xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision ea825d02749f382c3f7e17f28247f20a48733eab)
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #include <openssl/md5.h>
156 #ifndef OPENSSL_NO_DH
157 # include <openssl/dh.h>
158 #endif
159 
160 const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
161 
162 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
163 
164 /* list of available SSLv3 ciphers (sorted by id) */
165 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
166 
167 /* The RSA ciphers */
168 /* Cipher 01 */
169     {
170      1,
171      SSL3_TXT_RSA_NULL_MD5,
172      SSL3_CK_RSA_NULL_MD5,
173      SSL_kRSA,
174      SSL_aRSA,
175      SSL_eNULL,
176      SSL_MD5,
177      SSL_SSLV3,
178      SSL_NOT_EXP | SSL_STRONG_NONE,
179      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
180      0,
181      0,
182      },
183 
184 /* Cipher 02 */
185     {
186      1,
187      SSL3_TXT_RSA_NULL_SHA,
188      SSL3_CK_RSA_NULL_SHA,
189      SSL_kRSA,
190      SSL_aRSA,
191      SSL_eNULL,
192      SSL_SHA1,
193      SSL_SSLV3,
194      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
195      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
196      0,
197      0,
198      },
199 
200 /* Cipher 03 */
201 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
202     {
203      1,
204      SSL3_TXT_RSA_RC4_40_MD5,
205      SSL3_CK_RSA_RC4_40_MD5,
206      SSL_kRSA,
207      SSL_aRSA,
208      SSL_RC4,
209      SSL_MD5,
210      SSL_SSLV3,
211      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
212      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
213      40,
214      128,
215      },
216 #endif
217 
218 /* Cipher 04 */
219     {
220      1,
221      SSL3_TXT_RSA_RC4_128_MD5,
222      SSL3_CK_RSA_RC4_128_MD5,
223      SSL_kRSA,
224      SSL_aRSA,
225      SSL_RC4,
226      SSL_MD5,
227      SSL_SSLV3,
228      SSL_NOT_EXP | SSL_MEDIUM,
229      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
230      128,
231      128,
232      },
233 
234 /* Cipher 05 */
235     {
236      1,
237      SSL3_TXT_RSA_RC4_128_SHA,
238      SSL3_CK_RSA_RC4_128_SHA,
239      SSL_kRSA,
240      SSL_aRSA,
241      SSL_RC4,
242      SSL_SHA1,
243      SSL_SSLV3,
244      SSL_NOT_EXP | SSL_MEDIUM,
245      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
246      128,
247      128,
248      },
249 
250 /* Cipher 06 */
251 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
252     {
253      1,
254      SSL3_TXT_RSA_RC2_40_MD5,
255      SSL3_CK_RSA_RC2_40_MD5,
256      SSL_kRSA,
257      SSL_aRSA,
258      SSL_RC2,
259      SSL_MD5,
260      SSL_SSLV3,
261      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
262      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
263      40,
264      128,
265      },
266 #endif
267 
268 /* Cipher 07 */
269 #ifndef OPENSSL_NO_IDEA
270     {
271      1,
272      SSL3_TXT_RSA_IDEA_128_SHA,
273      SSL3_CK_RSA_IDEA_128_SHA,
274      SSL_kRSA,
275      SSL_aRSA,
276      SSL_IDEA,
277      SSL_SHA1,
278      SSL_SSLV3,
279      SSL_NOT_EXP | SSL_MEDIUM,
280      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
281      128,
282      128,
283      },
284 #endif
285 
286 /* Cipher 08 */
287 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
288     {
289      1,
290      SSL3_TXT_RSA_DES_40_CBC_SHA,
291      SSL3_CK_RSA_DES_40_CBC_SHA,
292      SSL_kRSA,
293      SSL_aRSA,
294      SSL_DES,
295      SSL_SHA1,
296      SSL_SSLV3,
297      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
298      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
299      40,
300      56,
301      },
302 #endif
303 
304 /* Cipher 09 */
305 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
306     {
307      1,
308      SSL3_TXT_RSA_DES_64_CBC_SHA,
309      SSL3_CK_RSA_DES_64_CBC_SHA,
310      SSL_kRSA,
311      SSL_aRSA,
312      SSL_DES,
313      SSL_SHA1,
314      SSL_SSLV3,
315      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
316      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
317      56,
318      56,
319      },
320 #endif
321 
322 /* Cipher 0A */
323     {
324      1,
325      SSL3_TXT_RSA_DES_192_CBC3_SHA,
326      SSL3_CK_RSA_DES_192_CBC3_SHA,
327      SSL_kRSA,
328      SSL_aRSA,
329      SSL_3DES,
330      SSL_SHA1,
331      SSL_SSLV3,
332      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
333      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
334      112,
335      168,
336      },
337 
338 /* The DH ciphers */
339 /* Cipher 0B */
340 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
341     {
342      0,
343      SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
344      SSL3_CK_DH_DSS_DES_40_CBC_SHA,
345      SSL_kDHd,
346      SSL_aDH,
347      SSL_DES,
348      SSL_SHA1,
349      SSL_SSLV3,
350      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
351      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
352      40,
353      56,
354      },
355 #endif
356 
357 /* Cipher 0C */
358 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
359     {
360      1,
361      SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
362      SSL3_CK_DH_DSS_DES_64_CBC_SHA,
363      SSL_kDHd,
364      SSL_aDH,
365      SSL_DES,
366      SSL_SHA1,
367      SSL_SSLV3,
368      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
369      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
370      56,
371      56,
372      },
373 #endif
374 
375 /* Cipher 0D */
376     {
377      1,
378      SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
379      SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
380      SSL_kDHd,
381      SSL_aDH,
382      SSL_3DES,
383      SSL_SHA1,
384      SSL_SSLV3,
385      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
386      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
387      112,
388      168,
389      },
390 
391 /* Cipher 0E */
392 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
393     {
394      0,
395      SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
