xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision 0b3105a37d7adcadcb720112fed4dc4e8040be99)
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #include <openssl/md5.h>
156 #ifndef OPENSSL_NO_DH
157 # include <openssl/dh.h>
158 #endif
159 
160 const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
161 
162 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
163 
164 /* list of available SSLv3 ciphers (sorted by id) */
165 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
166 
167 /* The RSA ciphers */
168 /* Cipher 01 */
169     {
170      1,
171      SSL3_TXT_RSA_NULL_MD5,
172      SSL3_CK_RSA_NULL_MD5,
173      SSL_kRSA,
174      SSL_aRSA,
175      SSL_eNULL,
176      SSL_MD5,
177      SSL_SSLV3,
178      SSL_NOT_EXP | SSL_STRONG_NONE,
179      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180      0,
181      0,
182      },
183 
184 /* Cipher 02 */
185     {
186      1,
187      SSL3_TXT_RSA_NULL_SHA,
188      SSL3_CK_RSA_NULL_SHA,
189      SSL_kRSA,
190      SSL_aRSA,
191      SSL_eNULL,
192      SSL_SHA1,
193      SSL_SSLV3,
194      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
195      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196      0,
197      0,
198      },
199 
200 /* Cipher 03 */
201     {
202      1,
203      SSL3_TXT_RSA_RC4_40_MD5,
204      SSL3_CK_RSA_RC4_40_MD5,
205      SSL_kRSA,
206      SSL_aRSA,
207      SSL_RC4,
208      SSL_MD5,
209      SSL_SSLV3,
210      SSL_EXPORT | SSL_EXP40,
211      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212      40,
213      128,
214      },
215 
216 /* Cipher 04 */
217     {
218      1,
219      SSL3_TXT_RSA_RC4_128_MD5,
220      SSL3_CK_RSA_RC4_128_MD5,
221      SSL_kRSA,
222      SSL_aRSA,
223      SSL_RC4,
224      SSL_MD5,
225      SSL_SSLV3,
226      SSL_NOT_EXP | SSL_MEDIUM,
227      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228      128,
229      128,
230      },
231 
232 /* Cipher 05 */
233     {
234      1,
235      SSL3_TXT_RSA_RC4_128_SHA,
236      SSL3_CK_RSA_RC4_128_SHA,
237      SSL_kRSA,
238      SSL_aRSA,
239      SSL_RC4,
240      SSL_SHA1,
241      SSL_SSLV3,
242      SSL_NOT_EXP | SSL_MEDIUM,
243      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244      128,
245      128,
246      },
247 
248 /* Cipher 06 */
249     {
250      1,
251      SSL3_TXT_RSA_RC2_40_MD5,
252      SSL3_CK_RSA_RC2_40_MD5,
253      SSL_kRSA,
254      SSL_aRSA,
255      SSL_RC2,
256      SSL_MD5,
257      SSL_SSLV3,
258      SSL_EXPORT | SSL_EXP40,
259      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260      40,
261      128,
262      },
263 
264 /* Cipher 07 */
265 #ifndef OPENSSL_NO_IDEA
266     {
267      1,
268      SSL3_TXT_RSA_IDEA_128_SHA,
269      SSL3_CK_RSA_IDEA_128_SHA,
270      SSL_kRSA,
271      SSL_aRSA,
272      SSL_IDEA,
273      SSL_SHA1,
274      SSL_SSLV3,
275      SSL_NOT_EXP | SSL_MEDIUM,
276      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277      128,
278      128,
279      },
280 #endif
281 
282 /* Cipher 08 */
283     {
284      1,
285      SSL3_TXT_RSA_DES_40_CBC_SHA,
286      SSL3_CK_RSA_DES_40_CBC_SHA,
287      SSL_kRSA,
288      SSL_aRSA,
289      SSL_DES,
290      SSL_SHA1,
291      SSL_SSLV3,
292      SSL_EXPORT | SSL_EXP40,
293      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
294      40,
295      56,
296      },
297 
298 /* Cipher 09 */
299     {
300      1,
301      SSL3_TXT_RSA_DES_64_CBC_SHA,
302      SSL3_CK_RSA_DES_64_CBC_SHA,
303      SSL_kRSA,
304      SSL_aRSA,
305      SSL_DES,
306      SSL_SHA1,
307      SSL_SSLV3,
308      SSL_NOT_EXP | SSL_LOW,
309      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
310      56,
311      56,
312      },
313 
314 /* Cipher 0A */
315     {
316      1,
317      SSL3_TXT_RSA_DES_192_CBC3_SHA,
318      SSL3_CK_RSA_DES_192_CBC3_SHA,
319      SSL_kRSA,
320      SSL_aRSA,
321      SSL_3DES,
322      SSL_SHA1,
323      SSL_SSLV3,
324      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
325      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
326      112,
327      168,
328      },
329 
330 /* The DH ciphers */
331 /* Cipher 0B */
332     {
333      0,
334      SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
335      SSL3_CK_DH_DSS_DES_40_CBC_SHA,
336      SSL_kDHd,
337      SSL_aDH,
338      SSL_DES,
339      SSL_SHA1,
340      SSL_SSLV3,
341      SSL_EXPORT | SSL_EXP40,
342      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
343      40,
344      56,
345      },
346 
347 /* Cipher 0C */
348     {
349      1,
350      SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
351      SSL3_CK_DH_DSS_DES_64_CBC_SHA,
352      SSL_kDHd,
353      SSL_aDH,
354      SSL_DES,
355      SSL_SHA1,
356      SSL_SSLV3,
357      SSL_NOT_EXP | SSL_LOW,
358      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
359      56,
360      56,
361      },
362 
363 /* Cipher 0D */
364     {
365      1,
366      SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
367      SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
368      SSL_kDHd,
369      SSL_aDH,
370      SSL_3DES,
371      SSL_SHA1,
372      SSL_SSLV3,
373      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
374      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
375      112,
376      168,
377      },
378 
379 /* Cipher 0E */
380     {
381      0,
382      SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
383      SSL3_CK_DH_RSA_DES_40_CBC_SHA,
384      SSL_kDHr,
385      SSL_aDH,
386      SSL_DES,
387      SSL_SHA1,
388      SSL_SSLV3,
389      SSL_EXPORT | SSL_EXP40,
390      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
391      40,
392      56,
393      },
394 
395 /* Cipher 0F */
396     {
397      1,
398      SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
399      SSL3_CK_DH_RSA_DES_64_CBC_SHA,
400      SSL_kDHr,
401      SSL_aDH,
402      SSL_DES,
403      SSL_SHA1,
404      SSL_SSLV3,
405      SSL_NOT_EXP | SSL_LOW,
406      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
407      56,
408      56,
409      },
410 
411 /* Cipher 10 */
412     {
413      1,
414      SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
415      SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
416      SSL_kDHr,
417      SSL_aDH,
418      SSL_3DES,
419      SSL_SHA1,
420      SSL_SSLV3,
421      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
422      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423      112,
424      168,
425      },
426 
427 /* The Ephemeral DH ciphers */
428 /* Cipher 11 */
429     {
430      1,
431      SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
432      SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
433      SSL_kEDH,
434      SSL_aDSS,
435      SSL_DES,
436      SSL_SHA1,
437      SSL_SSLV3,
438      SSL_EXPORT | SSL_EXP40,
439      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
440      40,
441      56,
442      },
443 
444 /* Cipher 12 */
445     {
446      1,
447      SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
448      SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
449      SSL_kEDH,
450      SSL_aDSS,
451      SSL_DES,
452      SSL_SHA1,
453      SSL_SSLV3,
454      SSL_NOT_EXP | SSL_LOW,
455      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
456      56,
457      56,
458      },
459 
460 /* Cipher 13 */
461     {
462      1,
463      SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
464      SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
465      SSL_kEDH,
466      SSL_aDSS,
467      SSL_3DES,
468      SSL_SHA1,
469      SSL_SSLV3,
470      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
471      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
472      112,
473      168,
474      },
475 
476 /* Cipher 14 */
477     {
478      1,
479      SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
480      SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
481      SSL_kEDH,
482      SSL_aRSA,
483      SSL_DES,
484      SSL_SHA1,
485      SSL_SSLV3,
486      SSL_EXPORT | SSL_EXP40,
487      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
488      40,
489      56,
490      },
491 
492 /* Cipher 15 */
493     {
494      1,
495      SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
496      SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
497      SSL_kEDH,
498      SSL_aRSA,
499      SSL_DES,
500      SSL_SHA1,
501      SSL_SSLV3,
502      SSL_NOT_EXP | SSL_LOW,
503      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
504      56,
505      56,
506      },
507 
508 /* Cipher 16 */
509     {
510      1,
511      SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
512      SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
513      SSL_kEDH,
514      SSL_aRSA,
515      SSL_3DES,
516      SSL_SHA1,
517      SSL_SSLV3,
518      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
519      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
520      112,
521      168,
522      },
523 
524 /* Cipher 17 */
525     {
526      1,
527      SSL3_TXT_ADH_RC4_40_MD5,
528      SSL3_CK_ADH_RC4_40_MD5,
529      SSL_kEDH,
530      SSL_aNULL,
531      SSL_RC4,
532      SSL_MD5,
533      SSL_SSLV3,
534      SSL_EXPORT | SSL_EXP40,
535      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
536      40,
537      128,
538      },
539 
540 /* Cipher 18 */
541     {
542      1,
543      SSL3_TXT_ADH_RC4_128_MD5,
544      SSL3_CK_ADH_RC4_128_MD5,
545      SSL_kEDH,
546      SSL_aNULL,
547      SSL_RC4,
548      SSL_MD5,
549      SSL_SSLV3,
550      SSL_NOT_EXP | SSL_MEDIUM,
551      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
552      128,
553      128,
554      },
555 
556 /* Cipher 19 */
557     {
558      1,
559      SSL3_TXT_ADH_DES_40_CBC_SHA,
560      SSL3_CK_ADH_DES_40_CBC_SHA,
561      SSL_kEDH,
562      SSL_aNULL,
563      SSL_DES,
564      SSL_SHA1,
565      SSL_SSLV3,
566      SSL_EXPORT | SSL_EXP40,
567      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
568      40,
569      128,
570      },
571 
572 /* Cipher 1A */
573     {
574      1,
575      SSL3_TXT_ADH_DES_64_CBC_SHA,
576      SSL3_CK_ADH_DES_64_CBC_SHA,
577      SSL_kEDH,
578      SSL_aNULL,
579      SSL_DES,
580      SSL_SHA1,
581      SSL_SSLV3,
582      SSL_NOT_EXP | SSL_LOW,
583      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
584      56,
585      56,
586      },
587 
588 /* Cipher 1B */
589     {
590      1,
591      SSL3_TXT_ADH_DES_192_CBC_SHA,
592      SSL3_CK_ADH_DES_192_CBC_SHA,
593      SSL_kEDH,
594      SSL_aNULL,
595      SSL_3DES,
596      SSL_SHA1,
597      SSL_SSLV3,
598      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
599      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
600      112,
601      168,
602      },
603 
604 /* Fortezza ciphersuite from SSL 3.0 spec */
605 #if 0
606 /* Cipher 1C */
607     {
608      0,
609      SSL3_TXT_FZA_DMS_NULL_SHA,
610      SSL3_CK_FZA_DMS_NULL_SHA,
611      SSL_kFZA,
612      SSL_aFZA,
613      SSL_eNULL,
614      SSL_SHA1,
615      SSL_SSLV3,
616      SSL_NOT_EXP | SSL_STRONG_NONE,
617      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
618      0,
619      0,
620      },
621 
622 /* Cipher 1D */
623     {
624      0,
625      SSL3_TXT_FZA_DMS_FZA_SHA,
626      SSL3_CK_FZA_DMS_FZA_SHA,
627      SSL_kFZA,
628      SSL_aFZA,
629      SSL_eFZA,
630      SSL_SHA1,
631      SSL_SSLV3,
632      SSL_NOT_EXP | SSL_STRONG_NONE,
633      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
634      0,
635      0,
636      },
637 
638 /* Cipher 1E */
639     {
640      0,
641      SSL3_TXT_FZA_DMS_RC4_SHA,
642      SSL3_CK_FZA_DMS_RC4_SHA,
643      SSL_kFZA,
644      SSL_aFZA,
645      SSL_RC4,
646      SSL_SHA1,
647      SSL_SSLV3,
648      SSL_NOT_EXP | SSL_MEDIUM,
649      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
650      128,
651      128,
652      },
653 #endif
654 
655 #ifndef OPENSSL_NO_KRB5
656 /* The Kerberos ciphers*/
657 /* Cipher 1E */
658     {
659      1,
660      SSL3_TXT_KRB5_DES_64_CBC_SHA,
661      SSL3_CK_KRB5_DES_64_CBC_SHA,
662      SSL_kKRB5,
663      SSL_aKRB5,
664      SSL_DES,
665      SSL_SHA1,
666      SSL_SSLV3,
667      SSL_NOT_EXP | SSL_LOW,
668      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
669      56,
670      56,
671      },
672 
673 /* Cipher 1F */
674     {
675      1,
676      SSL3_TXT_KRB5_DES_192_CBC3_SHA,
677      SSL3_CK_KRB5_DES_192_CBC3_SHA,
678      SSL_kKRB5,
679      SSL_aKRB5,
680      SSL_3DES,
681      SSL_SHA1,
682      SSL_SSLV3,
683      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
684      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
685      112,
686      168,
687      },
688 
689 /* Cipher 20 */
690     {
691      1,
692      SSL3_TXT_KRB5_RC4_128_SHA,
693      SSL3_CK_KRB5_RC4_128_SHA,
694      SSL_kKRB5,
695      SSL_aKRB5,
696      SSL_RC4,
697      SSL_SHA1,
698      SSL_SSLV3,
699      SSL_NOT_EXP | SSL_MEDIUM,
700      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
701      128,
702      128,
703      },
704 
705 /* Cipher 21 */
706     {
707      1,
708      SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
709      SSL3_CK_KRB5_IDEA_128_CBC_SHA,
710      SSL_kKRB5,
711      SSL_aKRB5,
712      SSL_IDEA,
713      SSL_SHA1,
714      SSL_SSLV3,
715      SSL_NOT_EXP | SSL_MEDIUM,
716      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
717      128,
718      128,
719      },
720 
721 /* Cipher 22 */
722     {
723      1,
724      SSL3_TXT_KRB5_DES_64_CBC_MD5,
725      SSL3_CK_KRB5_DES_64_CBC_MD5,
726      SSL_kKRB5,
727      SSL_aKRB5,
728      SSL_DES,
729      SSL_MD5,
730      SSL_SSLV3,
731      SSL_NOT_EXP | SSL_LOW,
732      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
733      56,
734      56,
735      },
736 
737 /* Cipher 23 */
738     {
739      1,
740      SSL3_TXT_KRB5_DES_192_CBC3_MD5,
741      SSL3_CK_KRB5_DES_192_CBC3_MD5,
742      SSL_kKRB5,
743      SSL_aKRB5,
744      SSL_3DES,
745      SSL_MD5,
746      SSL_SSLV3,
747      SSL_NOT_EXP | SSL_HIGH,
748      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
749      112,
750      168,
751      },
752 
753 /* Cipher 24 */
754     {
755      1,
756      SSL3_TXT_KRB5_RC4_128_MD5,
757      SSL3_CK_KRB5_RC4_128_MD5,
758      SSL_kKRB5,
759      SSL_aKRB5,
760      SSL_RC4,
761      SSL_MD5,
762      SSL_SSLV3,
763      SSL_NOT_EXP | SSL_MEDIUM,
764      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
765      128,
766      128,
767      },
768 
769 /* Cipher 25 */
770     {
771      1,
772      SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
773      SSL3_CK_KRB5_IDEA_128_CBC_MD5,
774      SSL_kKRB5,
775      SSL_aKRB5,
776      SSL_IDEA,
777      SSL_MD5,
778      SSL_SSLV3,
779      SSL_NOT_EXP | SSL_MEDIUM,
780      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
781      128,
782      128,
783      },
784 
785 /* Cipher 26 */
786     {
787      1,
788      SSL3_TXT_KRB5_DES_40_CBC_SHA,
789      SSL3_CK_KRB5_DES_40_CBC_SHA,
790      SSL_kKRB5,
791      SSL_aKRB5,
792      SSL_DES,
793      SSL_SHA1,
794      SSL_SSLV3,
795      SSL_EXPORT | SSL_EXP40,
796      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
797      40,
798      56,
799      },
800 
801 /* Cipher 27 */
802     {
803      1,
804      SSL3_TXT_KRB5_RC2_40_CBC_SHA,
805      SSL3_CK_KRB5_RC2_40_CBC_SHA,
806      SSL_kKRB5,
807      SSL_aKRB5,
808      SSL_RC2,
809      SSL_SHA1,
810      SSL_SSLV3,
811      SSL_EXPORT | SSL_EXP40,
812      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
813      40,
814      128,
815      },
816 
817 /* Cipher 28 */
818     {
819      1,
820      SSL3_TXT_KRB5_RC4_40_SHA,
821      SSL3_CK_KRB5_RC4_40_SHA,
822      SSL_kKRB5,
823      SSL_aKRB5,
824      SSL_RC4,
825      SSL_SHA1,
826      SSL_SSLV3,
827      SSL_EXPORT | SSL_EXP40,
828      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
829      40,
