128,
1122 	128,
1123 	},
1124 
1125 	/* Cipher 44 */
1126 	{
1127 	1,
1128 	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129 	TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130 	SSL_kEDH,
1131 	SSL_aDSS,
1132 	SSL_CAMELLIA128,
1133 	SSL_SHA1,
1134 	SSL_TLSV1,
1135 	SSL_NOT_EXP|SSL_HIGH,
1136 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137 	128,
1138 	128,
1139 	},
1140 
1141 	/* Cipher 45 */
1142 	{
1143 	1,
1144 	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145 	TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146 	SSL_kEDH,
1147 	SSL_aRSA,
1148 	SSL_CAMELLIA128,
1149 	SSL_SHA1,
1150 	SSL_TLSV1,
1151 	SSL_NOT_EXP|SSL_HIGH,
1152 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153 	128,
1154 	128,
1155 	},
1156 
1157 	/* Cipher 46 */
1158 	{
1159 	1,
1160 	TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161 	TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162 	SSL_kEDH,
1163 	SSL_aNULL,
1164 	SSL_CAMELLIA128,
1165 	SSL_SHA1,
1166 	SSL_TLSV1,
1167 	SSL_NOT_EXP|SSL_HIGH,
1168 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169 	128,
1170 	128,
1171 	},
1172 #endif /* OPENSSL_NO_CAMELLIA */
1173 
1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175 	/* New TLS Export CipherSuites from expired ID */
1176 #if 0
1177 	/* Cipher 60 */
1178 	{
1179 	1,
1180 	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181 	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182 	SSL_kRSA,
1183 	SSL_aRSA,
1184 	SSL_RC4,
1185 	SSL_MD5,
1186 	SSL_TLSV1,
1187 	SSL_EXPORT|SSL_EXP56,
1188 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189 	56,
1190 	128,
1191 	},
1192 
1193 	/* Cipher 61 */
1194 	{
1195 	1,
1196 	TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197 	TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198 	SSL_kRSA,
1199 	SSL_aRSA,
1200 	SSL_RC2,
1201 	SSL_MD5,
1202 	SSL_TLSV1,
1203 	SSL_EXPORT|SSL_EXP56,
1204 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205 	56,
1206 	128,
1207 	},
1208 #endif
1209 
1210 	/* Cipher 62 */
1211 	{
1212 	1,
1213 	TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214 	TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215 	SSL_kRSA,
1216 	SSL_aRSA,
1217 	SSL_DES,
1218 	SSL_SHA1,
1219 	SSL_TLSV1,
1220 	SSL_EXPORT|SSL_EXP56,
1221 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222 	56,
1223 	56,
1224 	},
1225 
1226 	/* Cipher 63 */
1227 	{
1228 	1,
1229 	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230 	TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231 	SSL_kEDH,
1232 	SSL_aDSS,
1233 	SSL_DES,
1234 	SSL_SHA1,
1235 	SSL_TLSV1,
1236 	SSL_EXPORT|SSL_EXP56,
1237 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238 	56,
1239 	56,
1240 	},
1241 
1242 	/* Cipher 64 */
1243 	{
1244 	1,
1245 	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246 	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247 	SSL_kRSA,
1248 	SSL_aRSA,
1249 	SSL_RC4,
1250 	SSL_SHA1,
1251 	SSL_TLSV1,
1252 	SSL_EXPORT|SSL_EXP56,
1253 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254 	56,
1255 	128,
1256 	},
1257 
1258 	/* Cipher 65 */
1259 	{
1260 	1,
1261 	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262 	TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263 	SSL_kEDH,
1264 	SSL_aDSS,
1265 	SSL_RC4,
1266 	SSL_SHA1,
1267 	SSL_TLSV1,
1268 	SSL_EXPORT|SSL_EXP56,
1269 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270 	56,
1271 	128,
1272 	},
1273 
1274 	/* Cipher 66 */
1275 	{
1276 	1,
1277 	TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278 	TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279 	SSL_kEDH,
1280 	SSL_aDSS,
1281 	SSL_RC4,
1282 	SSL_SHA1,
1283 	SSL_TLSV1,
1284 	SSL_NOT_EXP|SSL_MEDIUM,
1285 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 	128,
1287 	128,
1288 	},
1289 #endif
1290 	{
1291 	1,
1292 	"GOST94-GOST89-GOST89",
1293 	0x3000080,
1294 	SSL_kGOST,
1295 	SSL_aGOST94,
1296 	SSL_eGOST2814789CNT,
1297 	SSL_GOST89MAC,
1298 	SSL_TLSV1,
1299 	SSL_NOT_EXP|SSL_HIGH,
1300 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 	256,
1302 	256
1303 	},
1304 	{
1305 	1,
1306 	"GOST2001-GOST89-GOST89",
1307 	0x3000081,
1308 	SSL_kGOST,
1309 	SSL_aGOST01,
1310 	SSL_eGOST2814789CNT,
1311 	SSL_GOST89MAC,
1312 	SSL_TLSV1,
1313 	SSL_NOT_EXP|SSL_HIGH,
1314 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 	256,
1316 	256
1317 	},
1318 	{
1319 	1,
1320 	"GOST94-NULL-GOST94",
1321 	0x3000082,
1322 	SSL_kGOST,
1323 	SSL_aGOST94,
1324 	SSL_eNULL,
1325 	SSL_GOST94,
1326 	SSL_TLSV1,
1327 	SSL_NOT_EXP|SSL_STRONG_NONE,
1328 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 	0,
1330 	0
1331 	},
1332 	{
1333 	1,
1334 	"GOST2001-NULL-GOST94",
1335 	0x3000083,
1336 	SSL_kGOST,
1337 	SSL_aGOST01,
1338 	SSL_eNULL,
1339 	SSL_GOST94,
1340 	SSL_TLSV1,
1341 	SSL_NOT_EXP|SSL_STRONG_NONE,
1342 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 	0,
1344 	0
1345 	},
1346 
1347 #ifndef OPENSSL_NO_CAMELLIA
1348 	/* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349 
1350 	/* Cipher 84 */
1351 	{
1352 	1,
1353 	TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354 	TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355 	SSL_kRSA,
1356 	SSL_aRSA,
1357 	SSL_CAMELLIA256,
1358 	SSL_SHA1,
1359 	SSL_TLSV1,
1360 	SSL_NOT_EXP|SSL_HIGH,
1361 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362 	256,
1363 	256,
1364 	},
1365 	/* Cipher 85 */
1366 	{
1367 	0, /* not implemented (non-ephemeral DH) */
1368 	TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369 	TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370 	SSL_kDHd,
1371 	SSL_aDH,
1372 	SSL_CAMELLIA256,
1373 	SSL_SHA1,
1374 	SSL_TLSV1,
1375 	SSL_NOT_EXP|SSL_HIGH,
1376 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377 	256,
1378 	256,
1379 	},
1380 
1381 	/* Cipher 86 */
1382 	{
1383 	0, /* not implemented (non-ephemeral DH) */
1384 	TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385 	TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386 	SSL_kDHr,
1387 	SSL_aDH,
1388 	SSL_CAMELLIA256,
1389 	SSL_SHA1,
1390 	SSL_TLSV1,
1391 	SSL_NOT_EXP|SSL_HIGH,
1392 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 	256,
1394 	256,
1395 	},
1396 
1397 	/* Cipher 87 */
1398 	{
1399 	1,
1400 	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401 	TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402 	SSL_kEDH,
1403 	SSL_aDSS,
1404 	SSL_CAMELLIA256,
1405 	SSL_SHA1,
1406 	SSL_TLSV1,
1407 	SSL_NOT_EXP|SSL_HIGH,
1408 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409 	256,
1410 	256,
1411 	},
1412 
1413 	/* Cipher 88 */
1414 	{
1415 	1,
1416 	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417 	TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418 	SSL_kEDH,
1419 	SSL_aRSA,
1420 	SSL_CAMELLIA256,
1421 	SSL_SHA1,
1422 	SSL_TLSV1,
1423 	SSL_NOT_EXP|SSL_HIGH,
1424 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425 	256,
1426 	256,
1427 	},
1428 
1429 	/* Cipher 89 */
1430 	{
1431 	1,