396      SSL3_CK_DH_RSA_DES_40_CBC_SHA,
397      SSL_kDHr,
398      SSL_aDH,
399      SSL_DES,
400      SSL_SHA1,
401      SSL_SSLV3,
402      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
403      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
404      40,
405      56,
406      },
407 #endif
408 
409 /* Cipher 0F */
410 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
411     {
412      1,
413      SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
414      SSL3_CK_DH_RSA_DES_64_CBC_SHA,
415      SSL_kDHr,
416      SSL_aDH,
417      SSL_DES,
418      SSL_SHA1,
419      SSL_SSLV3,
420      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
421      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
422      56,
423      56,
424      },
425 #endif
426 
427 /* Cipher 10 */
428     {
429      1,
430      SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
431      SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
432      SSL_kDHr,
433      SSL_aDH,
434      SSL_3DES,
435      SSL_SHA1,
436      SSL_SSLV3,
437      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
438      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
439      112,
440      168,
441      },
442 
443 /* The Ephemeral DH ciphers */
444 /* Cipher 11 */
445 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
446     {
447      1,
448      SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
449      SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
450      SSL_kEDH,
451      SSL_aDSS,
452      SSL_DES,
453      SSL_SHA1,
454      SSL_SSLV3,
455      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
456      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
457      40,
458      56,
459      },
460 #endif
461 
462 /* Cipher 12 */
463 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
464     {
465      1,
466      SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
467      SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
468      SSL_kEDH,
469      SSL_aDSS,
470      SSL_DES,
471      SSL_SHA1,
472      SSL_SSLV3,
473      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
474      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
475      56,
476      56,
477      },
478 #endif
479 
480 /* Cipher 13 */
481     {
482      1,
483      SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
484      SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
485      SSL_kEDH,
486      SSL_aDSS,
487      SSL_3DES,
488      SSL_SHA1,
489      SSL_SSLV3,
490      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
491      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
492      112,
493      168,
494      },
495 
496 /* Cipher 14 */
497 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
498     {
499      1,
500      SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
501      SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
502      SSL_kEDH,
503      SSL_aRSA,
504      SSL_DES,
505      SSL_SHA1,
506      SSL_SSLV3,
507      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
508      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
509      40,
510      56,
511      },
512 #endif
513 
514 /* Cipher 15 */
515 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
516     {
517      1,
518      SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
519      SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
520      SSL_kEDH,
521      SSL_aRSA,
522      SSL_DES,
523      SSL_SHA1,
524      SSL_SSLV3,
525      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
526      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
527      56,
528      56,
529      },
530 #endif
531 
532 /* Cipher 16 */
533     {
534      1,
535      SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
536      SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
537      SSL_kEDH,
538      SSL_aRSA,
539      SSL_3DES,
540      SSL_SHA1,
541      SSL_SSLV3,
542      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
543      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
544      112,
545      168,
546      },
547 
548 /* Cipher 17 */
549 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
550     {
551      1,
552      SSL3_TXT_ADH_RC4_40_MD5,
553      SSL3_CK_ADH_RC4_40_MD5,
554      SSL_kEDH,
555      SSL_aNULL,
556      SSL_RC4,
557      SSL_MD5,
558      SSL_SSLV3,
559      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
560      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
561      40,
562      128,
563      },
564 #endif
565 
566 /* Cipher 18 */
567     {
568      1,
569      SSL3_TXT_ADH_RC4_128_MD5,
570      SSL3_CK_ADH_RC4_128_MD5,
571      SSL_kEDH,
572      SSL_aNULL,
573      SSL_RC4,
574      SSL_MD5,
575      SSL_SSLV3,
576      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
577      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
578      128,
579      128,
580      },
581 
582 /* Cipher 19 */
583 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
584     {
585      1,
586      SSL3_TXT_ADH_DES_40_CBC_SHA,
587      SSL3_CK_ADH_DES_40_CBC_SHA,
588      SSL_kEDH,
589      SSL_aNULL,
590      SSL_DES,
591      SSL_SHA1,
592      SSL_SSLV3,
593      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
594      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
595      40,
596      128,
597      },
598 #endif
599 
600 /* Cipher 1A */
601 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
602     {
603      1,
604      SSL3_TXT_ADH_DES_64_CBC_SHA,
605      SSL3_CK_ADH_DES_64_CBC_SHA,
606      SSL_kEDH,
607      SSL_aNULL,
608      SSL_DES,
609      SSL_SHA1,
610      SSL_SSLV3,
611      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
612      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
613      56,
614      56,
615      },
616 #endif
617 
618 /* Cipher 1B */
619     {
620      1,
621      SSL3_TXT_ADH_DES_192_CBC_SHA,
622      SSL3_CK_ADH_DES_192_CBC_SHA,
623      SSL_kEDH,
624      SSL_aNULL,
625      SSL_3DES,
626      SSL_SHA1,
627      SSL_SSLV3,
