xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision 4d293dd8dcde59fc9842a0ce1125fef8fcf83a8c)
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #include <openssl/md5.h>
156 #ifndef OPENSSL_NO_DH
157 # include <openssl/dh.h>
158 #endif
159 
160 const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
161 
162 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
163 
164 /* list of available SSLv3 ciphers (sorted by id) */
165 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
166 
167 /* The RSA ciphers */
168 /* Cipher 01 */
169     {
170      1,
171      SSL3_TXT_RSA_NULL_MD5,
172      SSL3_CK_RSA_NULL_MD5,
173      SSL_kRSA,
174      SSL_aRSA,
175      SSL_eNULL,
176      SSL_MD5,
177      SSL_SSLV3,
178      SSL_NOT_EXP | SSL_STRONG_NONE,
179      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180      0,
181      0,
182      },
183 
184 /* Cipher 02 */
185     {
186      1,
187      SSL3_TXT_RSA_NULL_SHA,
188      SSL3_CK_RSA_NULL_SHA,
189      SSL_kRSA,
190      SSL_aRSA,
191      SSL_eNULL,
192      SSL_SHA1,
193      SSL_SSLV3,
194      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
195      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196      0,
197      0,
198      },
199 
200 /* Cipher 03 */
201     {
202      1,
203      SSL3_TXT_RSA_RC4_40_MD5,
204      SSL3_CK_RSA_RC4_40_MD5,
205      SSL_kRSA,
206      SSL_aRSA,
207      SSL_RC4,
208      SSL_MD5,
209      SSL_SSLV3,
210      SSL_EXPORT | SSL_EXP40,
211      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
212      40,
213      128,
214      },
215 
216 /* Cipher 04 */
217     {
218      1,
219      SSL3_TXT_RSA_RC4_128_MD5,
220      SSL3_CK_RSA_RC4_128_MD5,
221      SSL_kRSA,
222      SSL_aRSA,
223      SSL_RC4,
224      SSL_MD5,
225      SSL_SSLV3,
226      SSL_NOT_EXP | SSL_MEDIUM,
227      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
228      128,
229      128,
230      },
231 
232 /* Cipher 05 */
233     {
234      1,
235      SSL3_TXT_RSA_RC4_128_SHA,
236      SSL3_CK_RSA_RC4_128_SHA,
237      SSL_kRSA,
238      SSL_aRSA,
239      SSL_RC4,
240      SSL_SHA1,
241      SSL_SSLV3,
242      SSL_NOT_EXP | SSL_MEDIUM,
243      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
244      128,
245      128,
246      },
247 
248 /* Cipher 06 */
249     {
250      1,
251      SSL3_TXT_RSA_RC2_40_MD5,
252      SSL3_CK_RSA_RC2_40_MD5,
253      SSL_kRSA,
254      SSL_aRSA,
255      SSL_RC2,
256      SSL_MD5,
257      SSL_SSLV3,
258      SSL_EXPORT | SSL_EXP40,
259      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
260      40,
261      128,
262      },
263 
264 /* Cipher 07 */
265 #ifndef OPENSSL_NO_IDEA
266     {
267      1,
268      SSL3_TXT_RSA_IDEA_128_SHA,
269      SSL3_CK_RSA_IDEA_128_SHA,
270      SSL_kRSA,
271      SSL_aRSA,
272      SSL_IDEA,
273      SSL_SHA1,
274      SSL_SSLV3,
275      SSL_NOT_EXP | SSL_MEDIUM,
276      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
277      128,
278      128,
279      },
280 #endif
281 
282 /* Cipher 08 */
283     {
284      1,
285      SSL3_TXT_RSA_DES_40_CBC_SHA,
286      SSL3_CK_RSA_DES_40_CBC_SHA,
287      SSL_kRSA,
288      SSL_aRSA,
289      SSL_DES,
290      SSL_SHA1,
291      SSL_SSLV3,
292      SSL_EXPORT | SSL_EXP40,
293      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
294      40,
295      56,
296      },
297 
298 /* Cipher 09 */
299     {
300      1,
301      SSL3_TXT_RSA_DES_64_CBC_SHA,
302      SSL3_CK_RSA_DES_64_CBC_SHA,
303      SSL_kRSA,
304      SSL_aRSA,
305      SSL_DES,
306      SSL_SHA1,
307      SSL_SSLV3,
308      SSL_NOT_EXP | SSL_LOW,
309      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
310      56,
311      56,
312      },
313 
314 /* Cipher 0A */
315     {
316      1,
317      SSL3_TXT_RSA_DES_192_CBC3_SHA,
318      SSL3_CK_RSA_DES_192_CBC3_SHA,
319      SSL_kRSA,
320      SSL_aRSA,
321      SSL_3DES,
322      SSL_SHA1,
323      SSL_SSLV3,
324      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
325      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
326      112,
327      168,
328      },
329 
330 /* The DH ciphers */
331 /* Cipher 0B */
332     {
333      0,
334      SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
335      SSL3_CK_DH_DSS_DES_40_CBC_SHA,
336      SSL_kDHd,
337      SSL_aDH,
338      SSL_DES,
339      SSL_SHA1,
340      SSL_SSLV3,
341      SSL_EXPORT | SSL_EXP40,
342      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
343      40,
344      56,
345      },
346 
347 /* Cipher 0C */
348     {
349      1,
350      SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
351      SSL3_CK_DH_DSS_DES_64_CBC_SHA,
352      SSL_kDHd,
353      SSL_aDH,
354      SSL_DES,
355      SSL_SHA1,
356      SSL_SSLV3,
357      SSL_NOT_EXP | SSL_LOW,
358      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
359      56,
360      56,
361      },
362 
363 /* Cipher 0D */
364     {
365      1,
366      SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
367      SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
368      SSL_kDHd,
369      SSL_aDH,
370      SSL_3DES,
371      SSL_SHA1,
372      SSL_SSLV3,
373      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
374      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
375      112,
376      168,
377      },
378 
379 /* Cipher 0E */
380     {
381      0,
382      SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
383      SSL3_CK_DH_RSA_DES_40_CBC_SHA,
384      SSL_kDHr,
385      SSL_aDH,
386      SSL_DES,
387      SSL_SHA1,
388      SSL_SSLV3,
389      SSL_EXPORT | SSL_EXP40,
390      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
391      40,
392      56,
393      },
394 
395 /* Cipher 0F */
396     {
397      1,
398      SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
399      SSL3_CK_DH_RSA_DES_64_CBC_SHA,
400      SSL_kDHr,
401      SSL_aDH,
402      SSL_DES,
403      SSL_SHA1,
404      SSL_SSLV3,
405      SSL_NOT_EXP | SSL_LOW,
406      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
407      56,
408      56,
409      },
410 
411 /* Cipher 10 */
412     {
413      1,
414      SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
415      SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
416      SSL_kDHr,
417      SSL_aDH,
418      SSL_3DES,
419      SSL_SHA1,
420      SSL_SSLV3,
421      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
422      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
423      112,
424      168,
425      },
426 
427 /* The Ephemeral DH ciphers */
428 /* Cipher 11 */
429     {
430      1,
431      SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
432      SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
433      SSL_kEDH,
434      SSL_aDSS,
435      SSL_DES,
436      SSL_SHA1,
437      SSL_SSLV3,
438      SSL_EXPORT | SSL_EXP40,
439      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
440      40,
441      56,
442      },
443 
444 /* Cipher 12 */
445     {
446      1,
447      SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
448      SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
449      SSL_kEDH,
450      SSL_aDSS,
451      SSL_DES,
452      SSL_SHA1,
453      SSL_SSLV3,
454      SSL_NOT_EXP | SSL_LOW,
455      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
456      56,
457      56,
458      },
459 
460 /* Cipher 13 */
461     {
462      1,
463      SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
464      SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
465      SSL_kEDH,
466      SSL_aDSS,
467      SSL_3DES,
468      SSL_SHA1,
469      SSL_SSLV3,
470      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
471      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
472      112,
473      168,
474      },
475 
476 /* Cipher 14 */
477     {
478      1,
479      SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
480      SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
481      SSL_kEDH,
482      SSL_aRSA,
483      SSL_DES,
484      SSL_SHA1,
485      SSL_SSLV3,
486      SSL_EXPORT | SSL_EXP40,
487      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
488      40,
489      56,
490      },
491 
492 /* Cipher 15 */
493     {
494      1,
495      SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
496      SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
497      SSL_kEDH,
498      SSL_aRSA,
499      SSL_DES,
500      SSL_SHA1,
501      SSL_SSLV3,
502      SSL_NOT_EXP | SSL_LOW,
503      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
504      56,
505      56,
506      },
507 
508 /* Cipher 16 */
509     {
510      1,
511      SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
512      SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
513      SSL_kEDH,
514      SSL_aRSA,
515      SSL_3DES,
516      SSL_SHA1,
517      SSL_SSLV3,
518      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
519      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
520      112,
521      168,
522      },
523 
524 /* Cipher 17 */
525     {
526      1,
527      SSL3_TXT_ADH_RC4_40_MD5,
528      SSL3_CK_ADH_RC4_40_MD5,
529      SSL_kEDH,
530      SSL_aNULL,
531      SSL_RC4,
532      SSL_MD5,
533      SSL_SSLV3,
534      SSL_EXPORT | SSL_EXP40,
535      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
536      40,
537      128,
538      },
539 
540 /* Cipher 18 */
541     {
542      1,
543      SSL3_TXT_ADH_RC4_128_MD5,
544      SSL3_CK_ADH_RC4_128_MD5,
545      SSL_kEDH,
546      SSL_aNULL,
547      SSL_RC4,
548      SSL_MD5,
549      SSL_SSLV3,
550      SSL_NOT_EXP | SSL_MEDIUM,
551      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
552      128,
553      128,
554      },
555 
556 /* Cipher 19 */
557     {
558      1,
559      SSL3_TXT_ADH_DES_40_CBC_SHA,
560      SSL3_CK_ADH_DES_40_CBC_SHA,
561      SSL_kEDH,
562      SSL_aNULL,
563      SSL_DES,
564      SSL_SHA1,
565      SSL_SSLV3,
566      SSL_EXPORT | SSL_EXP40,
567      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
568      40,
569      128,
570      },
571 
572 /* Cipher 1A */
573     {
574      1,
575      SSL3_TXT_ADH_DES_64_CBC_SHA,
576      SSL3_CK_ADH_DES_64_CBC_SHA,
577      SSL_kEDH,
578      SSL_aNULL,
579      SSL_DES,
580      SSL_SHA1,
581      SSL_SSLV3,
582      SSL_NOT_EXP | SSL_LOW,
583      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
584      56,
585      56,
586      },
587 
588 /* Cipher 1B */
589     {
590      1,
591      SSL3_TXT_ADH_DES_192_CBC_SHA,
592      SSL3_CK_ADH_DES_192_CBC_SHA,
593      SSL_kEDH,
594      SSL_aNULL,
595      SSL_3DES,
596      SSL_SHA1,
597      SSL_SSLV3,
598      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
599      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
600      112,
601      168,
602      },
603 
604 /* Fortezza ciphersuite from SSL 3.0 spec */
605 #if 0
606 /* Cipher 1C */
607     {
608      0,
609      SSL3_TXT_FZA_DMS_NULL_SHA,
610      SSL3_CK_FZA_DMS_NULL_SHA,
611      SSL_kFZA,
612      SSL_aFZA,
613      SSL_eNULL,
614      SSL_SHA1,
615      SSL_SSLV3,
616      SSL_NOT_EXP | SSL_STRONG_NONE,
617      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
618      0,
619      0,
620      },
621 
622 /* Cipher 1D */
623     {
624      0,
625      SSL3_TXT_FZA_DMS_FZA_SHA,
626      SSL3_CK_FZA_DMS_FZA_SHA,
627      SSL_kFZA,
628      SSL_aFZA,
629      SSL_eFZA,
630      SSL_SHA1,
631      SSL_SSLV3,
632      SSL_NOT_EXP | SSL_STRONG_NONE,
633      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
634      0,
635      0,
636      },
637 
638 /* Cipher 1E */
639     {
640      0,
641      SSL3_TXT_FZA_DMS_RC4_SHA,
642      SSL3_CK_FZA_DMS_RC4_SHA,
643      SSL_kFZA,
644      SSL_aFZA,
645      SSL_RC4,
646      SSL_SHA1,
647      SSL_SSLV3,
648      SSL_NOT_EXP | SSL_MEDIUM,
649      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
650      128,
651      128,
652      },
653 #endif
654 
655 #ifndef OPENSSL_NO_KRB5
656 /* The Kerberos ciphers*/
657 /* Cipher 1E */
658     {
659      1,
660      SSL3_TXT_KRB5_DES_64_CBC_SHA,
661      SSL3_CK_KRB5_DES_64_CBC_SHA,
662      SSL_kKRB5,
663      SSL_aKRB5,
664      SSL_DES,
665      SSL_SHA1,
666      SSL_SSLV3,
667      SSL_NOT_EXP | SSL_LOW,
668      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
669      56,
670      56,
671      },
672 
673 /* Cipher 1F */
674     {
675      1,
676      SSL3_TXT_KRB5_DES_192_CBC3_SHA,
677      SSL3_CK_KRB5_DES_192_CBC3_SHA,
678      SSL_kKRB5,
679      SSL_aKRB5,
680      SSL_3DES,
681      SSL_SHA1,
682      SSL_SSLV3,
683      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
684      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
685      112,
686      168,
687      },
688 
689 /* Cipher 20 */
690     {
691      1,
692      SSL3_TXT_KRB5_RC4_128_SHA,
693      SSL3_CK_KRB5_RC4_128_SHA,
694      SSL_kKRB5,
695      SSL_aKRB5,
696      SSL_RC4,
697      SSL_SHA1,
698      SSL_SSLV3,
699      SSL_NOT_EXP | SSL_MEDIUM,
700      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
701      128,
702      128,
703      },
704 
705 /* Cipher 21 */
706     {
707      1,
708      SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
709      SSL3_CK_KRB5_IDEA_128_CBC_SHA,
710      SSL_kKRB5,
711      SSL_aKRB5,
712      SSL_IDEA,
713      SSL_SHA1,
714      SSL_SSLV3,
715      SSL_NOT_EXP | SSL_MEDIUM,
716      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
717      128,
718      128,
719      },
720 
721 /* Cipher 22 */
722     {
723      1,
724      SSL3_TXT_KRB5_DES_64_CBC_MD5,
725      SSL3_CK_KRB5_DES_64_CBC_MD5,
726      SSL_kKRB5,
727      SSL_aKRB5,
728      SSL_DES,
729      SSL_MD5,
730      SSL_SSLV3,
731      SSL_NOT_EXP | SSL_LOW,
732      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
733      56,
734      56,
735      },
736 
737 /* Cipher 23 */
738     {
739      1,
740      SSL3_TXT_KRB5_DES_192_CBC3_MD5,
741      SSL3_CK_KRB5_DES_192_CBC3_MD5,
742      SSL_kKRB5,
743      SSL_aKRB5,
744      SSL_3DES,
745      SSL_MD5,
746      SSL_SSLV3,
747      SSL_NOT_EXP | SSL_HIGH,
748      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
749      112,
750      168,
751      },
752 
753 /* Cipher 24 */
754     {
755      1,
756      SSL3_TXT_KRB5_RC4_128_MD5,
757      SSL3_CK_KRB5_RC4_128_MD5,
758      SSL_kKRB5,
759      SSL_aKRB5,
760      SSL_RC4,
761      SSL_MD5,
762      SSL_SSLV3,
763      SSL_NOT_EXP | SSL_MEDIUM,
764      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
765      128,
766      128,
767      },
768 
769 /* Cipher 25 */
770     {
771      1,
772      SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
773      SSL3_CK_KRB5_IDEA_128_CBC_MD5,
774      SSL_kKRB5,
775      SSL_aKRB5,
776      SSL_IDEA,
777      SSL_MD5,
778      SSL_SSLV3,
779      SSL_NOT_EXP | SSL_MEDIUM,
780      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
781      128,
782      128,
783      },
784 
785 /* Cipher 26 */
786     {
787      1,
788      SSL3_TXT_KRB5_DES_40_CBC_SHA,
789      SSL3_CK_KRB5_DES_40_CBC_SHA,
790      SSL_kKRB5,
791      SSL_aKRB5,
792      SSL_DES,
793      SSL_SHA1,
794      SSL_SSLV3,
795      SSL_EXPORT | SSL_EXP40,
796      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
797      40,
798      56,
799      },
800 
801 /* Cipher 27 */
802     {
803      1,
804      SSL3_TXT_KRB5_RC2_40_CBC_SHA,
805      SSL3_CK_KRB5_RC2_40_CBC_SHA,
806      SSL_kKRB5,
807      SSL_aKRB5,
808      SSL_RC2,
809      SSL_SHA1,
810      SSL_SSLV3,
811      SSL_EXPORT | SSL_EXP40,
812      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
813      40,
814      128,
815      },
816 
817 /* Cipher 28 */
818     {
819      1,
820      SSL3_TXT_KRB5_RC4_40_SHA,
821      SSL3_CK_KRB5_RC4_40_SHA,
822      SSL_kKRB5,
823      SSL_aKRB5,
824      SSL_RC4,
825      SSL_SHA1,
826      SSL_SSLV3,
827      SSL_EXPORT | SSL_EXP40,
828      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
829      40,
830      128,
831      },
832 