830      128,
831      },
832 
833 /* Cipher 29 */
834     {
835      1,
836      SSL3_TXT_KRB5_DES_40_CBC_MD5,
837      SSL3_CK_KRB5_DES_40_CBC_MD5,
838      SSL_kKRB5,
839      SSL_aKRB5,
840      SSL_DES,
841      SSL_MD5,
842      SSL_SSLV3,
843      SSL_EXPORT | SSL_EXP40,
844      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
845      40,
846      56,
847      },
848 
849 /* Cipher 2A */
850     {
851      1,
852      SSL3_TXT_KRB5_RC2_40_CBC_MD5,
853      SSL3_CK_KRB5_RC2_40_CBC_MD5,
854      SSL_kKRB5,
855      SSL_aKRB5,
856      SSL_RC2,
857      SSL_MD5,
858      SSL_SSLV3,
859      SSL_EXPORT | SSL_EXP40,
860      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
861      40,
862      128,
863      },
864 
865 /* Cipher 2B */
866     {
867      1,
868      SSL3_TXT_KRB5_RC4_40_MD5,
869      SSL3_CK_KRB5_RC4_40_MD5,
870      SSL_kKRB5,
871      SSL_aKRB5,
872      SSL_RC4,
873      SSL_MD5,
874      SSL_SSLV3,
875      SSL_EXPORT | SSL_EXP40,
876      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
877      40,
878      128,
879      },
880 #endif                          /* OPENSSL_NO_KRB5 */
881 
882 /* New AES ciphersuites */
883 /* Cipher 2F */
884     {
885      1,
886      TLS1_TXT_RSA_WITH_AES_128_SHA,
887      TLS1_CK_RSA_WITH_AES_128_SHA,
888      SSL_kRSA,
889      SSL_aRSA,
890      SSL_AES128,
891      SSL_SHA1,
892      SSL_TLSV1,
893      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
894      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
895      128,
896      128,
897      },
898 /* Cipher 30 */
899     {
900      1,
901      TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
902      TLS1_CK_DH_DSS_WITH_AES_128_SHA,
903      SSL_kDHd,
904      SSL_aDH,
905      SSL_AES128,
906      SSL_SHA1,
907      SSL_TLSV1,
908      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
909      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
910      128,
911      128,
912      },
913 /* Cipher 31 */
914     {
915      1,
916      TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
917      TLS1_CK_DH_RSA_WITH_AES_128_SHA,
918      SSL_kDHr,
919      SSL_aDH,
920      SSL_AES128,
921      SSL_SHA1,
922      SSL_TLSV1,
923      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
924      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
925      128,
926      128,
927      },
928 /* Cipher 32 */
929     {
930      1,
931      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
932      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
933      SSL_kEDH,
934      SSL_aDSS,
935      SSL_AES128,
936      SSL_SHA1,
937      SSL_TLSV1,
938      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
939      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
940      128,
941      128,
942      },
943 /* Cipher 33 */
944     {
945      1,
946      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
947      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
948      SSL_kEDH,
949      SSL_aRSA,
950      SSL_AES128,
951      SSL_SHA1,
952      SSL_TLSV1,
953      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
954      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
955      128,
956      128,
957      },
958 /* Cipher 34 */
959     {
960      1,
961      TLS1_TXT_ADH_WITH_AES_128_SHA,
962      TLS1_CK_ADH_WITH_AES_128_SHA,
963      SSL_kEDH,
964      SSL_aNULL,
965      SSL_AES128,
966      SSL_SHA1,
967      SSL_TLSV1,
968      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
969      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
970      128,
971      128,
972      },
973 
974 /* Cipher 35 */
975     {
976      1,
977      TLS1_TXT_RSA_WITH_AES_256_SHA,
978      TLS1_CK_RSA_WITH_AES_256_SHA,
979      SSL_kRSA,
980      SSL_aRSA,
981      SSL_AES256,
982      SSL_SHA1,
983      SSL_TLSV1,
984      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
985      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
986      256,
987      256,
988      },
989 /* Cipher 36 */
990     {
991      1,
992      TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
993      TLS1_CK_DH_DSS_WITH_AES_256_SHA,
994      SSL_kDHd,
995      SSL_aDH,
996      SSL_AES256,
997      SSL_SHA1,
998      SSL_TLSV1,
999      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1000      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1001      256,
1002      256,
1003      },
1004 
1005 /* Cipher 37 */
1006     {
1007      1,
1008      TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1009      TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1010      SSL_kDHr,
1011      SSL_aDH,
1012      SSL_AES256,
1013      SSL_SHA1,
1014      SSL_TLSV1,
1015      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1016      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1017      256,
1018      256,
1019      },
1020 
1021 /* Cipher 38 */
1022     {
1023      1,
1024      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1025      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1026      SSL_kEDH,
1027      SSL_aDSS,
1028      SSL_AES256,
1029      SSL_SHA1,
1030      SSL_TLSV1,
1031      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1032      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1033      256,
1034      256,
1035      },
1036 
1037 /* Cipher 39 */
1038     {
1039      1,
1040      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1041      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1042      SSL_kEDH,
1043      SSL_aRSA,
1044      SSL_AES256,
1045      SSL_SHA1,
1046      SSL_TLSV1,
1047      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1048      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1049      256,
1050      256,
1051      },
1052 
1053     /* Cipher 3A */
1054     {
1055      1,
1056      TLS1_TXT_ADH_WITH_AES_256_SHA,
1057      TLS1_CK_ADH_WITH_AES_256_SHA,
1058      SSL_kEDH,
1059      SSL_aNULL,
1060      SSL_AES256,
1061      SSL_SHA1,
1062      SSL_TLSV1,
1063      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1064      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1065      256,
1066      256,
1067      },
1068 
1069     /* TLS v1.2 ciphersuites */
1070     /* Cipher 3B */
1071     {
1072      1,
1073      TLS1_TXT_RSA_WITH_NULL_SHA256,
1074      TLS1_CK_RSA_WITH_NULL_SHA256,
1075      SSL_kRSA,
1076      SSL_aRSA,
1077      SSL_eNULL,
1078      SSL_SHA256,
1079      SSL_TLSV1_2,
1080      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
1081      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1082      0,
1083      0,
1084      },
1085 
1086     /* Cipher 3C */
1087     {
1088      1,
1089      TLS1_TXT_RSA_WITH_AES_128_SHA256,
1090      TLS1_CK_RSA_WITH_AES_128_SHA256,
1091      SSL_kRSA,
1092      SSL_aRSA,
1093      SSL_AES128,
1094      SSL_SHA256,
1095      SSL_TLSV1_2,
1096      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1097      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1098      128,
1099      128,
1100      },
1101 
1102     /* Cipher 3D */
1103     {
1104      1,
1105      TLS1_TXT_RSA_WITH_AES_256_SHA256,
1106      TLS1_CK_RSA_WITH_AES_256_SHA256,
1107      SSL_kRSA,
1108      SSL_aRSA,
1109      SSL_AES256,
1110      SSL_SHA256,
1111      SSL_TLSV1_2,
1112      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1113      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114      256,
1115      256,
1116      },
1117 
1118     /* Cipher 3E */
1119     {
1120      1,
1121      TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1122      TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1123      SSL_kDHd,
1124      SSL_aDH,
1125      SSL_AES128,
1126      SSL_SHA256,
1127      SSL_TLSV1_2,
1128      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1129      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1130      128,
1131      128,
1132      },
1133 
1134     /* Cipher 3F */
1135     {
1136      1,
1137      TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1138      TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1139      SSL_kDHr,
1140      SSL_aDH,
1141      SSL_AES128,
1142      SSL_SHA256,
1143      SSL_TLSV1_2,
1144      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1145      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1146      128,
1147      128,
1148      },
1149 
1150     /* Cipher 40 */
1151     {
1152      1,
1153      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1154      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1155      SSL_kEDH,
1156      SSL_aDSS,
1157      SSL_AES128,
1158      SSL_SHA256,
1159      SSL_TLSV1_2,
1160      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1161      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1162      128,
1163      128,
1164      },
1165 
1166 #ifndef OPENSSL_NO_CAMELLIA
1167     /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1168 
1169     /* Cipher 41 */
1170     {
1171      1,
1172      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1173      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1174      SSL_kRSA,
1175      SSL_aRSA,
1176      SSL_CAMELLIA128,
1177      SSL_SHA1,
1178      SSL_TLSV1,
1179      SSL_NOT_EXP | SSL_HIGH,
1180      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1181      128,
1182      128,
1183      },
1184 
1185     /* Cipher 42 */
1186     {
1187      1,
1188      TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1189      TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1190      SSL_kDHd,
1191      SSL_aDH,
1192      SSL_CAMELLIA128,
1193      SSL_SHA1,
1194      SSL_TLSV1,
1195      SSL_NOT_EXP | SSL_HIGH,
1196      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1197      128,
1198      128,
1199      },
1200 
1201     /* Cipher 43 */
1202     {
1203      1,
1204      TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1205      TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1206      SSL_kDHr,
1207      SSL_aDH,
1208      SSL_CAMELLIA128,
1209      SSL_SHA1,
1210      SSL_TLSV1,
1211      SSL_NOT_EXP | SSL_HIGH,
1212      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1213      128,
1214      128,
1215      },
1216 
1217     /* Cipher 44 */
1218     {
1219      1,
1220      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1221      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1222      SSL_kEDH,
1223      SSL_aDSS,
1224      SSL_CAMELLIA128,
1225      SSL_SHA1,
1226      SSL_TLSV1,
1227      SSL_NOT_EXP | SSL_HIGH,
1228      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1229      128,
1230      128,
1231      },
1232 
1233     /* Cipher 45 */
1234     {
1235      1,
1236      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1237      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1238      SSL_kEDH,
1239      SSL_aRSA,
1240      SSL_CAMELLIA128,
1241      SSL_SHA1,
1242      SSL_TLSV1,
1243      SSL_NOT_EXP | SSL_HIGH,
1244      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1245      128,
1246      128,
1247      },
1248 
1249     /* Cipher 46 */
1250     {
1251      1,
1252      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1253      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1254      SSL_kEDH,
1255      SSL_aNULL,
1256      SSL_CAMELLIA128,
1257      SSL_SHA1,
1258      SSL_TLSV1,
1259      SSL_NOT_EXP | SSL_HIGH,
1260      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1261      128,
1262      128,
1263      },
1264 #endif                          /* OPENSSL_NO_CAMELLIA */
1265 
1266 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1267     /* New TLS Export CipherSuites from expired ID */
1268 # if 0
1269     /* Cipher 60 */
1270     {
1271      1,
1272      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1273      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1274      SSL_kRSA,
1275      SSL_aRSA,
1276      SSL_RC4,
1277      SSL_MD5,
1278      SSL_TLSV1,
1279      SSL_EXPORT | SSL_EXP56,
1280      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1281      56,
1282      128,
1283      },
1284 
1285     /* Cipher 61 */
1286     {
1287      1,
1288      TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1289      TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1290      SSL_kRSA,
1291      SSL_aRSA,
1292      SSL_RC2,
1293      SSL_MD5,
1294      SSL_TLSV1,
1295      SSL_EXPORT | SSL_EXP56,
1296      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1297      56,
1298      128,
1299      },
1300 # endif
1301 
1302     /* Cipher 62 */
1303     {
1304      1,
1305      TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1306      TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1307      SSL_kRSA,
1308      SSL_aRSA,
1309      SSL_DES,
1310      SSL_SHA1,
1311      SSL_TLSV1,
1312      SSL_EXPORT | SSL_EXP56,
1313      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1314      56,
1315      56,
1316      },
1317 
1318     /* Cipher 63 */
1319     {
1320      1,
1321      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1322      TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1323      SSL_kEDH,
1324      SSL_aDSS,
1325      SSL_DES,
1326      SSL_SHA1,
1327      SSL_TLSV1,
1328      SSL_EXPORT | SSL_EXP56,
1329      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1330      56,
1331      56,
1332      },
1333 
1334     /* Cipher 64 */
1335     {
1336      1,
1337      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1338      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1339      SSL_kRSA,
1340      SSL_aRSA,
1341      SSL_RC4,
1342      SSL_SHA1,
1343      SSL_TLSV1,
1344      SSL_EXPORT | SSL_EXP56,
1345      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1346      56,
1347      128,
1348      },
1349 
1350     /* Cipher 65 */
1351     {
1352      1,
1353      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1354      TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1355      SSL_kEDH,
1356      SSL_aDSS,
1357      SSL_RC4,
1358      SSL_SHA1,
1359      SSL_TLSV1,
1360      SSL_EXPORT | SSL_EXP56,
1361      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1362      56,
1363      128,
1364      },
1365 
1366     /* Cipher 66 */
1367     {
1368      1,
1369      TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1370      TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1371      SSL_kEDH,
1372      SSL_aDSS,
1373      SSL_RC4,
1374      SSL_SHA1,
1375      SSL_TLSV1,
1376      SSL_NOT_EXP | SSL_MEDIUM,
1377      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1378      128,
1379      128,
1380      },
1381 #endif
1382 
1383     /* TLS v1.2 ciphersuites */
1384     /* Cipher 67 */
1385     {
1386      1,
1387      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1388      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1389      SSL_kEDH,
1390      SSL_aRSA,
1391      SSL_AES128,
1392      SSL_SHA256,
1393      SSL_TLSV1_2,
1394      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1395      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1396      128,
1397      128,
1398      },
1399 
1400     /* Cipher 68 */
1401     {
1402      1,
1403      TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1404      TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1405      SSL_kDHd,
1406      SSL_aDH,
1407      SSL_AES256,
1408      SSL_SHA256,
1409      SSL_TLSV1_2,
1410      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1411      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1412      256,
1413      256,
1414      },
1415 
1416     /* Cipher 69 */
1417     {
1418      1,
1419      TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1420      TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1421      SSL_kDHr,
1422      SSL_aDH,
1423      SSL_AES256,
1424      SSL_SHA256,
1425      SSL_TLSV1_2,