628      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
629      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
630      112,
631      168,
632      },
633 
634 /* Fortezza ciphersuite from SSL 3.0 spec */
635 #if 0
636 /* Cipher 1C */
637     {
638      0,
639      SSL3_TXT_FZA_DMS_NULL_SHA,
640      SSL3_CK_FZA_DMS_NULL_SHA,
641      SSL_kFZA,
642      SSL_aFZA,
643      SSL_eNULL,
644      SSL_SHA1,
645      SSL_SSLV3,
646      SSL_NOT_EXP | SSL_STRONG_NONE,
647      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
648      0,
649      0,
650      },
651 
652 /* Cipher 1D */
653     {
654      0,
655      SSL3_TXT_FZA_DMS_FZA_SHA,
656      SSL3_CK_FZA_DMS_FZA_SHA,
657      SSL_kFZA,
658      SSL_aFZA,
659      SSL_eFZA,
660      SSL_SHA1,
661      SSL_SSLV3,
662      SSL_NOT_EXP | SSL_STRONG_NONE,
663      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
664      0,
665      0,
666      },
667 
668 /* Cipher 1E */
669     {
670      0,
671      SSL3_TXT_FZA_DMS_RC4_SHA,
672      SSL3_CK_FZA_DMS_RC4_SHA,
673      SSL_kFZA,
674      SSL_aFZA,
675      SSL_RC4,
676      SSL_SHA1,
677      SSL_SSLV3,
678      SSL_NOT_EXP | SSL_MEDIUM,
679      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
680      128,
681      128,
682      },
683 #endif
684 
685 #ifndef OPENSSL_NO_KRB5
686 /* The Kerberos ciphers*/
687 /* Cipher 1E */
688 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
689     {
690      1,
691      SSL3_TXT_KRB5_DES_64_CBC_SHA,
692      SSL3_CK_KRB5_DES_64_CBC_SHA,
693      SSL_kKRB5,
694      SSL_aKRB5,
695      SSL_DES,
696      SSL_SHA1,
697      SSL_SSLV3,
698      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
699      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
700      56,
701      56,
702      },
703 # endif
704 
705 /* Cipher 1F */
706     {
707      1,
708      SSL3_TXT_KRB5_DES_192_CBC3_SHA,
709      SSL3_CK_KRB5_DES_192_CBC3_SHA,
710      SSL_kKRB5,
711      SSL_aKRB5,
712      SSL_3DES,
713      SSL_SHA1,
714      SSL_SSLV3,
715      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
716      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
717      112,
718      168,
719      },
720 
721 /* Cipher 20 */
722     {
723      1,
724      SSL3_TXT_KRB5_RC4_128_SHA,
725      SSL3_CK_KRB5_RC4_128_SHA,
726      SSL_kKRB5,
727      SSL_aKRB5,
728      SSL_RC4,
729      SSL_SHA1,
730      SSL_SSLV3,
731      SSL_NOT_EXP | SSL_MEDIUM,
732      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
733      128,
734      128,
735      },
736 
737 /* Cipher 21 */
738     {
739      1,
740      SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
741      SSL3_CK_KRB5_IDEA_128_CBC_SHA,
742      SSL_kKRB5,
743      SSL_aKRB5,
744      SSL_IDEA,
745      SSL_SHA1,
746      SSL_SSLV3,
747      SSL_NOT_EXP | SSL_MEDIUM,
748      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
749      128,
750      128,
751      },
752 
753 /* Cipher 22 */
754 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
755     {
756      1,
757      SSL3_TXT_KRB5_DES_64_CBC_MD5,
758      SSL3_CK_KRB5_DES_64_CBC_MD5,
759      SSL_kKRB5,
760      SSL_aKRB5,
761      SSL_DES,
762      SSL_MD5,
763      SSL_SSLV3,
764      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
765      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
766      56,
767      56,
768      },
769 # endif
770 
771 /* Cipher 23 */
772     {
773      1,
774      SSL3_TXT_KRB5_DES_192_CBC3_MD5,
775      SSL3_CK_KRB5_DES_192_CBC3_MD5,
776      SSL_kKRB5,
777      SSL_aKRB5,
778      SSL_3DES,
779      SSL_MD5,
780      SSL_SSLV3,
781      SSL_NOT_EXP | SSL_MEDIUM,
782      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
783      112,
784      168,
785      },
786 
787 /* Cipher 24 */
788     {
789      1,
790      SSL3_TXT_KRB5_RC4_128_MD5,
791      SSL3_CK_KRB5_RC4_128_MD5,
792      SSL_kKRB5,
793      SSL_aKRB5,
794      SSL_RC4,
795      SSL_MD5,
796      SSL_SSLV3,
797      SSL_NOT_EXP | SSL_MEDIUM,
798      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
799      128,
800      128,
801      },
802 
803 /* Cipher 25 */
804     {
805      1,
806      SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
807      SSL3_CK_KRB5_IDEA_128_CBC_MD5,
808      SSL_kKRB5,
809      SSL_aKRB5,
810      SSL_IDEA,
811      SSL_MD5,
812      SSL_SSLV3,
813      SSL_NOT_EXP | SSL_MEDIUM,
814      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
815      128,
816      128,
817      },
818 
819 /* Cipher 26 */
820 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
821     {
822      1,
823      SSL3_TXT_KRB5_DES_40_CBC_SHA,
824      SSL3_CK_KRB5_DES_40_CBC_SHA,
825      SSL_kKRB5,
826      SSL_aKRB5,
827      SSL_DES,
828      SSL_SHA1,
829      SSL_SSLV3,
830      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
831      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
832      40,
833      56,
834      },
835 # endif
836 
837 /* Cipher 27 */
838 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
839     {
840      1,
841      SSL3_TXT_KRB5_RC2_40_CBC_SHA,
842      SSL3_CK_KRB5_RC2_40_CBC_SHA,
843      SSL_kKRB5,
844      SSL_aKRB5,
845      SSL_RC2,
846      SSL_SHA1,
847      SSL_SSLV3,
848      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
849      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
850      40,
851      128,
852      },
853 # endif
854 
855 /* Cipher 28 */
856 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
857     {
858      1,
859      SSL3_TXT_KRB5_RC4_40_SHA,
860      SSL3_CK_KRB5_RC4_40_SHA,
861      SSL_kKRB5,
862      SSL_aKRB5,
863      SSL_RC4,
864      SSL_SHA1,
865      SSL_SSLV3,
866      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
867      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
868      40,
869      128,
870      },
871 # endif
872 
873 /* Cipher 29 */
874 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
875     {
876      1,
877      SSL3_TXT_KRB5_DES_40_CBC_MD5,
878      SSL3_CK_KRB5_DES_40_CBC_MD5,
879      SSL_kKRB5,
880      SSL_aKRB5,
