Import OpenSSL-1.0.0f.
[dragonfly.git] / crypto / openssl / ssl / s3_lib.c
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by 
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174         {
175         1,
176         SSL3_TXT_RSA_NULL_MD5,
177         SSL3_CK_RSA_NULL_MD5,
178         SSL_kRSA,
179         SSL_aRSA,
180         SSL_eNULL,
181         SSL_MD5,
182         SSL_SSLV3,
183         SSL_NOT_EXP|SSL_STRONG_NONE,
184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185         0,
186         0,
187         },
188
189 /* Cipher 02 */
190         {
191         1,
192         SSL3_TXT_RSA_NULL_SHA,
193         SSL3_CK_RSA_NULL_SHA,
194         SSL_kRSA,
195         SSL_aRSA,
196         SSL_eNULL,
197         SSL_SHA1,
198         SSL_SSLV3,
199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201         0,
202         0,
203         },
204
205 /* Cipher 03 */
206         {
207         1,
208         SSL3_TXT_RSA_RC4_40_MD5,
209         SSL3_CK_RSA_RC4_40_MD5,
210         SSL_kRSA,
211         SSL_aRSA,
212         SSL_RC4,
213         SSL_MD5,
214         SSL_SSLV3,
215         SSL_EXPORT|SSL_EXP40,
216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217         40,
218         128,
219         },
220
221 /* Cipher 04 */
222         {
223         1,
224         SSL3_TXT_RSA_RC4_128_MD5,
225         SSL3_CK_RSA_RC4_128_MD5,
226         SSL_kRSA,
227         SSL_aRSA,
228         SSL_RC4,
229         SSL_MD5,
230         SSL_SSLV3,
231         SSL_NOT_EXP|SSL_MEDIUM,
232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233         128,
234         128,
235         },
236
237 /* Cipher 05 */
238         {
239         1,
240         SSL3_TXT_RSA_RC4_128_SHA,
241         SSL3_CK_RSA_RC4_128_SHA,
242         SSL_kRSA,
243         SSL_aRSA,
244         SSL_RC4,
245         SSL_SHA1,
246         SSL_SSLV3,
247         SSL_NOT_EXP|SSL_MEDIUM,
248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249         128,
250         128,
251         },
252
253 /* Cipher 06 */
254         {
255         1,
256         SSL3_TXT_RSA_RC2_40_MD5,
257         SSL3_CK_RSA_RC2_40_MD5,
258         SSL_kRSA,
259         SSL_aRSA,
260         SSL_RC2,
261         SSL_MD5,
262         SSL_SSLV3,
263         SSL_EXPORT|SSL_EXP40,
264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265         40,
266         128,
267         },
268
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271         {
272         1,
273         SSL3_TXT_RSA_IDEA_128_SHA,
274         SSL3_CK_RSA_IDEA_128_SHA,
275         SSL_kRSA,
276         SSL_aRSA,
277         SSL_IDEA,
278         SSL_SHA1,
279         SSL_SSLV3,
280         SSL_NOT_EXP|SSL_MEDIUM,
281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282         128,
283         128,
284         },
285 #endif
286
287 /* Cipher 08 */
288         {
289         1,
290         SSL3_TXT_RSA_DES_40_CBC_SHA,
291         SSL3_CK_RSA_DES_40_CBC_SHA,
292         SSL_kRSA,
293         SSL_aRSA,
294         SSL_DES,
295         SSL_SHA1,
296         SSL_SSLV3,
297         SSL_EXPORT|SSL_EXP40,
298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299         40,
300         56,
301         },
302
303 /* Cipher 09 */
304         {
305         1,
306         SSL3_TXT_RSA_DES_64_CBC_SHA,
307         SSL3_CK_RSA_DES_64_CBC_SHA,
308         SSL_kRSA,
309         SSL_aRSA,
310         SSL_DES,
311         SSL_SHA1,
312         SSL_SSLV3,
313         SSL_NOT_EXP|SSL_LOW,
314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315         56,
316         56,
317         },
318
319 /* Cipher 0A */
320         {
321         1,
322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
323         SSL3_CK_RSA_DES_192_CBC3_SHA,
324         SSL_kRSA,
325         SSL_aRSA,
326         SSL_3DES,
327         SSL_SHA1,
328         SSL_SSLV3,
329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331         168,
332         168,
333         },
334
335 /* The DH ciphers */
336 /* Cipher 0B */
337         {
338         0,
339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341         SSL_kDHd,
342         SSL_aDH,
343         SSL_DES,
344         SSL_SHA1,
345         SSL_SSLV3,
346         SSL_EXPORT|SSL_EXP40,
347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348         40,
349         56,
350         },
351
352 /* Cipher 0C */
353         {
354         0, /* not implemented (non-ephemeral DH) */
355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357         SSL_kDHd,
358         SSL_aDH,
359         SSL_DES,
360         SSL_SHA1,
361         SSL_SSLV3,
362         SSL_NOT_EXP|SSL_LOW,
363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364         56,
365         56,
366         },
367
368 /* Cipher 0D */
369         {
370         0, /* not implemented (non-ephemeral DH) */
371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373         SSL_kDHd,
374         SSL_aDH,
375         SSL_3DES,
376         SSL_SHA1,
377         SSL_SSLV3,
378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380         168,
381         168,
382         },
383
384 /* Cipher 0E */
385         {
386         0, /* not implemented (non-ephemeral DH) */
387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389         SSL_kDHr,
390         SSL_aDH,
391         SSL_DES,
392         SSL_SHA1,
393         SSL_SSLV3,
394         SSL_EXPORT|SSL_EXP40,
395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396         40,
397         56,
398         },
399
400 /* Cipher 0F */
401         {
402         0, /* not implemented (non-ephemeral DH) */
403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405         SSL_kDHr,
406         SSL_aDH,
407         SSL_DES,
408         SSL_SHA1,
409         SSL_SSLV3,
410         SSL_NOT_EXP|SSL_LOW,
411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412         56,
413         56,
414         },
415
416 /* Cipher 10 */
417         {
418         0, /* not implemented (non-ephemeral DH) */
419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421         SSL_kDHr,
422         SSL_aDH,
423         SSL_3DES,
424         SSL_SHA1,
425         SSL_SSLV3,
426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428         168,
429         168,
430         },
431
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434         {
435         1,
436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438         SSL_kEDH,
439         SSL_aDSS,
440         SSL_DES,
441         SSL_SHA1,
442         SSL_SSLV3,
443         SSL_EXPORT|SSL_EXP40,
444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445         40,
446         56,
447         },
448
449 /* Cipher 12 */
450         {
451         1,
452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454         SSL_kEDH,
455         SSL_aDSS,
456         SSL_DES,
457         SSL_SHA1,
458         SSL_SSLV3,
459         SSL_NOT_EXP|SSL_LOW,
460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461         56,
462         56,
463         },
464
465 /* Cipher 13 */
466         {
467         1,
468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470         SSL_kEDH,
471         SSL_aDSS,
472         SSL_3DES,
473         SSL_SHA1,
474         SSL_SSLV3,
475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477         168,
478         168,
479         },
480
481 /* Cipher 14 */
482         {
483         1,
484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486         SSL_kEDH,
487         SSL_aRSA,
488         SSL_DES,
489         SSL_SHA1,
490         SSL_SSLV3,
491         SSL_EXPORT|SSL_EXP40,
492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493         40,
494         56,
495         },
496
497 /* Cipher 15 */
498         {
499         1,
500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502         SSL_kEDH,
503         SSL_aRSA,
504         SSL_DES,
505         SSL_SHA1,
506         SSL_SSLV3,
507         SSL_NOT_EXP|SSL_LOW,
508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509         56,
510         56,
511         },
512
513 /* Cipher 16 */
514         {
515         1,
516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518         SSL_kEDH,
519         SSL_aRSA,
520         SSL_3DES,
521         SSL_SHA1,
522         SSL_SSLV3,
523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525         168,
526         168,
527         },
528
529 /* Cipher 17 */
530         {
531         1,
532         SSL3_TXT_ADH_RC4_40_MD5,
533         SSL3_CK_ADH_RC4_40_MD5,
534         SSL_kEDH,
535         SSL_aNULL,
536         SSL_RC4,
537         SSL_MD5,
538         SSL_SSLV3,
539         SSL_EXPORT|SSL_EXP40,
540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541         40,
542         128,
543         },
544
545 /* Cipher 18 */
546         {
547         1,
548         SSL3_TXT_ADH_RC4_128_MD5,
549         SSL3_CK_ADH_RC4_128_MD5,
550         SSL_kEDH,
551         SSL_aNULL,
552         SSL_RC4,
553         SSL_MD5,
554         SSL_SSLV3,
555         SSL_NOT_EXP|SSL_MEDIUM,
556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557         128,
558         128,
559         },
560
561 /* Cipher 19 */
562         {
563         1,
564         SSL3_TXT_ADH_DES_40_CBC_SHA,
565         SSL3_CK_ADH_DES_40_CBC_SHA,
566         SSL_kEDH,
567         SSL_aNULL,
568         SSL_DES,
569         SSL_SHA1,
570         SSL_SSLV3,
571         SSL_EXPORT|SSL_EXP40,
572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573         40,
574         128,
575         },
576
577 /* Cipher 1A */
578         {
579         1,
580         SSL3_TXT_ADH_DES_64_CBC_SHA,
581         SSL3_CK_ADH_DES_64_CBC_SHA,
582         SSL_kEDH,
583         SSL_aNULL,
584         SSL_DES,
585         SSL_SHA1,
586         SSL_SSLV3,
587         SSL_NOT_EXP|SSL_LOW,
588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589         56,
590         56,
591         },
592
593 /* Cipher 1B */
594         {
595         1,
596         SSL3_TXT_ADH_DES_192_CBC_SHA,
597         SSL3_CK_ADH_DES_192_CBC_SHA,
598         SSL_kEDH,
599         SSL_aNULL,
600         SSL_3DES,
601         SSL_SHA1,
602         SSL_SSLV3,
603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605         168,
606         168,
607         },
608
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612         {
613         0,
614         SSL3_TXT_FZA_DMS_NULL_SHA,
615         SSL3_CK_FZA_DMS_NULL_SHA,
616         SSL_kFZA,
617         SSL_aFZA,
618         SSL_eNULL,
619         SSL_SHA1,
620         SSL_SSLV3,
621         SSL_NOT_EXP|SSL_STRONG_NONE,
622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623         0,
624         0,
625         },
626
627 /* Cipher 1D */
628         {
629         0,
630         SSL3_TXT_FZA_DMS_FZA_SHA,
631         SSL3_CK_FZA_DMS_FZA_SHA,
632         SSL_kFZA,
633         SSL_aFZA,
634         SSL_eFZA,
635         SSL_SHA1,
636         SSL_SSLV3,
637         SSL_NOT_EXP|SSL_STRONG_NONE,
638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639         0,
640         0,
641         },
642
643 /* Cipher 1E */
644         {
645         0,
646         SSL3_TXT_FZA_DMS_RC4_SHA,
647         SSL3_CK_FZA_DMS_RC4_SHA,
648         SSL_kFZA,
649         SSL_aFZA,
650         SSL_RC4,
651         SSL_SHA1,
652         SSL_SSLV3,
653         SSL_NOT_EXP|SSL_MEDIUM,
654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655         128,
656         128,
657         },
658 #endif
659
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663         {
664         1,
665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
666         SSL3_CK_KRB5_DES_64_CBC_SHA,
667         SSL_kKRB5,
668         SSL_aKRB5,
669         SSL_DES,
670         SSL_SHA1,
671         SSL_SSLV3,
672         SSL_NOT_EXP|SSL_LOW,
673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674         56,
675         56,
676         },
677
678 /* Cipher 1F */
679         {
680         1,