1432 	TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433 	TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434 	SSL_kEDH,
1435 	SSL_aNULL,
1436 	SSL_CAMELLIA256,
1437 	SSL_SHA1,
1438 	SSL_TLSV1,
1439 	SSL_NOT_EXP|SSL_HIGH,
1440 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441 	256,
1442 	256,
1443 	},
1444 #endif /* OPENSSL_NO_CAMELLIA */
1445 
1446 #ifndef OPENSSL_NO_PSK
1447 	/* Cipher 8A */
1448 	{
1449 	1,
1450 	TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 	TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 	SSL_kPSK,
1453 	SSL_aPSK,
1454 	SSL_RC4,
1455 	SSL_SHA1,
1456 	SSL_TLSV1,
1457 	SSL_NOT_EXP|SSL_MEDIUM,
1458 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 	128,
1460 	128,
1461 	},
1462 
1463 	/* Cipher 8B */
1464 	{
1465 	1,
1466 	TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 	TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 	SSL_kPSK,
1469 	SSL_aPSK,
1470 	SSL_3DES,
1471 	SSL_SHA1,
1472 	SSL_TLSV1,
1473 	SSL_NOT_EXP|SSL_HIGH,
1474 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 	168,
1476 	168,
1477 	},
1478 
1479 	/* Cipher 8C */
1480 	{
1481 	1,
1482 	TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 	TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 	SSL_kPSK,
1485 	SSL_aPSK,
1486 	SSL_AES128,
1487 	SSL_SHA1,
1488 	SSL_TLSV1,
1489 	SSL_NOT_EXP|SSL_HIGH,
1490 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 	128,
1492 	128,
1493 	},
1494 
1495 	/* Cipher 8D */
1496 	{
1497 	1,
1498 	TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 	TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 	SSL_kPSK,
1501 	SSL_aPSK,
1502 	SSL_AES256,
1503 	SSL_SHA1,
1504 	SSL_TLSV1,
1505 	SSL_NOT_EXP|SSL_HIGH,
1506 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 	256,
1508 	256,
1509 	},
1510 #endif  /* OPENSSL_NO_PSK */
1511 
1512 #ifndef OPENSSL_NO_SEED
1513 	/* SEED ciphersuites from RFC4162 */
1514 
1515 	/* Cipher 96 */
1516 	{
1517 	1,
1518 	TLS1_TXT_RSA_WITH_SEED_SHA,
1519 	TLS1_CK_RSA_WITH_SEED_SHA,
1520 	SSL_kRSA,
1521 	SSL_aRSA,
1522 	SSL_SEED,
1523 	SSL_SHA1,
1524 	SSL_TLSV1,
1525 	SSL_NOT_EXP|SSL_MEDIUM,
1526 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527 	128,
1528 	128,
1529 	},
1530 
1531 	/* Cipher 97 */
1532 	{
1533 	0, /* not implemented (non-ephemeral DH) */
1534 	TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535 	TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536 	SSL_kDHd,
1537 	SSL_aDH,
1538 	SSL_SEED,
1539 	SSL_SHA1,
1540 	SSL_TLSV1,
1541 	SSL_NOT_EXP|SSL_MEDIUM,
1542 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543 	128,
1544 	128,
1545 	},
1546 
1547 	/* Cipher 98 */
1548 	{
1549 	0, /* not implemented (non-ephemeral DH) */
1550 	TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551 	TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552 	SSL_kDHr,
1553 	SSL_aDH,
1554 	SSL_SEED,
1555 	SSL_SHA1,
1556 	SSL_TLSV1,
1557 	SSL_NOT_EXP|SSL_MEDIUM,
1558 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559 	128,
1560 	128,
1561 	},
1562 
1563 	/* Cipher 99 */
1564 	{
1565 	1,
1566 	TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567 	TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568 	SSL_kEDH,
1569 	SSL_aDSS,
1570 	SSL_SEED,
1571 	SSL_SHA1,
1572 	SSL_TLSV1,
1573 	SSL_NOT_EXP|SSL_MEDIUM,
1574 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 	128,
1576 	128,
1577 	},
1578 
1579 	/* Cipher 9A */
1580 	{
1581 	1,
1582 	TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583 	TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584 	SSL_kEDH,
1585 	SSL_aRSA,
1586 	SSL_SEED,
1587 	SSL_SHA1,
1588 	SSL_TLSV1,
1589 	SSL_NOT_EXP|SSL_MEDIUM,
1590 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591 	128,
1592 	128,
1593 	},
1594 
1595 	/* Cipher 9B */
1596 	{
1597 	1,
1598 	TLS1_TXT_ADH_WITH_SEED_SHA,
1599 	TLS1_CK_ADH_WITH_SEED_SHA,
1600 	SSL_kEDH,
1601 	SSL_aNULL,
1602 	SSL_SEED,
1603 	SSL_SHA1,
1604 	SSL_TLSV1,
1605 	SSL_NOT_EXP|SSL_MEDIUM,
1606 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607 	128,
1608 	128,
1609 	},
1610 
1611 #endif /* OPENSSL_NO_SEED */
1612 
1613 #ifndef OPENSSL_NO_ECDH
1614 	/* Cipher C001 */
1615 	{
1616 	1,
1617 	TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618 	TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619 	SSL_kECDHe,
1620 	SSL_aECDH,
1621 	SSL_eNULL,
1622 	SSL_SHA1,
1623 	SSL_TLSV1,
1624 	SSL_NOT_EXP|SSL_STRONG_NONE,
1625 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626 	0,
1627 	0,
1628 	},
1629 
1630 	/* Cipher C002 */
1631 	{
1632 	1,
1633 	TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634 	TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635 	SSL_kECDHe,
1636 	SSL_aECDH,
1637 	SSL_RC4,
1638 	SSL_SHA1,
1639 	SSL_TLSV1,
1640 	SSL_NOT_EXP|SSL_MEDIUM,
1641 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642 	128,
1643 	128,
1644 	},
1645 
1646 	/* Cipher C003 */
1647 	{
1648 	1,
1649 	TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650 	TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651 	SSL_kECDHe,
1652 	SSL_aECDH,
1653 	SSL_3DES,
1654 	SSL_SHA1,
1655 	SSL_TLSV1,
1656 	SSL_NOT_EXP|SSL_HIGH,
1657 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658 	168,
1659 	168,
1660 	},
1661 
1662 	/* Cipher C004 */
1663 	{
1664 	1,
1665 	TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666 	TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667 	SSL_kECDHe,
1668 	SSL_aECDH,
1669 	SSL_AES128,
1670 	SSL_SHA1,
1671 	SSL_TLSV1,
1672 	SSL_NOT_EXP|SSL_HIGH,
1673 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674 	128,
1675 	128,
1676 	},
1677 
1678 	/* Cipher C005 */
1679 	{
1680 	1,
1681 	TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682 	TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683 	SSL_kECDHe,
1684 	SSL_aECDH,
1685 	SSL_AES256,
1686 	SSL_SHA1,
1687 	SSL_TLSV1,
1688 	SSL_NOT_EXP|SSL_HIGH,
1689 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690 	256,
1691 	256,
1692 	},
1693 
1694 	/* Cipher C006 */
1695 	{
1696 	1,
1697 	TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698 	TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699 	SSL_kEECDH,
1700 	SSL_aECDSA,
1701 	SSL_eNULL,
1702 	SSL_SHA1,
1703 	SSL_TLSV1,
1704 	SSL_NOT_EXP|SSL_STRONG_NONE,
1705 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706 	0,
1707 	0,
1708 	},
1709 
1710 	/* Cipher C007 */
1711 	{
1712 	1,
1713 	TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714 	TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715 	SSL_kEECDH,
1716 	SSL_aECDSA,
1717 	SSL_RC4,
1718 	SSL_SHA1,
1719 	SSL_TLSV1,
1720 	SSL_NOT_EXP|SSL_MEDIUM,
1721 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722 	128,
1723 	128,
1724 	},
1725 
1726 	/* Cipher C008 */
1727 	{
1728 	1,
1729 	TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730 	TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731 	SSL_kEECDH,
1732 	SSL_aECDSA,
1733 	SSL_3DES,
1734 	SSL_SHA1,
1735 	SSL_TLSV1,
1736 	SSL_NOT_EXP|SSL_HIGH,