881      SSL_DES,
882      SSL_MD5,
883      SSL_SSLV3,
884      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
885      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
886      40,
887      56,
888      },
889 # endif
890 
891 /* Cipher 2A */
892 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
893     {
894      1,
895      SSL3_TXT_KRB5_RC2_40_CBC_MD5,
896      SSL3_CK_KRB5_RC2_40_CBC_MD5,
897      SSL_kKRB5,
898      SSL_aKRB5,
899      SSL_RC2,
900      SSL_MD5,
901      SSL_SSLV3,
902      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
903      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
904      40,
905      128,
906      },
907 # endif
908 
909 /* Cipher 2B */
910 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
911     {
912      1,
913      SSL3_TXT_KRB5_RC4_40_MD5,
914      SSL3_CK_KRB5_RC4_40_MD5,
915      SSL_kKRB5,
916      SSL_aKRB5,
917      SSL_RC4,
918      SSL_MD5,
919      SSL_SSLV3,
920      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
921      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
922      40,
923      128,
924      },
925 # endif
926 #endif                          /* OPENSSL_NO_KRB5 */
927 
928 /* New AES ciphersuites */
929 /* Cipher 2F */
930     {
931      1,
932      TLS1_TXT_RSA_WITH_AES_128_SHA,
933      TLS1_CK_RSA_WITH_AES_128_SHA,
934      SSL_kRSA,
935      SSL_aRSA,
936      SSL_AES128,
937      SSL_SHA1,
938      SSL_TLSV1,
939      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
940      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
941      128,
942      128,
943      },
944 /* Cipher 30 */
945     {
946      1,
947      TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
948      TLS1_CK_DH_DSS_WITH_AES_128_SHA,
949      SSL_kDHd,
950      SSL_aDH,
951      SSL_AES128,
952      SSL_SHA1,
953      SSL_TLSV1,
954      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
955      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
956      128,
957      128,
958      },
959 /* Cipher 31 */
960     {
961      1,
962      TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
963      TLS1_CK_DH_RSA_WITH_AES_128_SHA,
964      SSL_kDHr,
965      SSL_aDH,
966      SSL_AES128,
967      SSL_SHA1,
968      SSL_TLSV1,
969      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
970      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
971      128,
972      128,
973      },
974 /* Cipher 32 */
975     {
976      1,
977      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
978      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
979      SSL_kEDH,
980      SSL_aDSS,
981      SSL_AES128,
982      SSL_SHA1,
983      SSL_TLSV1,
984      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
985      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
986      128,
987      128,
988      },
989 /* Cipher 33 */
990     {
991      1,
992      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
993      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
994      SSL_kEDH,
995      SSL_aRSA,
996      SSL_AES128,
997      SSL_SHA1,
998      SSL_TLSV1,
999      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1000      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1001      128,
1002      128,
1003      },
1004 /* Cipher 34 */
1005     {
1006      1,
1007      TLS1_TXT_ADH_WITH_AES_128_SHA,
1008      TLS1_CK_ADH_WITH_AES_128_SHA,
1009      SSL_kEDH,
1010      SSL_aNULL,
1011      SSL_AES128,
1012      SSL_SHA1,
1013      SSL_TLSV1,
1014      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1015      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1016      128,
1017      128,
1018      },
1019 
1020 /* Cipher 35 */
1021     {
1022      1,
1023      TLS1_TXT_RSA_WITH_AES_256_SHA,
1024      TLS1_CK_RSA_WITH_AES_256_SHA,
1025      SSL_kRSA,
1026      SSL_aRSA,
1027      SSL_AES256,
1028      SSL_SHA1,
1029      SSL_TLSV1,
1030      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1031      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1032      256,
1033      256,
1034      },
1035 /* Cipher 36 */
1036     {
1037      1,
1038      TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
1039      TLS1_CK_DH_DSS_WITH_AES_256_SHA,
1040      SSL_kDHd,
1041      SSL_aDH,
1042      SSL_AES256,
1043      SSL_SHA1,
1044      SSL_TLSV1,
1045      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1046      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1047      256,
1048      256,
1049      },
1050 
1051 /* Cipher 37 */
1052     {
1053      1,
1054      TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1055      TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1056      SSL_kDHr,
1057      SSL_aDH,
1058      SSL_AES256,
1059      SSL_SHA1,
1060      SSL_TLSV1,
1061      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1062      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1063      256,
1064      256,
1065      },
1066 
1067 /* Cipher 38 */
1068     {
1069      1,
1070      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1071      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1072      SSL_kEDH,
1073      SSL_aDSS,
1074      SSL_AES256,
1075      SSL_SHA1,
1076      SSL_TLSV1,
1077      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1078      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1079      256,
1080      256,
1081      },
1082 
1083 /* Cipher 39 */
1084     {
1085      1,
1086      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1087      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1088      SSL_kEDH,
1089      SSL_aRSA,
1090      SSL_AES256,
1091      SSL_SHA1,
1092      SSL_TLSV1,
1093      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1094      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1095      256,
1096      256,
1097      },
1098 
1099     /* Cipher 3A */
1100     {
1101      1,
1102      TLS1_TXT_ADH_WITH_AES_256_SHA,
1103      TLS1_CK_ADH_WITH_AES_256_SHA,
1104      SSL_kEDH,
1105      SSL_aNULL,
1106      SSL_AES256,
1107      SSL_SHA1,