681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
683         SSL_kKRB5,
684         SSL_aKRB5,
685         SSL_3DES,
686         SSL_SHA1,
687         SSL_SSLV3,
688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690         168,
691         168,
692         },
693
694 /* Cipher 20 */
695         {
696         1,
697         SSL3_TXT_KRB5_RC4_128_SHA,
698         SSL3_CK_KRB5_RC4_128_SHA,
699         SSL_kKRB5,
700         SSL_aKRB5,
701         SSL_RC4,
702         SSL_SHA1,
703         SSL_SSLV3,
704         SSL_NOT_EXP|SSL_MEDIUM,
705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706         128,
707         128,
708         },
709
710 /* Cipher 21 */
711         {
712         1,
713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715         SSL_kKRB5,
716         SSL_aKRB5,
717         SSL_IDEA,
718         SSL_SHA1,
719         SSL_SSLV3,
720         SSL_NOT_EXP|SSL_MEDIUM,
721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722         128,
723         128,
724         },
725
726 /* Cipher 22 */
727         {
728         1,
729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
730         SSL3_CK_KRB5_DES_64_CBC_MD5,
731         SSL_kKRB5,
732         SSL_aKRB5,
733         SSL_DES,
734         SSL_MD5,
735         SSL_SSLV3,
736         SSL_NOT_EXP|SSL_LOW,
737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738         56,
739         56,
740         },
741
742 /* Cipher 23 */
743         {
744         1,
745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
747         SSL_kKRB5,
748         SSL_aKRB5,
749         SSL_3DES,
750         SSL_MD5,
751         SSL_SSLV3,
752         SSL_NOT_EXP|SSL_HIGH,
753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754         168,
755         168,
756         },
757
758 /* Cipher 24 */
759         {
760         1,
761         SSL3_TXT_KRB5_RC4_128_MD5,
762         SSL3_CK_KRB5_RC4_128_MD5,
763         SSL_kKRB5,
764         SSL_aKRB5,
765         SSL_RC4,
766         SSL_MD5,
767         SSL_SSLV3,
768         SSL_NOT_EXP|SSL_MEDIUM,
769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770         128,
771         128,
772         },
773
774 /* Cipher 25 */
775         {
776         1,
777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779         SSL_kKRB5,
780         SSL_aKRB5,
781         SSL_IDEA,
782         SSL_MD5,
783         SSL_SSLV3,
784         SSL_NOT_EXP|SSL_MEDIUM,
785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786         128,
787         128,
788         },
789
790 /* Cipher 26 */
791         {
792         1,
793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
794         SSL3_CK_KRB5_DES_40_CBC_SHA,
795         SSL_kKRB5,
796         SSL_aKRB5,
797         SSL_DES,
798         SSL_SHA1,
799         SSL_SSLV3,
800         SSL_EXPORT|SSL_EXP40,
801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802         40,
803         56,
804         },
805
806 /* Cipher 27 */
807         {
808         1,
809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
811         SSL_kKRB5,
812         SSL_aKRB5,
813         SSL_RC2,
814         SSL_SHA1,
815         SSL_SSLV3,
816         SSL_EXPORT|SSL_EXP40,
817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818         40,
819         128,
820         },
821
822 /* Cipher 28 */
823         {
824         1,
825         SSL3_TXT_KRB5_RC4_40_SHA,
826         SSL3_CK_KRB5_RC4_40_SHA,
827         SSL_kKRB5,
828         SSL_aKRB5,
829         SSL_RC4,
830         SSL_SHA1,
831         SSL_SSLV3,
832         SSL_EXPORT|SSL_EXP40,
833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834         40,
835         128,
836         },
837
838 /* Cipher 29 */
839         {
840         1,
841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
842         SSL3_CK_KRB5_DES_40_CBC_MD5,
843         SSL_kKRB5,
844         SSL_aKRB5,
845         SSL_DES,
846         SSL_MD5,
847         SSL_SSLV3,
848         SSL_EXPORT|SSL_EXP40,
849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850         40,
851         56,
852         },
853
854 /* Cipher 2A */
855         {
856         1,
857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
859         SSL_kKRB5,
860         SSL_aKRB5,
861         SSL_RC2,
862         SSL_MD5,
863         SSL_SSLV3,
864         SSL_EXPORT|SSL_EXP40,
865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866         40,
867         128,
868         },
869
870 /* Cipher 2B */
871         {
872         1,
873         SSL3_TXT_KRB5_RC4_40_MD5,
874         SSL3_CK_KRB5_RC4_40_MD5,
875         SSL_kKRB5,
876         SSL_aKRB5,
877         SSL_RC4,
878         SSL_MD5,
879         SSL_SSLV3,
880         SSL_EXPORT|SSL_EXP40,
881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882         40,
883         128,
884         },
885 #endif  /* OPENSSL_NO_KRB5 */
886
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889         {
890         1,
891         TLS1_TXT_RSA_WITH_AES_128_SHA,
892         TLS1_CK_RSA_WITH_AES_128_SHA,
893         SSL_kRSA,
894         SSL_aRSA,
895         SSL_AES128,
896         SSL_SHA1,
897         SSL_TLSV1,
898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900         128,
901         128,
902         },
903 /* Cipher 30 */
904         {
905         0,
906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908         SSL_kDHd,
909         SSL_aDH,
910         SSL_AES128,
911         SSL_SHA1,
912         SSL_TLSV1,
913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915         128,
916         128,
917         },
918 /* Cipher 31 */
919         {
920         0,
921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923         SSL_kDHr,
924         SSL_aDH,
925         SSL_AES128,
926         SSL_SHA1,
927         SSL_TLSV1,
928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930         128,
931         128,
932         },
933 /* Cipher 32 */
934         {
935         1,
936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938         SSL_kEDH,
939         SSL_aDSS,
940         SSL_AES128,
941         SSL_SHA1,
942         SSL_TLSV1,
943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945         128,
946         128,
947         },
948 /* Cipher 33 */
949         {
950         1,
951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953         SSL_kEDH,
954         SSL_aRSA,
955         SSL_AES128,
956         SSL_SHA1,
957         SSL_TLSV1,
958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960         128,
961         128,
962         },
963 /* Cipher 34 */
964         {
965         1,
966         TLS1_TXT_ADH_WITH_AES_128_SHA,
967         TLS1_CK_ADH_WITH_AES_128_SHA,
968         SSL_kEDH,
969         SSL_aNULL,
970         SSL_AES128,
971         SSL_SHA1,
972         SSL_TLSV1,
973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975         128,
976         128,
977         },
978
979 /* Cipher 35 */
980         {
981         1,
982         TLS1_TXT_RSA_WITH_AES_256_SHA,
983         TLS1_CK_RSA_WITH_AES_256_SHA,
984         SSL_kRSA,
985         SSL_aRSA,
986         SSL_AES256,
987         SSL_SHA1,
988         SSL_TLSV1,
989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991         256,
992         256,
993         },
994 /* Cipher 36 */
995         {
996         0,
997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073
1074 #ifndef OPENSSL_NO_CAMELLIA
1075         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076
1077         /* Cipher 41 */
1078         {
1079         1,
1080         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082         SSL_kRSA,
1083         SSL_aRSA,
1084         SSL_CAMELLIA128,
1085         SSL_SHA1,
1086         SSL_TLSV1,
1087         SSL_NOT_EXP|SSL_HIGH,
1088         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089         128,
1090         128,
1091         },
1092
1093         /* Cipher 42 */
1094         {
1095         0, /* not implemented (non-ephemeral DH) */
1096         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098         SSL_kDHd,
1099         SSL_aDH,
1100         SSL_CAMELLIA128,
1101         SSL_SHA1,
1102         SSL_TLSV1,
1103         SSL_NOT_EXP|SSL_HIGH,
1104         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105         128,
1106         128,
1107         },
1108
1109         /* Cipher 43 */
1110         {
1111         0, /* not implemented (non-ephemeral DH) */
1112         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114         SSL_kDHr,
1115         SSL_aDH,
1116         SSL_CAMELLIA128,
1117         SSL_SHA1,
1118         SSL_TLSV1,
1119         SSL_NOT_EXP|SSL_HIGH,
1120         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121         128,
1122         128,
1123         },
1124
1125         /* Cipher 44 */
1126         {
1127         1,
1128         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130         SSL_kEDH,
1131         SSL_aDSS,
1132         SSL_CAMELLIA128,
1133         SSL_SHA1,
1134         SSL_TLSV1,
1135         SSL_NOT_EXP|SSL_HIGH,
1136         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137         128,
1138         128,
1139         },
1140
1141         /* Cipher 45 */
1142         {
1143         1,
1144         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146         SSL_kEDH,
1147         SSL_aRSA,
1148         SSL_CAMELLIA128,
1149         SSL_SHA1,
1150         SSL_TLSV1,
1151         SSL_NOT_EXP|SSL_HIGH,
1152         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153         128,
1154         128,
1155         },
1156
1157         /* Cipher 46 */
1158         {
1159         1,
1160         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162         SSL_kEDH,
1163         SSL_aNULL,
1164         SSL_CAMELLIA128,
1165         SSL_SHA1,
1166         SSL_TLSV1,
1167         SSL_NOT_EXP|SSL_HIGH,
1168         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169         128,
1170         128,
1171         },
1172 #endif /* OPENSSL_NO_CAMELLIA */
1173
1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175         /* New TLS Export CipherSuites from expired ID */
1176 #if 0
1177         /* Cipher 60 */
1178         {
1179         1,
1180         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182         SSL_kRSA,
1183         SSL_aRSA,
1184         SSL_RC4,
1185         SSL_MD5,
1186         SSL_TLSV1,
1187         SSL_EXPORT|SSL_EXP56,
1188         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189         56,
1190         128,
1191         },
1192
1193         /* Cipher 61 */
1194         {
1195         1,
1196         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198         SSL_kRSA,
1199         SSL_aRSA,
1200         SSL_RC2,
1201         SSL_MD5,
1202         SSL_TLSV1,
1203         SSL_EXPORT|SSL_EXP56,
1204         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205         56,
1206         128,
1207         },
1208 #endif
1209
1210         /* Cipher 62 */
1211         {
1212         1,
1213         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215         SSL_kRSA,
1216         SSL_aRSA,
1217         SSL_DES,
1218         SSL_SHA1,
1219         SSL_TLSV1,
1220         SSL_EXPORT|SSL_EXP56,
1221         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222         56,
1223         56,
1224         },
1225
1226         /* Cipher 63 */
1227         {
1228         1,
1229         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231         SSL_kEDH,
1232         SSL_aDSS,
1233         SSL_DES,
1234         SSL_SHA1,
1235         SSL_TLSV1,
1236         SSL_EXPORT|SSL_EXP56,
1237         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238         56,
1239         56,
1240         },
1241
1242         /* Cipher 64 */
1243         {
1244         1,
1245         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247         SSL_kRSA,
1248         SSL_aRSA,
1249         SSL_RC4,
1250         SSL_SHA1,