833 /* Cipher 29 */
834     {
835      1,
836      SSL3_TXT_KRB5_DES_40_CBC_MD5,
837      SSL3_CK_KRB5_DES_40_CBC_MD5,
838      SSL_kKRB5,
839      SSL_aKRB5,
840      SSL_DES,
841      SSL_MD5,
842      SSL_SSLV3,
843      SSL_EXPORT | SSL_EXP40,
844      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
845      40,
846      56,
847      },
848 
849 /* Cipher 2A */
850     {
851      1,
852      SSL3_TXT_KRB5_RC2_40_CBC_MD5,
853      SSL3_CK_KRB5_RC2_40_CBC_MD5,
854      SSL_kKRB5,
855      SSL_aKRB5,
856      SSL_RC2,
857      SSL_MD5,
858      SSL_SSLV3,
859      SSL_EXPORT | SSL_EXP40,
860      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
861      40,
862      128,
863      },
864 
865 /* Cipher 2B */
866     {
867      1,
868      SSL3_TXT_KRB5_RC4_40_MD5,
869      SSL3_CK_KRB5_RC4_40_MD5,
870      SSL_kKRB5,
871      SSL_aKRB5,
872      SSL_RC4,
873      SSL_MD5,
874      SSL_SSLV3,
875      SSL_EXPORT | SSL_EXP40,
876      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
877      40,
878      128,
879      },
880 #endif                          /* OPENSSL_NO_KRB5 */
881 
882 /* New AES ciphersuites */
883 /* Cipher 2F */
884     {
885      1,
886      TLS1_TXT_RSA_WITH_AES_128_SHA,
887      TLS1_CK_RSA_WITH_AES_128_SHA,
888      SSL_kRSA,
889      SSL_aRSA,
890      SSL_AES128,
891      SSL_SHA1,
892      SSL_TLSV1,
893      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
894      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
895      128,
896      128,
897      },
898 /* Cipher 30 */
899     {
900      1,
901      TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
902      TLS1_CK_DH_DSS_WITH_AES_128_SHA,
903      SSL_kDHd,
904      SSL_aDH,
905      SSL_AES128,
906      SSL_SHA1,
907      SSL_TLSV1,
908      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
909      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
910      128,
911      128,
912      },
913 /* Cipher 31 */
914     {
915      1,
916      TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
917      TLS1_CK_DH_RSA_WITH_AES_128_SHA,
918      SSL_kDHr,
919      SSL_aDH,
920      SSL_AES128,
921      SSL_SHA1,
922      SSL_TLSV1,
923      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
924      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
925      128,
926      128,
927      },
928 /* Cipher 32 */
929     {
930      1,
931      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
932      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
933      SSL_kEDH,
934      SSL_aDSS,
935      SSL_AES128,
936      SSL_SHA1,
937      SSL_TLSV1,
938      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
939      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
940      128,
941      128,
942      },
943 /* Cipher 33 */
944     {
945      1,
946      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
947      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
948      SSL_kEDH,
949      SSL_aRSA,
950      SSL_AES128,
951      SSL_SHA1,
952      SSL_TLSV1,
953      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
954      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
955      128,
956      128,
957      },
958 /* Cipher 34 */
959     {
960      1,
961      TLS1_TXT_ADH_WITH_AES_128_SHA,
962      TLS1_CK_ADH_WITH_AES_128_SHA,
963      SSL_kEDH,
964      SSL_aNULL,
965      SSL_AES128,
966      SSL_SHA1,
967      SSL_TLSV1,
968      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
969      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
970      128,
971      128,
972      },
973 
974 /* Cipher 35 */
975     {
976      1,
977      TLS1_TXT_RSA_WITH_AES_256_SHA,
978      TLS1_CK_RSA_WITH_AES_256_SHA,
979      SSL_kRSA,
980      SSL_aRSA,
981      SSL_AES256,
982      SSL_SHA1,
983      SSL_TLSV1,
984      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
985      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
986      256,
987      256,
988      },
989 /* Cipher 36 */
990     {
991      1,
992      TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
993      TLS1_CK_DH_DSS_WITH_AES_256_SHA,
994      SSL_kDHd,
995      SSL_aDH,
996      SSL_AES256,
997      SSL_SHA1,
998      SSL_TLSV1,
999      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1000      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1001      256,
1002      256,
1003      },
1004 
1005 /* Cipher 37 */
1006     {
1007      1,
1008      TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1009      TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1010      SSL_kDHr,
1011      SSL_aDH,
1012      SSL_AES256,
1013      SSL_SHA1,
1014      SSL_TLSV1,
1015      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1016      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1017      256,
1018      256,
1019      },
1020 
1021 /* Cipher 38 */
1022     {
1023      1,
1024      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1025      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1026      SSL_kEDH,
1027      SSL_aDSS,
1028      SSL_AES256,
1029      SSL_SHA1,
1030      SSL_TLSV1,
1031      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1032      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1033      256,
1034      256,
1035      },
1036 
1037 /* Cipher 39 */
1038     {
1039      1,
1040      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1041      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1042      SSL_kEDH,
1043      SSL_aRSA,
1044      SSL_AES256,
1045      SSL_SHA1,
1046      SSL_TLSV1,
1047      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1048      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1049      256,
1050      256,
1051      },
1052 
1053     /* Cipher 3A */
1054     {
1055      1,
1056      TLS1_TXT_ADH_WITH_AES_256_SHA,
1057      TLS1_CK_ADH_WITH_AES_256_SHA,
1058      SSL_kEDH,
1059      SSL_aNULL,
1060      SSL_AES256,
1061      SSL_SHA1,
1062      SSL_TLSV1,
1063      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1064      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1065      256,
1066      256,
1067      },
1068 
1069     /* TLS v1.2 ciphersuites */
1070     /* Cipher 3B */
1071     {
1072      1,
1073      TLS1_TXT_RSA_WITH_NULL_SHA256,
1074      TLS1_CK_RSA_WITH_NULL_SHA256,
1075      SSL_kRSA,
1076      SSL_aRSA,
1077      SSL_eNULL,
1078      SSL_SHA256,
1079      SSL_TLSV1_2,
1080      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
1081      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1082      0,
1083      0,
1084      },
1085 
1086     /* Cipher 3C */
1087     {
1088      1,
1089      TLS1_TXT_RSA_WITH_AES_128_SHA256,
1090      TLS1_CK_RSA_WITH_AES_128_SHA256,
1091      SSL_kRSA,
1092      SSL_aRSA,
1093      SSL_AES128,
1094      SSL_SHA256,
1095      SSL_TLSV1_2,
1096      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1097      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1098      128,
1099      128,
1100      },
1101 
1102     /* Cipher 3D */
1103     {
1104      1,
1105      TLS1_TXT_RSA_WITH_AES_256_SHA256,
1106      TLS1_CK_RSA_WITH_AES_256_SHA256,
1107      SSL_kRSA,
1108      SSL_aRSA,
1109      SSL_AES256,
1110      SSL_SHA256,
1111      SSL_TLSV1_2,
1112      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1113      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1114      256,
1115      256,
1116      },
1117 
1118     /* Cipher 3E */
1119     {
1120      1,
1121      TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1122      TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1123      SSL_kDHd,
1124      SSL_aDH,
1125      SSL_AES128,
1126      SSL_SHA256,
1127      SSL_TLSV1_2,
1128      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1129      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1130      128,
1131      128,
1132      },
1133 
1134     /* Cipher 3F */
1135     {
1136      1,
1137      TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1138      TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1139      SSL_kDHr,
1140      SSL_aDH,
1141      SSL_AES128,
1142      SSL_SHA256,
1143      SSL_TLSV1_2,
1144      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1145      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1146      128,
1147      128,
1148      },
1149 
1150     /* Cipher 40 */
1151     {
1152      1,
1153      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1154      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1155      SSL_kEDH,
1156      SSL_aDSS,
1157      SSL_AES128,
1158      SSL_SHA256,
1159      SSL_TLSV1_2,
1160      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1161      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1162      128,
1163      128,
1164      },
1165 
1166 #ifndef OPENSSL_NO_CAMELLIA
1167     /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1168 
1169     /* Cipher 41 */
1170     {
1171      1,
1172      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1173      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1174      SSL_kRSA,
1175      SSL_aRSA,
1176      SSL_CAMELLIA128,
1177      SSL_SHA1,
1178      SSL_TLSV1,
1179      SSL_NOT_EXP | SSL_HIGH,
1180      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1181      128,
1182      128,
1183      },
1184 
1185     /* Cipher 42 */
1186     {
1187      1,
1188      TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1189      TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1190      SSL_kDHd,
1191      SSL_aDH,
1192      SSL_CAMELLIA128,
1193      SSL_SHA1,
1194      SSL_TLSV1,
1195      SSL_NOT_EXP | SSL_HIGH,
1196      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1197      128,
1198      128,
1199      },
1200 
1201     /* Cipher 43 */
1202     {
1203      1,
1204      TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1205      TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1206      SSL_kDHr,
1207      SSL_aDH,
1208      SSL_CAMELLIA128,
1209      SSL_SHA1,
1210      SSL_TLSV1,
1211      SSL_NOT_EXP | SSL_HIGH,
1212      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1213      128,
1214      128,
1215      },
1216 
1217     /* Cipher 44 */
1218     {
1219      1,
1220      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1221      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1222      SSL_kEDH,
1223      SSL_aDSS,
1224      SSL_CAMELLIA128,
1225      SSL_SHA1,
1226      SSL_TLSV1,
1227      SSL_NOT_EXP | SSL_HIGH,
1228      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1229      128,
1230      128,
1231      },
1232 
1233     /* Cipher 45 */
1234     {
1235      1,
1236      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1237      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1238      SSL_kEDH,
1239      SSL_aRSA,
1240      SSL_CAMELLIA128,
1241      SSL_SHA1,
1242      SSL_TLSV1,
1243      SSL_NOT_EXP | SSL_HIGH,
1244      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1245      128,
1246      128,
1247      },
1248 
1249     /* Cipher 46 */
1250     {
1251      1,
1252      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1253      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1254      SSL_kEDH,
1255      SSL_aNULL,
1256      SSL_CAMELLIA128,
1257      SSL_SHA1,
1258      SSL_TLSV1,
1259      SSL_NOT_EXP | SSL_HIGH,
1260      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1261      128,
1262      128,
1263      },
1264 #endif                          /* OPENSSL_NO_CAMELLIA */
1265 
1266 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1267     /* New TLS Export CipherSuites from expired ID */
1268 # if 0
1269     /* Cipher 60 */
1270     {
1271      1,
1272      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1273      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1274      SSL_kRSA,
1275      SSL_aRSA,
1276      SSL_RC4,
1277      SSL_MD5,
1278      SSL_TLSV1,
1279      SSL_EXPORT | SSL_EXP56,
1280      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1281      56,
1282      128,
1283      },
1284 
1285     /* Cipher 61 */
1286     {
1287      1,
1288      TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1289      TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1290      SSL_kRSA,
1291      SSL_aRSA,
1292      SSL_RC2,
1293      SSL_MD5,
1294      SSL_TLSV1,
1295      SSL_EXPORT | SSL_EXP56,
1296      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1297      56,
1298      128,
1299      },
1300 # endif
1301 
1302     /* Cipher 62 */
1303     {
1304      1,
1305      TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1306      TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1307      SSL_kRSA,
1308      SSL_aRSA,
1309      SSL_DES,
1310      SSL_SHA1,
1311      SSL_TLSV1,
1312      SSL_EXPORT | SSL_EXP56,
1313      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1314      56,
1315      56,
1316      },
1317 
1318     /* Cipher 63 */
1319     {
1320      1,
1321      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1322      TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1323      SSL_kEDH,
1324      SSL_aDSS,
1325      SSL_DES,
1326      SSL_SHA1,
1327      SSL_TLSV1,
1328      SSL_EXPORT | SSL_EXP56,
1329      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1330      56,
1331      56,
1332      },
1333 
1334     /* Cipher 64 */
1335     {
1336      1,
1337      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1338      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1339      SSL_kRSA,
1340      SSL_aRSA,
1341      SSL_RC4,
1342      SSL_SHA1,
1343      SSL_TLSV1,
1344      SSL_EXPORT | SSL_EXP56,
1345      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1346      56,
1347      128,
1348      },
1349 
1350     /* Cipher 65 */
1351     {
1352      1,
1353      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1354      TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1355      SSL_kEDH,
1356      SSL_aDSS,
1357      SSL_RC4,
1358      SSL_SHA1,
1359      SSL_TLSV1,
1360      SSL_EXPORT | SSL_EXP56,
1361      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1362      56,
1363      128,
1364      },
1365 
1366     /* Cipher 66 */
1367     {
1368      1,
1369      TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1370      TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1371      SSL_kEDH,
1372      SSL_aDSS,
1373      SSL_RC4,
1374      SSL_SHA1,
1375      SSL_TLSV1,
1376      SSL_NOT_EXP | SSL_MEDIUM,
1377      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1378      128,
1379      128,
1380      },
1381 #endif
1382 
1383     /* TLS v1.2 ciphersuites */
1384     /* Cipher 67 */
1385     {
1386      1,
1387      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1388      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1389      SSL_kEDH,
1390      SSL_aRSA,
1391      SSL_AES128,
1392      SSL_SHA256,
1393      SSL_TLSV1_2,
1394      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1395      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1396      128,
1397      128,
1398      },
1399 
1400     /* Cipher 68 */
1401     {
1402      1,
1403      TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1404      TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1405      SSL_kDHd,
1406      SSL_aDH,
1407      SSL_AES256,
1408      SSL_SHA256,
1409      SSL_TLSV1_2,
1410      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1411      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1412      256,
1413      256,
1414      },
1415 
1416     /* Cipher 69 */
1417     {
1418      1,
1419      TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1420      TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1421      SSL_kDHr,
1422      SSL_aDH,
1423      SSL_AES256,
1424      SSL_SHA256,
1425      SSL_TLSV1_2,
1426      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1427      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1428      256,