1737 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738 	168,
1739 	168,
1740 	},
1741 
1742 	/* Cipher C009 */
1743 	{
1744 	1,
1745 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747 	SSL_kEECDH,
1748 	SSL_aECDSA,
1749 	SSL_AES128,
1750 	SSL_SHA1,
1751 	SSL_TLSV1,
1752 	SSL_NOT_EXP|SSL_HIGH,
1753 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754 	128,
1755 	128,
1756 	},
1757 
1758 	/* Cipher C00A */
1759 	{
1760 	1,
1761 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763 	SSL_kEECDH,
1764 	SSL_aECDSA,
1765 	SSL_AES256,
1766 	SSL_SHA1,
1767 	SSL_TLSV1,
1768 	SSL_NOT_EXP|SSL_HIGH,
1769 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770 	256,
1771 	256,
1772 	},
1773 
1774 	/* Cipher C00B */
1775 	{
1776 	1,
1777 	TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778 	TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779 	SSL_kECDHr,
1780 	SSL_aECDH,
1781 	SSL_eNULL,
1782 	SSL_SHA1,
1783 	SSL_TLSV1,
1784 	SSL_NOT_EXP|SSL_STRONG_NONE,
1785 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786 	0,
1787 	0,
1788 	},
1789 
1790 	/* Cipher C00C */
1791 	{
1792 	1,
1793 	TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794 	TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795 	SSL_kECDHr,
1796 	SSL_aECDH,
1797 	SSL_RC4,
1798 	SSL_SHA1,
1799 	SSL_TLSV1,
1800 	SSL_NOT_EXP|SSL_MEDIUM,
1801 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802 	128,
1803 	128,
1804 	},
1805 
1806 	/* Cipher C00D */
1807 	{
1808 	1,
1809 	TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810 	TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811 	SSL_kECDHr,
1812 	SSL_aECDH,
1813 	SSL_3DES,
1814 	SSL_SHA1,
1815 	SSL_TLSV1,
1816 	SSL_NOT_EXP|SSL_HIGH,
1817 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818 	168,
1819 	168,
1820 	},
1821 
1822 	/* Cipher C00E */
1823 	{
1824 	1,
1825 	TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826 	TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827 	SSL_kECDHr,
1828 	SSL_aECDH,
1829 	SSL_AES128,
1830 	SSL_SHA1,
1831 	SSL_TLSV1,
1832 	SSL_NOT_EXP|SSL_HIGH,
1833 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834 	128,
1835 	128,
1836 	},
1837 
1838 	/* Cipher C00F */
1839 	{
1840 	1,
1841 	TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842 	TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843 	SSL_kECDHr,
1844 	SSL_aECDH,
1845 	SSL_AES256,
1846 	SSL_SHA1,
1847 	SSL_TLSV1,
1848 	SSL_NOT_EXP|SSL_HIGH,
1849 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850 	256,
1851 	256,
1852 	},
1853 
1854 	/* Cipher C010 */
1855 	{
1856 	1,
1857 	TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858 	TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859 	SSL_kEECDH,
1860 	SSL_aRSA,
1861 	SSL_eNULL,
1862 	SSL_SHA1,
1863 	SSL_TLSV1,
1864 	SSL_NOT_EXP|SSL_STRONG_NONE,
1865 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866 	0,
1867 	0,
1868 	},
1869 
1870 	/* Cipher C011 */
1871 	{
1872 	1,
1873 	TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874 	TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875 	SSL_kEECDH,
1876 	SSL_aRSA,
1877 	SSL_RC4,
1878 	SSL_SHA1,
1879 	SSL_TLSV1,
1880 	SSL_NOT_EXP|SSL_MEDIUM,
1881 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882 	128,
1883 	128,
1884 	},
1885 
1886 	/* Cipher C012 */
1887 	{
1888 	1,
1889 	TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890 	TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891 	SSL_kEECDH,
1892 	SSL_aRSA,
1893 	SSL_3DES,
1894 	SSL_SHA1,
1895 	SSL_TLSV1,
1896 	SSL_NOT_EXP|SSL_HIGH,
1897 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898 	168,
1899 	168,
1900 	},
1901 
1902 	/* Cipher C013 */
1903 	{
1904 	1,
1905 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906 	TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907 	SSL_kEECDH,
1908 	SSL_aRSA,
1909 	SSL_AES128,
1910 	SSL_SHA1,
1911 	SSL_TLSV1,
1912 	SSL_NOT_EXP|SSL_HIGH,
1913 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914 	128,
1915 	128,
1916 	},
1917 
1918 	/* Cipher C014 */
1919 	{
1920 	1,
1921 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922 	TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923 	SSL_kEECDH,
1924 	SSL_aRSA,
1925 	SSL_AES256,
1926 	SSL_SHA1,
1927 	SSL_TLSV1,
1928 	SSL_NOT_EXP|SSL_HIGH,
1929 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930 	256,
1931 	256,
1932 	},
1933 
1934 	/* Cipher C015 */
1935 	{
1936 	1,
1937 	TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938 	TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939 	SSL_kEECDH,
1940 	SSL_aNULL,
1941 	SSL_eNULL,
1942 	SSL_SHA1,
1943 	SSL_TLSV1,
1944 	SSL_NOT_EXP|SSL_STRONG_NONE,
1945 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946 	0,
1947 	0,
1948 	},
1949 
1950 	/* Cipher C016 */
1951 	{
1952 	1,
1953 	TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954 	TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955 	SSL_kEECDH,
1956 	SSL_aNULL,
1957 	SSL_RC4,
1958 	SSL_SHA1,
1959 	SSL_TLSV1,
1960 	SSL_NOT_EXP|SSL_MEDIUM,
1961 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962 	128,
1963 	128,
1964 	},
1965 
1966 	/* Cipher C017 */
1967 	{
1968 	1,
1969 	TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970 	TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971 	SSL_kEECDH,
1972 	SSL_aNULL,
1973 	SSL_3DES,
1974 	SSL_SHA1,
1975 	SSL_TLSV1,
1976 	SSL_NOT_EXP|SSL_HIGH,
1977 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978 	168,
1979 	168,
1980 	},
1981 
1982 	/* Cipher C018 */
1983 	{
1984 	1,
1985 	TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986 	TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987 	SSL_kEECDH,
1988 	SSL_aNULL,
1989 	SSL_AES128,
1990 	SSL_SHA1,
1991 	SSL_TLSV1,
1992 	SSL_NOT_EXP|SSL_HIGH,
1993 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994 	128,
1995 	128,
1996 	},
1997 
1998 	/* Cipher C019 */
1999 	{
2000 	1,
2001 	TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002 	TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003 	SSL_kEECDH,
2004 	SSL_aNULL,
2005 	SSL_AES256,
2006 	SSL_SHA1,
2007 	SSL_TLSV1,
2008 	SSL_NOT_EXP|SSL_HIGH,
2009 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010 	256,
2011 	256,
2012 	},
2013 #endif	/* OPENSSL_NO_ECDH */
2014 
2015 #ifdef TEMP_GOST_TLS
2016 /* Cipher FF00 */
2017 	{
2018 	1,
2019 	"GOST-MD5",
2020 	0x0300ff00,
2021 	SSL_kRSA,
2022 	SSL_aRSA,
2023 	SSL_eGOST2814789CNT,
2024 	SSL_MD5,
2025 	SSL_TLSV1,
2026 	SSL_NOT_EXP|SSL_HIGH,
2027 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 	256,
2029 	256,
2030 	},
2031 	{
2032 	1,
2033 	"GOST-GOST94",
2034 	0x0300ff01,
2035 	SSL_kRSA,
2036 	SSL_aRSA,
2037 	SSL_eGOST2814789CNT,
2038 	SSL_GOST94,
2039 	SSL_TLSV1,
2040 	SSL_NOT_EXP|SSL_HIGH,
2041 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 	256,
2043 	256
2044 	},
2045 	{
2046 	1,
2047 	"GOST-GOST89MAC",
2048 	0x0300ff02,
2049 	SSL_kRSA,
2050 	SSL_aRSA,
2051 	SSL_eGOST2814789CNT,
2052 	SSL_GOST89MAC,