1251         SSL_TLSV1,
1252         SSL_EXPORT|SSL_EXP56,
1253         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254         56,
1255         128,
1256         },
1257
1258         /* Cipher 65 */
1259         {
1260         1,
1261         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263         SSL_kEDH,
1264         SSL_aDSS,
1265         SSL_RC4,
1266         SSL_SHA1,
1267         SSL_TLSV1,
1268         SSL_EXPORT|SSL_EXP56,
1269         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270         56,
1271         128,
1272         },
1273
1274         /* Cipher 66 */
1275         {
1276         1,
1277         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279         SSL_kEDH,
1280         SSL_aDSS,
1281         SSL_RC4,
1282         SSL_SHA1,
1283         SSL_TLSV1,
1284         SSL_NOT_EXP|SSL_MEDIUM,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         128,
1287         128,
1288         },
1289 #endif
1290         {
1291         1,
1292         "GOST94-GOST89-GOST89",
1293         0x3000080,
1294         SSL_kGOST,
1295         SSL_aGOST94,
1296         SSL_eGOST2814789CNT,
1297         SSL_GOST89MAC,
1298         SSL_TLSV1,
1299         SSL_NOT_EXP|SSL_HIGH,
1300         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301         256,
1302         256
1303         },
1304         {
1305         1,
1306         "GOST2001-GOST89-GOST89",
1307         0x3000081,
1308         SSL_kGOST,
1309         SSL_aGOST01,
1310         SSL_eGOST2814789CNT,
1311         SSL_GOST89MAC,
1312         SSL_TLSV1,
1313         SSL_NOT_EXP|SSL_HIGH,
1314         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315         256,
1316         256
1317         },
1318         {
1319         1,
1320         "GOST94-NULL-GOST94",
1321         0x3000082,
1322         SSL_kGOST,
1323         SSL_aGOST94,
1324         SSL_eNULL,
1325         SSL_GOST94,
1326         SSL_TLSV1,
1327         SSL_NOT_EXP|SSL_STRONG_NONE,
1328         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329         0,
1330         0
1331         },
1332         {
1333         1,
1334         "GOST2001-NULL-GOST94",
1335         0x3000083,
1336         SSL_kGOST,
1337         SSL_aGOST01,
1338         SSL_eNULL,
1339         SSL_GOST94,
1340         SSL_TLSV1,
1341         SSL_NOT_EXP|SSL_STRONG_NONE,
1342         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343         0,
1344         0
1345         },
1346
1347 #ifndef OPENSSL_NO_CAMELLIA
1348         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349
1350         /* Cipher 84 */
1351         {
1352         1,
1353         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355         SSL_kRSA,
1356         SSL_aRSA,
1357         SSL_CAMELLIA256,
1358         SSL_SHA1,
1359         SSL_TLSV1,
1360         SSL_NOT_EXP|SSL_HIGH,
1361         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362         256,
1363         256,
1364         },
1365         /* Cipher 85 */
1366         {
1367         0, /* not implemented (non-ephemeral DH) */
1368         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370         SSL_kDHd,
1371         SSL_aDH,
1372         SSL_CAMELLIA256,
1373         SSL_SHA1,
1374         SSL_TLSV1,
1375         SSL_NOT_EXP|SSL_HIGH,
1376         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377         256,
1378         256,
1379         },
1380
1381         /* Cipher 86 */
1382         {
1383         0, /* not implemented (non-ephemeral DH) */
1384         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386         SSL_kDHr,
1387         SSL_aDH,
1388         SSL_CAMELLIA256,
1389         SSL_SHA1,
1390         SSL_TLSV1,
1391         SSL_NOT_EXP|SSL_HIGH,
1392         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393         256,
1394         256,
1395         },
1396
1397         /* Cipher 87 */
1398         {
1399         1,
1400         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402         SSL_kEDH,
1403         SSL_aDSS,
1404         SSL_CAMELLIA256,
1405         SSL_SHA1,
1406         SSL_TLSV1,
1407         SSL_NOT_EXP|SSL_HIGH,
1408         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409         256,
1410         256,
1411         },
1412
1413         /* Cipher 88 */
1414         {
1415         1,
1416         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418         SSL_kEDH,
1419         SSL_aRSA,
1420         SSL_CAMELLIA256,
1421         SSL_SHA1,
1422         SSL_TLSV1,
1423         SSL_NOT_EXP|SSL_HIGH,
1424         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425         256,
1426         256,
1427         },
1428
1429         /* Cipher 89 */
1430         {
1431         1,
1432         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434         SSL_kEDH,
1435         SSL_aNULL,
1436         SSL_CAMELLIA256,
1437         SSL_SHA1,
1438         SSL_TLSV1,
1439         SSL_NOT_EXP|SSL_HIGH,
1440         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441         256,
1442         256,
1443         },
1444 #endif /* OPENSSL_NO_CAMELLIA */
1445
1446 #ifndef OPENSSL_NO_PSK
1447         /* Cipher 8A */
1448         {
1449         1,
1450         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451         TLS1_CK_PSK_WITH_RC4_128_SHA,
1452         SSL_kPSK,
1453         SSL_aPSK,
1454         SSL_RC4,
1455         SSL_SHA1,
1456         SSL_TLSV1,
1457         SSL_NOT_EXP|SSL_MEDIUM,
1458         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459         128,
1460         128,
1461         },
1462
1463         /* Cipher 8B */
1464         {
1465         1,
1466         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468         SSL_kPSK,
1469         SSL_aPSK,
1470         SSL_3DES,
1471         SSL_SHA1,
1472         SSL_TLSV1,
1473         SSL_NOT_EXP|SSL_HIGH,
1474         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475         168,
1476         168,
1477         },
1478
1479         /* Cipher 8C */
1480         {
1481         1,
1482         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484         SSL_kPSK,
1485         SSL_aPSK,
1486         SSL_AES128,
1487         SSL_SHA1,
1488         SSL_TLSV1,
1489         SSL_NOT_EXP|SSL_HIGH,
1490         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491         128,
1492         128,
1493         },
1494
1495         /* Cipher 8D */
1496         {
1497         1,
1498         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500         SSL_kPSK,
1501         SSL_aPSK,
1502         SSL_AES256,
1503         SSL_SHA1,
1504         SSL_TLSV1,
1505         SSL_NOT_EXP|SSL_HIGH,
1506         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507         256,
1508         256,
1509         },
1510 #endif  /* OPENSSL_NO_PSK */
1511
1512 #ifndef OPENSSL_NO_SEED
1513         /* SEED ciphersuites from RFC4162 */
1514
1515         /* Cipher 96 */
1516         {
1517         1,
1518         TLS1_TXT_RSA_WITH_SEED_SHA,
1519         TLS1_CK_RSA_WITH_SEED_SHA,
1520         SSL_kRSA,
1521         SSL_aRSA,
1522         SSL_SEED,
1523         SSL_SHA1,
1524         SSL_TLSV1,
1525         SSL_NOT_EXP|SSL_MEDIUM,
1526         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527         128,
1528         128,
1529         },
1530
1531         /* Cipher 97 */
1532         {
1533         0, /* not implemented (non-ephemeral DH) */
1534         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536         SSL_kDHd,
1537         SSL_aDH,
1538         SSL_SEED,
1539         SSL_SHA1,
1540         SSL_TLSV1,
1541         SSL_NOT_EXP|SSL_MEDIUM,
1542         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543         128,
1544         128,
1545         },
1546
1547         /* Cipher 98 */
1548         {
1549         0, /* not implemented (non-ephemeral DH) */
1550         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552         SSL_kDHr,
1553         SSL_aDH,
1554         SSL_SEED,
1555         SSL_SHA1,
1556         SSL_TLSV1,
1557         SSL_NOT_EXP|SSL_MEDIUM,
1558         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559         128,
1560         128,
1561         },
1562
1563         /* Cipher 99 */
1564         {
1565         1,
1566         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568         SSL_kEDH,
1569         SSL_aDSS,
1570         SSL_SEED,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_MEDIUM,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         128,
1576         128,
1577         },
1578
1579         /* Cipher 9A */
1580         {
1581         1,
1582         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584         SSL_kEDH,
1585         SSL_aRSA,
1586         SSL_SEED,
1587         SSL_SHA1,
1588         SSL_TLSV1,
1589         SSL_NOT_EXP|SSL_MEDIUM,
1590         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591         128,
1592         128,
1593         },
1594
1595         /* Cipher 9B */
1596         {
1597         1,
1598         TLS1_TXT_ADH_WITH_SEED_SHA,
1599         TLS1_CK_ADH_WITH_SEED_SHA,
1600         SSL_kEDH,
1601         SSL_aNULL,
1602         SSL_SEED,
1603         SSL_SHA1,
1604         SSL_TLSV1,
1605         SSL_NOT_EXP|SSL_MEDIUM,
1606         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607         128,
1608         128,
1609         },
1610
1611 #endif /* OPENSSL_NO_SEED */
1612
1613 #ifndef OPENSSL_NO_ECDH
1614         /* Cipher C001 */
1615         {
1616         1,
1617         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619         SSL_kECDHe,
1620         SSL_aECDH,
1621         SSL_eNULL,
1622         SSL_SHA1,
1623         SSL_TLSV1,
1624         SSL_NOT_EXP|SSL_STRONG_NONE,
1625         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626         0,
1627         0,
1628         },
1629
1630         /* Cipher C002 */
1631         {
1632         1,
1633         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635         SSL_kECDHe,
1636         SSL_aECDH,
1637         SSL_RC4,
1638         SSL_SHA1,
1639         SSL_TLSV1,
1640         SSL_NOT_EXP|SSL_MEDIUM,
1641         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642         128,
1643         128,
1644         },
1645
1646         /* Cipher C003 */
1647         {
1648         1,
1649         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651         SSL_kECDHe,
1652         SSL_aECDH,
1653         SSL_3DES,
1654         SSL_SHA1,
1655         SSL_TLSV1,
1656         SSL_NOT_EXP|SSL_HIGH,
1657         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658         168,
1659         168,
1660         },
1661
1662         /* Cipher C004 */
1663         {
1664         1,
1665         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667         SSL_kECDHe,
1668         SSL_aECDH,
1669         SSL_AES128,
1670         SSL_SHA1,
1671         SSL_TLSV1,
1672         SSL_NOT_EXP|SSL_HIGH,
1673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674         128,
1675         128,
1676         },
1677
1678         /* Cipher C005 */
1679         {
1680         1,
1681         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683         SSL_kECDHe,
1684         SSL_aECDH,
1685         SSL_AES256,
1686         SSL_SHA1,
1687         SSL_TLSV1,
1688         SSL_NOT_EXP|SSL_HIGH,
1689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690         256,
1691         256,
1692         },
1693
1694         /* Cipher C006 */
1695         {
1696         1,
1697         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699         SSL_kEECDH,
1700         SSL_aECDSA,
1701         SSL_eNULL,
1702         SSL_SHA1,
1703         SSL_TLSV1,
1704         SSL_NOT_EXP|SSL_STRONG_NONE,
1705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706         0,
1707         0,
1708         },
1709
1710         /* Cipher C007 */
1711         {