1429      256,
1430      },
1431 
1432     /* Cipher 6A */
1433     {
1434      1,
1435      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1436      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1437      SSL_kEDH,
1438      SSL_aDSS,
1439      SSL_AES256,
1440      SSL_SHA256,
1441      SSL_TLSV1_2,
1442      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1443      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1444      256,
1445      256,
1446      },
1447 
1448     /* Cipher 6B */
1449     {
1450      1,
1451      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1452      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1453      SSL_kEDH,
1454      SSL_aRSA,
1455      SSL_AES256,
1456      SSL_SHA256,
1457      SSL_TLSV1_2,
1458      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1459      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1460      256,
1461      256,
1462      },
1463 
1464     /* Cipher 6C */
1465     {
1466      1,
1467      TLS1_TXT_ADH_WITH_AES_128_SHA256,
1468      TLS1_CK_ADH_WITH_AES_128_SHA256,
1469      SSL_kEDH,
1470      SSL_aNULL,
1471      SSL_AES128,
1472      SSL_SHA256,
1473      SSL_TLSV1_2,
1474      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1475      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1476      128,
1477      128,
1478      },
1479 
1480     /* Cipher 6D */
1481     {
1482      1,
1483      TLS1_TXT_ADH_WITH_AES_256_SHA256,
1484      TLS1_CK_ADH_WITH_AES_256_SHA256,
1485      SSL_kEDH,
1486      SSL_aNULL,
1487      SSL_AES256,
1488      SSL_SHA256,
1489      SSL_TLSV1_2,
1490      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1491      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1492      256,
1493      256,
1494      },
1495 
1496     /* GOST Ciphersuites */
1497 
1498     {
1499      1,
1500      "GOST94-GOST89-GOST89",
1501      0x3000080,
1502      SSL_kGOST,
1503      SSL_aGOST94,
1504      SSL_eGOST2814789CNT,
1505      SSL_GOST89MAC,
1506      SSL_TLSV1,
1507      SSL_NOT_EXP | SSL_HIGH,
1508      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1509      256,
1510      256},
1511     {
1512      1,
1513      "GOST2001-GOST89-GOST89",
1514      0x3000081,
1515      SSL_kGOST,
1516      SSL_aGOST01,
1517      SSL_eGOST2814789CNT,
1518      SSL_GOST89MAC,
1519      SSL_TLSV1,
1520      SSL_NOT_EXP | SSL_HIGH,
1521      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1522      256,
1523      256},
1524     {
1525      1,
1526      "GOST94-NULL-GOST94",
1527      0x3000082,
1528      SSL_kGOST,
1529      SSL_aGOST94,
1530      SSL_eNULL,
1531      SSL_GOST94,
1532      SSL_TLSV1,
1533      SSL_NOT_EXP | SSL_STRONG_NONE,
1534      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1535      0,
1536      0},
1537     {
1538      1,
1539      "GOST2001-NULL-GOST94",
1540      0x3000083,
1541      SSL_kGOST,
1542      SSL_aGOST01,
1543      SSL_eNULL,
1544      SSL_GOST94,
1545      SSL_TLSV1,
1546      SSL_NOT_EXP | SSL_STRONG_NONE,
1547      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1548      0,
1549      0},
1550 
1551 #ifndef OPENSSL_NO_CAMELLIA
1552     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1553 
1554     /* Cipher 84 */
1555     {
1556      1,
1557      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1558      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1559      SSL_kRSA,
1560      SSL_aRSA,
1561      SSL_CAMELLIA256,
1562      SSL_SHA1,
1563      SSL_TLSV1,
1564      SSL_NOT_EXP | SSL_HIGH,
1565      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1566      256,
1567      256,
1568      },
1569     /* Cipher 85 */
1570     {
1571      1,
1572      TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1573      TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1574      SSL_kDHd,
1575      SSL_aDH,
1576      SSL_CAMELLIA256,
1577      SSL_SHA1,
1578      SSL_TLSV1,
1579      SSL_NOT_EXP | SSL_HIGH,
1580      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1581      256,
1582      256,
1583      },
1584 
1585     /* Cipher 86 */
1586     {
1587      1,
1588      TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1589      TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1590      SSL_kDHr,
1591      SSL_aDH,
1592      SSL_CAMELLIA256,
1593      SSL_SHA1,
1594      SSL_TLSV1,
1595      SSL_NOT_EXP | SSL_HIGH,
1596      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1597      256,
1598      256,
1599      },
1600 
1601     /* Cipher 87 */
1602     {
1603      1,
1604      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1605      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1606      SSL_kEDH,
1607      SSL_aDSS,
1608      SSL_CAMELLIA256,
1609      SSL_SHA1,
1610      SSL_TLSV1,
1611      SSL_NOT_EXP | SSL_HIGH,
1612      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1613      256,
1614      256,
1615      },
1616 
1617     /* Cipher 88 */
1618     {
1619      1,
1620      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1621      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1622      SSL_kEDH,
1623      SSL_aRSA,
1624      SSL_CAMELLIA256,
1625      SSL_SHA1,
1626      SSL_TLSV1,
1627      SSL_NOT_EXP | SSL_HIGH,
1628      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1629      256,
1630      256,
1631      },
1632 
1633     /* Cipher 89 */
1634     {
1635      1,
1636      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1637      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1638      SSL_kEDH,
1639      SSL_aNULL,
1640      SSL_CAMELLIA256,
1641      SSL_SHA1,
1642      SSL_TLSV1,
1643      SSL_NOT_EXP | SSL_HIGH,
1644      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1645      256,
1646      256,
1647      },
1648 #endif                          /* OPENSSL_NO_CAMELLIA */
1649 
1650 #ifndef OPENSSL_NO_PSK
1651     /* Cipher 8A */
1652     {
1653      1,
1654      TLS1_TXT_PSK_WITH_RC4_128_SHA,
1655      TLS1_CK_PSK_WITH_RC4_128_SHA,
1656      SSL_kPSK,
1657      SSL_aPSK,
1658      SSL_RC4,
1659      SSL_SHA1,
1660      SSL_TLSV1,
1661      SSL_NOT_EXP | SSL_MEDIUM,
1662      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1663      128,
1664      128,
1665      },
1666 
1667     /* Cipher 8B */
1668     {
1669      1,
1670      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1671      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1672      SSL_kPSK,
1673      SSL_aPSK,
1674      SSL_3DES,
1675      SSL_SHA1,
1676      SSL_TLSV1,
1677      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1678      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1679      112,
1680      168,
1681      },
1682 
1683     /* Cipher 8C */
1684     {
1685      1,
1686      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1687      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1688      SSL_kPSK,
1689      SSL_aPSK,
1690      SSL_AES128,
1691      SSL_SHA1,
1692      SSL_TLSV1,
1693      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1694      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1695      128,
1696      128,
1697      },
1698 
1699     /* Cipher 8D */
1700     {
1701      1,
1702      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1703      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1704      SSL_kPSK,
1705      SSL_aPSK,
1706      SSL_AES256,
1707      SSL_SHA1,
1708      SSL_TLSV1,
1709      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1710      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1711      256,
1712      256,
1713      },
1714 #endif                          /* OPENSSL_NO_PSK */
1715 
1716 #ifndef OPENSSL_NO_SEED
1717     /* SEED ciphersuites from RFC4162 */
1718 
1719     /* Cipher 96 */
1720     {
1721      1,
1722      TLS1_TXT_RSA_WITH_SEED_SHA,
1723      TLS1_CK_RSA_WITH_SEED_SHA,
1724      SSL_kRSA,
1725      SSL_aRSA,
1726      SSL_SEED,
1727      SSL_SHA1,
1728      SSL_TLSV1,
1729      SSL_NOT_EXP | SSL_MEDIUM,
1730      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1731      128,
1732      128,
1733      },
1734 
1735     /* Cipher 97 */
1736     {
1737      1,
1738      TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1739      TLS1_CK_DH_DSS_WITH_SEED_SHA,
1740      SSL_kDHd,
1741      SSL_aDH,
1742      SSL_SEED,
1743      SSL_SHA1,
1744      SSL_TLSV1,
1745      SSL_NOT_EXP | SSL_MEDIUM,
1746      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1747      128,
1748      128,
1749      },
1750 
1751     /* Cipher 98 */
1752     {
1753      1,
1754      TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1755      TLS1_CK_DH_RSA_WITH_SEED_SHA,
1756      SSL_kDHr,
1757      SSL_aDH,
1758      SSL_SEED,
1759      SSL_SHA1,
1760      SSL_TLSV1,
1761      SSL_NOT_EXP | SSL_MEDIUM,
1762      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1763      128,
1764      128,
1765      },
1766 
1767     /* Cipher 99 */
1768     {
1769      1,
1770      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1771      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1772      SSL_kEDH,
1773      SSL_aDSS,
1774      SSL_SEED,
1775      SSL_SHA1,
1776      SSL_TLSV1,
1777      SSL_NOT_EXP | SSL_MEDIUM,
1778      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1779      128,
1780      128,
1781      },
1782 
1783     /* Cipher 9A */
1784     {
1785      1,
1786      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1787      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1788      SSL_kEDH,
1789      SSL_aRSA,
1790      SSL_SEED,
1791      SSL_SHA1,
1792      SSL_TLSV1,
1793      SSL_NOT_EXP | SSL_MEDIUM,
1794      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1795      128,
1796      128,
1797      },
1798 
1799     /* Cipher 9B */
1800     {
1801      1,
1802      TLS1_TXT_ADH_WITH_SEED_SHA,
1803      TLS1_CK_ADH_WITH_SEED_SHA,
1804      SSL_kEDH,
1805      SSL_aNULL,
1806      SSL_SEED,
1807      SSL_SHA1,
1808      SSL_TLSV1,
1809      SSL_NOT_EXP | SSL_MEDIUM,
1810      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1811      128,
1812      128,
1813      },
1814 
1815 #endif                          /* OPENSSL_NO_SEED */
1816 
1817     /* GCM ciphersuites from RFC5288 */
1818 
1819     /* Cipher 9C */
1820     {
1821      1,
1822      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1823      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1824      SSL_kRSA,
1825      SSL_aRSA,
1826      SSL_AES128GCM,
1827      SSL_AEAD,
1828      SSL_TLSV1_2,
1829      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1830      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1831      128,
1832      128,
1833      },
1834 
1835     /* Cipher 9D */
1836     {
1837      1,
1838      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1839      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1840      SSL_kRSA,
1841      SSL_aRSA,
1842      SSL_AES256GCM,
1843      SSL_AEAD,
1844      SSL_TLSV1_2,
1845      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1846      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1847      256,
1848      256,
1849      },
1850 
1851     /* Cipher 9E */
1852     {
1853      1,
1854      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1855      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1856      SSL_kEDH,
1857      SSL_aRSA,
1858      SSL_AES128GCM,
1859      SSL_AEAD,
1860      SSL_TLSV1_2,
1861      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1862      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1863      128,
1864      128,
1865      },
1866 
1867     /* Cipher 9F */
1868     {
1869      1,
1870      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1871      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1872      SSL_kEDH,
1873      SSL_aRSA,
1874      SSL_AES256GCM,
1875      SSL_AEAD,
1876      SSL_TLSV1_2,
1877      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1878      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1879      256,
1880      256,
1881      },
1882 
1883     /* Cipher A0 */
1884     {
1885      1,
1886      TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1887      TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1888      SSL_kDHr,
1889      SSL_aDH,
1890      SSL_AES128GCM,
1891      SSL_AEAD,
1892      SSL_TLSV1_2,
1893      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1894      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1895      128,
1896      128,
1897      },
1898 
1899     /* Cipher A1 */
1900     {
1901      1,
1902      TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1903      TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1904      SSL_kDHr,
1905      SSL_aDH,
1906      SSL_AES256GCM,
1907      SSL_AEAD,
1908      SSL_TLSV1_2,
1909      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1910      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1911      256,
1912      256,
1913      },
1914 
1915     /* Cipher A2 */
1916     {
1917      1,
1918      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1919      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1920      SSL_kEDH,
1921      SSL_aDSS,
1922      SSL_AES128GCM,
1923      SSL_AEAD,
1924      SSL_TLSV1_2,
1925      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1926      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1927      128,
1928      128,
1929      },
1930 
1931     /* Cipher A3 */
1932     {
1933      1,
1934      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1935      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1936      SSL_kEDH,
1937      SSL_aDSS,
1938      SSL_AES256GCM,
1939      SSL_AEAD,
1940      SSL_TLSV1_2,
1941      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1942      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1943      256,
1944      256,
1945      },
1946 
1947     /* Cipher A4 */
1948     {
1949      1,
1950      TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1951      TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1952      SSL_kDHd,
1953      SSL_aDH,
1954      SSL_AES128GCM,
1955      SSL_AEAD,
1956      SSL_TLSV1_2,
1957      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1958      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1959      128,
1960      128,
1961      },
1962 
1963     /* Cipher A5 */
1964     {
1965      1,
1966      TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1967      TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1968      SSL_kDHd,
1969      SSL_aDH,
1970      SSL_AES256GCM,
1971      SSL_AEAD,
1972      SSL_TLSV1_2,
1973      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1974      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1975      256,
1976      256,
1977      },
1978 
1979     /* Cipher A6 */
1980     {
1981      1,
1982      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1983      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1984      SSL_kEDH,
1985      SSL_aNULL,
1986      SSL_AES128GCM,
1987      SSL_AEAD,
1988      SSL_TLSV1_2,
1989      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1990      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1991      128,
1992      128,
1993      },
1994 
1995     /* Cipher A7 */
1996     {
1997      1,
1998      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
1999      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2000      SSL_kEDH,
2001      SSL_aNULL,
2002      SSL_AES256GCM,
2003      SSL_AEAD,
2004      SSL_TLSV1_2,
2005      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2006      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2007      256,
2008      256,
2009      },
2010 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2011     {
2012      1,
2013      "SCSV",
2014      SSL3_CK_SCSV,
2015      0,
2016      0,
2017      0,
2018      0,
2019      0,
2020      0,
2021      0,