2053 	SSL_TLSV1,
2054 	SSL_NOT_EXP|SSL_HIGH,
2055 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 	256,
2057 	256
2058 	},
2059 	{
2060 	1,
2061 	"GOST-GOST89STREAM",
2062 	0x0300ff03,
2063 	SSL_kRSA,
2064 	SSL_aRSA,
2065 	SSL_eGOST2814789CNT,
2066 	SSL_GOST89MAC,
2067 	SSL_TLSV1,
2068 	SSL_NOT_EXP|SSL_HIGH,
2069 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 	256,
2071 	256
2072 	},
2073 #endif
2074 
2075 /* end of list */
2076 	};
2077 
2078 SSL3_ENC_METHOD SSLv3_enc_data={
2079 	ssl3_enc,
2080 	n_ssl3_mac,
2081 	ssl3_setup_key_block,
2082 	ssl3_generate_master_secret,
2083 	ssl3_change_cipher_state,
2084 	ssl3_final_finish_mac,
2085 	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086 	ssl3_cert_verify_mac,
2087 	SSL3_MD_CLIENT_FINISHED_CONST,4,
2088 	SSL3_MD_SERVER_FINISHED_CONST,4,
2089 	ssl3_alert_code,
2090 	};
2091 
2092 long ssl3_default_timeout(void)
2093 	{
2094 	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095 	 * is way too long for http, the cache would over fill */
2096 	return(60*60*2);
2097 	}
2098 
2099 int ssl3_num_ciphers(void)
2100 	{
2101 	return(SSL3_NUM_CIPHERS);
2102 	}
2103 
2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105 	{
2106 	if (u < SSL3_NUM_CIPHERS)
2107 		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108 	else
2109 		return(NULL);
2110 	}
2111 
2112 int ssl3_pending(const SSL *s)
2113 	{
2114 	if (s->rstate == SSL_ST_READ_BODY)
2115 		return 0;
2116 
2117 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118 	}
2119 
2120 int ssl3_new(SSL *s)
2121 	{
2122 	SSL3_STATE *s3;
2123 
2124 	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125 	memset(s3,0,sizeof *s3);
2126 	memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127 	memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128 
2129 	s->s3=s3;
2130 
2131 	s->method->ssl_clear(s);
2132 	return(1);
2133 err:
2134 	return(0);
2135 	}
2136 
2137 void ssl3_free(SSL *s)
2138 	{
2139 	if(s == NULL)
2140 	    return;
2141 
2142 #ifdef TLSEXT_TYPE_opaque_prf_input
2143 	if (s->s3->client_opaque_prf_input != NULL)
2144 		OPENSSL_free(s->s3->client_opaque_prf_input);
2145 	if (s->s3->server_opaque_prf_input != NULL)
2146 		OPENSSL_free(s->s3->server_opaque_prf_input);
2147 #endif
2148 
2149 	ssl3_cleanup_key_block(s);
2150 	if (s->s3->rbuf.buf != NULL)
2151 		ssl3_release_read_buffer(s);
2152 	if (s->s3->wbuf.buf != NULL)
2153 		ssl3_release_write_buffer(s);
2154 	if (s->s3->rrec.comp != NULL)
2155 		OPENSSL_free(s->s3->rrec.comp);
2156 #ifndef OPENSSL_NO_DH
2157 	if (s->s3->tmp.dh != NULL)
2158 		DH_free(s->s3->tmp.dh);
2159 #endif
2160 #ifndef OPENSSL_NO_ECDH
2161 	if (s->s3->tmp.ecdh != NULL)
2162 		EC_KEY_free(s->s3->tmp.ecdh);
2163 #endif
2164 
2165 	if (s->s3->tmp.ca_names != NULL)
2166 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167 	if (s->s3->handshake_buffer) {
2168 		BIO_free(s->s3->handshake_buffer);
2169 	}
2170 	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172 	OPENSSL_free(s->s3);
2173 	s->s3=NULL;
2174 	}
2175 
2176 void ssl3_clear(SSL *s)
2177 	{
2178 	unsigned char *rp,*wp;
2179 	size_t rlen, wlen;
2180 	int init_extra;
2181 
2182 #ifdef TLSEXT_TYPE_opaque_prf_input
2183 	if (s->s3->client_opaque_prf_input != NULL)
2184 		OPENSSL_free(s->s3->client_opaque_prf_input);
2185 	s->s3->client_opaque_prf_input = NULL;
2186 	if (s->s3->server_opaque_prf_input != NULL)
2187 		OPENSSL_free(s->s3->server_opaque_prf_input);
2188 	s->s3->server_opaque_prf_input = NULL;
2189 #endif
2190 
2191 	ssl3_cleanup_key_block(s);
2192 	if (s->s3->tmp.ca_names != NULL)
2193 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2194 
2195 	if (s->s3->rrec.comp != NULL)
2196 		{
2197 		OPENSSL_free(s->s3->rrec.comp);
2198 		s->s3->rrec.comp=NULL;
2199 		}
2200 #ifndef OPENSSL_NO_DH
2201 	if (s->s3->tmp.dh != NULL)
2202 		{
2203 		DH_free(s->s3->tmp.dh);
2204 		s->s3->tmp.dh = NULL;
2205 		}
2206 #endif
2207 #ifndef OPENSSL_NO_ECDH
2208 	if (s->s3->tmp.ecdh != NULL)
2209 		{
2210 		EC_KEY_free(s->s3->tmp.ecdh);
2211 		s->s3->tmp.ecdh = NULL;
2212 		}
2213 #endif
2214 
2215 	rp = s->s3->rbuf.buf;
2216 	wp = s->s3->wbuf.buf;
2217 	rlen = s->s3->rbuf.len;
2218  	wlen = s->s3->wbuf.len;
2219 	init_extra = s->s3->init_extra;
2220 	if (s->s3->handshake_buffer) {
2221 		BIO_free(s->s3->handshake_buffer);
2222 		s->s3->handshake_buffer = NULL;
2223 	}
2224 	if (s->s3->handshake_dgst) {
2225 		ssl3_free_digest_list(s);
2226 	}
2227 	memset(s->s3,0,sizeof *s->s3);
2228 	s->s3->rbuf.buf = rp;
2229 	s->s3->wbuf.buf = wp;
2230 	s->s3->rbuf.len = rlen;
2231  	s->s3->wbuf.len = wlen;
2232 	s->s3->init_extra = init_extra;
2233 
2234 	ssl_free_wbio_buffer(s);
2235 
2236 	s->packet_length=0;
2237 	s->s3->renegotiate=0;
2238 	s->s3->total_renegotiations=0;
2239 	s->s3->num_renegotiations=0;
2240 	s->s3->in_read_app_data=0;
2241 	s->version=SSL3_VERSION;
2242 	}
2243 
2244 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2245 	{
2246 	int ret=0;
2247 
2248 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2249 	if (
2250 #ifndef OPENSSL_NO_RSA
2251 	    cmd == SSL_CTRL_SET_TMP_RSA ||
2252 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2253 #endif
2254 #ifndef OPENSSL_NO_DSA
2255 	    cmd == SSL_CTRL_SET_TMP_DH ||
2256 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
2257 #endif
2258 		0)
2259 		{
2260 		if (!ssl_cert_inst(&s->cert))
2261 		    	{
2262 			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2263 			return(0);
2264 			}
2265 		}
2266 #endif
2267 
2268 	switch (cmd)
2269 		{
2270 	case SSL_CTRL_GET_SESSION_REUSED:
2271 		ret=s->hit;
2272 		break;
2273 	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2274 		break;
2275 	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2276 		ret=s->s3->num_renegotiations;
2277 		break;
2278 	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2279 		ret=s->s3->num_renegotiations;
2280 		s->s3->num_renegotiations=0;
2281 		break;
2282 	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2283 		ret=s->s3->total_renegotiations;
2284 		break;
2285 	case SSL_CTRL_GET_FLAGS:
2286 		ret=(int)(s->s3->flags);
2287 		break;
2288 #ifndef OPENSSL_NO_RSA
2289 	case SSL_CTRL_NEED_TMP_RSA:
2290 		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2291 		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2292 		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2293 			ret = 1;
2294 		break;
2295 	case SSL_CTRL_SET_TMP_RSA:
2296 		{
2297 			RSA *rsa = (RSA *)parg;
2298 			if (rsa == NULL)
2299 				{
2300 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2301 				return(ret);
2302 				}
2303 			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2304 				{
2305 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2306 				return(ret);
2307 				}
2308 			if (s->cert->rsa_tmp != NULL)
2309 				RSA_free(s->cert->rsa_tmp);
2310 			s->cert->rsa_tmp = rsa;
2311 			ret = 1;
2312 		}
2313 		break;
2314 	case SSL_CTRL_SET_TMP_RSA_CB:
2315 		{