1712         1,
1713         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715         SSL_kEECDH,
1716         SSL_aECDSA,
1717         SSL_RC4,
1718         SSL_SHA1,
1719         SSL_TLSV1,
1720         SSL_NOT_EXP|SSL_MEDIUM,
1721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722         128,
1723         128,
1724         },
1725
1726         /* Cipher C008 */
1727         {
1728         1,
1729         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731         SSL_kEECDH,
1732         SSL_aECDSA,
1733         SSL_3DES,
1734         SSL_SHA1,
1735         SSL_TLSV1,
1736         SSL_NOT_EXP|SSL_HIGH,
1737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738         168,
1739         168,
1740         },
1741
1742         /* Cipher C009 */
1743         {
1744         1,
1745         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747         SSL_kEECDH,
1748         SSL_aECDSA,
1749         SSL_AES128,
1750         SSL_SHA1,
1751         SSL_TLSV1,
1752         SSL_NOT_EXP|SSL_HIGH,
1753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754         128,
1755         128,
1756         },
1757
1758         /* Cipher C00A */
1759         {
1760         1,
1761         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763         SSL_kEECDH,
1764         SSL_aECDSA,
1765         SSL_AES256,
1766         SSL_SHA1,
1767         SSL_TLSV1,
1768         SSL_NOT_EXP|SSL_HIGH,
1769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770         256,
1771         256,
1772         },
1773
1774         /* Cipher C00B */
1775         {
1776         1,
1777         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779         SSL_kECDHr,
1780         SSL_aECDH,
1781         SSL_eNULL,
1782         SSL_SHA1,
1783         SSL_TLSV1,
1784         SSL_NOT_EXP|SSL_STRONG_NONE,
1785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786         0,
1787         0,
1788         },
1789
1790         /* Cipher C00C */
1791         {
1792         1,
1793         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795         SSL_kECDHr,
1796         SSL_aECDH,
1797         SSL_RC4,
1798         SSL_SHA1,
1799         SSL_TLSV1,
1800         SSL_NOT_EXP|SSL_MEDIUM,
1801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802         128,
1803         128,
1804         },
1805
1806         /* Cipher C00D */
1807         {
1808         1,
1809         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811         SSL_kECDHr,
1812         SSL_aECDH,
1813         SSL_3DES,
1814         SSL_SHA1,
1815         SSL_TLSV1,
1816         SSL_NOT_EXP|SSL_HIGH,
1817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818         168,
1819         168,
1820         },
1821
1822         /* Cipher C00E */
1823         {
1824         1,
1825         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827         SSL_kECDHr,
1828         SSL_aECDH,
1829         SSL_AES128,
1830         SSL_SHA1,
1831         SSL_TLSV1,
1832         SSL_NOT_EXP|SSL_HIGH,
1833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834         128,
1835         128,
1836         },
1837
1838         /* Cipher C00F */
1839         {
1840         1,
1841         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843         SSL_kECDHr,
1844         SSL_aECDH,
1845         SSL_AES256,
1846         SSL_SHA1,
1847         SSL_TLSV1,
1848         SSL_NOT_EXP|SSL_HIGH,
1849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850         256,
1851         256,
1852         },
1853
1854         /* Cipher C010 */
1855         {
1856         1,
1857         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859         SSL_kEECDH,
1860         SSL_aRSA,
1861         SSL_eNULL,
1862         SSL_SHA1,
1863         SSL_TLSV1,
1864         SSL_NOT_EXP|SSL_STRONG_NONE,
1865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866         0,
1867         0,
1868         },
1869
1870         /* Cipher C011 */
1871         {
1872         1,
1873         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875         SSL_kEECDH,
1876         SSL_aRSA,
1877         SSL_RC4,
1878         SSL_SHA1,
1879         SSL_TLSV1,
1880         SSL_NOT_EXP|SSL_MEDIUM,
1881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882         128,
1883         128,
1884         },
1885
1886         /* Cipher C012 */
1887         {
1888         1,
1889         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891         SSL_kEECDH,
1892         SSL_aRSA,
1893         SSL_3DES,
1894         SSL_SHA1,
1895         SSL_TLSV1,
1896         SSL_NOT_EXP|SSL_HIGH,
1897         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898         168,
1899         168,
1900         },
1901
1902         /* Cipher C013 */
1903         {
1904         1,
1905         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907         SSL_kEECDH,
1908         SSL_aRSA,
1909         SSL_AES128,
1910         SSL_SHA1,
1911         SSL_TLSV1,
1912         SSL_NOT_EXP|SSL_HIGH,
1913         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914         128,
1915         128,
1916         },
1917
1918         /* Cipher C014 */
1919         {
1920         1,
1921         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923         SSL_kEECDH,
1924         SSL_aRSA,
1925         SSL_AES256,
1926         SSL_SHA1,
1927         SSL_TLSV1,
1928         SSL_NOT_EXP|SSL_HIGH,
1929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930         256,
1931         256,
1932         },
1933
1934         /* Cipher C015 */
1935         {
1936         1,
1937         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939         SSL_kEECDH,
1940         SSL_aNULL,
1941         SSL_eNULL,
1942         SSL_SHA1,
1943         SSL_TLSV1,
1944         SSL_NOT_EXP|SSL_STRONG_NONE,
1945         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946         0,
1947         0,
1948         },
1949
1950         /* Cipher C016 */
1951         {
1952         1,
1953         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955         SSL_kEECDH,
1956         SSL_aNULL,
1957         SSL_RC4,
1958         SSL_SHA1,
1959         SSL_TLSV1,
1960         SSL_NOT_EXP|SSL_MEDIUM,
1961         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962         128,
1963         128,
1964         },
1965
1966         /* Cipher C017 */
1967         {
1968         1,
1969         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971         SSL_kEECDH,
1972         SSL_aNULL,
1973         SSL_3DES,
1974         SSL_SHA1,
1975         SSL_TLSV1,
1976         SSL_NOT_EXP|SSL_HIGH,
1977         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978         168,
1979         168,
1980         },
1981
1982         /* Cipher C018 */
1983         {
1984         1,
1985         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987         SSL_kEECDH,
1988         SSL_aNULL,
1989         SSL_AES128,
1990         SSL_SHA1,
1991         SSL_TLSV1,
1992         SSL_NOT_EXP|SSL_HIGH,
1993         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994         128,
1995         128,
1996         },
1997
1998         /* Cipher C019 */
1999         {
2000         1,
2001         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003         SSL_kEECDH,
2004         SSL_aNULL,
2005         SSL_AES256,
2006         SSL_SHA1,
2007         SSL_TLSV1,
2008         SSL_NOT_EXP|SSL_HIGH,
2009         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010         256,
2011         256,
2012         },
2013 #endif  /* OPENSSL_NO_ECDH */
2014
2015 #ifdef TEMP_GOST_TLS
2016 /* Cipher FF00 */
2017         {
2018         1,
2019         "GOST-MD5",
2020         0x0300ff00,
2021         SSL_kRSA,
2022         SSL_aRSA,
2023         SSL_eGOST2814789CNT,
2024         SSL_MD5,
2025         SSL_TLSV1,
2026         SSL_NOT_EXP|SSL_HIGH,
2027         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028         256,
2029         256,
2030         },
2031         {
2032         1,
2033         "GOST-GOST94",
2034         0x0300ff01,
2035         SSL_kRSA,
2036         SSL_aRSA,
2037         SSL_eGOST2814789CNT,
2038         SSL_GOST94,
2039         SSL_TLSV1,
2040         SSL_NOT_EXP|SSL_HIGH,
2041         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042         256,
2043         256
2044         },
2045         {
2046         1,
2047         "GOST-GOST89MAC",
2048         0x0300ff02,
2049         SSL_kRSA,
2050         SSL_aRSA,
2051         SSL_eGOST2814789CNT,
2052         SSL_GOST89MAC,
2053         SSL_TLSV1,
2054         SSL_NOT_EXP|SSL_HIGH,
2055         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056         256,
2057         256
2058         },
2059         {
2060         1,
2061         "GOST-GOST89STREAM",
2062         0x0300ff03,
2063         SSL_kRSA,
2064         SSL_aRSA,
2065         SSL_eGOST2814789CNT,
2066         SSL_GOST89MAC,
2067         SSL_TLSV1,
2068         SSL_NOT_EXP|SSL_HIGH,
2069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070         256,
2071         256
2072         },
2073 #endif
2074
2075 /* end of list */
2076         };
2077
2078 SSL3_ENC_METHOD SSLv3_enc_data={
2079         ssl3_enc,
2080         n_ssl3_mac,
2081         ssl3_setup_key_block,
2082         ssl3_generate_master_secret,
2083         ssl3_change_cipher_state,
2084         ssl3_final_finish_mac,
2085         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086         ssl3_cert_verify_mac,
2087         SSL3_MD_CLIENT_FINISHED_CONST,4,
2088         SSL3_MD_SERVER_FINISHED_CONST,4,
2089         ssl3_alert_code,
2090         };
2091
2092 long ssl3_default_timeout(void)
2093         {
2094         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095          * is way too long for http, the cache would over fill */
2096         return(60*60*2);
2097         }
2098
2099 int ssl3_num_ciphers(void)
2100         {
2101         return(SSL3_NUM_CIPHERS);
2102         }
2103
2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105         {
2106         if (u < SSL3_NUM_CIPHERS)
2107                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108         else
2109                 return(NULL);
2110         }
2111
2112 int ssl3_pending(const SSL *s)
2113         {
2114         if (s->rstate == SSL_ST_READ_BODY)
2115                 return 0;
2116         
2117         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118         }
2119
2120 int ssl3_new(SSL *s)
2121         {
2122         SSL3_STATE *s3;
2123
2124         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125         memset(s3,0,sizeof *s3);
2126         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128
2129         s->s3=s3;
2130
2131         s->method->ssl_clear(s);
2132         return(1);
2133 err:
2134         return(0);
2135         }
2136
2137 void ssl3_free(SSL *s)
2138         {
2139         if(s == NULL)
2140             return;
2141
2142 #ifdef TLSEXT_TYPE_opaque_prf_input
2143         if (s->s3->client_opaque_prf_input != NULL)
2144                 OPENSSL_free(s->s3->client_opaque_prf_input);
2145         if (s->s3->server_opaque_prf_input != NULL)
2146                 OPENSSL_free(s->s3->server_opaque_prf_input);
2147 #endif
2148
2149         ssl3_cleanup_key_block(s);
2150         if (s->s3->rbuf.buf != NULL)
2151                 ssl3_release_read_buffer(s);
2152         if (s->s3->wbuf.buf != NULL)
2153                 ssl3_release_write_buffer(s);
2154         if (s->s3->rrec.comp != NULL)
2155                 OPENSSL_free(s->s3->rrec.comp);
2156 #ifndef OPENSSL_NO_DH
2157         if (s->s3->tmp.dh != NULL)
2158                 DH_free(s->s3->tmp.dh);
2159 #endif
2160 #ifndef OPENSSL_NO_ECDH
2161         if (s->s3->tmp.ecdh != NULL)
2162                 EC_KEY_free(s->s3->tmp.ecdh);
2163 #endif
2164
2165         if (s->s3->tmp.ca_names != NULL)