1108      SSL_TLSV1,
1109      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1110      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1111      256,
1112      256,
1113      },
1114 
1115     /* TLS v1.2 ciphersuites */
1116     /* Cipher 3B */
1117     {
1118      1,
1119      TLS1_TXT_RSA_WITH_NULL_SHA256,
1120      TLS1_CK_RSA_WITH_NULL_SHA256,
1121      SSL_kRSA,
1122      SSL_aRSA,
1123      SSL_eNULL,
1124      SSL_SHA256,
1125      SSL_TLSV1_2,
1126      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
1127      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1128      0,
1129      0,
1130      },
1131 
1132     /* Cipher 3C */
1133     {
1134      1,
1135      TLS1_TXT_RSA_WITH_AES_128_SHA256,
1136      TLS1_CK_RSA_WITH_AES_128_SHA256,
1137      SSL_kRSA,
1138      SSL_aRSA,
1139      SSL_AES128,
1140      SSL_SHA256,
1141      SSL_TLSV1_2,
1142      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1143      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1144      128,
1145      128,
1146      },
1147 
1148     /* Cipher 3D */
1149     {
1150      1,
1151      TLS1_TXT_RSA_WITH_AES_256_SHA256,
1152      TLS1_CK_RSA_WITH_AES_256_SHA256,
1153      SSL_kRSA,
1154      SSL_aRSA,
1155      SSL_AES256,
1156      SSL_SHA256,
1157      SSL_TLSV1_2,
1158      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1159      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1160      256,
1161      256,
1162      },
1163 
1164     /* Cipher 3E */
1165     {
1166      1,
1167      TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1168      TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1169      SSL_kDHd,
1170      SSL_aDH,
1171      SSL_AES128,
1172      SSL_SHA256,
1173      SSL_TLSV1_2,
1174      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1175      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1176      128,
1177      128,
1178      },
1179 
1180     /* Cipher 3F */
1181     {
1182      1,
1183      TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1184      TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1185      SSL_kDHr,
1186      SSL_aDH,
1187      SSL_AES128,
1188      SSL_SHA256,
1189      SSL_TLSV1_2,
1190      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1191      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1192      128,
1193      128,
1194      },
1195 
1196     /* Cipher 40 */
1197     {
1198      1,
1199      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1200      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1201      SSL_kEDH,
1202      SSL_aDSS,
1203      SSL_AES128,
1204      SSL_SHA256,
1205      SSL_TLSV1_2,
1206      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1207      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1208      128,
1209      128,
1210      },
1211 
1212 #ifndef OPENSSL_NO_CAMELLIA
1213     /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1214 
1215     /* Cipher 41 */
1216     {
1217      1,
1218      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1219      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1220      SSL_kRSA,
1221      SSL_aRSA,
1222      SSL_CAMELLIA128,
1223      SSL_SHA1,
1224      SSL_TLSV1,
1225      SSL_NOT_EXP | SSL_HIGH,
1226      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1227      128,
1228      128,
1229      },
1230 
1231     /* Cipher 42 */
1232     {
1233      1,
1234      TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1235      TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1236      SSL_kDHd,
1237      SSL_aDH,
1238      SSL_CAMELLIA128,
1239      SSL_SHA1,
1240      SSL_TLSV1,
1241      SSL_NOT_EXP | SSL_HIGH,
1242      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1243      128,
1244      128,
1245      },
1246 
1247     /* Cipher 43 */
1248     {
1249      1,
1250      TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1251      TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1252      SSL_kDHr,
1253      SSL_aDH,
1254      SSL_CAMELLIA128,
1255      SSL_SHA1,
1256      SSL_TLSV1,
1257      SSL_NOT_EXP | SSL_HIGH,
1258      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1259      128,
1260      128,
1261      },
1262 
1263     /* Cipher 44 */
1264     {
1265      1,
1266      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1267      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1268      SSL_kEDH,
1269      SSL_aDSS,
1270      SSL_CAMELLIA128,
1271      SSL_SHA1,
1272      SSL_TLSV1,
1273      SSL_NOT_EXP | SSL_HIGH,
1274      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1275      128,
1276      128,
1277      },
1278 
1279     /* Cipher 45 */
1280     {
1281      1,
1282      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1283      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1284      SSL_kEDH,
1285      SSL_aRSA,
1286      SSL_CAMELLIA128,
1287      SSL_SHA1,
1288      SSL_TLSV1,
1289      SSL_NOT_EXP | SSL_HIGH,
1290      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1291      128,
1292      128,
1293      },
1294 
1295     /* Cipher 46 */
1296     {
1297      1,
1298      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1299      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1300      SSL_kEDH,
1301      SSL_aNULL,
1302      SSL_CAMELLIA128,
1303      SSL_SHA1,
1304      SSL_TLSV1,
1305      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
1306      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1307      128,
1308      128,
1309      },
1310 #endif                          /* OPENSSL_NO_CAMELLIA */
1311 
1312 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1313     /* New TLS Export CipherSuites from expired ID */
1314 # if 0
1315     /* Cipher 60 */
1316     {
1317      1,
1318      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1319      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1320      SSL_kRSA,
1321      SSL_aRSA,
1322      SSL_RC4,
1323      SSL_MD5,
1324      SSL_TLSV1,
1325      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