2316 		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2317 		return(ret);
2318 		}
2319 		break;
2320 #endif
2321 #ifndef OPENSSL_NO_DH
2322 	case SSL_CTRL_SET_TMP_DH:
2323 		{
2324 			DH *dh = (DH *)parg;
2325 			if (dh == NULL)
2326 				{
2327 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2328 				return(ret);
2329 				}
2330 			if ((dh = DHparams_dup(dh)) == NULL)
2331 				{
2332 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2333 				return(ret);
2334 				}
2335 			if (!(s->options & SSL_OP_SINGLE_DH_USE))
2336 				{
2337 				if (!DH_generate_key(dh))
2338 					{
2339 					DH_free(dh);
2340 					SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2341 					return(ret);
2342 					}
2343 				}
2344 			if (s->cert->dh_tmp != NULL)
2345 				DH_free(s->cert->dh_tmp);
2346 			s->cert->dh_tmp = dh;
2347 			ret = 1;
2348 		}
2349 		break;
2350 	case SSL_CTRL_SET_TMP_DH_CB:
2351 		{
2352 		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2353 		return(ret);
2354 		}
2355 		break;
2356 #endif
2357 #ifndef OPENSSL_NO_ECDH
2358 	case SSL_CTRL_SET_TMP_ECDH:
2359 		{
2360 		EC_KEY *ecdh = NULL;
2361 
2362 		if (parg == NULL)
2363 			{
2364 			SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2365 			return(ret);
2366 			}
2367 		if (!EC_KEY_up_ref((EC_KEY *)parg))
2368 			{
2369 			SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2370 			return(ret);
2371 			}
2372 		ecdh = (EC_KEY *)parg;
2373 		if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2374 			{
2375 			if (!EC_KEY_generate_key(ecdh))
2376 				{
2377 				EC_KEY_free(ecdh);
2378 				SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2379 				return(ret);
2380 				}
2381 			}
2382 		if (s->cert->ecdh_tmp != NULL)
2383 			EC_KEY_free(s->cert->ecdh_tmp);
2384 		s->cert->ecdh_tmp = ecdh;
2385 		ret = 1;
2386 		}
2387 		break;
2388 	case SSL_CTRL_SET_TMP_ECDH_CB:
2389 		{
2390 		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2391 		return(ret);
2392 		}
2393 		break;
2394 #endif /* !OPENSSL_NO_ECDH */
2395 #ifndef OPENSSL_NO_TLSEXT
2396 	case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2397  		if (larg == TLSEXT_NAMETYPE_host_name)
2398 			{
2399 			if (s->tlsext_hostname != NULL)
2400 				OPENSSL_free(s->tlsext_hostname);
2401 			s->tlsext_hostname = NULL;
2402 
2403 			ret = 1;
2404 			if (parg == NULL)
2405 				break;
2406 			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2407 				{
2408 				SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2409 				return 0;
2410 				}
2411 			if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2412 				{
2413 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2414 				return 0;
2415 				}
2416 			}
2417 		else
2418 			{
2419 			SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2420 			return 0;
2421 			}
2422  		break;
2423 	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2424 		s->tlsext_debug_arg=parg;
2425 		ret = 1;
2426 		break;
2427 
2428 #ifdef TLSEXT_TYPE_opaque_prf_input
2429 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2430 		if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2431 		                   * (including the cert chain and everything) */
2432 			{
2433 			SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2434 			break;
2435 			}
2436 		if (s->tlsext_opaque_prf_input != NULL)
2437 			OPENSSL_free(s->tlsext_opaque_prf_input);
2438 		if ((size_t)larg == 0)
2439 			s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2440 		else
2441 			s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2442 		if (s->tlsext_opaque_prf_input != NULL)
2443 			{
2444 			s->tlsext_opaque_prf_input_len = (size_t)larg;
2445 			ret = 1;
2446 			}
2447 		else
2448 			s->tlsext_opaque_prf_input_len = 0;
2449 		break;
2450 #endif
2451 
2452 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2453 		s->tlsext_status_type=larg;
2454 		ret = 1;
2455 		break;
2456 
2457 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2458 		*(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2459 		ret = 1;
2460 		break;
2461 
2462 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2463 		s->tlsext_ocsp_exts = parg;
2464 		ret = 1;
2465 		break;
2466 
2467 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2468 		*(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2469 		ret = 1;
2470 		break;
2471 
2472 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2473 		s->tlsext_ocsp_ids = parg;
2474 		ret = 1;
2475 		break;
2476 
2477 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2478 		*(unsigned char **)parg = s->tlsext_ocsp_resp;
2479 		return s->tlsext_ocsp_resplen;
2480 
2481 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2482 		if (s->tlsext_ocsp_resp)
2483 			OPENSSL_free(s->tlsext_ocsp_resp);
2484 		s->tlsext_ocsp_resp = parg;
2485 		s->tlsext_ocsp_resplen = larg;
2486 		ret = 1;
2487 		break;
2488 
2489 #endif /* !OPENSSL_NO_TLSEXT */
2490 	default:
2491 		break;
2492 		}
2493 	return(ret);
2494 	}
2495 
2496 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2497 	{
2498 	int ret=0;
2499 
2500 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2501 	if (
2502 #ifndef OPENSSL_NO_RSA
2503 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2504 #endif
2505 #ifndef OPENSSL_NO_DSA
2506 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
2507 #endif
2508 		0)
2509 		{
2510 		if (!ssl_cert_inst(&s->cert))
2511 			{
2512 			SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2513 			return(0);
2514 			}
2515 		}
2516 #endif
2517 
2518 	switch (cmd)
2519 		{
2520 #ifndef OPENSSL_NO_RSA
2521 	case SSL_CTRL_SET_TMP_RSA_CB:
2522 		{
2523 		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2524 		}
2525 		break;
2526 #endif
2527 #ifndef OPENSSL_NO_DH
2528 	case SSL_CTRL_SET_TMP_DH_CB:
2529 		{
2530 		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2531 		}
2532 		break;
2533 #endif
2534 #ifndef OPENSSL_NO_ECDH
2535 	case SSL_CTRL_SET_TMP_ECDH_CB:
2536 		{
2537 		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2538 		}
2539 		break;
2540 #endif
2541 #ifndef OPENSSL_NO_TLSEXT
2542 	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2543 		s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2544 					unsigned char *, int, void *))fp;
2545 		break;
2546 #endif
2547 	default:
2548 		break;
2549 		}
2550 	return(ret);
2551 	}
2552 
2553 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2554 	{
2555 	CERT *cert;
2556 
2557 	cert=ctx->cert;
2558 
2559 	switch (cmd)
2560 		{
2561 #ifndef OPENSSL_NO_RSA
2562 	case SSL_CTRL_NEED_TMP_RSA:
2563 		if (	(cert->rsa_tmp == NULL) &&
2564 			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2565 			 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2566 			)
2567 			return(1);
2568 		else
2569 			return(0);
2570 		/* break; */
2571 	case SSL_CTRL_SET_TMP_RSA:
2572 		{
2573 		RSA *rsa;
2574 		int i;
2575 
2576 		rsa=(RSA *)parg;
2577 		i=1;
2578 		if (rsa == NULL)
2579 			i=0;
2580 		else