1426      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1427      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1428      256,
1429      256,
1430      },
1431 
1432     /* Cipher 6A */
1433     {
1434      1,
1435      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1436      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1437      SSL_kEDH,
1438      SSL_aDSS,
1439      SSL_AES256,
1440      SSL_SHA256,
1441      SSL_TLSV1_2,
1442      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1443      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1444      256,
1445      256,
1446      },
1447 
1448     /* Cipher 6B */
1449     {
1450      1,
1451      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1452      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1453      SSL_kEDH,
1454      SSL_aRSA,
1455      SSL_AES256,
1456      SSL_SHA256,
1457      SSL_TLSV1_2,
1458      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1459      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1460      256,
1461      256,
1462      },
1463 
1464     /* Cipher 6C */
1465     {
1466      1,
1467      TLS1_TXT_ADH_WITH_AES_128_SHA256,
1468      TLS1_CK_ADH_WITH_AES_128_SHA256,
1469      SSL_kEDH,
1470      SSL_aNULL,
1471      SSL_AES128,
1472      SSL_SHA256,
1473      SSL_TLSV1_2,
1474      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1475      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1476      128,
1477      128,
1478      },
1479 
1480     /* Cipher 6D */
1481     {
1482      1,
1483      TLS1_TXT_ADH_WITH_AES_256_SHA256,
1484      TLS1_CK_ADH_WITH_AES_256_SHA256,
1485      SSL_kEDH,
1486      SSL_aNULL,
1487      SSL_AES256,
1488      SSL_SHA256,
1489      SSL_TLSV1_2,
1490      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1491      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1492      256,
1493      256,
1494      },
1495 
1496     /* GOST Ciphersuites */
1497 
1498     {
1499      1,
1500      "GOST94-GOST89-GOST89",
1501      0x3000080,
1502      SSL_kGOST,
1503      SSL_aGOST94,
1504      SSL_eGOST2814789CNT,
1505      SSL_GOST89MAC,
1506      SSL_TLSV1,
1507      SSL_NOT_EXP | SSL_HIGH,
1508      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1509      256,
1510      256},
1511     {
1512      1,
1513      "GOST2001-GOST89-GOST89",
1514      0x3000081,
1515      SSL_kGOST,
1516      SSL_aGOST01,
1517      SSL_eGOST2814789CNT,
1518      SSL_GOST89MAC,
1519      SSL_TLSV1,
1520      SSL_NOT_EXP | SSL_HIGH,
1521      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1522      256,
1523      256},
1524     {
1525      1,
1526      "GOST94-NULL-GOST94",
1527      0x3000082,
1528      SSL_kGOST,
1529      SSL_aGOST94,
1530      SSL_eNULL,
1531      SSL_GOST94,
1532      SSL_TLSV1,
1533      SSL_NOT_EXP | SSL_STRONG_NONE,
1534      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1535      0,
1536      0},
1537     {
1538      1,
1539      "GOST2001-NULL-GOST94",
1540      0x3000083,
1541      SSL_kGOST,
1542      SSL_aGOST01,
1543      SSL_eNULL,
1544      SSL_GOST94,
1545      SSL_TLSV1,
1546      SSL_NOT_EXP | SSL_STRONG_NONE,
1547      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1548      0,
1549      0},
1550 
1551 #ifndef OPENSSL_NO_CAMELLIA
1552     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1553 
1554     /* Cipher 84 */
1555     {
1556      1,
1557      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1558      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1559      SSL_kRSA,
1560      SSL_aRSA,
1561      SSL_CAMELLIA256,
1562      SSL_SHA1,
1563      SSL_TLSV1,
1564      SSL_NOT_EXP | SSL_HIGH,
1565      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1566      256,
1567      256,
1568      },
1569     /* Cipher 85 */
1570     {
1571      1,
1572      TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1573      TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1574      SSL_kDHd,
1575      SSL_aDH,
1576      SSL_CAMELLIA256,
1577      SSL_SHA1,
1578      SSL_TLSV1,
1579      SSL_NOT_EXP | SSL_HIGH,
1580      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581      256,
1582      256,
1583      },
1584 
1585     /* Cipher 86 */
1586     {
1587      1,
1588      TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1589      TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1590      SSL_kDHr,
1591      SSL_aDH,
1592      SSL_CAMELLIA256,
1593      SSL_SHA1,
1594      SSL_TLSV1,
1595      SSL_NOT_EXP | SSL_HIGH,
1596      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1597      256,
1598      256,
1599      },
1600 
1601     /* Cipher 87 */
1602     {
1603      1,
1604      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1605      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1606      SSL_kEDH,
1607      SSL_aDSS,
1608      SSL_CAMELLIA256,
1609      SSL_SHA1,
1610      SSL_TLSV1,
1611      SSL_NOT_EXP | SSL_HIGH,
1612      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613      256,
1614      256,
1615      },
1616 
1617     /* Cipher 88 */
1618     {
1619      1,
1620      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1621      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1622      SSL_kEDH,
1623      SSL_aRSA,
1624      SSL_CAMELLIA256,
1625      SSL_SHA1,
1626      SSL_TLSV1,
1627      SSL_NOT_EXP | SSL_HIGH,
1628      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1629      256,
1630      256,
1631      },
1632 
1633     /* Cipher 89 */
1634     {
1635      1,
1636      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1637      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1638      SSL_kEDH,
1639      SSL_aNULL,
1640      SSL_CAMELLIA256,
1641      SSL_SHA1,
1642      SSL_TLSV1,
1643      SSL_NOT_EXP | SSL_HIGH,
1644      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1645      256,
1646      256,
1647      },
1648 #endif                          /* OPENSSL_NO_CAMELLIA */
1649 
1650 #ifndef OPENSSL_NO_PSK
1651     /* Cipher 8A */
1652     {
1653      1,
1654      TLS1_TXT_PSK_WITH_RC4_128_SHA,
1655      TLS1_CK_PSK_WITH_RC4_128_SHA,
1656      SSL_kPSK,
1657      SSL_aPSK,
1658      SSL_RC4,
1659      SSL_SHA1,
1660      SSL_TLSV1,
1661      SSL_NOT_EXP | SSL_MEDIUM,
1662      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1663      128,
1664      128,
1665      },
1666 
1667     /* Cipher 8B */
1668     {
1669      1,
1670      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1671      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1672      SSL_kPSK,
1673      SSL_aPSK,
1674      SSL_3DES,
1675      SSL_SHA1,
1676      SSL_TLSV1,
1677      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1678      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1679      112,
1680      168,
1681      },
1682 
1683     /* Cipher 8C */
1684     {
1685      1,
1686      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1687      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1688      SSL_kPSK,
1689      SSL_aPSK,
1690      SSL_AES128,
1691      SSL_SHA1,
1692      SSL_TLSV1,
1693      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1694      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1695      128,
1696      128,
1697      },
1698 
1699     /* Cipher 8D */
1700     {
1701      1,
1702      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1703      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1704      SSL_kPSK,
1705      SSL_aPSK,
1706      SSL_AES256,
1707      SSL_SHA1,
1708      SSL_TLSV1,
1709      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1710      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1711      256,
1712      256,
1713      },
1714 #endif                          /* OPENSSL_NO_PSK */
1715 
1716 #ifndef OPENSSL_NO_SEED
1717     /* SEED ciphersuites from RFC4162 */
1718 
1719     /* Cipher 96 */
1720     {
1721      1,
1722      TLS1_TXT_RSA_WITH_SEED_SHA,
1723      TLS1_CK_RSA_WITH_SEED_SHA,
1724      SSL_kRSA,
1725      SSL_aRSA,
1726      SSL_SEED,
1727      SSL_SHA1,
1728      SSL_TLSV1,
1729      SSL_NOT_EXP | SSL_MEDIUM,
1730      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1731      128,
1732      128,
1733      },
1734 
1735     /* Cipher 97 */
1736     {
1737      1,
1738      TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1739      TLS1_CK_DH_DSS_WITH_SEED_SHA,
1740      SSL_kDHd,
1741      SSL_aDH,
1742      SSL_SEED,
1743      SSL_SHA1,
1744      SSL_TLSV1,
1745      SSL_NOT_EXP | SSL_MEDIUM,
1746      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1747      128,
1748      128,
1749      },
1750 
1751     /* Cipher 98 */
1752     {
1753      1,
1754      TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1755      TLS1_CK_DH_RSA_WITH_SEED_SHA,
1756      SSL_kDHr,
1757      SSL_aDH,
1758      SSL_SEED,
1759      SSL_SHA1,
1760      SSL_TLSV1,
1761      SSL_NOT_EXP | SSL_MEDIUM,
1762      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1763      128,
1764      128,
1765      },
1766 
1767     /* Cipher 99 */
1768     {
1769      1,
1770      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1771      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1772      SSL_kEDH,
1773      SSL_aDSS,
1774      SSL_SEED,
1775      SSL_SHA1,
1776      SSL_TLSV1,
1777      SSL_NOT_EXP | SSL_MEDIUM,
1778      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1779      128,
1780      128,
1781      },
1782 
1783     /* Cipher 9A */
1784     {
1785      1,
1786      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1787      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1788      SSL_kEDH,
1789      SSL_aRSA,
1790      SSL_SEED,
1791      SSL_SHA1,
1792      SSL_TLSV1,
1793      SSL_NOT_EXP | SSL_MEDIUM,
1794      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795      128,
1796      128,
1797      },
1798 
1799     /* Cipher 9B */
1800     {
1801      1,
1802      TLS1_TXT_ADH_WITH_SEED_SHA,
1803      TLS1_CK_ADH_WITH_SEED_SHA,
1804      SSL_kEDH,
1805      SSL_aNULL,
1806      SSL_SEED,
1807      SSL_SHA1,
1808      SSL_TLSV1,
1809      SSL_NOT_EXP | SSL_MEDIUM,
1810      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1811      128,
1812      128,
1813      },
1814 
1815 #endif                          /* OPENSSL_NO_SEED */
1816 
1817     /* GCM ciphersuites from RFC5288 */
1818 
1819     /* Cipher 9C */
1820     {
1821      1,
1822      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1823      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1824      SSL_kRSA,
1825      SSL_aRSA,
1826      SSL_AES128GCM,
1827      SSL_AEAD,
1828      SSL_TLSV1_2,
1829      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1830      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1831      128,
1832      128,
1833      },
1834 
1835     /* Cipher 9D */
1836     {
1837      1,
1838      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1839      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1840      SSL_kRSA,
1841      SSL_aRSA,
1842      SSL_AES256GCM,
1843      SSL_AEAD,
1844      SSL_TLSV1_2,
1845      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1846      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1847      256,
1848      256,
1849      },
1850 
1851     /* Cipher 9E */
1852     {
1853      1,
1854      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1855      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1856      SSL_kEDH,
1857      SSL_aRSA,
1858      SSL_AES128GCM,
1859      SSL_AEAD,
1860      SSL_TLSV1_2,
1861      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1862      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1863      128,
1864      128,
1865      },
1866 
1867     /* Cipher 9F */
1868     {
1869      1,
1870      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1871      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1872      SSL_kEDH,
1873      SSL_aRSA,
1874      SSL_AES256GCM,
1875      SSL_AEAD,
1876      SSL_TLSV1_2,
1877      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1878      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1879      256,
1880      256,
1881      },
1882 
1883     /* Cipher A0 */
1884     {
1885      1,
1886      TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1887      TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1888      SSL_kDHr,
1889      SSL_aDH,
1890      SSL_AES128GCM,
1891      SSL_AEAD,
1892      SSL_TLSV1_2,
1893      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1894      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1895      128,
1896      128,
1897      },
1898 
1899     /* Cipher A1 */
1900     {
1901      1,
1902      TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1903      TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1904      SSL_kDHr,
1905      SSL_aDH,
1906      SSL_AES256GCM,
1907      SSL_AEAD,
1908      SSL_TLSV1_2,
1909      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1910      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1911      256,
1912      256,
1913      },
1914 
1915     /* Cipher A2 */
1916     {
1917      1,
1918      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1919      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1920      SSL_kEDH,
1921      SSL_aDSS,
1922      SSL_AES128GCM,
1923      SSL_AEAD,
1924      SSL_TLSV1_2,
1925      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1926      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1927      128,
1928      128,
1929      },
1930 
1931     /* Cipher A3 */
1932     {
1933      1,
1934      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1935      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1936      SSL_kEDH,
1937      SSL_aDSS,
1938      SSL_AES256GCM,
1939      SSL_AEAD,
1940      SSL_TLSV1_2,
1941      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1942      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1943      256,
1944      256,
1945      },
1946 
1947     /* Cipher A4 */
1948     {
1949      1,
1950      TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1951      TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1952      SSL_kDHd,
1953      SSL_aDH,
1954      SSL_AES128GCM,
1955      SSL_AEAD,
1956      SSL_TLSV1_2,
1957      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1958      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1959      128,
1960      128,
1961      },
1962 
1963     /* Cipher A5 */
1964     {
1965      1,
1966      TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1967      TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1968      SSL_kDHd,
1969      SSL_aDH,
1970      SSL_AES256GCM,
1971      SSL_AEAD,
1972      SSL_TLSV1_2,
1973      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1974      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1975      256,
1976      256,
1977      },
1978 
1979     /* Cipher A6 */
1980     {
1981      1,
1982      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1983      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1984      SSL_kEDH,
1985      SSL_aNULL,
1986      SSL_AES128GCM,
1987      SSL_AEAD,
1988      SSL_TLSV1_2,
1989      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1990      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1991      128,
1992      128,
1993      },
1994 
1995     /* Cipher A7 */
1996     {
1997      1,
1998      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1999      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2000      SSL_kEDH,
2001      SSL_aNULL,
2002      SSL_AES256GCM,
2003      SSL_AEAD,
2004      SSL_TLSV1_2,
2005      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2006      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2007      256,
2008      256,
2009      },
2010 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2011     {
2012      1,
2013      "SCSV",