2022      0,
2023      0},
2024 #endif
2025 
2026 #ifndef OPENSSL_NO_ECDH
2027     /* Cipher C001 */
2028     {
2029      1,
2030      TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2031      TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2032      SSL_kECDHe,
2033      SSL_aECDH,
2034      SSL_eNULL,
2035      SSL_SHA1,
2036      SSL_TLSV1,
2037      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2038      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2039      0,
2040      0,
2041      },
2042 
2043     /* Cipher C002 */
2044     {
2045      1,
2046      TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2047      TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2048      SSL_kECDHe,
2049      SSL_aECDH,
2050      SSL_RC4,
2051      SSL_SHA1,
2052      SSL_TLSV1,
2053      SSL_NOT_EXP | SSL_MEDIUM,
2054      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2055      128,
2056      128,
2057      },
2058 
2059     /* Cipher C003 */
2060     {
2061      1,
2062      TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2063      TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2064      SSL_kECDHe,
2065      SSL_aECDH,
2066      SSL_3DES,
2067      SSL_SHA1,
2068      SSL_TLSV1,
2069      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2070      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2071      112,
2072      168,
2073      },
2074 
2075     /* Cipher C004 */
2076     {
2077      1,
2078      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2079      TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2080      SSL_kECDHe,
2081      SSL_aECDH,
2082      SSL_AES128,
2083      SSL_SHA1,
2084      SSL_TLSV1,
2085      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2086      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2087      128,
2088      128,
2089      },
2090 
2091     /* Cipher C005 */
2092     {
2093      1,
2094      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2095      TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2096      SSL_kECDHe,
2097      SSL_aECDH,
2098      SSL_AES256,
2099      SSL_SHA1,
2100      SSL_TLSV1,
2101      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2102      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2103      256,
2104      256,
2105      },
2106 
2107     /* Cipher C006 */
2108     {
2109      1,
2110      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2111      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2112      SSL_kEECDH,
2113      SSL_aECDSA,
2114      SSL_eNULL,
2115      SSL_SHA1,
2116      SSL_TLSV1,
2117      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2118      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2119      0,
2120      0,
2121      },
2122 
2123     /* Cipher C007 */
2124     {
2125      1,
2126      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2127      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2128      SSL_kEECDH,
2129      SSL_aECDSA,
2130      SSL_RC4,
2131      SSL_SHA1,
2132      SSL_TLSV1,
2133      SSL_NOT_EXP | SSL_MEDIUM,
2134      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2135      128,
2136      128,
2137      },
2138 
2139     /* Cipher C008 */
2140     {
2141      1,
2142      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2143      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2144      SSL_kEECDH,
2145      SSL_aECDSA,
2146      SSL_3DES,
2147      SSL_SHA1,
2148      SSL_TLSV1,
2149      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2150      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2151      112,
2152      168,
2153      },
2154 
2155     /* Cipher C009 */
2156     {
2157      1,
2158      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2159      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2160      SSL_kEECDH,
2161      SSL_aECDSA,
2162      SSL_AES128,
2163      SSL_SHA1,
2164      SSL_TLSV1,
2165      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2166      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2167      128,
2168      128,
2169      },
2170 
2171     /* Cipher C00A */
2172     {
2173      1,
2174      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2175      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2176      SSL_kEECDH,
2177      SSL_aECDSA,
2178      SSL_AES256,
2179      SSL_SHA1,
2180      SSL_TLSV1,
2181      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2182      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2183      256,
2184      256,
2185      },
2186 
2187     /* Cipher C00B */
2188     {
2189      1,
2190      TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2191      TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2192      SSL_kECDHr,
2193      SSL_aECDH,
2194      SSL_eNULL,
2195      SSL_SHA1,
2196      SSL_TLSV1,
2197      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2198      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2199      0,
2200      0,
2201      },
2202 
2203     /* Cipher C00C */
2204     {
2205      1,
2206      TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2207      TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2208      SSL_kECDHr,
2209      SSL_aECDH,
2210      SSL_RC4,
2211      SSL_SHA1,
2212      SSL_TLSV1,
2213      SSL_NOT_EXP | SSL_MEDIUM,
2214      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2215      128,
2216      128,
2217      },
2218 
2219     /* Cipher C00D */
2220     {
2221      1,
2222      TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2223      TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2224      SSL_kECDHr,
2225      SSL_aECDH,
2226      SSL_3DES,
2227      SSL_SHA1,
2228      SSL_TLSV1,
2229      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2230      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2231      112,
2232      168,
2233      },
2234 
2235     /* Cipher C00E */
2236     {
2237      1,
2238      TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2239      TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2240      SSL_kECDHr,
2241      SSL_aECDH,
2242      SSL_AES128,
2243      SSL_SHA1,
2244      SSL_TLSV1,
2245      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2246      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2247      128,
2248      128,
2249      },
2250 
2251     /* Cipher C00F */
2252     {
2253      1,
2254      TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2255      TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2256      SSL_kECDHr,
2257      SSL_aECDH,
2258      SSL_AES256,
2259      SSL_SHA1,
2260      SSL_TLSV1,
2261      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2262      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2263      256,
2264      256,
2265      },
2266 
2267     /* Cipher C010 */
2268     {
2269      1,
2270      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2271      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2272      SSL_kEECDH,
2273      SSL_aRSA,
2274      SSL_eNULL,
2275      SSL_SHA1,
2276      SSL_TLSV1,
2277      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2278      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2279      0,
2280      0,
2281      },
2282 
2283     /* Cipher C011 */
2284     {
2285      1,
2286      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2287      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2288      SSL_kEECDH,
2289      SSL_aRSA,
2290      SSL_RC4,
2291      SSL_SHA1,
2292      SSL_TLSV1,
2293      SSL_NOT_EXP | SSL_MEDIUM,
2294      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2295      128,
2296      128,
2297      },
2298 
2299     /* Cipher C012 */
2300     {
2301      1,
2302      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2303      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2304      SSL_kEECDH,
2305      SSL_aRSA,
2306      SSL_3DES,
2307      SSL_SHA1,
2308      SSL_TLSV1,
2309      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2310      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2311      112,
2312      168,
2313      },
2314 
2315     /* Cipher C013 */
2316     {
2317      1,
2318      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2319      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2320      SSL_kEECDH,
2321      SSL_aRSA,
2322      SSL_AES128,
2323      SSL_SHA1,
2324      SSL_TLSV1,
2325      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2326      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2327      128,
2328      128,
2329      },
2330 
2331     /* Cipher C014 */
2332     {
2333      1,
2334      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2335      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2336      SSL_kEECDH,
2337      SSL_aRSA,
2338      SSL_AES256,
2339      SSL_SHA1,
2340      SSL_TLSV1,
2341      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2342      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2343      256,
2344      256,
2345      },
2346 
2347     /* Cipher C015 */
2348     {
2349      1,
2350      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2351      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2352      SSL_kEECDH,
2353      SSL_aNULL,
2354      SSL_eNULL,
2355      SSL_SHA1,
2356      SSL_TLSV1,
2357      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2358      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2359      0,
2360      0,
2361      },
2362 
2363     /* Cipher C016 */
2364     {
2365      1,
2366      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2367      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2368      SSL_kEECDH,
2369      SSL_aNULL,
2370      SSL_RC4,
2371      SSL_SHA1,
2372      SSL_TLSV1,
2373      SSL_NOT_EXP | SSL_MEDIUM,
2374      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2375      128,
2376      128,
2377      },
2378 
2379     /* Cipher C017 */
2380     {
2381      1,
2382      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2383      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2384      SSL_kEECDH,
2385      SSL_aNULL,
2386      SSL_3DES,
2387      SSL_SHA1,
2388      SSL_TLSV1,
2389      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2390      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2391      112,
2392      168,
2393      },
2394 
2395     /* Cipher C018 */
2396     {
2397      1,
2398      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2399      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2400      SSL_kEECDH,
2401      SSL_aNULL,
2402      SSL_AES128,
2403      SSL_SHA1,
2404      SSL_TLSV1,
2405      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2406      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2407      128,
2408      128,
2409      },
2410 
2411     /* Cipher C019 */
2412     {
2413      1,
2414      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2415      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2416      SSL_kEECDH,
2417      SSL_aNULL,
2418      SSL_AES256,
2419      SSL_SHA1,
2420      SSL_TLSV1,
2421      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2422      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2423      256,
2424      256,
2425      },
2426 #endif                          /* OPENSSL_NO_ECDH */
2427 
2428 #ifndef OPENSSL_NO_SRP
2429     /* Cipher C01A */
2430     {
2431      1,
2432      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2433      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2434      SSL_kSRP,
2435      SSL_aSRP,
2436      SSL_3DES,
2437      SSL_SHA1,
2438      SSL_TLSV1,
2439      SSL_NOT_EXP | SSL_HIGH,
2440      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2441      112,
2442      168,
2443      },
2444 
2445     /* Cipher C01B */
2446     {
2447      1,
2448      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2449      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2450      SSL_kSRP,
2451      SSL_aRSA,
2452      SSL_3DES,
2453      SSL_SHA1,
2454      SSL_TLSV1,
2455      SSL_NOT_EXP | SSL_HIGH,
2456      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2457      112,
2458      168,
2459      },
2460 
2461     /* Cipher C01C */
2462     {
2463      1,
2464      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2465      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2466      SSL_kSRP,
2467      SSL_aDSS,
2468      SSL_3DES,
2469      SSL_SHA1,
2470      SSL_TLSV1,
2471      SSL_NOT_EXP | SSL_HIGH,
2472      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2473      112,
2474      168,
2475      },
2476 
2477     /* Cipher C01D */
2478     {
2479      1,
2480      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2481      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2482      SSL_kSRP,
2483      SSL_aSRP,
2484      SSL_AES128,
2485      SSL_SHA1,
2486      SSL_TLSV1,
2487      SSL_NOT_EXP | SSL_HIGH,
2488      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2489      128,
2490      128,
2491      },
2492 
2493     /* Cipher C01E */
2494     {
2495      1,
2496      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2497      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2498      SSL_kSRP,
2499      SSL_aRSA,
2500      SSL_AES128,
2501      SSL_SHA1,
2502      SSL_TLSV1,
2503      SSL_NOT_EXP | SSL_HIGH,
2504      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2505      128,
2506      128,
2507      },
2508 
2509     /* Cipher C01F */
2510     {
2511      1,
2512      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2513      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2514      SSL_kSRP,
2515      SSL_aDSS,
2516      SSL_AES128,
2517      SSL_SHA1,
2518      SSL_TLSV1,
2519      SSL_NOT_EXP | SSL_HIGH,
2520      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2521      128,
2522      128,
2523      },
2524 
2525     /* Cipher C020 */
2526     {
2527      1,
2528      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2529      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2530      SSL_kSRP,
2531      SSL_aSRP,
2532      SSL_AES256,
2533      SSL_SHA1,
2534      SSL_TLSV1,
2535      SSL_NOT_EXP | SSL_HIGH,
2536      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2537      256,
2538      256,
2539      },
2540 
2541     /* Cipher C021 */
2542     {
2543      1,
2544      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2545      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2546      SSL_kSRP,
2547      SSL_aRSA,
2548      SSL_AES256,
2549      SSL_SHA1,
2550      SSL_TLSV1,
2551      SSL_NOT_EXP | SSL_HIGH,
2552      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2553      256,
2554      256,
2555      },
2556 
2557     /* Cipher C022 */
2558     {
2559      1,
2560      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2561      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2562      SSL_kSRP,
2563      SSL_aDSS,
2564      SSL_AES256,
2565      SSL_SHA1,
2566      SSL_TLSV1,
2567      SSL_NOT_EXP | SSL_HIGH,
2568      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2569      256,
2570      256,
2571      },
2572 #endif                          /* OPENSSL_NO_SRP */
2573 #ifndef OPENSSL_NO_ECDH
2574 
2575     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2576 
2577     /* Cipher C023 */
2578     {
2579      1,
2580      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2581      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2582      SSL_kEECDH,
2583      SSL_aECDSA,
2584      SSL_AES128,
2585      SSL_SHA256,
2586      SSL_TLSV1_2,
2587      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2588      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2589      128,
2590      128,
2591      },
2592 
2593     /* Cipher C024 */
2594     {
2595      1,