2581 			{
2582 			if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2583 				i=0;
2584 			}
2585 		if (!i)
2586 			{
2587 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2588 			return(0);
2589 			}
2590 		else
2591 			{
2592 			if (cert->rsa_tmp != NULL)
2593 				RSA_free(cert->rsa_tmp);
2594 			cert->rsa_tmp=rsa;
2595 			return(1);
2596 			}
2597 		}
2598 		/* break; */
2599 	case SSL_CTRL_SET_TMP_RSA_CB:
2600 		{
2601 		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2602 		return(0);
2603 		}
2604 		break;
2605 #endif
2606 #ifndef OPENSSL_NO_DH
2607 	case SSL_CTRL_SET_TMP_DH:
2608 		{
2609 		DH *new=NULL,*dh;
2610 
2611 		dh=(DH *)parg;
2612 		if ((new=DHparams_dup(dh)) == NULL)
2613 			{
2614 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2615 			return 0;
2616 			}
2617 		if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2618 			{
2619 			if (!DH_generate_key(new))
2620 				{
2621 				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2622 				DH_free(new);
2623 				return 0;
2624 				}
2625 			}
2626 		if (cert->dh_tmp != NULL)
2627 			DH_free(cert->dh_tmp);
2628 		cert->dh_tmp=new;
2629 		return 1;
2630 		}
2631 		/*break; */
2632 	case SSL_CTRL_SET_TMP_DH_CB:
2633 		{
2634 		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2635 		return(0);
2636 		}
2637 		break;
2638 #endif
2639 #ifndef OPENSSL_NO_ECDH
2640 	case SSL_CTRL_SET_TMP_ECDH:
2641 		{
2642 		EC_KEY *ecdh = NULL;
2643 
2644 		if (parg == NULL)
2645 			{
2646 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2647 			return 0;
2648 			}
2649 		ecdh = EC_KEY_dup((EC_KEY *)parg);
2650 		if (ecdh == NULL)
2651 			{
2652 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2653 			return 0;
2654 			}
2655 		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2656 			{
2657 			if (!EC_KEY_generate_key(ecdh))
2658 				{
2659 				EC_KEY_free(ecdh);
2660 				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2661 				return 0;
2662 				}
2663 			}
2664 
2665 		if (cert->ecdh_tmp != NULL)
2666 			{
2667 			EC_KEY_free(cert->ecdh_tmp);
2668 			}
2669 		cert->ecdh_tmp = ecdh;
2670 		return 1;
2671 		}
2672 		/* break; */
2673 	case SSL_CTRL_SET_TMP_ECDH_CB:
2674 		{
2675 		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2676 		return(0);
2677 		}
2678 		break;
2679 #endif /* !OPENSSL_NO_ECDH */
2680 #ifndef OPENSSL_NO_TLSEXT
2681 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2682 		ctx->tlsext_servername_arg=parg;
2683 		break;
2684 	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2685 	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2686 		{
2687 		unsigned char *keys = parg;
2688 		if (!keys)
2689 			return 48;
2690 		if (larg != 48)
2691 			{
2692 			SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2693 			return 0;
2694 			}
2695 		if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2696 			{
2697 			memcpy(ctx->tlsext_tick_key_name, keys, 16);
2698 			memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2699 			memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2700 			}
2701 		else
2702 			{
2703 			memcpy(keys, ctx->tlsext_tick_key_name, 16);
2704 			memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2705 			memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2706 			}
2707 		return 1;
2708 		}
2709 
2710 #ifdef TLSEXT_TYPE_opaque_prf_input
2711 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2712 		ctx->tlsext_opaque_prf_input_callback_arg = parg;
2713 		return 1;
2714 #endif
2715 
2716 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2717 		ctx->tlsext_status_arg=parg;
2718 		return 1;
2719 		break;
2720 
2721 #endif /* !OPENSSL_NO_TLSEXT */
2722 
2723 	/* A Thawte special :-) */
2724 	case SSL_CTRL_EXTRA_CHAIN_CERT:
2725 		if (ctx->extra_certs == NULL)
2726 			{
2727 			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2728 				return(0);
2729 			}
2730 		sk_X509_push(ctx->extra_certs,(X509 *)parg);
2731 		break;
2732 
2733 	default:
2734 		return(0);
2735 		}
2736 	return(1);
2737 	}
2738 
2739 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2740 	{
2741 	CERT *cert;
2742 
2743 	cert=ctx->cert;
2744 
2745 	switch (cmd)
2746 		{
2747 #ifndef OPENSSL_NO_RSA
2748 	case SSL_CTRL_SET_TMP_RSA_CB:
2749 		{
2750 		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2751 		}
2752 		break;
2753 #endif
2754 #ifndef OPENSSL_NO_DH
2755 	case SSL_CTRL_SET_TMP_DH_CB:
2756 		{
2757 		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2758 		}
2759 		break;
2760 #endif
2761 #ifndef OPENSSL_NO_ECDH
2762 	case SSL_CTRL_SET_TMP_ECDH_CB:
2763 		{
2764 		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2765 		}
2766 		break;
2767 #endif
2768 #ifndef OPENSSL_NO_TLSEXT
2769 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2770 		ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2771 		break;
2772 
2773 #ifdef TLSEXT_TYPE_opaque_prf_input
2774 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2775 		ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2776 		break;
2777 #endif
2778 
2779 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2780 		ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2781 		break;
2782 
2783 	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2784 		ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
2785 						unsigned char *,
2786 						EVP_CIPHER_CTX *,
2787 						HMAC_CTX *, int))fp;
2788 		break;
2789 
2790 #endif
2791 	default:
2792 		return(0);
2793 		}
2794 	return(1);
2795 	}
2796 
2797 /* This function needs to check if the ciphers required are actually
2798  * available */
2799 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2800 	{
2801 	SSL_CIPHER c;
2802 	const SSL_CIPHER *cp;
2803 	unsigned long id;
2804 
2805 	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2806 	c.id=id;
2807 	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2808 	if (cp == NULL || cp->valid == 0)
2809 		return NULL;
2810 	else
2811 		return cp;
2812 	}
2813 
2814 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2815 	{
2816 	long l;
2817 
2818 	if (p != NULL)
2819 		{
2820 		l=c->id;
2821 		if ((l & 0xff000000) != 0x03000000) return(0);
2822 		p[0]=((unsigned char)(l>> 8L))&0xFF;
2823 		p[1]=((unsigned char)(l     ))&0xFF;
2824 		}
2825 	return(2);
2826 	}
2827 
2828 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2829 	     STACK_OF(SSL_CIPHER) *srvr)
2830 	{
2831 	SSL_CIPHER *c,*ret=NULL;
2832 	STACK_OF(SSL_CIPHER) *prio, *allow;
2833 	int i,ii,ok;
2834 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2835 	unsigned int j;
2836 	int ec_ok, ec_nid;
2837 	unsigned char ec_search1 = 0, ec_search2 = 0;
2838 #endif
2839 	CERT *cert;
2840 	unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2841 
2842 	/* Let's see which ciphers we can support */
2843 	cert=s->cert;
2844 
2845 #if 0
2846 	/* Do not set the compare functions, because this may lead to a
2847 	 * reordering by "id". We want to keep the original ordering.