2014      SSL3_CK_SCSV,
2015      0,
2016      0,
2017      0,
2018      0,
2019      0,
2020      0,
2021      0,
2022      0,
2023      0},
2024 #endif
2025 
2026 #ifndef OPENSSL_NO_ECDH
2027     /* Cipher C001 */
2028     {
2029      1,
2030      TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2031      TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2032      SSL_kECDHe,
2033      SSL_aECDH,
2034      SSL_eNULL,
2035      SSL_SHA1,
2036      SSL_TLSV1,
2037      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2038      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039      0,
2040      0,
2041      },
2042 
2043     /* Cipher C002 */
2044     {
2045      1,
2046      TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2047      TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2048      SSL_kECDHe,
2049      SSL_aECDH,
2050      SSL_RC4,
2051      SSL_SHA1,
2052      SSL_TLSV1,
2053      SSL_NOT_EXP | SSL_MEDIUM,
2054      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2055      128,
2056      128,
2057      },
2058 
2059     /* Cipher C003 */
2060     {
2061      1,
2062      TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2063      TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2064      SSL_kECDHe,
2065      SSL_aECDH,
2066      SSL_3DES,
2067      SSL_SHA1,
2068      SSL_TLSV1,
2069      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2070      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2071      112,
2072      168,
2073      },
2074 
2075     /* Cipher C004 */
2076     {
2077      1,
2078      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2079      TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2080      SSL_kECDHe,
2081      SSL_aECDH,
2082      SSL_AES128,
2083      SSL_SHA1,
2084      SSL_TLSV1,
2085      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2086      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2087      128,
2088      128,
2089      },
2090 
2091     /* Cipher C005 */
2092     {
2093      1,
2094      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2095      TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2096      SSL_kECDHe,
2097      SSL_aECDH,
2098      SSL_AES256,
2099      SSL_SHA1,
2100      SSL_TLSV1,
2101      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2102      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2103      256,
2104      256,
2105      },
2106 
2107     /* Cipher C006 */
2108     {
2109      1,
2110      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2111      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2112      SSL_kEECDH,
2113      SSL_aECDSA,
2114      SSL_eNULL,
2115      SSL_SHA1,
2116      SSL_TLSV1,
2117      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2118      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2119      0,
2120      0,
2121      },
2122 
2123     /* Cipher C007 */
2124     {
2125      1,
2126      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2127      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2128      SSL_kEECDH,
2129      SSL_aECDSA,
2130      SSL_RC4,
2131      SSL_SHA1,
2132      SSL_TLSV1,
2133      SSL_NOT_EXP | SSL_MEDIUM,
2134      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2135      128,
2136      128,
2137      },
2138 
2139     /* Cipher C008 */
2140     {
2141      1,
2142      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2143      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2144      SSL_kEECDH,
2145      SSL_aECDSA,
2146      SSL_3DES,
2147      SSL_SHA1,
2148      SSL_TLSV1,
2149      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2150      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2151      112,
2152      168,
2153      },
2154 
2155     /* Cipher C009 */
2156     {
2157      1,
2158      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2159      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2160      SSL_kEECDH,
2161      SSL_aECDSA,
2162      SSL_AES128,
2163      SSL_SHA1,
2164      SSL_TLSV1,
2165      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2166      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2167      128,
2168      128,
2169      },
2170 
2171     /* Cipher C00A */
2172     {
2173      1,
2174      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2175      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2176      SSL_kEECDH,
2177      SSL_aECDSA,
2178      SSL_AES256,
2179      SSL_SHA1,
2180      SSL_TLSV1,
2181      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2182      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2183      256,
2184      256,
2185      },
2186 
2187     /* Cipher C00B */
2188     {
2189      1,
2190      TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2191      TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2192      SSL_kECDHr,
2193      SSL_aECDH,
2194      SSL_eNULL,
2195      SSL_SHA1,
2196      SSL_TLSV1,
2197      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2198      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2199      0,
2200      0,
2201      },
2202 
2203     /* Cipher C00C */
2204     {
2205      1,
2206      TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2207      TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2208      SSL_kECDHr,
2209      SSL_aECDH,
2210      SSL_RC4,
2211      SSL_SHA1,
2212      SSL_TLSV1,
2213      SSL_NOT_EXP | SSL_MEDIUM,
2214      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2215      128,
2216      128,
2217      },
2218 
2219     /* Cipher C00D */
2220     {
2221      1,
2222      TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2223      TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2224      SSL_kECDHr,
2225      SSL_aECDH,
2226      SSL_3DES,
2227      SSL_SHA1,
2228      SSL_TLSV1,
2229      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2230      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2231      112,
2232      168,
2233      },
2234 
2235     /* Cipher C00E */
2236     {
2237      1,
2238      TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2239      TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2240      SSL_kECDHr,
2241      SSL_aECDH,
2242      SSL_AES128,
2243      SSL_SHA1,
2244      SSL_TLSV1,
2245      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2246      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2247      128,
2248      128,
2249      },
2250 
2251     /* Cipher C00F */
2252     {
2253      1,
2254      TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2255      TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2256      SSL_kECDHr,
2257      SSL_aECDH,
2258      SSL_AES256,
2259      SSL_SHA1,
2260      SSL_TLSV1,
2261      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2262      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2263      256,
2264      256,
2265      },
2266 
2267     /* Cipher C010 */
2268     {
2269      1,
2270      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2271      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2272      SSL_kEECDH,
2273      SSL_aRSA,
2274      SSL_eNULL,
2275      SSL_SHA1,
2276      SSL_TLSV1,
2277      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2278      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2279      0,
2280      0,
2281      },
2282 
2283     /* Cipher C011 */
2284     {
2285      1,
2286      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2287      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2288      SSL_kEECDH,
2289      SSL_aRSA,
2290      SSL_RC4,
2291      SSL_SHA1,
2292      SSL_TLSV1,
2293      SSL_NOT_EXP | SSL_MEDIUM,
2294      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2295      128,
2296      128,
2297      },
2298 
2299     /* Cipher C012 */
2300     {
2301      1,
2302      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2303      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2304      SSL_kEECDH,
2305      SSL_aRSA,
2306      SSL_3DES,
2307      SSL_SHA1,
2308      SSL_TLSV1,
2309      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2310      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2311      112,
2312      168,
2313      },
2314 
2315     /* Cipher C013 */
2316     {
2317      1,
2318      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2319      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2320      SSL_kEECDH,
2321      SSL_aRSA,
2322      SSL_AES128,
2323      SSL_SHA1,
2324      SSL_TLSV1,
2325      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2326      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2327      128,
2328      128,
2329      },
2330 
2331     /* Cipher C014 */
2332     {
2333      1,
2334      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2335      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2336      SSL_kEECDH,
2337      SSL_aRSA,
2338      SSL_AES256,
2339      SSL_SHA1,
2340      SSL_TLSV1,
2341      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2342      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2343      256,
2344      256,
2345      },
2346 
2347     /* Cipher C015 */
2348     {
2349      1,
2350      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2351      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2352      SSL_kEECDH,
2353      SSL_aNULL,
2354      SSL_eNULL,
2355      SSL_SHA1,
2356      SSL_TLSV1,
2357      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2358      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2359      0,
2360      0,
2361      },
2362 
2363     /* Cipher C016 */
2364     {
2365      1,
2366      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2367      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2368      SSL_kEECDH,
2369      SSL_aNULL,
2370      SSL_RC4,
2371      SSL_SHA1,
2372      SSL_TLSV1,
2373      SSL_NOT_EXP | SSL_MEDIUM,
2374      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2375      128,
2376      128,
2377      },
2378 
2379     /* Cipher C017 */
2380     {
2381      1,
2382      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2383      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2384      SSL_kEECDH,
2385      SSL_aNULL,
2386      SSL_3DES,
2387      SSL_SHA1,
2388      SSL_TLSV1,
2389      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2390      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2391      112,
2392      168,
2393      },
2394 
2395     /* Cipher C018 */
2396     {
2397      1,
2398      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2399      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2400      SSL_kEECDH,
2401      SSL_aNULL,
2402      SSL_AES128,
2403      SSL_SHA1,
2404      SSL_TLSV1,
2405      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2406      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2407      128,
2408      128,
2409      },
2410 
2411     /* Cipher C019 */
2412     {
2413      1,
2414      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2415      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2416      SSL_kEECDH,
2417      SSL_aNULL,
2418      SSL_AES256,
2419      SSL_SHA1,
2420      SSL_TLSV1,
2421      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2422      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2423      256,
2424      256,
2425      },
2426 #endif                          /* OPENSSL_NO_ECDH */
2427 
2428 #ifndef OPENSSL_NO_SRP
2429     /* Cipher C01A */
2430     {
2431      1,
2432      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2433      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2434      SSL_kSRP,
2435      SSL_aSRP,
2436      SSL_3DES,
2437      SSL_SHA1,
2438      SSL_TLSV1,
2439      SSL_NOT_EXP | SSL_HIGH,
2440      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2441      112,
2442      168,
2443      },
2444 
2445     /* Cipher C01B */
2446     {
2447      1,
2448      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2449      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2450      SSL_kSRP,
2451      SSL_aRSA,
2452      SSL_3DES,
2453      SSL_SHA1,
2454      SSL_TLSV1,
2455      SSL_NOT_EXP | SSL_HIGH,
2456      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457      112,
2458      168,
2459      },
2460 
2461     /* Cipher C01C */
2462     {
2463      1,
2464      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2465      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2466      SSL_kSRP,
2467      SSL_aDSS,
2468      SSL_3DES,
2469      SSL_SHA1,
2470      SSL_TLSV1,
2471      SSL_NOT_EXP | SSL_HIGH,
2472      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2473      112,
2474      168,
2475      },
2476 
2477     /* Cipher C01D */
2478     {
2479      1,
2480      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2481      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2482      SSL_kSRP,
2483      SSL_aSRP,
2484      SSL_AES128,
2485      SSL_SHA1,
2486      SSL_TLSV1,
2487      SSL_NOT_EXP | SSL_HIGH,
2488      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2489      128,
2490      128,
2491      },
2492 
2493     /* Cipher C01E */
2494     {
2495      1,
2496      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2497      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2498      SSL_kSRP,
2499      SSL_aRSA,
2500      SSL_AES128,
2501      SSL_SHA1,
2502      SSL_TLSV1,
2503      SSL_NOT_EXP | SSL_HIGH,
2504      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2505      128,
2506      128,
2507      },
2508 
2509     /* Cipher C01F */
2510     {
2511      1,
2512      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2513      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2514      SSL_kSRP,
2515      SSL_aDSS,
2516      SSL_AES128,
2517      SSL_SHA1,
2518      SSL_TLSV1,
2519      SSL_NOT_EXP | SSL_HIGH,
2520      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2521      128,
2522      128,
2523      },
2524 
2525     /* Cipher C020 */
2526     {
2527      1,
2528      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2529      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2530      SSL_kSRP,
2531      SSL_aSRP,
2532      SSL_AES256,
2533      SSL_SHA1,
2534      SSL_TLSV1,
2535      SSL_NOT_EXP | SSL_HIGH,
2536      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537      256,
2538      256,
2539      },
2540 
2541     /* Cipher C021 */
2542     {
2543      1,
2544      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2545      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2546      SSL_kSRP,
2547      SSL_aRSA,
2548      SSL_AES256,
2549      SSL_SHA1,
2550      SSL_TLSV1,
2551      SSL_NOT_EXP | SSL_HIGH,
2552      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2553      256,
2554      256,
2555      },
2556 
2557     /* Cipher C022 */
2558     {
2559      1,
2560      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2561      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2562      SSL_kSRP,
2563      SSL_aDSS,
2564      SSL_AES256,
2565      SSL_SHA1,
2566      SSL_TLSV1,
2567      SSL_NOT_EXP | SSL_HIGH,
2568      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2569      256,
2570      256,
2571      },
2572 #endif                          /* OPENSSL_NO_SRP */
2573 #ifndef OPENSSL_NO_ECDH
2574 
2575     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2576 
2577     /* Cipher C023 */
2578     {
2579      1,
2580      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2581      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2582      SSL_kEECDH,
2583      SSL_aECDSA,
2584      SSL_AES128,
2585      SSL_SHA256,
2586      SSL_TLSV1_2,
2587      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2588      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2589      128,