1326      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1327      56,
1328      128,
1329      },
1330 
1331     /* Cipher 61 */
1332     {
1333      1,
1334      TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1335      TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1336      SSL_kRSA,
1337      SSL_aRSA,
1338      SSL_RC2,
1339      SSL_MD5,
1340      SSL_TLSV1,
1341      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
1342      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1343      56,
1344      128,
1345      },
1346 # endif
1347 
1348     /* Cipher 62 */
1349 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1350     {
1351      1,
1352      TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1353      TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1354      SSL_kRSA,
1355      SSL_aRSA,
1356      SSL_DES,
1357      SSL_SHA1,
1358      SSL_TLSV1,
1359      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
1360      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1361      56,
1362      56,
1363      },
1364 # endif
1365 
1366     /* Cipher 63 */
1367 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1368     {
1369      1,
1370      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1371      TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1372      SSL_kEDH,
1373      SSL_aDSS,
1374      SSL_DES,
1375      SSL_SHA1,
1376      SSL_TLSV1,
1377      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
1378      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1379      56,
1380      56,
1381      },
1382 # endif
1383 
1384     /* Cipher 64 */
1385 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1386     {
1387      1,
1388      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1389      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1390      SSL_kRSA,
1391      SSL_aRSA,
1392      SSL_RC4,
1393      SSL_SHA1,
1394      SSL_TLSV1,
1395      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
1396      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1397      56,
1398      128,
1399      },
1400 # endif
1401 
1402     /* Cipher 65 */
1403 # ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1404     {
1405      1,
1406      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1407      TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1408      SSL_kEDH,
1409      SSL_aDSS,
1410      SSL_RC4,
1411      SSL_SHA1,
1412      SSL_TLSV1,
1413      SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
1414      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1415      56,
1416      128,
1417      },
1418 # endif
1419 
1420     /* Cipher 66 */
1421     {
1422      1,
1423      TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1424      TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1425      SSL_kEDH,
1426      SSL_aDSS,
1427      SSL_RC4,
1428      SSL_SHA1,
1429      SSL_TLSV1,
1430      SSL_NOT_EXP | SSL_MEDIUM,
1431      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1432      128,
1433      128,
1434      },
1435 #endif
1436 
1437     /* TLS v1.2 ciphersuites */
1438     /* Cipher 67 */
1439     {
1440      1,
1441      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1442      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1443      SSL_kEDH,
1444      SSL_aRSA,
1445      SSL_AES128,
1446      SSL_SHA256,
1447      SSL_TLSV1_2,
1448      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1449      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1450      128,
1451      128,
1452      },
1453 
1454     /* Cipher 68 */
1455     {
1456      1,
1457      TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1458      TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1459      SSL_kDHd,
1460      SSL_aDH,
1461      SSL_AES256,
1462      SSL_SHA256,
1463      SSL_TLSV1_2,
1464      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1465      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1466      256,
1467      256,
1468      },
1469 
1470     /* Cipher 69 */
1471     {
1472      1,
1473      TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1474      TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1475      SSL_kDHr,
1476      SSL_aDH,
1477      SSL_AES256,
1478      SSL_SHA256,
1479      SSL_TLSV1_2,
1480      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1481      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1482      256,
1483      256,
1484      },
1485 
1486     /* Cipher 6A */
1487     {
1488      1,
1489      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1490      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1491      SSL_kEDH,
1492      SSL_aDSS,
1493      SSL_AES256,
1494      SSL_SHA256,
1495      SSL_TLSV1_2,
1496      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1497      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1498      256,
1499      256,
1500      },
1501 
1502     /* Cipher 6B */
1503     {
1504      1,
1505      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1506      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1507      SSL_kEDH,
1508      SSL_aRSA,
1509      SSL_AES256,
1510      SSL_SHA256,
1511      SSL_TLSV1_2,
1512      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1513      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1514      256,
1515      256,
1516      },
1517 
1518     /* Cipher 6C */
1519     {
1520      1,
1521      TLS1_TXT_ADH_WITH_AES_128_SHA256,
1522      TLS1_CK_ADH_WITH_AES_128_SHA256,
1523      SSL_kEDH,
1524      SSL_aNULL,
1525      SSL_AES128,
1526      SSL_SHA256,
1527      SSL_TLSV1_2,
1528      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1529      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1530      128,
1531      128,
1532      },
1533 
1534     /* Cipher 6D */
1535     {
1536      1,
1537      TLS1_TXT_ADH_WITH_AES_256_SHA256,
1538      TLS1_CK_ADH_WITH_AES_256_SHA256,
1539      SSL_kEDH,
1540      SSL_aNULL,
1541      SSL_AES256,
1542      SSL_SHA256,