2596      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2597      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2598      SSL_kEECDH,
2599      SSL_aECDSA,
2600      SSL_AES256,
2601      SSL_SHA384,
2602      SSL_TLSV1_2,
2603      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2604      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2605      256,
2606      256,
2607      },
2608 
2609     /* Cipher C025 */
2610     {
2611      1,
2612      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2613      TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2614      SSL_kECDHe,
2615      SSL_aECDH,
2616      SSL_AES128,
2617      SSL_SHA256,
2618      SSL_TLSV1_2,
2619      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2620      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2621      128,
2622      128,
2623      },
2624 
2625     /* Cipher C026 */
2626     {
2627      1,
2628      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2629      TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2630      SSL_kECDHe,
2631      SSL_aECDH,
2632      SSL_AES256,
2633      SSL_SHA384,
2634      SSL_TLSV1_2,
2635      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2636      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2637      256,
2638      256,
2639      },
2640 
2641     /* Cipher C027 */
2642     {
2643      1,
2644      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2645      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2646      SSL_kEECDH,
2647      SSL_aRSA,
2648      SSL_AES128,
2649      SSL_SHA256,
2650      SSL_TLSV1_2,
2651      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2652      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2653      128,
2654      128,
2655      },
2656 
2657     /* Cipher C028 */
2658     {
2659      1,
2660      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2661      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2662      SSL_kEECDH,
2663      SSL_aRSA,
2664      SSL_AES256,
2665      SSL_SHA384,
2666      SSL_TLSV1_2,
2667      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2668      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2669      256,
2670      256,
2671      },
2672 
2673     /* Cipher C029 */
2674     {
2675      1,
2676      TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2677      TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2678      SSL_kECDHr,
2679      SSL_aECDH,
2680      SSL_AES128,
2681      SSL_SHA256,
2682      SSL_TLSV1_2,
2683      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2684      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2685      128,
2686      128,
2687      },
2688 
2689     /* Cipher C02A */
2690     {
2691      1,
2692      TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2693      TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2694      SSL_kECDHr,
2695      SSL_aECDH,
2696      SSL_AES256,
2697      SSL_SHA384,
2698      SSL_TLSV1_2,
2699      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2700      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2701      256,
2702      256,
2703      },
2704 
2705     /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2706 
2707     /* Cipher C02B */
2708     {
2709      1,
2710      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2711      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2712      SSL_kEECDH,
2713      SSL_aECDSA,
2714      SSL_AES128GCM,
2715      SSL_AEAD,
2716      SSL_TLSV1_2,
2717      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2718      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2719      128,
2720      128,
2721      },
2722 
2723     /* Cipher C02C */
2724     {
2725      1,
2726      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2727      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2728      SSL_kEECDH,
2729      SSL_aECDSA,
2730      SSL_AES256GCM,
2731      SSL_AEAD,
2732      SSL_TLSV1_2,
2733      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2734      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2735      256,
2736      256,
2737      },
2738 
2739     /* Cipher C02D */
2740     {
2741      1,
2742      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2743      TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2744      SSL_kECDHe,
2745      SSL_aECDH,
2746      SSL_AES128GCM,
2747      SSL_AEAD,
2748      SSL_TLSV1_2,
2749      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2750      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2751      128,
2752      128,
2753      },
2754 
2755     /* Cipher C02E */
2756     {
2757      1,
2758      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2759      TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2760      SSL_kECDHe,
2761      SSL_aECDH,
2762      SSL_AES256GCM,
2763      SSL_AEAD,
2764      SSL_TLSV1_2,
2765      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2766      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2767      256,
2768      256,
2769      },
2770 
2771     /* Cipher C02F */
2772     {
2773      1,
2774      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2775      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2776      SSL_kEECDH,
2777      SSL_aRSA,
2778      SSL_AES128GCM,
2779      SSL_AEAD,
2780      SSL_TLSV1_2,
2781      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2782      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2783      128,
2784      128,
2785      },
2786 
2787     /* Cipher C030 */
2788     {
2789      1,
2790      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2791      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2792      SSL_kEECDH,
2793      SSL_aRSA,
2794      SSL_AES256GCM,
2795      SSL_AEAD,
2796      SSL_TLSV1_2,
2797      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2798      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2799      256,
2800      256,
2801      },
2802 
2803     /* Cipher C031 */
2804     {
2805      1,
2806      TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2807      TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2808      SSL_kECDHr,
2809      SSL_aECDH,
2810      SSL_AES128GCM,
2811      SSL_AEAD,
2812      SSL_TLSV1_2,
2813      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2814      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2815      128,
2816      128,
2817      },
2818 
2819     /* Cipher C032 */
2820     {
2821      1,
2822      TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2823      TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2824      SSL_kECDHr,
2825      SSL_aECDH,
2826      SSL_AES256GCM,
2827      SSL_AEAD,
2828      SSL_TLSV1_2,
2829      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2830      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2831      256,
2832      256,
2833      },
2834 
2835 #endif                          /* OPENSSL_NO_ECDH */
2836 
2837 #ifdef TEMP_GOST_TLS
2838 /* Cipher FF00 */
2839     {
2840      1,
2841      "GOST-MD5",
2842      0x0300ff00,
2843      SSL_kRSA,
2844      SSL_aRSA,
2845      SSL_eGOST2814789CNT,
2846      SSL_MD5,
2847      SSL_TLSV1,
2848      SSL_NOT_EXP | SSL_HIGH,
2849      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2850      256,
2851      256,
2852      },
2853     {
2854      1,
2855      "GOST-GOST94",
2856      0x0300ff01,
2857      SSL_kRSA,
2858      SSL_aRSA,
2859      SSL_eGOST2814789CNT,
2860      SSL_GOST94,
2861      SSL_TLSV1,
2862      SSL_NOT_EXP | SSL_HIGH,
2863      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2864      256,
2865      256},
2866     {
2867      1,
2868      "GOST-GOST89MAC",
2869      0x0300ff02,
2870      SSL_kRSA,
2871      SSL_aRSA,
2872      SSL_eGOST2814789CNT,
2873      SSL_GOST89MAC,
2874      SSL_TLSV1,
2875      SSL_NOT_EXP | SSL_HIGH,
2876      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2877      256,
2878      256},
2879     {
2880      1,
2881      "GOST-GOST89STREAM",
2882      0x0300ff03,
2883      SSL_kRSA,
2884      SSL_aRSA,
2885      SSL_eGOST2814789CNT,
2886      SSL_GOST89MAC,
2887      SSL_TLSV1,
2888      SSL_NOT_EXP | SSL_HIGH,
2889      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
2890      256,
2891      256},
2892 #endif
2893 
2894 /* end of list */
2895 };
2896 
2897 SSL3_ENC_METHOD SSLv3_enc_data = {
2898     ssl3_enc,
2899     n_ssl3_mac,
2900     ssl3_setup_key_block,
2901     ssl3_generate_master_secret,
2902     ssl3_change_cipher_state,
2903     ssl3_final_finish_mac,
2904     MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2905     ssl3_cert_verify_mac,
2906     SSL3_MD_CLIENT_FINISHED_CONST, 4,
2907     SSL3_MD_SERVER_FINISHED_CONST, 4,
2908     ssl3_alert_code,
2909     (int (*)(SSL *, unsigned char *, size_t, const char *,
2910              size_t, const unsigned char *, size_t,
2911              int use_context))ssl_undefined_function,
2912     0,
2913     SSL3_HM_HEADER_LENGTH,
2914     ssl3_set_handshake_header,
2915     ssl3_handshake_write
2916 };
2917 
2918 long ssl3_default_timeout(void)
2919 {
2920     /*
2921      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2922      * http, the cache would over fill
2923      */
2924     return (60 * 60 * 2);
2925 }
2926 
2927 int ssl3_num_ciphers(void)
2928 {
2929     return (SSL3_NUM_CIPHERS);
2930 }
2931 
2932 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2933 {
2934     if (u < SSL3_NUM_CIPHERS)
2935         return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2936     else
2937         return (NULL);
2938 }
2939 
2940 int ssl3_pending(const SSL *s)
2941 {
2942     if (s->rstate == SSL_ST_READ_BODY)
2943         return 0;
2944 
2945     return (s->s3->rrec.type ==
2946             SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2947 }
2948 
2949 void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
2950 {
2951     unsigned char *p = (unsigned char *)s->init_buf->data;
2952     *(p++) = htype;
2953     l2n3(len, p);
2954     s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
2955     s->init_off = 0;
2956 }
2957 
2958 int ssl3_handshake_write(SSL *s)
2959 {
2960     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2961 }
2962 
2963 int ssl3_new(SSL *s)
2964 {
2965     SSL3_STATE *s3;
2966 
2967     if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
2968         goto err;
2969     memset(s3, 0, sizeof *s3);
2970     memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2971     memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2972 
2973     s->s3 = s3;
2974 
2975 #ifndef OPENSSL_NO_SRP
2976     SSL_SRP_CTX_init(s);
2977 #endif
2978     s->method->ssl_clear(s);
2979     return (1);
2980  err:
2981     return (0);
2982 }
2983 
2984 void ssl3_free(SSL *s)
2985 {
2986     if (s == NULL || s->s3 == NULL)
2987         return;
2988 
2989 #ifdef TLSEXT_TYPE_opaque_prf_input
2990     if (s->s3->client_opaque_prf_input != NULL)
2991         OPENSSL_free(s->s3->client_opaque_prf_input);
2992     if (s->s3->server_opaque_prf_input != NULL)
2993         OPENSSL_free(s->s3->server_opaque_prf_input);
2994 #endif
2995 
2996     ssl3_cleanup_key_block(s);
2997     if (s->s3->rbuf.buf != NULL)
2998         ssl3_release_read_buffer(s);
2999     if (s->s3->wbuf.buf != NULL)
3000         ssl3_release_write_buffer(s);
3001     if (s->s3->rrec.comp != NULL)
3002         OPENSSL_free(s->s3->rrec.comp);
3003 #ifndef OPENSSL_NO_DH
3004     if (s->s3->tmp.dh != NULL)
3005         DH_free(s->s3->tmp.dh);
3006 #endif
3007 #ifndef OPENSSL_NO_ECDH
3008     if (s->s3->tmp.ecdh != NULL)
3009         EC_KEY_free(s->s3->tmp.ecdh);
3010 #endif
3011 
3012     if (s->s3->tmp.ca_names != NULL)
3013         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3014     if (s->s3->handshake_buffer) {
3015         BIO_free(s->s3->handshake_buffer);
3016     }
3017     if (s->s3->handshake_dgst)
3018         ssl3_free_digest_list(s);
3019 #ifndef OPENSSL_NO_TLSEXT
3020     if (s->s3->alpn_selected)
3021         OPENSSL_free(s->s3->alpn_selected);
3022 #endif
3023 
3024 #ifndef OPENSSL_NO_SRP
3025     SSL_SRP_CTX_free(s);
3026 #endif
3027     OPENSSL_cleanse(s->s3, sizeof *s->s3);
3028     OPENSSL_free(s->s3);
3029     s->s3 = NULL;
3030 }
3031 
3032 void ssl3_clear(SSL *s)
3033 {
3034     unsigned char *rp, *wp;
3035     size_t rlen, wlen;
3036     int init_extra;
3037 
3038 #ifdef TLSEXT_TYPE_opaque_prf_input
3039     if (s->s3->client_opaque_prf_input != NULL)
3040         OPENSSL_free(s->s3->client_opaque_prf_input);
3041     s->s3->client_opaque_prf_input = NULL;
3042     if (s->s3->server_opaque_prf_input != NULL)
3043         OPENSSL_free(s->s3->server_opaque_prf_input);
3044     s->s3->server_opaque_prf_input = NULL;
3045 #endif
3046 
3047     ssl3_cleanup_key_block(s);
3048     if (s->s3->tmp.ca_names != NULL)
3049         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3050 
3051     if (s->s3->rrec.comp != NULL) {
3052         OPENSSL_free(s->s3->rrec.comp);
3053         s->s3->rrec.comp = NULL;
3054     }
3055 #ifndef OPENSSL_NO_DH
3056     if (s->s3->tmp.dh != NULL) {
3057         DH_free(s->s3->tmp.dh);
3058         s->s3->tmp.dh = NULL;
3059     }
3060 #endif
3061 #ifndef OPENSSL_NO_ECDH
3062     if (s->s3->tmp.ecdh != NULL) {
3063         EC_KEY_free(s->s3->tmp.ecdh);
3064         s->s3->tmp.ecdh = NULL;
3065     }
3066 #endif
3067 #ifndef OPENSSL_NO_TLSEXT
3068 # ifndef OPENSSL_NO_EC
3069     s->s3->is_probably_safari = 0;
3070 # endif                         /* !OPENSSL_NO_EC */
3071 #endif                          /* !OPENSSL_NO_TLSEXT */
3072 
3073     rp = s->s3->rbuf.buf;
3074     wp = s->s3->wbuf.buf;
3075     rlen = s->s3->rbuf.len;
3076     wlen = s->s3->wbuf.len;
3077     init_extra = s->s3->init_extra;
3078     if (s->s3->handshake_buffer) {
3079         BIO_free(s->s3->handshake_buffer);
3080         s->s3->handshake_buffer = NULL;
3081     }
3082     if (s->s3->handshake_dgst) {
3083         ssl3_free_digest_list(s);
3084     }
3085 #if !defined(OPENSSL_NO_TLSEXT)
3086     if (s->s3->alpn_selected) {
3087         OPENSSL_free(s->s3->alpn_selected);
3088         s->s3->alpn_selected = NULL;
3089     }
3090 #endif
3091     memset(s->s3, 0, sizeof *s->s3);
3092     s->s3->rbuf.buf = rp;
3093     s->s3->wbuf.buf = wp;
3094     s->s3->rbuf.len = rlen;
3095     s->s3->wbuf.len = wlen;
3096     s->s3->init_extra = init_extra;
3097 
3098     ssl_free_wbio_buffer(s);
3099 
3100     s->packet_length = 0;
3101     s->s3->renegotiate = 0;
3102     s->s3->total_renegotiations = 0;
3103     s->s3->num_renegotiations = 0;
3104     s->s3->in_read_app_data = 0;
3105     s->version = SSL3_VERSION;
3106 
3107 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3108     if (s->next_proto_negotiated) {
3109         OPENSSL_free(s->next_proto_negotiated);
3110         s->next_proto_negotiated = NULL;
3111         s->next_proto_negotiated_len = 0;
3112     }
3113 #endif
3114 }
3115 
3116 #ifndef OPENSSL_NO_SRP
3117 static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3118 {
3119     return BUF_strdup(s->srp_ctx.info);
3120 }
3121 #endif
3122 
3123 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
3124                                   size_t len);
3125 
3126 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3127 {
3128     int ret = 0;
3129 
3130 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3131     if (
3132 # ifndef OPENSSL_NO_RSA
3133            cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3134 # endif
3135 # ifndef OPENSSL_NO_DSA
3136            cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
3137 # endif
3138            0) {
3139         if (!ssl_cert_inst(&s->cert)) {
3140             SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3141             return (0);
3142         }
3143     }
3144 #endif
3145 
3146     switch (cmd) {
3147     case SSL_CTRL_GET_SESSION_REUSED:
3148         ret = s->hit;
3149         break;