2590      128,
2591      },
2592 
2593     /* Cipher C024 */
2594     {
2595      1,
2596      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2597      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2598      SSL_kEECDH,
2599      SSL_aECDSA,
2600      SSL_AES256,
2601      SSL_SHA384,
2602      SSL_TLSV1_2,
2603      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2604      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2605      256,
2606      256,
2607      },
2608 
2609     /* Cipher C025 */
2610     {
2611      1,
2612      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2613      TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2614      SSL_kECDHe,
2615      SSL_aECDH,
2616      SSL_AES128,
2617      SSL_SHA256,
2618      SSL_TLSV1_2,
2619      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2620      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2621      128,
2622      128,
2623      },
2624 
2625     /* Cipher C026 */
2626     {
2627      1,
2628      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2629      TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2630      SSL_kECDHe,
2631      SSL_aECDH,
2632      SSL_AES256,
2633      SSL_SHA384,
2634      SSL_TLSV1_2,
2635      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2636      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2637      256,
2638      256,
2639      },
2640 
2641     /* Cipher C027 */
2642     {
2643      1,
2644      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2645      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2646      SSL_kEECDH,
2647      SSL_aRSA,
2648      SSL_AES128,
2649      SSL_SHA256,
2650      SSL_TLSV1_2,
2651      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2652      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2653      128,
2654      128,
2655      },
2656 
2657     /* Cipher C028 */
2658     {
2659      1,
2660      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2661      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2662      SSL_kEECDH,
2663      SSL_aRSA,
2664      SSL_AES256,
2665      SSL_SHA384,
2666      SSL_TLSV1_2,
2667      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2668      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2669      256,
2670      256,
2671      },
2672 
2673     /* Cipher C029 */
2674     {
2675      1,
2676      TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2677      TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2678      SSL_kECDHr,
2679      SSL_aECDH,
2680      SSL_AES128,
2681      SSL_SHA256,
2682      SSL_TLSV1_2,
2683      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2684      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2685      128,
2686      128,
2687      },
2688 
2689     /* Cipher C02A */
2690     {
2691      1,
2692      TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2693      TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2694      SSL_kECDHr,
2695      SSL_aECDH,
2696      SSL_AES256,
2697      SSL_SHA384,
2698      SSL_TLSV1_2,
2699      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2700      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2701      256,
2702      256,
2703      },
2704 
2705     /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2706 
2707     /* Cipher C02B */
2708     {
2709      1,
2710      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2711      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2712      SSL_kEECDH,
2713      SSL_aECDSA,
2714      SSL_AES128GCM,
2715      SSL_AEAD,
2716      SSL_TLSV1_2,
2717      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2718      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2719      128,
2720      128,
2721      },
2722 
2723     /* Cipher C02C */
2724     {
2725      1,
2726      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2727      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2728      SSL_kEECDH,
2729      SSL_aECDSA,
2730      SSL_AES256GCM,
2731      SSL_AEAD,
2732      SSL_TLSV1_2,
2733      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2734      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2735      256,
2736      256,
2737      },
2738 
2739     /* Cipher C02D */
2740     {
2741      1,
2742      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2743      TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2744      SSL_kECDHe,
2745      SSL_aECDH,
2746      SSL_AES128GCM,
2747      SSL_AEAD,
2748      SSL_TLSV1_2,
2749      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2750      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2751      128,
2752      128,
2753      },
2754 
2755     /* Cipher C02E */
2756     {
2757      1,
2758      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2759      TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2760      SSL_kECDHe,
2761      SSL_aECDH,
2762      SSL_AES256GCM,
2763      SSL_AEAD,
2764      SSL_TLSV1_2,
2765      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2766      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2767      256,
2768      256,
2769      },
2770 
2771     /* Cipher C02F */
2772     {
2773      1,
2774      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2775      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2776      SSL_kEECDH,
2777      SSL_aRSA,
2778      SSL_AES128GCM,
2779      SSL_AEAD,
2780      SSL_TLSV1_2,
2781      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2782      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2783      128,
2784      128,
2785      },
2786 
2787     /* Cipher C030 */
2788     {
2789      1,
2790      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2791      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2792      SSL_kEECDH,
2793      SSL_aRSA,
2794      SSL_AES256GCM,
2795      SSL_AEAD,
2796      SSL_TLSV1_2,
2797      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2798      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2799      256,
2800      256,
2801      },
2802 
2803     /* Cipher C031 */
2804     {
2805      1,
2806      TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2807      TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2808      SSL_kECDHr,
2809      SSL_aECDH,
2810      SSL_AES128GCM,
2811      SSL_AEAD,
2812      SSL_TLSV1_2,
2813      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2814      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2815      128,
2816      128,
2817      },
2818 
2819     /* Cipher C032 */
2820     {
2821      1,
2822      TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2823      TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2824      SSL_kECDHr,
2825      SSL_aECDH,
2826      SSL_AES256GCM,
2827      SSL_AEAD,
2828      SSL_TLSV1_2,
2829      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2830      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2831      256,
2832      256,
2833      },
2834 
2835 #endif                          /* OPENSSL_NO_ECDH */
2836 
2837 #ifdef TEMP_GOST_TLS
2838 /* Cipher FF00 */
2839     {
2840      1,
2841      "GOST-MD5",
2842      0x0300ff00,
2843      SSL_kRSA,
2844      SSL_aRSA,
2845      SSL_eGOST2814789CNT,
2846      SSL_MD5,
2847      SSL_TLSV1,
2848      SSL_NOT_EXP | SSL_HIGH,
2849      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850      256,
2851      256,
2852      },
2853     {
2854      1,
2855      "GOST-GOST94",
2856      0x0300ff01,
2857      SSL_kRSA,
2858      SSL_aRSA,
2859      SSL_eGOST2814789CNT,
2860      SSL_GOST94,
2861      SSL_TLSV1,
2862      SSL_NOT_EXP | SSL_HIGH,
2863      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2864      256,
2865      256},
2866     {
2867      1,
2868      "GOST-GOST89MAC",
2869      0x0300ff02,
2870      SSL_kRSA,
2871      SSL_aRSA,
2872      SSL_eGOST2814789CNT,
2873      SSL_GOST89MAC,
2874      SSL_TLSV1,
2875      SSL_NOT_EXP | SSL_HIGH,
2876      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2877      256,
2878      256},
2879     {
2880      1,
2881      "GOST-GOST89STREAM",
2882      0x0300ff03,
2883      SSL_kRSA,
2884      SSL_aRSA,
2885      SSL_eGOST2814789CNT,
2886      SSL_GOST89MAC,
2887      SSL_TLSV1,
2888      SSL_NOT_EXP | SSL_HIGH,
2889      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
2890      256,
2891      256},
2892 #endif
2893 
2894 /* end of list */
2895 };
2896 
2897 SSL3_ENC_METHOD SSLv3_enc_data = {
2898     ssl3_enc,
2899     n_ssl3_mac,
2900     ssl3_setup_key_block,
2901     ssl3_generate_master_secret,
2902     ssl3_change_cipher_state,
2903     ssl3_final_finish_mac,
2904     MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2905     ssl3_cert_verify_mac,
2906     SSL3_MD_CLIENT_FINISHED_CONST, 4,
2907     SSL3_MD_SERVER_FINISHED_CONST, 4,
2908     ssl3_alert_code,
2909     (int (*)(SSL *, unsigned char *, size_t, const char *,
2910              size_t, const unsigned char *, size_t,
2911              int use_context))ssl_undefined_function,
2912     0,
2913     SSL3_HM_HEADER_LENGTH,
2914     ssl3_set_handshake_header,
2915     ssl3_handshake_write
2916 };
2917 
2918 long ssl3_default_timeout(void)
2919 {
2920     /*
2921      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2922      * http, the cache would over fill
2923      */
2924     return (60 * 60 * 2);
2925 }
2926 
2927 int ssl3_num_ciphers(void)
2928 {
2929     return (SSL3_NUM_CIPHERS);
2930 }
2931 
2932 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2933 {
2934     if (u < SSL3_NUM_CIPHERS)
2935         return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2936     else
2937         return (NULL);
2938 }
2939 
2940 int ssl3_pending(const SSL *s)
2941 {
2942     if (s->rstate == SSL_ST_READ_BODY)
2943         return 0;
2944 
2945     return (s->s3->rrec.type ==
2946             SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2947 }
2948 
2949 void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2950 {
2951     unsigned char *p = (unsigned char *)s->init_buf->data;
2952     *(p++) = htype;
2953     l2n3(len, p);
2954     s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2955     s->init_off = 0;
2956 }
2957 
2958 int ssl3_handshake_write(SSL *s)
2959 {
2960     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2961 }
2962 
2963 int ssl3_new(SSL *s)
2964 {
2965     SSL3_STATE *s3;
2966 
2967     if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
2968         goto err;
2969     memset(s3, 0, sizeof *s3);
2970     memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2971     memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2972 
2973     s->s3 = s3;
2974 
2975 #ifndef OPENSSL_NO_SRP
2976     SSL_SRP_CTX_init(s);
2977 #endif
2978     s->method->ssl_clear(s);
2979     return (1);
2980  err:
2981     return (0);
2982 }
2983 
2984 void ssl3_free(SSL *s)
2985 {
2986     if (s == NULL || s->s3 == NULL)
2987         return;
2988 
2989 #ifdef TLSEXT_TYPE_opaque_prf_input
2990     if (s->s3->client_opaque_prf_input != NULL)
2991         OPENSSL_free(s->s3->client_opaque_prf_input);
2992     if (s->s3->server_opaque_prf_input != NULL)
2993         OPENSSL_free(s->s3->server_opaque_prf_input);
2994 #endif
2995 
2996     ssl3_cleanup_key_block(s);
2997     if (s->s3->rbuf.buf != NULL)
2998         ssl3_release_read_buffer(s);
2999     if (s->s3->wbuf.buf != NULL)
3000         ssl3_release_write_buffer(s);
3001     if (s->s3->rrec.comp != NULL)
3002         OPENSSL_free(s->s3->rrec.comp);
3003 #ifndef OPENSSL_NO_DH
3004     if (s->s3->tmp.dh != NULL)
3005         DH_free(s->s3->tmp.dh);
3006 #endif
3007 #ifndef OPENSSL_NO_ECDH
3008     if (s->s3->tmp.ecdh != NULL)
3009         EC_KEY_free(s->s3->tmp.ecdh);
3010 #endif
3011 
3012     if (s->s3->tmp.ca_names != NULL)
3013         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3014     if (s->s3->handshake_buffer) {
3015         BIO_free(s->s3->handshake_buffer);
3016     }
3017     if (s->s3->handshake_dgst)
3018         ssl3_free_digest_list(s);
3019 #ifndef OPENSSL_NO_TLSEXT
3020     if (s->s3->alpn_selected)
3021         OPENSSL_free(s->s3->alpn_selected);
3022 #endif
3023 
3024 #ifndef OPENSSL_NO_SRP
3025     SSL_SRP_CTX_free(s);
3026 #endif
3027     OPENSSL_cleanse(s->s3, sizeof *s->s3);
3028     OPENSSL_free(s->s3);
3029     s->s3 = NULL;
3030 }
3031 
3032 void ssl3_clear(SSL *s)
3033 {
3034     unsigned char *rp, *wp;
3035     size_t rlen, wlen;
3036     int init_extra;
3037 
3038 #ifdef TLSEXT_TYPE_opaque_prf_input
3039     if (s->s3->client_opaque_prf_input != NULL)
3040         OPENSSL_free(s->s3->client_opaque_prf_input);
3041     s->s3->client_opaque_prf_input = NULL;
3042     if (s->s3->server_opaque_prf_input != NULL)
3043         OPENSSL_free(s->s3->server_opaque_prf_input);
3044     s->s3->server_opaque_prf_input = NULL;
3045 #endif
3046 
3047     ssl3_cleanup_key_block(s);
3048     if (s->s3->tmp.ca_names != NULL)
3049         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3050 
3051     if (s->s3->rrec.comp != NULL) {
3052         OPENSSL_free(s->s3->rrec.comp);
3053         s->s3->rrec.comp = NULL;
3054     }
3055 #ifndef OPENSSL_NO_DH
3056     if (s->s3->tmp.dh != NULL) {
3057         DH_free(s->s3->tmp.dh);
3058         s->s3->tmp.dh = NULL;
3059     }
3060 #endif
3061 #ifndef OPENSSL_NO_ECDH
3062     if (s->s3->tmp.ecdh != NULL) {
3063         EC_KEY_free(s->s3->tmp.ecdh);
3064         s->s3->tmp.ecdh = NULL;
3065     }
3066 #endif
3067 #ifndef OPENSSL_NO_TLSEXT
3068 # ifndef OPENSSL_NO_EC
3069     s->s3->is_probably_safari = 0;
3070 # endif                         /* !OPENSSL_NO_EC */
3071 #endif                          /* !OPENSSL_NO_TLSEXT */
3072 
3073     rp = s->s3->rbuf.buf;
3074     wp = s->s3->wbuf.buf;
3075     rlen = s->s3->rbuf.len;
3076     wlen = s->s3->wbuf.len;
3077     init_extra = s->s3->init_extra;
3078     if (s->s3->handshake_buffer) {
3079         BIO_free(s->s3->handshake_buffer);
3080         s->s3->handshake_buffer = NULL;
3081     }
3082     if (s->s3->handshake_dgst) {
3083         ssl3_free_digest_list(s);
3084     }
3085 #if !defined(OPENSSL_NO_TLSEXT)
3086     if (s->s3->alpn_selected) {
3087         OPENSSL_free(s->s3->alpn_selected);
3088         s->s3->alpn_selected = NULL;
3089     }
3090 #endif
3091     memset(s->s3, 0, sizeof *s->s3);
3092     s->s3->rbuf.buf = rp;
3093     s->s3->wbuf.buf = wp;
3094     s->s3->rbuf.len = rlen;
3095     s->s3->wbuf.len = wlen;
3096     s->s3->init_extra = init_extra;
3097 
3098     ssl_free_wbio_buffer(s);
3099 
3100     s->packet_length = 0;
3101     s->s3->renegotiate = 0;
3102     s->s3->total_renegotiations = 0;
3103     s->s3->num_renegotiations = 0;
3104     s->s3->in_read_app_data = 0;
3105     s->version = SSL3_VERSION;
3106 
3107 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3108     if (s->next_proto_negotiated) {
3109         OPENSSL_free(s->next_proto_negotiated);
3110         s->next_proto_negotiated = NULL;
3111         s->next_proto_negotiated_len = 0;
3112     }
3113 #endif
3114 }
3115 
3116 #ifndef OPENSSL_NO_SRP
3117 static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3118 {
3119     return BUF_strdup(s->srp_ctx.info);
3120 }
3121 #endif
3122 
3123 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
3124                                   size_t len);
3125 
3126 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3127 {
3128     int ret = 0;
3129 
3130 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3131     if (
3132 # ifndef OPENSSL_NO_RSA
3133            cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3134 # endif
3135 # ifndef OPENSSL_NO_DSA
3136            cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
3137 # endif
3138            0) {
3139         if (!ssl_cert_inst(&s->cert)) {
3140             SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3141             return (0);