1543      SSL_TLSV1_2,
1544      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1545      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1546      256,
1547      256,
1548      },
1549 
1550     /* GOST Ciphersuites */
1551 
1552     {
1553      1,
1554      "GOST94-GOST89-GOST89",
1555      0x3000080,
1556      SSL_kGOST,
1557      SSL_aGOST94,
1558      SSL_eGOST2814789CNT,
1559      SSL_GOST89MAC,
1560      SSL_TLSV1,
1561      SSL_NOT_EXP | SSL_HIGH,
1562      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1563      256,
1564      256},
1565     {
1566      1,
1567      "GOST2001-GOST89-GOST89",
1568      0x3000081,
1569      SSL_kGOST,
1570      SSL_aGOST01,
1571      SSL_eGOST2814789CNT,
1572      SSL_GOST89MAC,
1573      SSL_TLSV1,
1574      SSL_NOT_EXP | SSL_HIGH,
1575      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1576      256,
1577      256},
1578     {
1579      1,
1580      "GOST94-NULL-GOST94",
1581      0x3000082,
1582      SSL_kGOST,
1583      SSL_aGOST94,
1584      SSL_eNULL,
1585      SSL_GOST94,
1586      SSL_TLSV1,
1587      SSL_NOT_EXP | SSL_STRONG_NONE,
1588      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1589      0,
1590      0},
1591     {
1592      1,
1593      "GOST2001-NULL-GOST94",
1594      0x3000083,
1595      SSL_kGOST,
1596      SSL_aGOST01,
1597      SSL_eNULL,
1598      SSL_GOST94,
1599      SSL_TLSV1,
1600      SSL_NOT_EXP | SSL_STRONG_NONE,
1601      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1602      0,
1603      0},
1604 
1605 #ifndef OPENSSL_NO_CAMELLIA
1606     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1607 
1608     /* Cipher 84 */
1609     {
1610      1,
1611      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1612      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1613      SSL_kRSA,
1614      SSL_aRSA,
1615      SSL_CAMELLIA256,
1616      SSL_SHA1,
1617      SSL_TLSV1,
1618      SSL_NOT_EXP | SSL_HIGH,
1619      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1620      256,
1621      256,
1622      },
1623     /* Cipher 85 */
1624     {
1625      1,
1626      TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1627      TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1628      SSL_kDHd,
1629      SSL_aDH,
1630      SSL_CAMELLIA256,
1631      SSL_SHA1,
1632      SSL_TLSV1,
1633      SSL_NOT_EXP | SSL_HIGH,
1634      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1635      256,
1636      256,
1637      },
1638 
1639     /* Cipher 86 */
1640     {
1641      1,
1642      TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1643      TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1644      SSL_kDHr,
1645      SSL_aDH,
1646      SSL_CAMELLIA256,
1647      SSL_SHA1,
1648      SSL_TLSV1,
1649      SSL_NOT_EXP | SSL_HIGH,
1650      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1651      256,
1652      256,
1653      },
1654 
1655     /* Cipher 87 */
1656     {
1657      1,
1658      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1659      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1660      SSL_kEDH,
1661      SSL_aDSS,
1662      SSL_CAMELLIA256,
1663      SSL_SHA1,
1664      SSL_TLSV1,
1665      SSL_NOT_EXP | SSL_HIGH,
1666      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1667      256,
1668      256,
1669      },
1670 
1671     /* Cipher 88 */
1672     {
1673      1,
1674      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1675      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1676      SSL_kEDH,
1677      SSL_aRSA,
1678      SSL_CAMELLIA256,
1679      SSL_SHA1,
1680      SSL_TLSV1,
1681      SSL_NOT_EXP | SSL_HIGH,
1682      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1683      256,
1684      256,
1685      },
1686 
1687     /* Cipher 89 */
1688     {
1689      1,
1690      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1691      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1692      SSL_kEDH,
1693      SSL_aNULL,
1694      SSL_CAMELLIA256,
1695      SSL_SHA1,
1696      SSL_TLSV1,
1697      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
1698      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1699      256,
1700      256,
1701      },
1702 #endif                          /* OPENSSL_NO_CAMELLIA */
1703 
1704 #ifndef OPENSSL_NO_PSK
1705     /* Cipher 8A */
1706     {
1707      1,
1708      TLS1_TXT_PSK_WITH_RC4_128_SHA,
1709      TLS1_CK_PSK_WITH_RC4_128_SHA,
1710      SSL_kPSK,
1711      SSL_aPSK,
1712      SSL_RC4,
1713      SSL_SHA1,
1714      SSL_TLSV1,
1715      SSL_NOT_EXP | SSL_MEDIUM,
1716      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1717      128,
1718      128,
1719      },
1720 
1721     /* Cipher 8B */
1722     {
1723      1,
1724      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1725      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1726      SSL_kPSK,
1727      SSL_aPSK,
1728      SSL_3DES,
1729      SSL_SHA1,
1730      SSL_TLSV1,
1731      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
1732      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1733      112,
1734      168,
1735      },
1736 
1737     /* Cipher 8C */
1738     {
1739      1,
1740      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1741      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1742      SSL_kPSK,
1743      SSL_aPSK,
1744      SSL_AES128,
1745      SSL_SHA1,
1746      SSL_TLSV1,
1747      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1748      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1749      128,
1750      128,
1751      },
1752 
1753     /* Cipher 8D */
1754     {
1755      1,
1756      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1757      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1758      SSL_kPSK,
1759      SSL_aPSK,
1760      SSL_AES256,
1761      SSL_SHA1,
1762      SSL_TLSV1,
1763      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1764      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1765      256,
1766      256,
1767      },