2166                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167         if (s->s3->handshake_buffer) {
2168                 BIO_free(s->s3->handshake_buffer);
2169         }
2170         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172         OPENSSL_free(s->s3);
2173         s->s3=NULL;
2174         }
2175
2176 void ssl3_clear(SSL *s)
2177         {
2178         unsigned char *rp,*wp;
2179         size_t rlen, wlen;
2180         int init_extra;
2181
2182 #ifdef TLSEXT_TYPE_opaque_prf_input
2183         if (s->s3->client_opaque_prf_input != NULL)
2184                 OPENSSL_free(s->s3->client_opaque_prf_input);
2185         s->s3->client_opaque_prf_input = NULL;
2186         if (s->s3->server_opaque_prf_input != NULL)
2187                 OPENSSL_free(s->s3->server_opaque_prf_input);
2188         s->s3->server_opaque_prf_input = NULL;
2189 #endif
2190
2191         ssl3_cleanup_key_block(s);
2192         if (s->s3->tmp.ca_names != NULL)
2193                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2194
2195         if (s->s3->rrec.comp != NULL)
2196                 {
2197                 OPENSSL_free(s->s3->rrec.comp);
2198                 s->s3->rrec.comp=NULL;
2199                 }
2200 #ifndef OPENSSL_NO_DH
2201         if (s->s3->tmp.dh != NULL)
2202                 {
2203                 DH_free(s->s3->tmp.dh);
2204                 s->s3->tmp.dh = NULL;
2205                 }
2206 #endif
2207 #ifndef OPENSSL_NO_ECDH
2208         if (s->s3->tmp.ecdh != NULL)
2209                 {
2210                 EC_KEY_free(s->s3->tmp.ecdh);
2211                 s->s3->tmp.ecdh = NULL;
2212                 }
2213 #endif
2214
2215         rp = s->s3->rbuf.buf;
2216         wp = s->s3->wbuf.buf;
2217         rlen = s->s3->rbuf.len;
2218         wlen = s->s3->wbuf.len;
2219         init_extra = s->s3->init_extra;
2220         if (s->s3->handshake_buffer) {
2221                 BIO_free(s->s3->handshake_buffer);
2222                 s->s3->handshake_buffer = NULL;
2223         }
2224         if (s->s3->handshake_dgst) {
2225                 ssl3_free_digest_list(s);
2226         }       
2227         memset(s->s3,0,sizeof *s->s3);
2228         s->s3->rbuf.buf = rp;
2229         s->s3->wbuf.buf = wp;
2230         s->s3->rbuf.len = rlen;
2231         s->s3->wbuf.len = wlen;
2232         s->s3->init_extra = init_extra;
2233
2234         ssl_free_wbio_buffer(s);
2235
2236         s->packet_length=0;
2237         s->s3->renegotiate=0;
2238         s->s3->total_renegotiations=0;
2239         s->s3->num_renegotiations=0;
2240         s->s3->in_read_app_data=0;
2241         s->version=SSL3_VERSION;
2242         }
2243
2244 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2245         {
2246         int ret=0;
2247
2248 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2249         if (
2250 #ifndef OPENSSL_NO_RSA
2251             cmd == SSL_CTRL_SET_TMP_RSA ||
2252             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2253 #endif
2254 #ifndef OPENSSL_NO_DSA
2255             cmd == SSL_CTRL_SET_TMP_DH ||
2256             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2257 #endif
2258                 0)
2259                 {
2260                 if (!ssl_cert_inst(&s->cert))
2261                         {
2262                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2263                         return(0);
2264                         }
2265                 }
2266 #endif
2267
2268         switch (cmd)
2269                 {
2270         case SSL_CTRL_GET_SESSION_REUSED:
2271                 ret=s->hit;
2272                 break;
2273         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2274                 break;
2275         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2276                 ret=s->s3->num_renegotiations;
2277                 break;
2278         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2279                 ret=s->s3->num_renegotiations;
2280                 s->s3->num_renegotiations=0;
2281                 break;
2282         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2283                 ret=s->s3->total_renegotiations;
2284                 break;
2285         case SSL_CTRL_GET_FLAGS:
2286                 ret=(int)(s->s3->flags);
2287                 break;
2288 #ifndef OPENSSL_NO_RSA
2289         case SSL_CTRL_NEED_TMP_RSA:
2290                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2291                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2292                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2293                         ret = 1;
2294                 break;
2295         case SSL_CTRL_SET_TMP_RSA:
2296                 {
2297                         RSA *rsa = (RSA *)parg;
2298                         if (rsa == NULL)
2299                                 {
2300                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2301                                 return(ret);
2302                                 }
2303                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2304                                 {
2305                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2306                                 return(ret);
2307                                 }
2308                         if (s->cert->rsa_tmp != NULL)
2309                                 RSA_free(s->cert->rsa_tmp);
2310                         s->cert->rsa_tmp = rsa;
2311                         ret = 1;
2312                 }
2313                 break;
2314         case SSL_CTRL_SET_TMP_RSA_CB:
2315                 {
2316                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2317                 return(ret);
2318                 }
2319                 break;
2320 #endif
2321 #ifndef OPENSSL_NO_DH
2322         case SSL_CTRL_SET_TMP_DH:
2323                 {
2324                         DH *dh = (DH *)parg;
2325                         if (dh == NULL)
2326                                 {
2327                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2328                                 return(ret);
2329                                 }
2330                         if ((dh = DHparams_dup(dh)) == NULL)
2331                                 {
2332                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2333                                 return(ret);
2334                                 }
2335                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
2336                                 {
2337                                 if (!DH_generate_key(dh))
2338                                         {
2339                                         DH_free(dh);
2340                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2341                                         return(ret);
2342                                         }
2343                                 }
2344                         if (s->cert->dh_tmp != NULL)
2345                                 DH_free(s->cert->dh_tmp);
2346                         s->cert->dh_tmp = dh;
2347                         ret = 1;
2348                 }
2349                 break;
2350         case SSL_CTRL_SET_TMP_DH_CB:
2351                 {
2352                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2353                 return(ret);
2354                 }
2355                 break;
2356 #endif
2357 #ifndef OPENSSL_NO_ECDH
2358         case SSL_CTRL_SET_TMP_ECDH:
2359                 {
2360                 EC_KEY *ecdh = NULL;
2361                         
2362                 if (parg == NULL)
2363                         {
2364                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2365                         return(ret);
2366                         }
2367                 if (!EC_KEY_up_ref((EC_KEY *)parg))
2368                         {
2369                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2370                         return(ret);
2371                         }
2372                 ecdh = (EC_KEY *)parg;
2373                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2374                         {
2375                         if (!EC_KEY_generate_key(ecdh))
2376                                 {
2377                                 EC_KEY_free(ecdh);
2378                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2379                                 return(ret);
2380                                 }
2381                         }
2382                 if (s->cert->ecdh_tmp != NULL)
2383                         EC_KEY_free(s->cert->ecdh_tmp);
2384                 s->cert->ecdh_tmp = ecdh;
2385                 ret = 1;
2386                 }
2387                 break;
2388         case SSL_CTRL_SET_TMP_ECDH_CB:
2389                 {
2390                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2391                 return(ret);
2392                 }
2393                 break;
2394 #endif /* !OPENSSL_NO_ECDH */
2395 #ifndef OPENSSL_NO_TLSEXT
2396         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2397                 if (larg == TLSEXT_NAMETYPE_host_name)
2398                         {
2399                         if (s->tlsext_hostname != NULL) 
2400                                 OPENSSL_free(s->tlsext_hostname);
2401                         s->tlsext_hostname = NULL;
2402
2403                         ret = 1;
2404                         if (parg == NULL) 
2405                                 break;
2406                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2407                                 {
2408                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2409                                 return 0;
2410                                 }
2411                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2412                                 {
2413                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2414                                 return 0;
2415                                 }
2416                         }
2417                 else
2418                         {
2419                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2420                         return 0;
2421                         }
2422                 break;
2423         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2424                 s->tlsext_debug_arg=parg;
2425                 ret = 1;
2426                 break;
2427
2428 #ifdef TLSEXT_TYPE_opaque_prf_input
2429         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2430                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2431                                    * (including the cert chain and everything) */
2432                         {
2433                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2434                         break;
2435                         }
2436                 if (s->tlsext_opaque_prf_input != NULL)
2437                         OPENSSL_free(s->tlsext_opaque_prf_input);
2438                 if ((size_t)larg == 0)
2439                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2440                 else
2441                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2442                 if (s->tlsext_opaque_prf_input != NULL)
2443                         {
2444                         s->tlsext_opaque_prf_input_len = (size_t)larg;
2445                         ret = 1;
2446                         }
2447                 else
2448                         s->tlsext_opaque_prf_input_len = 0;
2449                 break;
2450 #endif
2451
2452         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2453                 s->tlsext_status_type=larg;
2454                 ret = 1;
2455                 break;
2456