2848 	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2849 	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2850 	 */
2851 	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2852 	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2853 #endif
2854 
2855 #ifdef CIPHER_DEBUG
2856 	printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2857 	for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2858 		{
2859 		c=sk_SSL_CIPHER_value(srvr,i);
2860 		printf("%p:%s\n",(void *)c,c->name);
2861 		}
2862 	printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2863 	for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2864 	    {
2865 	    c=sk_SSL_CIPHER_value(clnt,i);
2866 	    printf("%p:%s\n",(void *)c,c->name);
2867 	    }
2868 #endif
2869 
2870 	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2871 		{
2872 		prio = srvr;
2873 		allow = clnt;
2874 		}
2875 	else
2876 		{
2877 		prio = clnt;
2878 		allow = srvr;
2879 		}
2880 
2881 	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2882 		{
2883 		c=sk_SSL_CIPHER_value(prio,i);
2884 
2885 		ssl_set_cert_masks(cert,c);
2886 		mask_k = cert->mask_k;
2887 		mask_a = cert->mask_a;
2888 		emask_k = cert->export_mask_k;
2889 		emask_a = cert->export_mask_a;
2890 
2891 #ifdef KSSL_DEBUG
2892 /*		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2893 #endif    /* KSSL_DEBUG */
2894 
2895 		alg_k=c->algorithm_mkey;
2896 		alg_a=c->algorithm_auth;
2897 
2898 #ifndef OPENSSL_NO_KRB5
2899 		if (alg_k & SSL_kKRB5)
2900 			{
2901 			if ( !kssl_keytab_is_available(s->kssl_ctx) )
2902 			    continue;
2903 			}
2904 #endif /* OPENSSL_NO_KRB5 */
2905 #ifndef OPENSSL_NO_PSK
2906 		/* with PSK there must be server callback set */
2907 		if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2908 			continue;
2909 #endif /* OPENSSL_NO_PSK */
2910 
2911 		if (SSL_C_IS_EXPORT(c))
2912 			{
2913 			ok = (alg_k & emask_k) && (alg_a & emask_a);
2914 #ifdef CIPHER_DEBUG
2915 			printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2916 			       (void *)c,c->name);
2917 #endif
2918 			}
2919 		else
2920 			{
2921 			ok = (alg_k & mask_k) && (alg_a & mask_a);
2922 #ifdef CIPHER_DEBUG
2923 			printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2924 			       c->name);
2925 #endif
2926 			}
2927 
2928 #ifndef OPENSSL_NO_TLSEXT
2929 #ifndef OPENSSL_NO_EC
2930 		if (
2931 			/* if we are considering an ECC cipher suite that uses our certificate */
2932 			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2933 			/* and we have an ECC certificate */
2934 			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2935 			/* and the client specified a Supported Point Formats extension */
2936 			&& ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2937 			/* and our certificate's point is compressed */
2938 			&& (
2939 				(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2940 				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2941 				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2942 				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2943 				&& (
2944 					(*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2945 					|| (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2946 					)
2947 				)
2948 		)
2949 			{
2950 			ec_ok = 0;
2951 			/* if our certificate's curve is over a field type that the client does not support
2952 			 * then do not allow this cipher suite to be negotiated */
2953 			if (
2954 				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2955 				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2956 				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2957 				&& (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2958 			)
2959 				{
2960 				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2961 					{
2962 					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2963 						{
2964 						ec_ok = 1;
2965 						break;
2966 						}
2967 					}
2968 				}
2969 			else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2970 				{
2971 				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2972 					{
2973 					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2974 						{
2975 						ec_ok = 1;
2976 						break;
2977 						}
2978 					}
2979 				}
2980 			ok = ok && ec_ok;
2981 			}
2982 		if (
2983 			/* if we are considering an ECC cipher suite that uses our certificate */
2984 			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2985 			/* and we have an ECC certificate */
2986 			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2987 			/* and the client specified an EllipticCurves extension */
2988 			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2989 		)
2990 			{
2991 			ec_ok = 0;
2992 			if (
2993 				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2994 				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2995 			)
2996 				{
2997 				ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2998 				if ((ec_nid == 0)
2999 					&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3000 				)
3001 					{
3002 					if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3003 						{
3004 						ec_search1 = 0xFF;
3005 						ec_search2 = 0x01;
3006 						}
3007 					else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3008 						{
3009 						ec_search1 = 0xFF;
3010 						ec_search2 = 0x02;
3011 						}
3012 					}
3013 				else
3014 					{
3015 					ec_search1 = 0x00;
3016 					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3017 					}
3018 				if ((ec_search1 != 0) || (ec_search2 != 0))
3019 					{
3020 					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3021 						{
3022 						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3023 							{
3024 							ec_ok = 1;
3025 							break;
3026 							}
3027 						}
3028 					}
3029 				}
3030 			ok = ok && ec_ok;
3031 			}
3032 		if (
3033 			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3034 			(alg_k & SSL_kEECDH)
3035 			/* and we have an ephemeral EC key */
3036 			&& (s->cert->ecdh_tmp != NULL)
3037 			/* and the client specified an EllipticCurves extension */
3038 			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3039 		)
3040 			{
3041 			ec_ok = 0;
3042 			if (s->cert->ecdh_tmp->group != NULL)
3043 				{
3044 				ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3045 				if ((ec_nid == 0)
3046 					&& (s->cert->ecdh_tmp->group->meth != NULL)
3047 				)
3048 					{
3049 					if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3050 						{
3051 						ec_search1 = 0xFF;
3052 						ec_search2 = 0x01;
3053 						}
3054 					else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3055 						{
3056 						ec_search1 = 0xFF;
3057 						ec_search2 = 0x02;
3058 						}
3059 					}
3060 				else
3061 					{
3062 					ec_search1 = 0x00;
3063 					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3064 					}
3065 				if ((ec_search1 != 0) || (ec_search2 != 0))
3066 					{
3067 					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3068 						{
3069 						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3070 							{
3071 							ec_ok = 1;
3072 							break;
3073 							}
3074 						}