3142         }
3143     }
3144 #endif
3145 
3146     switch (cmd) {
3147     case SSL_CTRL_GET_SESSION_REUSED:
3148         ret = s->hit;
3149         break;
3150     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3151         break;
3152     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3153         ret = s->s3->num_renegotiations;
3154         break;
3155     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3156         ret = s->s3->num_renegotiations;
3157         s->s3->num_renegotiations = 0;
3158         break;
3159     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3160         ret = s->s3->total_renegotiations;
3161         break;
3162     case SSL_CTRL_GET_FLAGS:
3163         ret = (int)(s->s3->flags);
3164         break;
3165 #ifndef OPENSSL_NO_RSA
3166     case SSL_CTRL_NEED_TMP_RSA:
3167         if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3168             ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3169              (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3170               (512 / 8))))
3171             ret = 1;
3172         break;
3173     case SSL_CTRL_SET_TMP_RSA:
3174         {
3175             RSA *rsa = (RSA *)parg;
3176             if (rsa == NULL) {
3177                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3178                 return (ret);
3179             }
3180             if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3181                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3182                 return (ret);
3183             }
3184             if (s->cert->rsa_tmp != NULL)
3185                 RSA_free(s->cert->rsa_tmp);
3186             s->cert->rsa_tmp = rsa;
3187             ret = 1;
3188         }
3189         break;
3190     case SSL_CTRL_SET_TMP_RSA_CB:
3191         {
3192             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3193             return (ret);
3194         }
3195         break;
3196 #endif
3197 #ifndef OPENSSL_NO_DH
3198     case SSL_CTRL_SET_TMP_DH:
3199         {
3200             DH *dh = (DH *)parg;
3201             if (dh == NULL) {
3202                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3203                 return (ret);
3204             }
3205             if ((dh = DHparams_dup(dh)) == NULL) {
3206                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3207                 return (ret);
3208             }
3209             if (s->cert->dh_tmp != NULL)
3210                 DH_free(s->cert->dh_tmp);
3211             s->cert->dh_tmp = dh;
3212             ret = 1;
3213         }
3214         break;
3215     case SSL_CTRL_SET_TMP_DH_CB:
3216         {
3217             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3218             return (ret);
3219         }
3220         break;
3221 #endif
3222 #ifndef OPENSSL_NO_ECDH
3223     case SSL_CTRL_SET_TMP_ECDH:
3224         {
3225             EC_KEY *ecdh = NULL;
3226 
3227             if (parg == NULL) {
3228                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3229                 return (ret);
3230             }
3231             if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3232                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3233                 return (ret);
3234             }
3235             ecdh = (EC_KEY *)parg;
3236             if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3237                 if (!EC_KEY_generate_key(ecdh)) {
3238                     EC_KEY_free(ecdh);
3239                     SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3240                     return (ret);
3241                 }
3242             }
3243             if (s->cert->ecdh_tmp != NULL)
3244                 EC_KEY_free(s->cert->ecdh_tmp);
3245             s->cert->ecdh_tmp = ecdh;
3246             ret = 1;
3247         }
3248         break;
3249     case SSL_CTRL_SET_TMP_ECDH_CB:
3250         {
3251             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3252             return (ret);
3253         }
3254         break;
3255 #endif                          /* !OPENSSL_NO_ECDH */
3256 #ifndef OPENSSL_NO_TLSEXT
3257     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3258         if (larg == TLSEXT_NAMETYPE_host_name) {
3259             size_t len;
3260 
3261             if (s->tlsext_hostname != NULL)
3262                 OPENSSL_free(s->tlsext_hostname);
3263             s->tlsext_hostname = NULL;
3264 
3265             ret = 1;
3266             if (parg == NULL)
3267                 break;
3268             len = strlen((char *)parg);
3269             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3270                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3271                 return 0;
3272             }
3273             if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3274                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3275                 return 0;
3276             }
3277         } else {
3278             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3279             return 0;
3280         }
3281         break;
3282     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3283         s->tlsext_debug_arg = parg;
3284         ret = 1;
3285         break;
3286 
3287 # ifdef TLSEXT_TYPE_opaque_prf_input
3288     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3289         if (larg > 12288) {     /* actual internal limit is 2^16 for the
3290                                  * complete hello message * (including the
3291                                  * cert chain and everything) */
3292             SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3293             break;
3294         }
3295         if (s->tlsext_opaque_prf_input != NULL)
3296             OPENSSL_free(s->tlsext_opaque_prf_input);
3297         if ((size_t)larg == 0)
3298             s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
3299                                                              * just to get
3300                                                              * non-NULL */
3301         else
3302             s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3303         if (s->tlsext_opaque_prf_input != NULL) {
3304             s->tlsext_opaque_prf_input_len = (size_t)larg;
3305             ret = 1;
3306         } else
3307             s->tlsext_opaque_prf_input_len = 0;
3308         break;
3309 # endif
3310 
3311     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3312         s->tlsext_status_type = larg;
3313         ret = 1;
3314         break;
3315 
3316     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3317         *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3318         ret = 1;
3319         break;
3320 
3321     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3322         s->tlsext_ocsp_exts = parg;
3323         ret = 1;
3324         break;
3325 
3326     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3327         *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3328         ret = 1;
3329         break;
3330 
3331     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3332         s->tlsext_ocsp_ids = parg;
3333         ret = 1;
3334         break;
3335 
3336     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3337         *(unsigned char **)parg = s->tlsext_ocsp_resp;
3338         return s->tlsext_ocsp_resplen;
3339 
3340     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3341         if (s->tlsext_ocsp_resp)
3342             OPENSSL_free(s->tlsext_ocsp_resp);
3343         s->tlsext_ocsp_resp = parg;
3344         s->tlsext_ocsp_resplen = larg;
3345         ret = 1;
3346         break;
3347 
3348 # ifndef OPENSSL_NO_HEARTBEATS
3349     case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3350         if (SSL_IS_DTLS(s))
3351             ret = dtls1_heartbeat(s);
3352         else
3353             ret = tls1_heartbeat(s);
3354         break;
3355 
3356     case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3357         ret = s->tlsext_hb_pending;
3358         break;
3359 
3360     case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3361         if (larg)
3362             s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3363         else
3364             s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3365         ret = 1;
3366         break;
3367 # endif
3368 
3369 #endif                          /* !OPENSSL_NO_TLSEXT */
3370 
3371     case SSL_CTRL_CHAIN:
3372         if (larg)
3373             return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
3374         else
3375             return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);
3376 
3377     case SSL_CTRL_CHAIN_CERT:
3378         if (larg)
3379             return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
3380         else
3381             return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
3382 
3383     case SSL_CTRL_GET_CHAIN_CERTS:
3384         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3385         break;
3386 
3387     case SSL_CTRL_SELECT_CURRENT_CERT:
3388         return ssl_cert_select_current(s->cert, (X509 *)parg);
3389 
3390     case SSL_CTRL_SET_CURRENT_CERT:
3391         if (larg == SSL_CERT_SET_SERVER) {
3392             CERT_PKEY *cpk;
3393             const SSL_CIPHER *cipher;
3394             if (!s->server)
3395                 return 0;
3396             cipher = s->s3->tmp.new_cipher;
3397             if (!cipher)
3398                 return 0;
3399             /*
3400              * No certificate for unauthenticated ciphersuites or using SRP
3401              * authentication
3402              */
3403             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3404                 return 2;
3405             cpk = ssl_get_server_send_pkey(s);
3406             if (!cpk)
3407                 return 0;
3408             s->cert->key = cpk;
3409             return 1;
3410         }
3411         return ssl_cert_set_current(s->cert, larg);
3412 
3413 #ifndef OPENSSL_NO_EC
3414     case SSL_CTRL_GET_CURVES:
3415         {
3416             unsigned char *clist;
3417             size_t clistlen;
3418             if (!s->session)
3419                 return 0;
3420             clist = s->session->tlsext_ellipticcurvelist;
3421             clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3422             if (parg) {
3423                 size_t i;
3424                 int *cptr = parg;
3425                 unsigned int cid, nid;
3426                 for (i = 0; i < clistlen; i++) {
3427                     n2s(clist, cid);
3428                     nid = tls1_ec_curve_id2nid(cid);
3429                     if (nid != 0)
3430                         cptr[i] = nid;
3431                     else
3432                         cptr[i] = TLSEXT_nid_unknown | cid;
3433                 }
3434             }
3435             return (int)clistlen;
3436         }
3437 
3438     case SSL_CTRL_SET_CURVES:
3439         return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3440                                &s->tlsext_ellipticcurvelist_length,
3441                                parg, larg);
3442 
3443     case SSL_CTRL_SET_CURVES_LIST:
3444         return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3445                                     &s->tlsext_ellipticcurvelist_length,
3446                                     parg);
3447 
3448     case SSL_CTRL_GET_SHARED_CURVE:
3449         return tls1_shared_curve(s, larg);
3450 
3451 # ifndef OPENSSL_NO_ECDH
3452     case SSL_CTRL_SET_ECDH_AUTO:
3453         s->cert->ecdh_tmp_auto = larg;
3454         return 1;
3455 # endif
3456 #endif
3457     case SSL_CTRL_SET_SIGALGS:
3458         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3459 
3460     case SSL_CTRL_SET_SIGALGS_LIST:
3461         return tls1_set_sigalgs_list(s->cert, parg, 0);
3462 
3463     case SSL_CTRL_SET_CLIENT_SIGALGS:
3464         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3465 
3466     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3467         return tls1_set_sigalgs_list(s->cert, parg, 1);
3468 
3469     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3470         {
3471             const unsigned char **pctype = parg;
3472             if (s->server || !s->s3->tmp.cert_req)
3473                 return 0;
3474             if (s->cert->ctypes) {
3475                 if (pctype)
3476                     *pctype = s->cert->ctypes;
3477                 return (int)s->cert->ctype_num;
3478             }
3479             if (pctype)
3480                 *pctype = (unsigned char *)s->s3->tmp.ctype;
3481             return s->s3->tmp.ctype_num;
3482         }
3483 
3484     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3485         if (!s->server)
3486             return 0;
3487         return ssl3_set_req_cert_type(s->cert, parg, larg);
3488 
3489     case SSL_CTRL_BUILD_CERT_CHAIN:
3490         return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
3491 
3492     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3493         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3494 
3495     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3496         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3497 
3498     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3499         if (SSL_USE_SIGALGS(s)) {
3500             if (s->session && s->session->sess_cert) {
3501                 const EVP_MD *sig;
3502                 sig = s->session->sess_cert->peer_key->digest;
3503                 if (sig) {
3504                     *(int *)parg = EVP_MD_type(sig);
3505                     return 1;
3506                 }
3507             }
3508             return 0;
3509         }
3510         /* Might want to do something here for other versions */
3511         else
3512             return 0;
3513 
3514     case SSL_CTRL_GET_SERVER_TMP_KEY:
3515         if (s->server || !s->session || !s->session->sess_cert)
3516             return 0;
3517         else {
3518             SESS_CERT *sc;
3519             EVP_PKEY *ptmp;
3520             int rv = 0;
3521             sc = s->session->sess_cert;
3522 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
3523             if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
3524                 return 0;
3525 #endif
3526             ptmp = EVP_PKEY_new();
3527             if (!ptmp)
3528                 return 0;
3529             if (0) ;
3530 #ifndef OPENSSL_NO_RSA
3531             else if (sc->peer_rsa_tmp)
3532                 rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
3533 #endif
3534 #ifndef OPENSSL_NO_DH
3535             else if (sc->peer_dh_tmp)
3536                 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
3537 #endif
3538 #ifndef OPENSSL_NO_ECDH
3539             else if (sc->peer_ecdh_tmp)
3540                 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
3541 #endif
3542             if (rv) {
3543                 *(EVP_PKEY **)parg = ptmp;
3544                 return 1;
3545             }
3546             EVP_PKEY_free(ptmp);
3547             return 0;
3548         }
3549 #ifndef OPENSSL_NO_EC
3550     case SSL_CTRL_GET_EC_POINT_FORMATS:
3551         {
3552             SSL_SESSION *sess = s->session;
3553             const unsigned char **pformat = parg;
3554             if (!sess || !sess->tlsext_ecpointformatlist)
3555                 return 0;
3556             *pformat = sess->tlsext_ecpointformatlist;
3557             return (int)sess->tlsext_ecpointformatlist_length;
3558         }
3559 #endif
3560 
3561     case SSL_CTRL_CHECK_PROTO_VERSION:
3562         /*
3563          * For library-internal use; checks that the current protocol is the
3564          * highest enabled version (according to s->ctx->method, as version
3565          * negotiation may have changed s->method).