3150     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3151         break;
3152     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3153         ret = s->s3->num_renegotiations;
3154         break;
3155     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3156         ret = s->s3->num_renegotiations;
3157         s->s3->num_renegotiations = 0;
3158         break;
3159     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3160         ret = s->s3->total_renegotiations;
3161         break;
3162     case SSL_CTRL_GET_FLAGS:
3163         ret = (int)(s->s3->flags);
3164         break;
3165 #ifndef OPENSSL_NO_RSA
3166     case SSL_CTRL_NEED_TMP_RSA:
3167         if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3168             ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3169              (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3170               (512 / 8))))
3171             ret = 1;
3172         break;
3173     case SSL_CTRL_SET_TMP_RSA:
3174         {
3175             RSA *rsa = (RSA *)parg;
3176             if (rsa == NULL) {
3177                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3178                 return (ret);
3179             }
3180             if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3181                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3182                 return (ret);
3183             }
3184             if (s->cert->rsa_tmp != NULL)
3185                 RSA_free(s->cert->rsa_tmp);
3186             s->cert->rsa_tmp = rsa;
3187             ret = 1;
3188         }
3189         break;
3190     case SSL_CTRL_SET_TMP_RSA_CB:
3191         {
3192             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3193             return (ret);
3194         }
3195         break;
3196 #endif
3197 #ifndef OPENSSL_NO_DH
3198     case SSL_CTRL_SET_TMP_DH:
3199         {
3200             DH *dh = (DH *)parg;
3201             if (dh == NULL) {
3202                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3203                 return (ret);
3204             }
3205             if ((dh = DHparams_dup(dh)) == NULL) {
3206                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3207                 return (ret);
3208             }
3209             if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3210                 if (!DH_generate_key(dh)) {
3211                     DH_free(dh);
3212                     SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3213                     return (ret);
3214                 }
3215             }
3216             if (s->cert->dh_tmp != NULL)
3217                 DH_free(s->cert->dh_tmp);
3218             s->cert->dh_tmp = dh;
3219             ret = 1;
3220         }
3221         break;
3222     case SSL_CTRL_SET_TMP_DH_CB:
3223         {
3224             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3225             return (ret);
3226         }
3227         break;
3228 #endif
3229 #ifndef OPENSSL_NO_ECDH
3230     case SSL_CTRL_SET_TMP_ECDH:
3231         {
3232             EC_KEY *ecdh = NULL;
3233 
3234             if (parg == NULL) {
3235                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3236                 return (ret);
3237             }
3238             if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3239                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3240                 return (ret);
3241             }
3242             ecdh = (EC_KEY *)parg;
3243             if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3244                 if (!EC_KEY_generate_key(ecdh)) {
3245                     EC_KEY_free(ecdh);
3246                     SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3247                     return (ret);
3248                 }
3249             }
3250             if (s->cert->ecdh_tmp != NULL)
3251                 EC_KEY_free(s->cert->ecdh_tmp);
3252             s->cert->ecdh_tmp = ecdh;
3253             ret = 1;
3254         }
3255         break;
3256     case SSL_CTRL_SET_TMP_ECDH_CB:
3257         {
3258             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3259             return (ret);
3260         }
3261         break;
3262 #endif                          /* !OPENSSL_NO_ECDH */
3263 #ifndef OPENSSL_NO_TLSEXT
3264     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3265         if (larg == TLSEXT_NAMETYPE_host_name) {
3266             if (s->tlsext_hostname != NULL)
3267                 OPENSSL_free(s->tlsext_hostname);
3268             s->tlsext_hostname = NULL;
3269 
3270             ret = 1;
3271             if (parg == NULL)
3272                 break;
3273             if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3274                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3275                 return 0;
3276             }
3277             if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3278                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3279                 return 0;
3280             }
3281         } else {
3282             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3283             return 0;
3284         }
3285         break;
3286     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3287         s->tlsext_debug_arg = parg;
3288         ret = 1;
3289         break;
3290 
3291 # ifdef TLSEXT_TYPE_opaque_prf_input
3292     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3293         if (larg > 12288) {     /* actual internal limit is 2^16 for the
3294                                  * complete hello message * (including the
3295                                  * cert chain and everything) */
3296             SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3297             break;
3298         }
3299         if (s->tlsext_opaque_prf_input != NULL)
3300             OPENSSL_free(s->tlsext_opaque_prf_input);
3301         if ((size_t)larg == 0)
3302             s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
3303                                                              * just to get
3304                                                              * non-NULL */
3305         else
3306             s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3307         if (s->tlsext_opaque_prf_input != NULL) {
3308             s->tlsext_opaque_prf_input_len = (size_t)larg;
3309             ret = 1;
3310         } else
3311             s->tlsext_opaque_prf_input_len = 0;
3312         break;
3313 # endif
3314 
3315     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3316         s->tlsext_status_type = larg;
3317         ret = 1;
3318         break;
3319 
3320     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3321         *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3322         ret = 1;
3323         break;
3324 
3325     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3326         s->tlsext_ocsp_exts = parg;
3327         ret = 1;
3328         break;
3329 
3330     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3331         *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3332         ret = 1;
3333         break;
3334 
3335     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3336         s->tlsext_ocsp_ids = parg;
3337         ret = 1;
3338         break;
3339 
3340     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3341         *(unsigned char **)parg = s->tlsext_ocsp_resp;
3342         return s->tlsext_ocsp_resplen;
3343 
3344     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3345         if (s->tlsext_ocsp_resp)
3346             OPENSSL_free(s->tlsext_ocsp_resp);
3347         s->tlsext_ocsp_resp = parg;
3348         s->tlsext_ocsp_resplen = larg;
3349         ret = 1;
3350         break;
3351 
3352 # ifndef OPENSSL_NO_HEARTBEATS
3353     case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3354         if (SSL_IS_DTLS(s))
3355             ret = dtls1_heartbeat(s);
3356         else
3357             ret = tls1_heartbeat(s);
3358         break;
3359 
3360     case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3361         ret = s->tlsext_hb_pending;
3362         break;
3363 
3364     case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3365         if (larg)
3366             s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3367         else
3368             s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3369         ret = 1;
3370         break;
3371 # endif
3372 
3373 #endif                          /* !OPENSSL_NO_TLSEXT */
3374 
3375     case SSL_CTRL_CHAIN:
3376         if (larg)
3377             return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
3378         else
3379             return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);
3380 
3381     case SSL_CTRL_CHAIN_CERT:
3382         if (larg)
3383             return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
3384         else
3385             return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
3386 
3387     case SSL_CTRL_GET_CHAIN_CERTS:
3388         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3389         break;
3390 
3391     case SSL_CTRL_SELECT_CURRENT_CERT:
3392         return ssl_cert_select_current(s->cert, (X509 *)parg);
3393 
3394     case SSL_CTRL_SET_CURRENT_CERT:
3395         if (larg == SSL_CERT_SET_SERVER) {
3396             CERT_PKEY *cpk;
3397             const SSL_CIPHER *cipher;
3398             if (!s->server)
3399                 return 0;
3400             cipher = s->s3->tmp.new_cipher;
3401             if (!cipher)
3402                 return 0;
3403             /*
3404              * No certificate for unauthenticated ciphersuites or using SRP
3405              * authentication
3406              */
3407             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3408                 return 2;
3409             cpk = ssl_get_server_send_pkey(s);
3410             if (!cpk)
3411                 return 0;
3412             s->cert->key = cpk;
3413             return 1;
3414         }
3415         return ssl_cert_set_current(s->cert, larg);
3416 
3417 #ifndef OPENSSL_NO_EC
3418     case SSL_CTRL_GET_CURVES:
3419         {
3420             unsigned char *clist;
3421             size_t clistlen;
3422             if (!s->session)
3423                 return 0;
3424             clist = s->session->tlsext_ellipticcurvelist;
3425             clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3426             if (parg) {
3427                 size_t i;
3428                 int *cptr = parg;
3429                 unsigned int cid, nid;
3430                 for (i = 0; i < clistlen; i++) {
3431                     n2s(clist, cid);
3432                     nid = tls1_ec_curve_id2nid(cid);
3433                     if (nid != 0)
3434                         cptr[i] = nid;
3435                     else
3436                         cptr[i] = TLSEXT_nid_unknown | cid;
3437                 }
3438             }
3439             return (int)clistlen;
3440         }
3441 
3442     case SSL_CTRL_SET_CURVES:
3443         return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3444                                &s->tlsext_ellipticcurvelist_length,
3445                                parg, larg);
3446 
3447     case SSL_CTRL_SET_CURVES_LIST:
3448         return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3449                                     &s->tlsext_ellipticcurvelist_length,
3450                                     parg);
3451 
3452     case SSL_CTRL_GET_SHARED_CURVE:
3453         return tls1_shared_curve(s, larg);
3454 
3455 # ifndef OPENSSL_NO_ECDH
3456     case SSL_CTRL_SET_ECDH_AUTO:
3457         s->cert->ecdh_tmp_auto = larg;
3458         return 1;
3459 # endif
3460 #endif
3461     case SSL_CTRL_SET_SIGALGS:
3462         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3463 
3464     case SSL_CTRL_SET_SIGALGS_LIST:
3465         return tls1_set_sigalgs_list(s->cert, parg, 0);
3466 
3467     case SSL_CTRL_SET_CLIENT_SIGALGS:
3468         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3469 
3470     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3471         return tls1_set_sigalgs_list(s->cert, parg, 1);
3472 
3473     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3474         {
3475             const unsigned char **pctype = parg;
3476             if (s->server || !s->s3->tmp.cert_req)
3477                 return 0;
3478             if (s->cert->ctypes) {
3479                 if (pctype)
3480                     *pctype = s->cert->ctypes;
3481                 return (int)s->cert->ctype_num;
3482             }
3483             if (pctype)
3484                 *pctype = (unsigned char *)s->s3->tmp.ctype;
3485             return s->s3->tmp.ctype_num;
3486         }
3487 
3488     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3489         if (!s->server)
3490             return 0;
3491         return ssl3_set_req_cert_type(s->cert, parg, larg);
3492 
3493     case SSL_CTRL_BUILD_CERT_CHAIN:
3494         return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
3495 
3496     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3497         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3498 
3499     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3500         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3501 
3502     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3503         if (SSL_USE_SIGALGS(s)) {
3504             if (s->session && s->session->sess_cert) {
3505                 const EVP_MD *sig;
3506                 sig = s->session->sess_cert->peer_key->digest;
3507                 if (sig) {
3508                     *(int *)parg = EVP_MD_type(sig);
3509                     return 1;
3510                 }
3511             }
3512             return 0;
3513         }
3514         /* Might want to do something here for other versions */
3515         else
3516             return 0;
3517 
3518     case SSL_CTRL_GET_SERVER_TMP_KEY:
3519         if (s->server || !s->session || !s->session->sess_cert)
3520             return 0;
3521         else {
3522             SESS_CERT *sc;
3523             EVP_PKEY *ptmp;
3524             int rv = 0;
3525             sc = s->session->sess_cert;
3526 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
3527             if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
3528                 return 0;
3529 #endif
3530             ptmp = EVP_PKEY_new();
3531             if (!ptmp)
3532                 return 0;
3533             if (0) ;
3534 #ifndef OPENSSL_NO_RSA
3535             else if (sc->peer_rsa_tmp)
3536                 rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
3537 #endif
3538 #ifndef OPENSSL_NO_DH
3539             else if (sc->peer_dh_tmp)
3540                 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
3541 #endif
3542 #ifndef OPENSSL_NO_ECDH
3543             else if (sc->peer_ecdh_tmp)
3544                 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
3545 #endif
3546             if (rv) {
3547                 *(EVP_PKEY **)parg = ptmp;
3548                 return 1;
3549             }
3550             EVP_PKEY_free(ptmp);
3551             return 0;
3552         }
3553 #ifndef OPENSSL_NO_EC
3554     case SSL_CTRL_GET_EC_POINT_FORMATS:
3555         {
3556             SSL_SESSION *sess = s->session;
3557             const unsigned char **pformat = parg;
3558             if (!sess || !sess->tlsext_ecpointformatlist)
3559                 return 0;
3560             *pformat = sess->tlsext_ecpointformatlist;
3561             return (int)sess->tlsext_ecpointformatlist_length;
3562         }
3563 #endif
3564 
3565     case SSL_CTRL_CHECK_PROTO_VERSION:
3566         /*
3567          * For library-internal use; checks that the current protocol is the
3568          * highest enabled version (according to s->ctx->method, as version
3569          * negotiation may have changed s->method).