3075 					}
3076 				}
3077 			ok = ok && ec_ok;
3078 			}
3079 #endif /* OPENSSL_NO_EC */
3080 #endif /* OPENSSL_NO_TLSEXT */
3081 
3082 		if (!ok) continue;
3083 		ii=sk_SSL_CIPHER_find(allow,c);
3084 		if (ii >= 0)
3085 			{
3086 			ret=sk_SSL_CIPHER_value(allow,ii);
3087 			break;
3088 			}
3089 		}
3090 	return(ret);
3091 	}
3092 
3093 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3094 	{
3095 	int ret=0;
3096 	unsigned long alg_k;
3097 
3098 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3099 
3100 #ifndef OPENSSL_NO_GOST
3101 	if (s->version >= TLS1_VERSION)
3102 		{
3103 		if (alg_k & SSL_kGOST)
3104 			{
3105 			p[ret++]=TLS_CT_GOST94_SIGN;
3106 			p[ret++]=TLS_CT_GOST01_SIGN;
3107 			return(ret);
3108 			}
3109 		}
3110 #endif
3111 
3112 #ifndef OPENSSL_NO_DH
3113 	if (alg_k & (SSL_kDHr|SSL_kEDH))
3114 		{
3115 #  ifndef OPENSSL_NO_RSA
3116 		p[ret++]=SSL3_CT_RSA_FIXED_DH;
3117 #  endif
3118 #  ifndef OPENSSL_NO_DSA
3119 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
3120 #  endif
3121 		}
3122 	if ((s->version == SSL3_VERSION) &&
3123 		(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3124 		{
3125 #  ifndef OPENSSL_NO_RSA
3126 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3127 #  endif
3128 #  ifndef OPENSSL_NO_DSA
3129 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3130 #  endif
3131 		}
3132 #endif /* !OPENSSL_NO_DH */
3133 #ifndef OPENSSL_NO_RSA
3134 	p[ret++]=SSL3_CT_RSA_SIGN;
3135 #endif
3136 #ifndef OPENSSL_NO_DSA
3137 	p[ret++]=SSL3_CT_DSS_SIGN;
3138 #endif
3139 #ifndef OPENSSL_NO_ECDH
3140 	if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3141 		{
3142 		p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3143 		p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3144 		}
3145 #endif
3146 
3147 #ifndef OPENSSL_NO_ECDSA
3148 	/* ECDSA certs can be used with RSA cipher suites as well
3149 	 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3150 	 */
3151 	if (s->version >= TLS1_VERSION)
3152 		{
3153 		p[ret++]=TLS_CT_ECDSA_SIGN;
3154 		}
3155 #endif
3156 	return(ret);
3157 	}
3158 
3159 int ssl3_shutdown(SSL *s)
3160 	{
3161 	int ret;
3162 
3163 	/* Don't do anything much if we have not done the handshake or
3164 	 * we don't want to send messages :-) */
3165 	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3166 		{
3167 		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3168 		return(1);
3169 		}
3170 
3171 	if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3172 		{
3173 		s->shutdown|=SSL_SENT_SHUTDOWN;
3174 #if 1
3175 		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3176 #endif
3177 		/* our shutdown alert has been sent now, and if it still needs
3178 	 	 * to be written, s->s3->alert_dispatch will be true */
3179 	 	if (s->s3->alert_dispatch)
3180 	 		return(-1);	/* return WANT_WRITE */
3181 		}
3182 	else if (s->s3->alert_dispatch)
3183 		{
3184 		/* resend it if not sent */
3185 #if 1
3186 		ret=s->method->ssl_dispatch_alert(s);
3187 		if(ret == -1)
3188 			{
3189 			/* we only get to return -1 here the 2nd/Nth
3190 			 * invocation, we must  have already signalled
3191 			 * return 0 upon a previous invoation,
3192 			 * return WANT_WRITE */
3193 			return(ret);
3194 			}
3195 #endif
3196 		}
3197 	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3198 		{
3199 		/* If we are waiting for a close from our peer, we are closed */
3200 		s->method->ssl_read_bytes(s,0,NULL,0,0);
3201 		if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3202 			{
3203 			return(-1);	/* return WANT_READ */
3204 			}
3205 		}
3206 
3207 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3208 		!s->s3->alert_dispatch)
3209 		return(1);
3210 	else
3211 		return(0);
3212 	}
3213 
3214 int ssl3_write(SSL *s, const void *buf, int len)
3215 	{
3216 	int ret,n;
3217 
3218 #if 0
3219 	if (s->shutdown & SSL_SEND_SHUTDOWN)
3220 		{
3221 		s->rwstate=SSL_NOTHING;
3222 		return(0);
3223 		}
3224 #endif
3225 	clear_sys_error();
3226 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3227 
3228 	/* This is an experimental flag that sends the
3229 	 * last handshake message in the same packet as the first
3230 	 * use data - used to see if it helps the TCP protocol during
3231 	 * session-id reuse */
3232 	/* The second test is because the buffer may have been removed */
3233 	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3234 		{
3235 		/* First time through, we write into the buffer */
3236 		if (s->s3->delay_buf_pop_ret == 0)
3237 			{
3238 			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3239 					     buf,len);
3240 			if (ret <= 0) return(ret);
3241 
3242 			s->s3->delay_buf_pop_ret=ret;
3243 			}
3244 
3245 		s->rwstate=SSL_WRITING;
3246 		n=BIO_flush(s->wbio);
3247 		if (n <= 0) return(n);
3248 		s->rwstate=SSL_NOTHING;
3249 
3250 		/* We have flushed the buffer, so remove it */
3251 		ssl_free_wbio_buffer(s);
3252 		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3253 
3254 		ret=s->s3->delay_buf_pop_ret;
3255 		s->s3->delay_buf_pop_ret=0;
3256 		}
3257 	else
3258 		{
3259 		ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3260 			buf,len);
3261 		if (ret <= 0) return(ret);
3262 		}
3263 
3264 	return(ret);
3265 	}
3266 
3267 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3268 	{
3269 	int ret;
3270 
3271 	clear_sys_error();
3272 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3273 	s->s3->in_read_app_data=1;
3274 	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3275 	if ((ret == -1) && (s->s3->in_read_app_data == 2))
3276 		{
3277 		/* ssl3_read_bytes decided to call s->handshake_func, which
3278 		 * called ssl3_read_bytes to read handshake data.
3279 		 * However, ssl3_read_bytes actually found application data
3280 		 * and thinks that application data makes sense here; so disable
3281 		 * handshake processing and try to read application data again. */
3282 		s->in_handshake++;
3283 		ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3284 		s->in_handshake--;
3285 		}
3286 	else
3287 		s->s3->in_read_app_data=0;
3288 
3289 	return(ret);
3290 	}
3291 
3292 int ssl3_read(SSL *s, void *buf, int len)
3293 	{
3294 	return ssl3_read_internal(s, buf, len, 0);
3295 	}
3296 
3297 int ssl3_peek(SSL *s, void *buf, int len)
3298 	{
3299 	return ssl3_read_internal(s, buf, len, 1);
3300 	}
3301 
3302 int ssl3_renegotiate(SSL *s)
3303 	{
3304 	if (s->handshake_func == NULL)
3305 		return(1);
3306 
3307 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3308 		return(0);
3309 
3310 	s->s3->renegotiate=1;
3311 	return(1);
3312 	}
3313 
3314 int ssl3_renegotiate_check(SSL *s)
3315 	{
3316 	int ret=0;
3317 
3318 	if (s->s3->renegotiate)
3319 		{
3320 		if (	(s->s3->rbuf.left == 0) &&
3321 			(s->s3->wbuf.left == 0) &&
3322 			!SSL_in_init(s))
3323 			{
3324 /*
3325 if we are the server, and we have sent a 'RENEGOTIATE' message, we
3326 need to go to SSL_ST_ACCEPT.
3327 */
3328 			/* SSL_ST_ACCEPT */
3329 			s->state=SSL_ST_RENEGOTIATE;
3330 			s->s3->renegotiate=0;
3331 			s->s3->num_renegotiations++;
3332 			s->s3->total_renegotiations++;
3333 			ret=1;
3334 			}
3335 		}
3336 	return(ret);
3337 	}
3338 
3339