3566          */
3567         if (s->version == s->ctx->method->version)
3568             return 1;
3569         /*
3570          * Apparently we're using a version-flexible SSL_METHOD (not at its
3571          * highest protocol version).
3572          */
3573         if (s->ctx->method->version == SSLv23_method()->version) {
3574 #if TLS_MAX_VERSION != TLS1_2_VERSION
3575 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3576 #endif
3577             if (!(s->options & SSL_OP_NO_TLSv1_2))
3578                 return s->version == TLS1_2_VERSION;
3579             if (!(s->options & SSL_OP_NO_TLSv1_1))
3580                 return s->version == TLS1_1_VERSION;
3581             if (!(s->options & SSL_OP_NO_TLSv1))
3582                 return s->version == TLS1_VERSION;
3583             if (!(s->options & SSL_OP_NO_SSLv3))
3584                 return s->version == SSL3_VERSION;
3585             if (!(s->options & SSL_OP_NO_SSLv2))
3586                 return s->version == SSL2_VERSION;
3587         }
3588         return 0;               /* Unexpected state; fail closed. */
3589 
3590     default:
3591         break;
3592     }
3593     return (ret);
3594 }
3595 
3596 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3597 {
3598     int ret = 0;
3599 
3600 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3601     if (
3602 # ifndef OPENSSL_NO_RSA
3603            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3604 # endif
3605 # ifndef OPENSSL_NO_DSA
3606            cmd == SSL_CTRL_SET_TMP_DH_CB ||
3607 # endif
3608            0) {
3609         if (!ssl_cert_inst(&s->cert)) {
3610             SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3611             return (0);
3612         }
3613     }
3614 #endif
3615 
3616     switch (cmd) {
3617 #ifndef OPENSSL_NO_RSA
3618     case SSL_CTRL_SET_TMP_RSA_CB:
3619         {
3620             s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3621         }
3622         break;
3623 #endif
3624 #ifndef OPENSSL_NO_DH
3625     case SSL_CTRL_SET_TMP_DH_CB:
3626         {
3627             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3628         }
3629         break;
3630 #endif
3631 #ifndef OPENSSL_NO_ECDH
3632     case SSL_CTRL_SET_TMP_ECDH_CB:
3633         {
3634             s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3635         }
3636         break;
3637 #endif
3638 #ifndef OPENSSL_NO_TLSEXT
3639     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3640         s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3641                                        unsigned char *, int, void *))fp;
3642         break;
3643 #endif
3644     default:
3645         break;
3646     }
3647     return (ret);
3648 }
3649 
3650 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3651 {
3652     CERT *cert;
3653 
3654     cert = ctx->cert;
3655 
3656     switch (cmd) {
3657 #ifndef OPENSSL_NO_RSA
3658     case SSL_CTRL_NEED_TMP_RSA:
3659         if ((cert->rsa_tmp == NULL) &&
3660             ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3661              (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3662               (512 / 8)))
3663             )
3664             return (1);
3665         else
3666             return (0);
3667         /* break; */
3668     case SSL_CTRL_SET_TMP_RSA:
3669         {
3670             RSA *rsa;
3671             int i;
3672 
3673             rsa = (RSA *)parg;
3674             i = 1;
3675             if (rsa == NULL)
3676                 i = 0;
3677             else {
3678                 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3679                     i = 0;
3680             }
3681             if (!i) {
3682                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3683                 return (0);
3684             } else {
3685                 if (cert->rsa_tmp != NULL)
3686                     RSA_free(cert->rsa_tmp);
3687                 cert->rsa_tmp = rsa;
3688                 return (1);
3689             }
3690         }
3691         /* break; */
3692     case SSL_CTRL_SET_TMP_RSA_CB:
3693         {
3694             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3695             return (0);
3696         }
3697         break;
3698 #endif
3699 #ifndef OPENSSL_NO_DH
3700     case SSL_CTRL_SET_TMP_DH:
3701         {
3702             DH *new = NULL, *dh;
3703 
3704             dh = (DH *)parg;
3705             if ((new = DHparams_dup(dh)) == NULL) {
3706                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3707                 return 0;
3708             }
3709             if (cert->dh_tmp != NULL)
3710                 DH_free(cert->dh_tmp);
3711             cert->dh_tmp = new;
3712             return 1;
3713         }
3714         /*
3715          * break;
3716          */
3717     case SSL_CTRL_SET_TMP_DH_CB:
3718         {
3719             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3720             return (0);
3721         }
3722         break;
3723 #endif
3724 #ifndef OPENSSL_NO_ECDH
3725     case SSL_CTRL_SET_TMP_ECDH:
3726         {
3727             EC_KEY *ecdh = NULL;
3728 
3729             if (parg == NULL) {
3730                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3731                 return 0;
3732             }
3733             ecdh = EC_KEY_dup((EC_KEY *)parg);
3734             if (ecdh == NULL) {
3735                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3736                 return 0;
3737             }
3738             if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3739                 if (!EC_KEY_generate_key(ecdh)) {
3740                     EC_KEY_free(ecdh);
3741                     SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3742                     return 0;
3743                 }
3744             }
3745 
3746             if (cert->ecdh_tmp != NULL) {
3747                 EC_KEY_free(cert->ecdh_tmp);
3748             }
3749             cert->ecdh_tmp = ecdh;
3750             return 1;
3751         }
3752         /* break; */
3753     case SSL_CTRL_SET_TMP_ECDH_CB:
3754         {
3755             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3756             return (0);
3757         }
3758         break;
3759 #endif                          /* !OPENSSL_NO_ECDH */
3760 #ifndef OPENSSL_NO_TLSEXT
3761     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3762         ctx->tlsext_servername_arg = parg;
3763         break;
3764     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3765     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3766         {
3767             unsigned char *keys = parg;
3768             if (!keys)
3769                 return 48;
3770             if (larg != 48) {
3771                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3772                 return 0;
3773             }
3774             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3775                 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3776                 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3777                 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3778             } else {
3779                 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3780                 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3781                 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3782             }
3783             return 1;
3784         }
3785 
3786 # ifdef TLSEXT_TYPE_opaque_prf_input
3787     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3788         ctx->tlsext_opaque_prf_input_callback_arg = parg;
3789         return 1;
3790 # endif
3791 
3792     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3793         ctx->tlsext_status_arg = parg;
3794         return 1;
3795         break;
3796 
3797 # ifndef OPENSSL_NO_SRP
3798     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3799         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3800         if (ctx->srp_ctx.login != NULL)
3801             OPENSSL_free(ctx->srp_ctx.login);
3802         ctx->srp_ctx.login = NULL;
3803         if (parg == NULL)
3804             break;
3805         if (strlen((const char *)parg) > 255
3806             || strlen((const char *)parg) < 1) {
3807             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3808             return 0;
3809         }
3810         if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3811             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3812             return 0;
3813         }
3814         break;
3815     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3816         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3817             srp_password_from_info_cb;
3818         ctx->srp_ctx.info = parg;
3819         break;
3820     case SSL_CTRL_SET_SRP_ARG:
3821         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3822         ctx->srp_ctx.SRP_cb_arg = parg;
3823         break;
3824 
3825     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3826         ctx->srp_ctx.strength = larg;
3827         break;
3828 # endif
3829 
3830 # ifndef OPENSSL_NO_EC
3831     case SSL_CTRL_SET_CURVES:
3832         return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3833                                &ctx->tlsext_ellipticcurvelist_length,
3834                                parg, larg);
3835 
3836     case SSL_CTRL_SET_CURVES_LIST:
3837         return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3838                                     &ctx->tlsext_ellipticcurvelist_length,
3839                                     parg);
3840 #  ifndef OPENSSL_NO_ECDH
3841     case SSL_CTRL_SET_ECDH_AUTO:
3842         ctx->cert->ecdh_tmp_auto = larg;
3843         return 1;
3844 #  endif
3845 # endif
3846     case SSL_CTRL_SET_SIGALGS:
3847         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3848 
3849     case SSL_CTRL_SET_SIGALGS_LIST:
3850         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3851 
3852     case SSL_CTRL_SET_CLIENT_SIGALGS:
3853         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3854 
3855     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3856         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3857 
3858     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3859         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3860 
3861     case SSL_CTRL_BUILD_CERT_CHAIN:
3862         return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
3863 
3864     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3865         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3866 
3867     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3868         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3869 
3870 #endif                          /* !OPENSSL_NO_TLSEXT */
3871 
3872         /* A Thawte special :-) */
3873     case SSL_CTRL_EXTRA_CHAIN_CERT:
3874         if (ctx->extra_certs == NULL) {
3875             if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3876                 return (0);
3877         }
3878         sk_X509_push(ctx->extra_certs, (X509 *)parg);
3879         break;
3880 
3881     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3882         if (ctx->extra_certs == NULL && larg == 0)
3883             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3884         else
3885             *(STACK_OF(X509) **)parg = ctx->extra_certs;
3886         break;
3887 
3888     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3889         if (ctx->extra_certs) {
3890             sk_X509_pop_free(ctx->extra_certs, X509_free);
3891             ctx->extra_certs = NULL;
3892         }
3893         break;
3894 
3895     case SSL_CTRL_CHAIN:
3896         if (larg)
3897             return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);
3898         else
3899             return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);
3900 
3901     case SSL_CTRL_CHAIN_CERT:
3902         if (larg)
3903             return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
3904         else
3905             return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
3906 
3907     case SSL_CTRL_GET_CHAIN_CERTS:
3908         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3909         break;
3910 
3911     case SSL_CTRL_SELECT_CURRENT_CERT:
3912         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3913 
3914     case SSL_CTRL_SET_CURRENT_CERT:
3915         return ssl_cert_set_current(ctx->cert, larg);
3916 
3917     default:
3918         return (0);
3919     }
3920     return (1);
3921 }
3922 
3923 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3924 {
3925     CERT *cert;
3926 
3927     cert = ctx->cert;
3928 
3929     switch (cmd) {
3930 #ifndef OPENSSL_NO_RSA
3931     case SSL_CTRL_SET_TMP_RSA_CB:
3932         {
3933             cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3934         }
3935         break;
3936 #endif
3937 #ifndef OPENSSL_NO_DH
3938     case SSL_CTRL_SET_TMP_DH_CB:
3939         {
3940             cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3941         }
3942         break;
3943 #endif
3944 #ifndef OPENSSL_NO_ECDH
3945     case SSL_CTRL_SET_TMP_ECDH_CB:
3946         {
3947             cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3948         }
3949         break;
3950 #endif
3951 #ifndef OPENSSL_NO_TLSEXT
3952     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3953         ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3954         break;
3955 
3956 # ifdef TLSEXT_TYPE_opaque_prf_input
3957     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3958         ctx->tlsext_opaque_prf_input_callback =
3959             (int (*)(SSL *, void *, size_t, void *))fp;
3960         break;
3961 # endif
3962 
3963     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3964         ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3965         break;
3966 
3967     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3968         ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3969                                              unsigned char *,
3970                                              EVP_CIPHER_CTX *,
3971                                              HMAC_CTX *, int))fp;
3972         break;
3973 
3974 # ifndef OPENSSL_NO_SRP
3975     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3976         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3977         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3978         break;
3979     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3980         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3981         ctx->srp_ctx.TLS_ext_srp_username_callback =
3982             (int (*)(SSL *, int *, void *))fp;
3983         break;
3984     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3985         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3986         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3987             (char *(*)(SSL *, void *))fp;
3988         break;
3989 # endif
3990 #endif
3991     default:
3992         return (0);
3993     }
3994     return (1);
3995 }
3996 
3997 /*
3998  * This function needs to check if the ciphers required are actually
3999  * available
4000  */
4001 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4002 {
4003     SSL_CIPHER c;
4004     const SSL_CIPHER *cp;
4005     unsigned long id;
4006 
4007     id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
4008     c.id = id;
4009     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4010 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
4011     if (cp == NULL)
4012         fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
4013 #endif
4014     return cp;
4015 }
4016 
4017 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
4018 {
4019     long l;
4020 
4021     if (p != NULL) {
4022         l = c->id;
4023         if ((l & 0xff000000) != 0x03000000)
4024             return (0);
4025         p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
4026         p[1] = ((unsigned char)(l)) & 0xFF;
4027     }
4028     return (2);
4029 }
4030 
4031 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4032                                STACK_OF(SSL_CIPHER) *srvr)
4033 {
4034     SSL_CIPHER *c, *ret = NULL;
4035     STACK_OF(SSL_CIPHER) *prio, *allow;
4036     int i, ii, ok;
4037     CERT *cert;
4038     unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
4039 
4040     /* Let's see which ciphers we can support */
4041     cert = s->cert;
4042 
4043 #if 0
4044     /*
4045      * Do not set the compare functions, because this may lead to a
4046      * reordering by "id". We want to keep the original ordering. We may pay
4047      * a price in performance during sk_SSL_CIPHER_find(), but would have to
4048      * pay with the price of sk_SSL_CIPHER_dup().