2457         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2458                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2459                 ret = 1;
2460                 break;
2461
2462         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2463                 s->tlsext_ocsp_exts = parg;
2464                 ret = 1;
2465                 break;
2466
2467         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2468                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2469                 ret = 1;
2470                 break;
2471
2472         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2473                 s->tlsext_ocsp_ids = parg;
2474                 ret = 1;
2475                 break;
2476
2477         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2478                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2479                 return s->tlsext_ocsp_resplen;
2480                 
2481         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2482                 if (s->tlsext_ocsp_resp)
2483                         OPENSSL_free(s->tlsext_ocsp_resp);
2484                 s->tlsext_ocsp_resp = parg;
2485                 s->tlsext_ocsp_resplen = larg;
2486                 ret = 1;
2487                 break;
2488
2489 #endif /* !OPENSSL_NO_TLSEXT */
2490         default:
2491                 break;
2492                 }
2493         return(ret);
2494         }
2495
2496 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2497         {
2498         int ret=0;
2499
2500 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2501         if (
2502 #ifndef OPENSSL_NO_RSA
2503             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2504 #endif
2505 #ifndef OPENSSL_NO_DSA
2506             cmd == SSL_CTRL_SET_TMP_DH_CB ||
2507 #endif
2508                 0)
2509                 {
2510                 if (!ssl_cert_inst(&s->cert))
2511                         {
2512                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2513                         return(0);
2514                         }
2515                 }
2516 #endif
2517
2518         switch (cmd)
2519                 {
2520 #ifndef OPENSSL_NO_RSA
2521         case SSL_CTRL_SET_TMP_RSA_CB:
2522                 {
2523                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2524                 }
2525                 break;
2526 #endif
2527 #ifndef OPENSSL_NO_DH
2528         case SSL_CTRL_SET_TMP_DH_CB:
2529                 {
2530                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2531                 }
2532                 break;
2533 #endif
2534 #ifndef OPENSSL_NO_ECDH
2535         case SSL_CTRL_SET_TMP_ECDH_CB:
2536                 {
2537                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2538                 }
2539                 break;
2540 #endif
2541 #ifndef OPENSSL_NO_TLSEXT
2542         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2543                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2544                                         unsigned char *, int, void *))fp;
2545                 break;
2546 #endif
2547         default:
2548                 break;
2549                 }
2550         return(ret);
2551         }
2552
2553 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2554         {
2555         CERT *cert;
2556
2557         cert=ctx->cert;
2558
2559         switch (cmd)
2560                 {
2561 #ifndef OPENSSL_NO_RSA
2562         case SSL_CTRL_NEED_TMP_RSA:
2563                 if (    (cert->rsa_tmp == NULL) &&
2564                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2565                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2566                         )
2567                         return(1);
2568                 else
2569                         return(0);
2570                 /* break; */
2571         case SSL_CTRL_SET_TMP_RSA:
2572                 {
2573                 RSA *rsa;
2574                 int i;
2575
2576                 rsa=(RSA *)parg;
2577                 i=1;
2578                 if (rsa == NULL)
2579                         i=0;
2580                 else
2581                         {
2582                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2583                                 i=0;
2584                         }
2585                 if (!i)
2586                         {
2587                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2588                         return(0);
2589                         }
2590                 else
2591                         {
2592                         if (cert->rsa_tmp != NULL)
2593                                 RSA_free(cert->rsa_tmp);
2594                         cert->rsa_tmp=rsa;
2595                         return(1);
2596                         }
2597                 }
2598                 /* break; */
2599         case SSL_CTRL_SET_TMP_RSA_CB:
2600                 {
2601                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2602                 return(0);
2603                 }
2604                 break;
2605 #endif
2606 #ifndef OPENSSL_NO_DH
2607         case SSL_CTRL_SET_TMP_DH:
2608                 {
2609                 DH *new=NULL,*dh;
2610
2611                 dh=(DH *)parg;
2612                 if ((new=DHparams_dup(dh)) == NULL)
2613                         {
2614                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2615                         return 0;
2616                         }
2617                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2618                         {
2619                         if (!DH_generate_key(new))
2620                                 {
2621                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2622                                 DH_free(new);
2623                                 return 0;
2624                                 }
2625                         }
2626                 if (cert->dh_tmp != NULL)
2627                         DH_free(cert->dh_tmp);
2628                 cert->dh_tmp=new;
2629                 return 1;
2630                 }
2631                 /*break; */
2632         case SSL_CTRL_SET_TMP_DH_CB:
2633                 {
2634                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2635                 return(0);
2636                 }
2637                 break;
2638 #endif
2639 #ifndef OPENSSL_NO_ECDH
2640         case SSL_CTRL_SET_TMP_ECDH:
2641                 {
2642                 EC_KEY *ecdh = NULL;
2643                         
2644                 if (parg == NULL)
2645                         {
2646                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2647                         return 0;
2648                         }
2649                 ecdh = EC_KEY_dup((EC_KEY *)parg);
2650                 if (ecdh == NULL)
2651                         {
2652                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2653                         return 0;
2654                         }
2655                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2656                         {
2657                         if (!EC_KEY_generate_key(ecdh))
2658                                 {
2659                                 EC_KEY_free(ecdh);
2660                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2661                                 return 0;
2662                                 }
2663                         }
2664
2665                 if (cert->ecdh_tmp != NULL)
2666                         {
2667                         EC_KEY_free(cert->ecdh_tmp);
2668                         }
2669                 cert->ecdh_tmp = ecdh;
2670                 return 1;
2671                 }
2672                 /* break; */
2673         case SSL_CTRL_SET_TMP_ECDH_CB:
2674                 {
2675                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2676                 return(0);
2677                 }
2678                 break;
2679 #endif /* !OPENSSL_NO_ECDH */
2680 #ifndef OPENSSL_NO_TLSEXT
2681         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2682                 ctx->tlsext_servername_arg=parg;
2683                 break;
2684         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2685         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2686                 {
2687                 unsigned char *keys = parg;
2688                 if (!keys)
2689                         return 48;
2690                 if (larg != 48)
2691                         {
2692                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2693                         return 0;
2694                         }
2695                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2696                         {
2697                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
2698                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2699                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2700                         }
2701                 else
2702                         {
2703                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
2704                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2705                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2706                         }
2707                 return 1;
2708                 }
2709
2710 #ifdef TLSEXT_TYPE_opaque_prf_input
2711         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2712                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2713                 return 1;
2714 #endif
2715
2716         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2717                 ctx->tlsext_status_arg=parg;
2718                 return 1;
2719                 break;
2720
2721 #endif /* !OPENSSL_NO_TLSEXT */
2722
2723         /* A Thawte special :-) */
2724         case SSL_CTRL_EXTRA_CHAIN_CERT:
2725                 if (ctx->extra_certs == NULL)
2726                         {
2727                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2728                                 return(0);
2729                         }
2730                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2731                 break;
2732
2733         default:
2734                 return(0);
2735                 }
2736         return(1);
2737         }
2738
2739 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2740         {
2741         CERT *cert;
2742
2743         cert=ctx->cert;
2744
2745         switch (cmd)
2746                 {
2747 #ifndef OPENSSL_NO_RSA
2748         case SSL_CTRL_SET_TMP_RSA_CB:
2749                 {
2750                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2751                 }
2752                 break;
2753 #endif
2754 #ifndef OPENSSL_NO_DH
2755         case SSL_CTRL_SET_TMP_DH_CB:
2756                 {
2757                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2758                 }
2759                 break;
2760 #endif
2761 #ifndef OPENSSL_NO_ECDH
2762         case SSL_CTRL_SET_TMP_ECDH_CB:
2763                 {
2764                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2765                 }
2766                 break;
2767 #endif
2768 #ifndef OPENSSL_NO_TLSEXT
2769         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2770                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2771                 break;
2772
2773 #ifdef TLSEXT_TYPE_opaque_prf_input
2774         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2775                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2776                 break;
2777 #endif
2778