3570          */
3571         if (s->version == s->ctx->method->version)
3572             return 1;
3573         /*
3574          * Apparently we're using a version-flexible SSL_METHOD (not at its
3575          * highest protocol version).
3576          */
3577         if (s->ctx->method->version == SSLv23_method()->version) {
3578 #if TLS_MAX_VERSION != TLS1_2_VERSION
3579 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3580 #endif
3581             if (!(s->options & SSL_OP_NO_TLSv1_2))
3582                 return s->version == TLS1_2_VERSION;
3583             if (!(s->options & SSL_OP_NO_TLSv1_1))
3584                 return s->version == TLS1_1_VERSION;
3585             if (!(s->options & SSL_OP_NO_TLSv1))
3586                 return s->version == TLS1_VERSION;
3587             if (!(s->options & SSL_OP_NO_SSLv3))
3588                 return s->version == SSL3_VERSION;
3589             if (!(s->options & SSL_OP_NO_SSLv2))
3590                 return s->version == SSL2_VERSION;
3591         }
3592         return 0;               /* Unexpected state; fail closed. */
3593 
3594     default:
3595         break;
3596     }
3597     return (ret);
3598 }
3599 
3600 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3601 {
3602     int ret = 0;
3603 
3604 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3605     if (
3606 # ifndef OPENSSL_NO_RSA
3607            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3608 # endif
3609 # ifndef OPENSSL_NO_DSA
3610            cmd == SSL_CTRL_SET_TMP_DH_CB ||
3611 # endif
3612            0) {
3613         if (!ssl_cert_inst(&s->cert)) {
3614             SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3615             return (0);
3616         }
3617     }
3618 #endif
3619 
3620     switch (cmd) {
3621 #ifndef OPENSSL_NO_RSA
3622     case SSL_CTRL_SET_TMP_RSA_CB:
3623         {
3624             s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3625         }
3626         break;
3627 #endif
3628 #ifndef OPENSSL_NO_DH
3629     case SSL_CTRL_SET_TMP_DH_CB:
3630         {
3631             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3632         }
3633         break;
3634 #endif
3635 #ifndef OPENSSL_NO_ECDH
3636     case SSL_CTRL_SET_TMP_ECDH_CB:
3637         {
3638             s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3639         }
3640         break;
3641 #endif
3642 #ifndef OPENSSL_NO_TLSEXT
3643     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3644         s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3645                                        unsigned char *, int, void *))fp;
3646         break;
3647 #endif
3648     default:
3649         break;
3650     }
3651     return (ret);
3652 }
3653 
3654 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3655 {
3656     CERT *cert;
3657 
3658     cert = ctx->cert;
3659 
3660     switch (cmd) {
3661 #ifndef OPENSSL_NO_RSA
3662     case SSL_CTRL_NEED_TMP_RSA:
3663         if ((cert->rsa_tmp == NULL) &&
3664             ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3665              (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3666               (512 / 8)))
3667             )
3668             return (1);
3669         else
3670             return (0);
3671         /* break; */
3672     case SSL_CTRL_SET_TMP_RSA:
3673         {
3674             RSA *rsa;
3675             int i;
3676 
3677             rsa = (RSA *)parg;
3678             i = 1;
3679             if (rsa == NULL)
3680                 i = 0;
3681             else {
3682                 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3683                     i = 0;
3684             }
3685             if (!i) {
3686                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3687                 return (0);
3688             } else {
3689                 if (cert->rsa_tmp != NULL)
3690                     RSA_free(cert->rsa_tmp);
3691                 cert->rsa_tmp = rsa;
3692                 return (1);
3693             }
3694         }
3695         /* break; */
3696     case SSL_CTRL_SET_TMP_RSA_CB:
3697         {
3698             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3699             return (0);
3700         }
3701         break;
3702 #endif
3703 #ifndef OPENSSL_NO_DH
3704     case SSL_CTRL_SET_TMP_DH:
3705         {
3706             DH *new = NULL, *dh;
3707 
3708             dh = (DH *)parg;
3709             if ((new = DHparams_dup(dh)) == NULL) {
3710                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3711                 return 0;
3712             }
3713             if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3714                 if (!DH_generate_key(new)) {
3715                     SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3716                     DH_free(new);
3717                     return 0;
3718                 }
3719             }
3720             if (cert->dh_tmp != NULL)
3721                 DH_free(cert->dh_tmp);
3722             cert->dh_tmp = new;
3723             return 1;
3724         }
3725         /*
3726          * break;
3727          */
3728     case SSL_CTRL_SET_TMP_DH_CB:
3729         {
3730             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3731             return (0);
3732         }
3733         break;
3734 #endif
3735 #ifndef OPENSSL_NO_ECDH
3736     case SSL_CTRL_SET_TMP_ECDH:
3737         {
3738             EC_KEY *ecdh = NULL;
3739 
3740             if (parg == NULL) {
3741                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3742                 return 0;
3743             }
3744             ecdh = EC_KEY_dup((EC_KEY *)parg);
3745             if (ecdh == NULL) {
3746                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3747                 return 0;
3748             }
3749             if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3750                 if (!EC_KEY_generate_key(ecdh)) {
3751                     EC_KEY_free(ecdh);
3752                     SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3753                     return 0;
3754                 }
3755             }
3756 
3757             if (cert->ecdh_tmp != NULL) {
3758                 EC_KEY_free(cert->ecdh_tmp);
3759             }
3760             cert->ecdh_tmp = ecdh;
3761             return 1;
3762         }
3763         /* break; */
3764     case SSL_CTRL_SET_TMP_ECDH_CB:
3765         {
3766             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3767             return (0);
3768         }
3769         break;
3770 #endif                          /* !OPENSSL_NO_ECDH */
3771 #ifndef OPENSSL_NO_TLSEXT
3772     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3773         ctx->tlsext_servername_arg = parg;
3774         break;
3775     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3776     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3777         {
3778             unsigned char *keys = parg;
3779             if (!keys)
3780                 return 48;
3781             if (larg != 48) {
3782                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3783                 return 0;
3784             }
3785             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3786                 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3787                 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3788                 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3789             } else {
3790                 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3791                 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3792                 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3793             }
3794             return 1;
3795         }
3796 
3797 # ifdef TLSEXT_TYPE_opaque_prf_input
3798     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3799         ctx->tlsext_opaque_prf_input_callback_arg = parg;
3800         return 1;
3801 # endif
3802 
3803     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3804         ctx->tlsext_status_arg = parg;
3805         return 1;
3806         break;
3807 
3808 # ifndef OPENSSL_NO_SRP
3809     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3810         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3811         if (ctx->srp_ctx.login != NULL)
3812             OPENSSL_free(ctx->srp_ctx.login);
3813         ctx->srp_ctx.login = NULL;
3814         if (parg == NULL)
3815             break;
3816         if (strlen((const char *)parg) > 255
3817             || strlen((const char *)parg) < 1) {
3818             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3819             return 0;
3820         }
3821         if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3822             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3823             return 0;
3824         }
3825         break;
3826     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3827         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3828             srp_password_from_info_cb;
3829         ctx->srp_ctx.info = parg;
3830         break;
3831     case SSL_CTRL_SET_SRP_ARG:
3832         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3833         ctx->srp_ctx.SRP_cb_arg = parg;
3834         break;
3835 
3836     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3837         ctx->srp_ctx.strength = larg;
3838         break;
3839 # endif
3840 
3841 # ifndef OPENSSL_NO_EC
3842     case SSL_CTRL_SET_CURVES:
3843         return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3844                                &ctx->tlsext_ellipticcurvelist_length,
3845                                parg, larg);
3846 
3847     case SSL_CTRL_SET_CURVES_LIST:
3848         return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3849                                     &ctx->tlsext_ellipticcurvelist_length,
3850                                     parg);
3851 #  ifndef OPENSSL_NO_ECDH
3852     case SSL_CTRL_SET_ECDH_AUTO:
3853         ctx->cert->ecdh_tmp_auto = larg;
3854         return 1;
3855 #  endif
3856 # endif
3857     case SSL_CTRL_SET_SIGALGS:
3858         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3859 
3860     case SSL_CTRL_SET_SIGALGS_LIST:
3861         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3862 
3863     case SSL_CTRL_SET_CLIENT_SIGALGS:
3864         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3865 
3866     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3867         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3868 
3869     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3870         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3871 
3872     case SSL_CTRL_BUILD_CERT_CHAIN:
3873         return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
3874 
3875     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3876         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3877 
3878     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3879         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3880 
3881 #endif                          /* !OPENSSL_NO_TLSEXT */
3882 
3883         /* A Thawte special :-) */
3884     case SSL_CTRL_EXTRA_CHAIN_CERT:
3885         if (ctx->extra_certs == NULL) {
3886             if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3887                 return (0);
3888         }
3889         sk_X509_push(ctx->extra_certs, (X509 *)parg);
3890         break;
3891 
3892     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3893         if (ctx->extra_certs == NULL && larg == 0)
3894             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3895         else
3896             *(STACK_OF(X509) **)parg = ctx->extra_certs;
3897         break;
3898 
3899     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3900         if (ctx->extra_certs) {
3901             sk_X509_pop_free(ctx->extra_certs, X509_free);
3902             ctx->extra_certs = NULL;
3903         }
3904         break;
3905 
3906     case SSL_CTRL_CHAIN:
3907         if (larg)
3908             return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);
3909         else
3910             return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);
3911 
3912     case SSL_CTRL_CHAIN_CERT:
3913         if (larg)
3914             return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
3915         else
3916             return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
3917 
3918     case SSL_CTRL_GET_CHAIN_CERTS:
3919         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3920         break;
3921 
3922     case SSL_CTRL_SELECT_CURRENT_CERT:
3923         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3924 
3925     case SSL_CTRL_SET_CURRENT_CERT:
3926         return ssl_cert_set_current(ctx->cert, larg);
3927 
3928     default:
3929         return (0);
3930     }
3931     return (1);
3932 }
3933 
3934 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3935 {
3936     CERT *cert;
3937 
3938     cert = ctx->cert;
3939 
3940     switch (cmd) {
3941 #ifndef OPENSSL_NO_RSA
3942     case SSL_CTRL_SET_TMP_RSA_CB:
3943         {
3944             cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3945         }
3946         break;
3947 #endif
3948 #ifndef OPENSSL_NO_DH
3949     case SSL_CTRL_SET_TMP_DH_CB:
3950         {
3951             cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3952         }
3953         break;
3954 #endif
3955 #ifndef OPENSSL_NO_ECDH
3956     case SSL_CTRL_SET_TMP_ECDH_CB:
3957         {
3958             cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3959         }
3960         break;
3961 #endif
3962 #ifndef OPENSSL_NO_TLSEXT
3963     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3964         ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3965         break;
3966 
3967 # ifdef TLSEXT_TYPE_opaque_prf_input
3968     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3969         ctx->tlsext_opaque_prf_input_callback =
3970             (int (*)(SSL *, void *, size_t, void *))fp;
3971         break;
3972 # endif
3973 
3974     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3975         ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3976         break;
3977 
3978     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3979         ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3980                                              unsigned char *,
3981                                              EVP_CIPHER_CTX *,
3982                                              HMAC_CTX *, int))fp;
3983         break;
3984 
3985 # ifndef OPENSSL_NO_SRP
3986     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3987         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3988         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3989         break;
3990     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3991         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3992         ctx->srp_ctx.TLS_ext_srp_username_callback =
3993             (int (*)(SSL *, int *, void *))fp;
3994         break;
3995     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3996         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3997         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3998             (char *(*)(SSL *, void *))fp;
3999         break;
4000 # endif
4001 #endif
4002     default:
4003         return (0);
4004     }
4005     return (1);
4006 }
4007 
4008 /*
4009  * This function needs to check if the ciphers required are actually
4010  * available
4011  */
4012 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4013 {
4014     SSL_CIPHER c;
4015     const SSL_CIPHER *cp;
4016     unsigned long id;
4017 
4018     id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
4019     c.id = id;
4020     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4021 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
4022     if (cp == NULL)
4023         fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
4024 #endif
4025     return cp;
4026 }
4027 
4028 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
4029 {
4030     long l;
4031 
4032     if (p != NULL) {
4033         l = c->id;
4034         if ((l & 0xff000000) != 0x03000000)
4035             return (0);
4036         p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
4037         p[1] = ((unsigned char)(l)) & 0xFF;
4038     }
4039     return (2);
4040 }
4041 
4042 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4043                                STACK_OF(SSL_CIPHER) *srvr)
4044 {
4045     SSL_CIPHER *c, *ret = NULL;
4046     STACK_OF(SSL_CIPHER) *prio, *allow;
4047     int i, ii, ok;
4048     CERT *cert;
4049     unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
4050 
4051     /* Let's see which ciphers we can support */
4052     cert = s->cert;
4053 
4054 #if 0
4055     /*
4056      * Do not set the compare functions, because this may lead to a
4057      * reordering by "id". We want to keep the original ordering. We may pay
4058      * a price in performance during sk_SSL_CIPHER_find(), but would have to
4059      * pay with the price of sk_SSL_CIPHER_dup().