4049      */
4050     sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
4051     sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
4052 #endif
4053 
4054 #ifdef CIPHER_DEBUG
4055     fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4056             (void *)srvr);
4057     for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4058         c = sk_SSL_CIPHER_value(srvr, i);
4059         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4060     }
4061     fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4062             (void *)clnt);
4063     for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4064         c = sk_SSL_CIPHER_value(clnt, i);
4065         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4066     }
4067 #endif
4068 
4069     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
4070         prio = srvr;
4071         allow = clnt;
4072     } else {
4073         prio = clnt;
4074         allow = srvr;
4075     }
4076 
4077     tls1_set_cert_validity(s);
4078 
4079     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4080         c = sk_SSL_CIPHER_value(prio, i);
4081 
4082         /* Skip TLS v1.2 only ciphersuites if not supported */
4083         if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
4084             continue;
4085 
4086         ssl_set_cert_masks(cert, c);
4087         mask_k = cert->mask_k;
4088         mask_a = cert->mask_a;
4089         emask_k = cert->export_mask_k;
4090         emask_a = cert->export_mask_a;
4091 #ifndef OPENSSL_NO_SRP
4092         if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4093             mask_k |= SSL_kSRP;
4094             emask_k |= SSL_kSRP;
4095             mask_a |= SSL_aSRP;
4096             emask_a |= SSL_aSRP;
4097         }
4098 #endif
4099 
4100 #ifdef KSSL_DEBUG
4101         /*
4102          * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
4103          * i,c->algorithms);
4104          */
4105 #endif                          /* KSSL_DEBUG */
4106 
4107         alg_k = c->algorithm_mkey;
4108         alg_a = c->algorithm_auth;
4109 
4110 #ifndef OPENSSL_NO_KRB5
4111         if (alg_k & SSL_kKRB5) {
4112             if (!kssl_keytab_is_available(s->kssl_ctx))
4113                 continue;
4114         }
4115 #endif                          /* OPENSSL_NO_KRB5 */
4116 #ifndef OPENSSL_NO_PSK
4117         /* with PSK there must be server callback set */
4118         if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
4119             continue;
4120 #endif                          /* OPENSSL_NO_PSK */
4121 
4122         if (SSL_C_IS_EXPORT(c)) {
4123             ok = (alg_k & emask_k) && (alg_a & emask_a);
4124 #ifdef CIPHER_DEBUG
4125             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
4126                     ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
4127 #endif
4128         } else {
4129             ok = (alg_k & mask_k) && (alg_a & mask_a);
4130 #ifdef CIPHER_DEBUG
4131             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4132                     alg_a, mask_k, mask_a, (void *)c, c->name);
4133 #endif
4134         }
4135 
4136 #ifndef OPENSSL_NO_TLSEXT
4137 # ifndef OPENSSL_NO_EC
4138 #  ifndef OPENSSL_NO_ECDH
4139         /*
4140          * if we are considering an ECC cipher suite that uses an ephemeral
4141          * EC key check it
4142          */
4143         if (alg_k & SSL_kEECDH)
4144             ok = ok && tls1_check_ec_tmp_key(s, c->id);
4145 #  endif                        /* OPENSSL_NO_ECDH */
4146 # endif                         /* OPENSSL_NO_EC */
4147 #endif                          /* OPENSSL_NO_TLSEXT */
4148 
4149         if (!ok)
4150             continue;
4151         ii = sk_SSL_CIPHER_find(allow, c);
4152         if (ii >= 0) {
4153 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4154             if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
4155                 && s->s3->is_probably_safari) {
4156                 if (!ret)
4157                     ret = sk_SSL_CIPHER_value(allow, ii);
4158                 continue;
4159             }
4160 #endif
4161             ret = sk_SSL_CIPHER_value(allow, ii);
4162             break;
4163         }
4164     }
4165     return (ret);
4166 }
4167 
4168 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4169 {
4170     int ret = 0;
4171     const unsigned char *sig;
4172     size_t i, siglen;
4173     int have_rsa_sign = 0, have_dsa_sign = 0;
4174 #ifndef OPENSSL_NO_ECDSA
4175     int have_ecdsa_sign = 0;
4176 #endif
4177     int nostrict = 1;
4178     unsigned long alg_k;
4179 
4180     /* If we have custom certificate types set, use them */
4181     if (s->cert->ctypes) {
4182         memcpy(p, s->cert->ctypes, s->cert->ctype_num);
4183         return (int)s->cert->ctype_num;
4184     }
4185     /* get configured sigalgs */
4186     siglen = tls12_get_psigalgs(s, &sig);
4187     if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
4188         nostrict = 0;
4189     for (i = 0; i < siglen; i += 2, sig += 2) {
4190         switch (sig[1]) {
4191         case TLSEXT_signature_rsa:
4192             have_rsa_sign = 1;
4193             break;
4194 
4195         case TLSEXT_signature_dsa:
4196             have_dsa_sign = 1;
4197             break;
4198 #ifndef OPENSSL_NO_ECDSA
4199         case TLSEXT_signature_ecdsa:
4200             have_ecdsa_sign = 1;
4201             break;
4202 #endif
4203         }
4204     }
4205 
4206     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4207 
4208 #ifndef OPENSSL_NO_GOST
4209     if (s->version >= TLS1_VERSION) {
4210         if (alg_k & SSL_kGOST) {
4211             p[ret++] = TLS_CT_GOST94_SIGN;
4212             p[ret++] = TLS_CT_GOST01_SIGN;
4213             return (ret);
4214         }
4215     }
4216 #endif
4217 
4218 #ifndef OPENSSL_NO_DH
4219     if (alg_k & (SSL_kDHr | SSL_kEDH)) {
4220 # ifndef OPENSSL_NO_RSA
4221         /*
4222          * Since this refers to a certificate signed with an RSA algorithm,
4223          * only check for rsa signing in strict mode.
4224          */
4225         if (nostrict || have_rsa_sign)
4226             p[ret++] = SSL3_CT_RSA_FIXED_DH;
4227 # endif
4228 # ifndef OPENSSL_NO_DSA
4229         if (nostrict || have_dsa_sign)
4230             p[ret++] = SSL3_CT_DSS_FIXED_DH;
4231 # endif
4232     }
4233     if ((s->version == SSL3_VERSION) &&
4234         (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
4235 # ifndef OPENSSL_NO_RSA
4236         p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4237 # endif
4238 # ifndef OPENSSL_NO_DSA
4239         p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4240 # endif
4241     }
4242 #endif                          /* !OPENSSL_NO_DH */
4243 #ifndef OPENSSL_NO_RSA
4244     if (have_rsa_sign)
4245         p[ret++] = SSL3_CT_RSA_SIGN;
4246 #endif
4247 #ifndef OPENSSL_NO_DSA
4248     if (have_dsa_sign)
4249         p[ret++] = SSL3_CT_DSS_SIGN;
4250 #endif
4251 #ifndef OPENSSL_NO_ECDH
4252     if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4253         if (nostrict || have_rsa_sign)
4254             p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4255         if (nostrict || have_ecdsa_sign)
4256             p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4257     }
4258 #endif
4259 
4260 #ifndef OPENSSL_NO_ECDSA
4261     /*
4262      * ECDSA certs can be used with RSA cipher suites as well so we don't
4263      * need to check for SSL_kECDH or SSL_kEECDH
4264      */
4265     if (s->version >= TLS1_VERSION) {
4266         if (have_ecdsa_sign)
4267             p[ret++] = TLS_CT_ECDSA_SIGN;
4268     }
4269 #endif
4270     return (ret);
4271 }
4272 
4273 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4274 {
4275     if (c->ctypes) {
4276         OPENSSL_free(c->ctypes);
4277         c->ctypes = NULL;
4278     }
4279     if (!p || !len)
4280         return 1;
4281     if (len > 0xff)
4282         return 0;
4283     c->ctypes = OPENSSL_malloc(len);
4284     if (!c->ctypes)
4285         return 0;
4286     memcpy(c->ctypes, p, len);
4287     c->ctype_num = len;
4288     return 1;
4289 }
4290 
4291 int ssl3_shutdown(SSL *s)
4292 {
4293     int ret;
4294 
4295     /*
4296      * Don't do anything much if we have not done the handshake or we don't
4297      * want to send messages :-)
4298      */
4299     if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4300         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4301         return (1);
4302     }
4303 
4304     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4305         s->shutdown |= SSL_SENT_SHUTDOWN;
4306 #if 1
4307         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4308 #endif
4309         /*
4310          * our shutdown alert has been sent now, and if it still needs to be
4311          * written, s->s3->alert_dispatch will be true
4312          */
4313         if (s->s3->alert_dispatch)
4314             return (-1);        /* return WANT_WRITE */
4315     } else if (s->s3->alert_dispatch) {
4316         /* resend it if not sent */
4317 #if 1
4318         ret = s->method->ssl_dispatch_alert(s);
4319         if (ret == -1) {
4320             /*
4321              * we only get to return -1 here the 2nd/Nth invocation, we must
4322              * have already signalled return 0 upon a previous invoation,
4323              * return WANT_WRITE
4324              */
4325             return (ret);
4326         }
4327 #endif
4328     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4329         if (SSL_in_init(s)) {
4330             /*
4331              * We can't shutdown properly if we are in the middle of a
4332              * handshake. Doing so is problematic because the peer may send a
4333              * CCS before it acts on our close_notify. However we should not
4334              * continue to process received handshake messages or CCS once our
4335              * close_notify has been sent. Therefore any close_notify from
4336              * the peer will be unreadable because we have not moved to the next
4337              * cipher state. Its best just to avoid this can-of-worms. Return
4338              * an error if we are wanting to wait for a close_notify from the
4339              * peer and we are in init.
4340              */
4341             SSLerr(SSL_F_SSL3_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
4342             return -1;
4343         }
4344         /*
4345          * If we are waiting for a close from our peer, we are closed
4346          */
4347         s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4348         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4349             return (-1);        /* return WANT_READ */
4350         }
4351     }
4352 
4353     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4354         !s->s3->alert_dispatch)
4355         return (1);
4356     else
4357         return (0);
4358 }
4359 
4360 int ssl3_write(SSL *s, const void *buf, int len)
4361 {
4362     int ret, n;
4363 
4364 #if 0
4365     if (s->shutdown & SSL_SEND_SHUTDOWN) {
4366         s->rwstate = SSL_NOTHING;
4367         return (0);
4368     }
4369 #endif
4370     clear_sys_error();
4371     if (s->s3->renegotiate)
4372         ssl3_renegotiate_check(s);
4373 
4374     /*
4375      * This is an experimental flag that sends the last handshake message in
4376      * the same packet as the first use data - used to see if it helps the
4377      * TCP protocol during session-id reuse
4378      */
4379     /* The second test is because the buffer may have been removed */
4380     if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4381         /* First time through, we write into the buffer */
4382         if (s->s3->delay_buf_pop_ret == 0) {
4383             ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
4384             if (ret <= 0)
4385                 return (ret);
4386 
4387             s->s3->delay_buf_pop_ret = ret;
4388         }
4389 
4390         s->rwstate = SSL_WRITING;
4391         n = BIO_flush(s->wbio);
4392         if (n <= 0)
4393             return (n);
4394         s->rwstate = SSL_NOTHING;
4395 
4396         /* We have flushed the buffer, so remove it */
4397         ssl_free_wbio_buffer(s);
4398         s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
4399 
4400         ret = s->s3->delay_buf_pop_ret;
4401         s->s3->delay_buf_pop_ret = 0;
4402     } else {
4403         ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4404                                          buf, len);
4405         if (ret <= 0)
4406             return (ret);
4407     }
4408 
4409     return (ret);
4410 }
4411 
4412 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4413 {
4414     int ret;
4415 
4416     clear_sys_error();
4417     if (s->s3->renegotiate)
4418         ssl3_renegotiate_check(s);
4419     s->s3->in_read_app_data = 1;
4420     ret =
4421         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4422                                   peek);
4423     if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4424         /*
4425          * ssl3_read_bytes decided to call s->handshake_func, which called
4426          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4427          * actually found application data and thinks that application data
4428          * makes sense here; so disable handshake processing and try to read
4429          * application data again.
4430          */
4431         s->in_handshake++;
4432         ret =
4433             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4434                                       peek);
4435         s->in_handshake--;
4436     } else
4437         s->s3->in_read_app_data = 0;
4438 
4439     return (ret);
4440 }
4441 
4442 int ssl3_read(SSL *s, void *buf, int len)
4443 {
4444     return ssl3_read_internal(s, buf, len, 0);
4445 }
4446 
4447 int ssl3_peek(SSL *s, void *buf, int len)
4448 {
4449     return ssl3_read_internal(s, buf, len, 1);
4450 }
4451 
4452 int ssl3_renegotiate(SSL *s)
4453 {
4454     if (s->handshake_func == NULL)
4455         return (1);
4456 
4457     if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4458         return (0);
4459 
4460     s->s3->renegotiate = 1;
4461     return (1);
4462 }
4463 
4464 int ssl3_renegotiate_check(SSL *s)
4465 {
4466     int ret = 0;
4467 
4468     if (s->s3->renegotiate) {
4469         if ((s->s3->rbuf.left == 0) &&
4470             (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
4471             /*
4472              * if we are the server, and we have sent a 'RENEGOTIATE'
4473              * message, we need to go to SSL_ST_ACCEPT.
4474              */
4475             /* SSL_ST_ACCEPT */
4476             s->state = SSL_ST_RENEGOTIATE;
4477             s->s3->renegotiate = 0;
4478             s->s3->num_renegotiations++;
4479             s->s3->total_renegotiations++;
4480             ret = 1;
4481         }
4482     }
4483     return (ret);
4484 }
4485 
4486 /*
4487  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4488  * handshake macs if required.
4489  */
4490 long ssl_get_algorithm2(SSL *s)
4491 {
4492     long alg2 = s->s3->tmp.new_cipher->algorithm2;
4493     if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
4494         && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4495         return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4496     return alg2;
4497 }
4498