2779         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2780                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2781                 break;
2782
2783         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2784                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
2785                                                 unsigned char *,
2786                                                 EVP_CIPHER_CTX *,
2787                                                 HMAC_CTX *, int))fp;
2788                 break;
2789
2790 #endif
2791         default:
2792                 return(0);
2793                 }
2794         return(1);
2795         }
2796
2797 /* This function needs to check if the ciphers required are actually
2798  * available */
2799 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2800         {
2801         SSL_CIPHER c;
2802         const SSL_CIPHER *cp;
2803         unsigned long id;
2804
2805         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2806         c.id=id;
2807         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2808         if (cp == NULL || cp->valid == 0)
2809                 return NULL;
2810         else
2811                 return cp;
2812         }
2813
2814 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2815         {
2816         long l;
2817
2818         if (p != NULL)
2819                 {
2820                 l=c->id;
2821                 if ((l & 0xff000000) != 0x03000000) return(0);
2822                 p[0]=((unsigned char)(l>> 8L))&0xFF;
2823                 p[1]=((unsigned char)(l     ))&0xFF;
2824                 }
2825         return(2);
2826         }
2827
2828 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2829              STACK_OF(SSL_CIPHER) *srvr)
2830         {
2831         SSL_CIPHER *c,*ret=NULL;
2832         STACK_OF(SSL_CIPHER) *prio, *allow;
2833         int i,ii,ok;
2834 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2835         unsigned int j;
2836         int ec_ok, ec_nid;
2837         unsigned char ec_search1 = 0, ec_search2 = 0;
2838 #endif
2839         CERT *cert;
2840         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2841
2842         /* Let's see which ciphers we can support */
2843         cert=s->cert;
2844
2845 #if 0
2846         /* Do not set the compare functions, because this may lead to a
2847          * reordering by "id". We want to keep the original ordering.
2848          * We may pay a price in performance during sk_SSL_CIPHER_find(),
2849          * but would have to pay with the price of sk_SSL_CIPHER_dup().
2850          */
2851         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2852         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2853 #endif
2854
2855 #ifdef CIPHER_DEBUG
2856         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2857         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2858                 {
2859                 c=sk_SSL_CIPHER_value(srvr,i);
2860                 printf("%p:%s\n",(void *)c,c->name);
2861                 }
2862         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2863         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2864             {
2865             c=sk_SSL_CIPHER_value(clnt,i);
2866             printf("%p:%s\n",(void *)c,c->name);
2867             }
2868 #endif
2869
2870         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2871                 {
2872                 prio = srvr;
2873                 allow = clnt;
2874                 }
2875         else
2876                 {
2877                 prio = clnt;
2878                 allow = srvr;
2879                 }
2880
2881         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2882                 {
2883                 c=sk_SSL_CIPHER_value(prio,i);
2884
2885                 ssl_set_cert_masks(cert,c);
2886                 mask_k = cert->mask_k;
2887                 mask_a = cert->mask_a;
2888                 emask_k = cert->export_mask_k;
2889                 emask_a = cert->export_mask_a;
2890                         
2891 #ifdef KSSL_DEBUG
2892 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2893 #endif    /* KSSL_DEBUG */
2894
2895                 alg_k=c->algorithm_mkey;
2896                 alg_a=c->algorithm_auth;
2897
2898 #ifndef OPENSSL_NO_KRB5
2899                 if (alg_k & SSL_kKRB5)
2900                         {
2901                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
2902                             continue;
2903                         }
2904 #endif /* OPENSSL_NO_KRB5 */
2905 #ifndef OPENSSL_NO_PSK
2906                 /* with PSK there must be server callback set */
2907                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2908                         continue;
2909 #endif /* OPENSSL_NO_PSK */
2910
2911                 if (SSL_C_IS_EXPORT(c))
2912                         {
2913                         ok = (alg_k & emask_k) && (alg_a & emask_a);
2914 #ifdef CIPHER_DEBUG
2915                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2916                                (void *)c,c->name);
2917 #endif
2918                         }
2919                 else
2920                         {
2921                         ok = (alg_k & mask_k) && (alg_a & mask_a);
2922 #ifdef CIPHER_DEBUG
2923                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2924                                c->name);
2925 #endif
2926                         }
2927
2928 #ifndef OPENSSL_NO_TLSEXT
2929 #ifndef OPENSSL_NO_EC
2930                 if (
2931                         /* if we are considering an ECC cipher suite that uses our certificate */
2932                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2933                         /* and we have an ECC certificate */
2934                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2935                         /* and the client specified a Supported Point Formats extension */
2936                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2937                         /* and our certificate's point is compressed */
2938                         && (
2939                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2940                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2941                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2942                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2943                                 && (
2944                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2945                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2946                                         )
2947                                 )
2948                 )
2949                         {
2950                         ec_ok = 0;
2951                         /* if our certificate's curve is over a field type that the client does not support
2952                          * then do not allow this cipher suite to be negotiated */
2953                         if (
2954                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2955                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2956                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2957                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2958                         )
2959                                 {
2960                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2961                                         {
2962                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2963                                                 {
2964                                                 ec_ok = 1;
2965                                                 break;
2966                                                 }
2967                                         }
2968                                 }
2969                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2970                                 {
2971                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2972                                         {
2973                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2974                                                 {
2975                                                 ec_ok = 1;
2976                                                 break;
2977                                                 }
2978                                         }
2979                                 }
2980                         ok = ok && ec_ok;
2981                         }
2982                 if (
2983                         /* if we are considering an ECC cipher suite that uses our certificate */
2984                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2985                         /* and we have an ECC certificate */
2986                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2987                         /* and the client specified an EllipticCurves extension */
2988                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2989                 )
2990                         {
2991                         ec_ok = 0;
2992                         if (
2993                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2994                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2995                         )
2996                                 {
2997                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2998                                 if ((ec_nid == 0)
2999                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3000                                 )
3001                                         {
3002                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3003                                                 {
3004                                                 ec_search1 = 0xFF;
3005                                                 ec_search2 = 0x01;
3006                                                 }
3007                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3008                                                 {
3009                                                 ec_search1 = 0xFF;
3010                                                 ec_search2 = 0x02;
3011                                                 }
3012                                         }
3013                                 else
3014                                         {
3015                                         ec_search1 = 0x00;
3016                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3017                                         }
3018                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3019                                         {
3020                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3021                                                 {
3022                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3023                                                         {
3024                                                         ec_ok = 1;
3025                                                         break;
3026                                                         }
3027                                                 }
3028                                         }
3029                                 }
3030                         ok = ok && ec_ok;
3031                         }
3032                 if (
3033                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3034                         (alg_k & SSL_kEECDH)
3035                         /* and we have an ephemeral EC key */
3036                         && (s->cert->ecdh_tmp != NULL)
3037                         /* and the client specified an EllipticCurves extension */