4060      */
4061     sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
4062     sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
4063 #endif
4064 
4065 #ifdef CIPHER_DEBUG
4066     fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4067             (void *)srvr);
4068     for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4069         c = sk_SSL_CIPHER_value(srvr, i);
4070         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4071     }
4072     fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4073             (void *)clnt);
4074     for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4075         c = sk_SSL_CIPHER_value(clnt, i);
4076         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4077     }
4078 #endif
4079 
4080     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
4081         prio = srvr;
4082         allow = clnt;
4083     } else {
4084         prio = clnt;
4085         allow = srvr;
4086     }
4087 
4088     tls1_set_cert_validity(s);
4089 
4090     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4091         c = sk_SSL_CIPHER_value(prio, i);
4092 
4093         /* Skip TLS v1.2 only ciphersuites if not supported */
4094         if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
4095             continue;
4096 
4097         ssl_set_cert_masks(cert, c);
4098         mask_k = cert->mask_k;
4099         mask_a = cert->mask_a;
4100         emask_k = cert->export_mask_k;
4101         emask_a = cert->export_mask_a;
4102 #ifndef OPENSSL_NO_SRP
4103         if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4104             mask_k |= SSL_kSRP;
4105             emask_k |= SSL_kSRP;
4106             mask_a |= SSL_aSRP;
4107             emask_a |= SSL_aSRP;
4108         }
4109 #endif
4110 
4111 #ifdef KSSL_DEBUG
4112         /*
4113          * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
4114          * i,c->algorithms);
4115          */
4116 #endif                          /* KSSL_DEBUG */
4117 
4118         alg_k = c->algorithm_mkey;
4119         alg_a = c->algorithm_auth;
4120 
4121 #ifndef OPENSSL_NO_KRB5
4122         if (alg_k & SSL_kKRB5) {
4123             if (!kssl_keytab_is_available(s->kssl_ctx))
4124                 continue;
4125         }
4126 #endif                          /* OPENSSL_NO_KRB5 */
4127 #ifndef OPENSSL_NO_PSK
4128         /* with PSK there must be server callback set */
4129         if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
4130             continue;
4131 #endif                          /* OPENSSL_NO_PSK */
4132 
4133         if (SSL_C_IS_EXPORT(c)) {
4134             ok = (alg_k & emask_k) && (alg_a & emask_a);
4135 #ifdef CIPHER_DEBUG
4136             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
4137                     ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
4138 #endif
4139         } else {
4140             ok = (alg_k & mask_k) && (alg_a & mask_a);
4141 #ifdef CIPHER_DEBUG
4142             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4143                     alg_a, mask_k, mask_a, (void *)c, c->name);
4144 #endif
4145         }
4146 
4147 #ifndef OPENSSL_NO_TLSEXT
4148 # ifndef OPENSSL_NO_EC
4149 #  ifndef OPENSSL_NO_ECDH
4150         /*
4151          * if we are considering an ECC cipher suite that uses an ephemeral
4152          * EC key check it
4153          */
4154         if (alg_k & SSL_kEECDH)
4155             ok = ok && tls1_check_ec_tmp_key(s, c->id);
4156 #  endif                        /* OPENSSL_NO_ECDH */
4157 # endif                         /* OPENSSL_NO_EC */
4158 #endif                          /* OPENSSL_NO_TLSEXT */
4159 
4160         if (!ok)
4161             continue;
4162         ii = sk_SSL_CIPHER_find(allow, c);
4163         if (ii >= 0) {
4164 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4165             if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
4166                 && s->s3->is_probably_safari) {
4167                 if (!ret)
4168                     ret = sk_SSL_CIPHER_value(allow, ii);
4169                 continue;
4170             }
4171 #endif
4172             ret = sk_SSL_CIPHER_value(allow, ii);
4173             break;
4174         }
4175     }
4176     return (ret);
4177 }
4178 
4179 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4180 {
4181     int ret = 0;
4182     const unsigned char *sig;
4183     size_t i, siglen;
4184     int have_rsa_sign = 0, have_dsa_sign = 0;
4185 #ifndef OPENSSL_NO_ECDSA
4186     int have_ecdsa_sign = 0;
4187 #endif
4188     int nostrict = 1;
4189     unsigned long alg_k;
4190 
4191     /* If we have custom certificate types set, use them */
4192     if (s->cert->ctypes) {
4193         memcpy(p, s->cert->ctypes, s->cert->ctype_num);
4194         return (int)s->cert->ctype_num;
4195     }
4196     /* get configured sigalgs */
4197     siglen = tls12_get_psigalgs(s, &sig);
4198     if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
4199         nostrict = 0;
4200     for (i = 0; i < siglen; i += 2, sig += 2) {
4201         switch (sig[1]) {
4202         case TLSEXT_signature_rsa:
4203             have_rsa_sign = 1;
4204             break;
4205 
4206         case TLSEXT_signature_dsa:
4207             have_dsa_sign = 1;
4208             break;
4209 #ifndef OPENSSL_NO_ECDSA
4210         case TLSEXT_signature_ecdsa:
4211             have_ecdsa_sign = 1;
4212             break;
4213 #endif
4214         }
4215     }
4216 
4217     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4218 
4219 #ifndef OPENSSL_NO_GOST
4220     if (s->version >= TLS1_VERSION) {
4221         if (alg_k & SSL_kGOST) {
4222             p[ret++] = TLS_CT_GOST94_SIGN;
4223             p[ret++] = TLS_CT_GOST01_SIGN;
4224             return (ret);
4225         }
4226     }
4227 #endif
4228 
4229 #ifndef OPENSSL_NO_DH
4230     if (alg_k & (SSL_kDHr | SSL_kEDH)) {
4231 # ifndef OPENSSL_NO_RSA
4232         /*
4233          * Since this refers to a certificate signed with an RSA algorithm,
4234          * only check for rsa signing in strict mode.
4235          */
4236         if (nostrict || have_rsa_sign)
4237             p[ret++] = SSL3_CT_RSA_FIXED_DH;
4238 # endif
4239 # ifndef OPENSSL_NO_DSA
4240         if (nostrict || have_dsa_sign)
4241             p[ret++] = SSL3_CT_DSS_FIXED_DH;
4242 # endif
4243     }
4244     if ((s->version == SSL3_VERSION) &&
4245         (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
4246 # ifndef OPENSSL_NO_RSA
4247         p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4248 # endif
4249 # ifndef OPENSSL_NO_DSA
4250         p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4251 # endif
4252     }
4253 #endif                          /* !OPENSSL_NO_DH */
4254 #ifndef OPENSSL_NO_RSA
4255     if (have_rsa_sign)
4256         p[ret++] = SSL3_CT_RSA_SIGN;
4257 #endif
4258 #ifndef OPENSSL_NO_DSA
4259     if (have_dsa_sign)
4260         p[ret++] = SSL3_CT_DSS_SIGN;
4261 #endif
4262 #ifndef OPENSSL_NO_ECDH
4263     if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4264         if (nostrict || have_rsa_sign)
4265             p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4266         if (nostrict || have_ecdsa_sign)
4267             p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4268     }
4269 #endif
4270 
4271 #ifndef OPENSSL_NO_ECDSA
4272     /*
4273      * ECDSA certs can be used with RSA cipher suites as well so we don't
4274      * need to check for SSL_kECDH or SSL_kEECDH
4275      */
4276     if (s->version >= TLS1_VERSION) {
4277         if (have_ecdsa_sign)
4278             p[ret++] = TLS_CT_ECDSA_SIGN;
4279     }
4280 #endif
4281     return (ret);
4282 }
4283 
4284 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4285 {
4286     if (c->ctypes) {
4287         OPENSSL_free(c->ctypes);
4288         c->ctypes = NULL;
4289     }
4290     if (!p || !len)
4291         return 1;
4292     if (len > 0xff)
4293         return 0;
4294     c->ctypes = OPENSSL_malloc(len);
4295     if (!c->ctypes)
4296         return 0;
4297     memcpy(c->ctypes, p, len);
4298     c->ctype_num = len;
4299     return 1;
4300 }
4301 
4302 int ssl3_shutdown(SSL *s)
4303 {
4304     int ret;
4305 
4306     /*
4307      * Don't do anything much if we have not done the handshake or we don't
4308      * want to send messages :-)
4309      */
4310     if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4311         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4312         return (1);
4313     }
4314 
4315     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4316         s->shutdown |= SSL_SENT_SHUTDOWN;
4317 #if 1
4318         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4319 #endif
4320         /*
4321          * our shutdown alert has been sent now, and if it still needs to be
4322          * written, s->s3->alert_dispatch will be true
4323          */
4324         if (s->s3->alert_dispatch)
4325             return (-1);        /* return WANT_WRITE */
4326     } else if (s->s3->alert_dispatch) {
4327         /* resend it if not sent */
4328 #if 1
4329         ret = s->method->ssl_dispatch_alert(s);
4330         if (ret == -1) {
4331             /*
4332              * we only get to return -1 here the 2nd/Nth invocation, we must
4333              * have already signalled return 0 upon a previous invoation,
4334              * return WANT_WRITE
4335              */
4336             return (ret);
4337         }
4338 #endif
4339     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4340         /*
4341          * If we are waiting for a close from our peer, we are closed
4342          */
4343         s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4344         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4345             return (-1);        /* return WANT_READ */
4346         }
4347     }
4348 
4349     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4350         !s->s3->alert_dispatch)
4351         return (1);
4352     else
4353         return (0);
4354 }
4355 
4356 int ssl3_write(SSL *s, const void *buf, int len)
4357 {
4358     int ret, n;
4359 
4360 #if 0
4361     if (s->shutdown & SSL_SEND_SHUTDOWN) {
4362         s->rwstate = SSL_NOTHING;
4363         return (0);
4364     }
4365 #endif
4366     clear_sys_error();
4367     if (s->s3->renegotiate)
4368         ssl3_renegotiate_check(s);
4369 
4370     /*
4371      * This is an experimental flag that sends the last handshake message in
4372      * the same packet as the first use data - used to see if it helps the
4373      * TCP protocol during session-id reuse
4374      */
4375     /* The second test is because the buffer may have been removed */
4376     if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4377         /* First time through, we write into the buffer */
4378         if (s->s3->delay_buf_pop_ret == 0) {
4379             ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
4380             if (ret <= 0)
4381                 return (ret);
4382 
4383             s->s3->delay_buf_pop_ret = ret;
4384         }
4385 
4386         s->rwstate = SSL_WRITING;
4387         n = BIO_flush(s->wbio);
4388         if (n <= 0)
4389             return (n);
4390         s->rwstate = SSL_NOTHING;
4391 
4392         /* We have flushed the buffer, so remove it */
4393         ssl_free_wbio_buffer(s);
4394         s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
4395 
4396         ret = s->s3->delay_buf_pop_ret;
4397         s->s3->delay_buf_pop_ret = 0;
4398     } else {
4399         ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4400                                          buf, len);
4401         if (ret <= 0)
4402             return (ret);
4403     }
4404 
4405     return (ret);
4406 }
4407 
4408 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4409 {
4410     int ret;
4411 
4412     clear_sys_error();
4413     if (s->s3->renegotiate)
4414         ssl3_renegotiate_check(s);
4415     s->s3->in_read_app_data = 1;
4416     ret =
4417         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4418                                   peek);
4419     if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4420         /*
4421          * ssl3_read_bytes decided to call s->handshake_func, which called
4422          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4423          * actually found application data and thinks that application data
4424          * makes sense here; so disable handshake processing and try to read
4425          * application data again.
4426          */
4427         s->in_handshake++;
4428         ret =
4429             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4430                                       peek);
4431         s->in_handshake--;
4432     } else
4433         s->s3->in_read_app_data = 0;
4434 
4435     return (ret);
4436 }
4437 
4438 int ssl3_read(SSL *s, void *buf, int len)
4439 {
4440     return ssl3_read_internal(s, buf, len, 0);
4441 }
4442 
4443 int ssl3_peek(SSL *s, void *buf, int len)
4444 {
4445     return ssl3_read_internal(s, buf, len, 1);
4446 }
4447 
4448 int ssl3_renegotiate(SSL *s)
4449 {
4450     if (s->handshake_func == NULL)
4451         return (1);
4452 
4453     if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4454         return (0);
4455 
4456     s->s3->renegotiate = 1;
4457     return (1);
4458 }
4459 
4460 int ssl3_renegotiate_check(SSL *s)
4461 {
4462     int ret = 0;
4463 
4464     if (s->s3->renegotiate) {
4465         if ((s->s3->rbuf.left == 0) &&
4466             (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
4467             /*
4468              * if we are the server, and we have sent a 'RENEGOTIATE'
4469              * message, we need to go to SSL_ST_ACCEPT.
4470              */
4471             /* SSL_ST_ACCEPT */
4472             s->state = SSL_ST_RENEGOTIATE;
4473             s->s3->renegotiate = 0;
4474             s->s3->num_renegotiations++;
4475             s->s3->total_renegotiations++;
4476             ret = 1;
4477         }
4478     }
4479     return (ret);
4480 }
4481 
4482 /*
4483  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4484  * handshake macs if required.
4485  */
4486 long ssl_get_algorithm2(SSL *s)
4487 {
4488     long alg2 = s->s3->tmp.new_cipher->algorithm2;
4489     if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
4490         && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4491         return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4492     return alg2;
4493 }
4494