3038                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3039                 )
3040                         {
3041                         ec_ok = 0;
3042                         if (s->cert->ecdh_tmp->group != NULL)
3043                                 {
3044                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3045                                 if ((ec_nid == 0)
3046                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3047                                 )
3048                                         {
3049                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3050                                                 {
3051                                                 ec_search1 = 0xFF;
3052                                                 ec_search2 = 0x01;
3053                                                 }
3054                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3055                                                 {
3056                                                 ec_search1 = 0xFF;
3057                                                 ec_search2 = 0x02;
3058                                                 }
3059                                         }
3060                                 else
3061                                         {
3062                                         ec_search1 = 0x00;
3063                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3064                                         }
3065                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3066                                         {
3067                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3068                                                 {
3069                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3070                                                         {
3071                                                         ec_ok = 1;
3072                                                         break;
3073                                                         }
3074                                                 }
3075                                         }
3076                                 }
3077                         ok = ok && ec_ok;
3078                         }
3079 #endif /* OPENSSL_NO_EC */
3080 #endif /* OPENSSL_NO_TLSEXT */
3081
3082                 if (!ok) continue;
3083                 ii=sk_SSL_CIPHER_find(allow,c);
3084                 if (ii >= 0)
3085                         {
3086                         ret=sk_SSL_CIPHER_value(allow,ii);
3087                         break;
3088                         }
3089                 }
3090         return(ret);
3091         }
3092
3093 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3094         {
3095         int ret=0;
3096         unsigned long alg_k;
3097
3098         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3099
3100 #ifndef OPENSSL_NO_GOST
3101         if (s->version >= TLS1_VERSION)
3102                 {
3103                 if (alg_k & SSL_kGOST)
3104                         {
3105                         p[ret++]=TLS_CT_GOST94_SIGN;
3106                         p[ret++]=TLS_CT_GOST01_SIGN;
3107                         return(ret);
3108                         }
3109                 }
3110 #endif
3111
3112 #ifndef OPENSSL_NO_DH
3113         if (alg_k & (SSL_kDHr|SSL_kEDH))
3114                 {
3115 #  ifndef OPENSSL_NO_RSA
3116                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
3117 #  endif
3118 #  ifndef OPENSSL_NO_DSA
3119                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
3120 #  endif
3121                 }
3122         if ((s->version == SSL3_VERSION) &&
3123                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3124                 {
3125 #  ifndef OPENSSL_NO_RSA
3126                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3127 #  endif
3128 #  ifndef OPENSSL_NO_DSA
3129                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3130 #  endif
3131                 }
3132 #endif /* !OPENSSL_NO_DH */
3133 #ifndef OPENSSL_NO_RSA
3134         p[ret++]=SSL3_CT_RSA_SIGN;
3135 #endif
3136 #ifndef OPENSSL_NO_DSA
3137         p[ret++]=SSL3_CT_DSS_SIGN;
3138 #endif
3139 #ifndef OPENSSL_NO_ECDH
3140         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3141                 {
3142                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3143                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3144                 }
3145 #endif
3146
3147 #ifndef OPENSSL_NO_ECDSA
3148         /* ECDSA certs can be used with RSA cipher suites as well 
3149          * so we don't need to check for SSL_kECDH or SSL_kEECDH
3150          */
3151         if (s->version >= TLS1_VERSION)
3152                 {
3153                 p[ret++]=TLS_CT_ECDSA_SIGN;
3154                 }
3155 #endif  
3156         return(ret);
3157         }
3158
3159 int ssl3_shutdown(SSL *s)
3160         {
3161         int ret;
3162
3163         /* Don't do anything much if we have not done the handshake or
3164          * we don't want to send messages :-) */
3165         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3166                 {
3167                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3168                 return(1);
3169                 }
3170
3171         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3172                 {
3173                 s->shutdown|=SSL_SENT_SHUTDOWN;
3174 #if 1
3175                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3176 #endif
3177                 /* our shutdown alert has been sent now, and if it still needs
3178                  * to be written, s->s3->alert_dispatch will be true */
3179                 if (s->s3->alert_dispatch)
3180                         return(-1);     /* return WANT_WRITE */
3181                 }
3182         else if (s->s3->alert_dispatch)
3183                 {
3184                 /* resend it if not sent */
3185 #if 1
3186                 ret=s->method->ssl_dispatch_alert(s);
3187                 if(ret == -1)
3188                         {
3189                         /* we only get to return -1 here the 2nd/Nth
3190                          * invocation, we must  have already signalled
3191                          * return 0 upon a previous invoation,
3192                          * return WANT_WRITE */
3193                         return(ret);
3194                         }
3195 #endif
3196                 }
3197         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3198                 {
3199                 /* If we are waiting for a close from our peer, we are closed */
3200                 s->method->ssl_read_bytes(s,0,NULL,0,0);
3201                 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3202                         {
3203                         return(-1);     /* return WANT_READ */
3204                         }
3205                 }
3206
3207         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3208                 !s->s3->alert_dispatch)
3209                 return(1);
3210         else
3211                 return(0);
3212         }
3213
3214 int ssl3_write(SSL *s, const void *buf, int len)
3215         {
3216         int ret,n;
3217
3218 #if 0
3219         if (s->shutdown & SSL_SEND_SHUTDOWN)
3220                 {
3221                 s->rwstate=SSL_NOTHING;
3222                 return(0);
3223                 }
3224 #endif
3225         clear_sys_error();
3226         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3227
3228         /* This is an experimental flag that sends the
3229          * last handshake message in the same packet as the first
3230          * use data - used to see if it helps the TCP protocol during
3231          * session-id reuse */
3232         /* The second test is because the buffer may have been removed */
3233         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3234                 {
3235                 /* First time through, we write into the buffer */
3236                 if (s->s3->delay_buf_pop_ret == 0)
3237                         {
3238                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3239                                              buf,len);
3240                         if (ret <= 0) return(ret);
3241
3242                         s->s3->delay_buf_pop_ret=ret;
3243                         }
3244
3245                 s->rwstate=SSL_WRITING;
3246                 n=BIO_flush(s->wbio);
3247                 if (n <= 0) return(n);
3248                 s->rwstate=SSL_NOTHING;
3249
3250                 /* We have flushed the buffer, so remove it */
3251                 ssl_free_wbio_buffer(s);
3252                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3253
3254                 ret=s->s3->delay_buf_pop_ret;
3255                 s->s3->delay_buf_pop_ret=0;
3256                 }
3257         else
3258                 {
3259                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3260                         buf,len);
3261                 if (ret <= 0) return(ret);
3262                 }
3263
3264         return(ret);
3265         }
3266
3267 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3268         {
3269         int ret;
3270         
3271         clear_sys_error();
3272         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3273         s->s3->in_read_app_data=1;
3274         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3275         if ((ret == -1) && (s->s3->in_read_app_data == 2))
3276                 {
3277                 /* ssl3_read_bytes decided to call s->handshake_func, which
3278                  * called ssl3_read_bytes to read handshake data.
3279                  * However, ssl3_read_bytes actually found application data
3280                  * and thinks that application data makes sense here; so disable
3281                  * handshake processing and try to read application data again. */
3282                 s->in_handshake++;
3283                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3284                 s->in_handshake--;
3285                 }
3286         else
3287                 s->s3->in_read_app_data=0;
3288
3289         return(ret);
3290         }
3291
3292 int ssl3_read(SSL *s, void *buf, int len)
3293         {
3294         return ssl3_read_internal(s, buf, len, 0);
3295         }
3296
3297 int ssl3_peek(SSL *s, void *buf, int len)
3298         {
3299         return ssl3_read_internal(s, buf, len, 1);
3300         }
3301
3302 int ssl3_renegotiate(SSL *s)
3303         {
3304         if (s->handshake_func == NULL)
3305                 return(1);
3306
3307         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3308                 return(0);
3309
3310         s->s3->renegotiate=1;
3311         return(1);
3312         }
3313
3314 int ssl3_renegotiate_check(SSL *s)
3315         {
3316         int ret=0;
3317
3318         if (s->s3->renegotiate)
3319                 {
3320                 if (    (s->s3->rbuf.left == 0) &&
3321                         (s->s3->wbuf.left == 0) &&
3322                         !SSL_in_init(s))
3323                         {
3324 /*
3325 if we are the server, and we have sent a 'RENEGOTIATE' message, we
3326 need to go to SSL_ST_ACCEPT.
3327 */
3328                         /* SSL_ST_ACCEPT */
3329                         s->state=SSL_ST_RENEGOTIATE;
3330                         s->s3->renegotiate=0;
3331                         s->s3->num_renegotiations++;
3332                         s->s3->total_renegotiations++;
3333                         ret=1;
3334                         }
3335                 }
3336         return(ret);
3337         }
3338