1768 #endif                          /* OPENSSL_NO_PSK */
1769 
1770 #ifndef OPENSSL_NO_SEED
1771     /* SEED ciphersuites from RFC4162 */
1772 
1773     /* Cipher 96 */
1774     {
1775      1,
1776      TLS1_TXT_RSA_WITH_SEED_SHA,
1777      TLS1_CK_RSA_WITH_SEED_SHA,
1778      SSL_kRSA,
1779      SSL_aRSA,
1780      SSL_SEED,
1781      SSL_SHA1,
1782      SSL_TLSV1,
1783      SSL_NOT_EXP | SSL_MEDIUM,
1784      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1785      128,
1786      128,
1787      },
1788 
1789     /* Cipher 97 */
1790     {
1791      1,
1792      TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1793      TLS1_CK_DH_DSS_WITH_SEED_SHA,
1794      SSL_kDHd,
1795      SSL_aDH,
1796      SSL_SEED,
1797      SSL_SHA1,
1798      SSL_TLSV1,
1799      SSL_NOT_EXP | SSL_MEDIUM,
1800      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1801      128,
1802      128,
1803      },
1804 
1805     /* Cipher 98 */
1806     {
1807      1,
1808      TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1809      TLS1_CK_DH_RSA_WITH_SEED_SHA,
1810      SSL_kDHr,
1811      SSL_aDH,
1812      SSL_SEED,
1813      SSL_SHA1,
1814      SSL_TLSV1,
1815      SSL_NOT_EXP | SSL_MEDIUM,
1816      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1817      128,
1818      128,
1819      },
1820 
1821     /* Cipher 99 */
1822     {
1823      1,
1824      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1825      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1826      SSL_kEDH,
1827      SSL_aDSS,
1828      SSL_SEED,
1829      SSL_SHA1,
1830      SSL_TLSV1,
1831      SSL_NOT_EXP | SSL_MEDIUM,
1832      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1833      128,
1834      128,
1835      },
1836 
1837     /* Cipher 9A */
1838     {
1839      1,
1840      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1841      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1842      SSL_kEDH,
1843      SSL_aRSA,
1844      SSL_SEED,
1845      SSL_SHA1,
1846      SSL_TLSV1,
1847      SSL_NOT_EXP | SSL_MEDIUM,
1848      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1849      128,
1850      128,
1851      },
1852 
1853     /* Cipher 9B */
1854     {
1855      1,
1856      TLS1_TXT_ADH_WITH_SEED_SHA,
1857      TLS1_CK_ADH_WITH_SEED_SHA,
1858      SSL_kEDH,
1859      SSL_aNULL,
1860      SSL_SEED,
1861      SSL_SHA1,
1862      SSL_TLSV1,
1863      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
1864      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1865      128,
1866      128,
1867      },
1868 
1869 #endif                          /* OPENSSL_NO_SEED */
1870 
1871     /* GCM ciphersuites from RFC5288 */
1872 
1873     /* Cipher 9C */
1874     {
1875      1,
1876      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1877      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1878      SSL_kRSA,
1879      SSL_aRSA,
1880      SSL_AES128GCM,
1881      SSL_AEAD,
1882      SSL_TLSV1_2,
1883      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1884      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1885      128,
1886      128,
1887      },
1888 
1889     /* Cipher 9D */
1890     {
1891      1,
1892      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1893      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1894      SSL_kRSA,
1895      SSL_aRSA,
1896      SSL_AES256GCM,
1897      SSL_AEAD,
1898      SSL_TLSV1_2,
1899      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1900      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1901      256,
1902      256,
1903      },
1904 
1905     /* Cipher 9E */
1906     {
1907      1,
1908      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1909      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1910      SSL_kEDH,
1911      SSL_aRSA,
1912      SSL_AES128GCM,
1913      SSL_AEAD,
1914      SSL_TLSV1_2,
1915      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1916      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1917      128,
1918      128,
1919      },
1920 
1921     /* Cipher 9F */
1922     {
1923      1,
1924      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1925      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1926      SSL_kEDH,
1927      SSL_aRSA,
1928      SSL_AES256GCM,
1929      SSL_AEAD,
1930      SSL_TLSV1_2,
1931      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1932      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1933      256,
1934      256,
1935      },
1936 
1937     /* Cipher A0 */
1938     {
1939      1,
1940      TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1941      TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1942      SSL_kDHr,
1943      SSL_aDH,
1944      SSL_AES128GCM,
1945      SSL_AEAD,
1946      SSL_TLSV1_2,
1947      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1948      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1949      128,
1950      128,
1951      },
1952 
1953     /* Cipher A1 */
1954     {
1955      1,
1956      TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1957      TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1958      SSL_kDHr,
1959      SSL_aDH,
1960      SSL_AES256GCM,
1961      SSL_AEAD,
1962      SSL_TLSV1_2,
1963      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1964      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1965      256,
1966      256,
1967      },
1968 
1969     /* Cipher A2 */
1970     {
1971      1,
1972      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1973      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1974      SSL_kEDH,
1975      SSL_aDSS,
1976      SSL_AES128GCM,
1977      SSL_AEAD,
1978      SSL_TLSV1_2,
1979      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1980      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1981      128,
1982      128,
1983      },
1984 
1985     /* Cipher A3 */
1986     {
1987      1,
1988      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1989      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1990      SSL_kEDH,
1991      SSL_aDSS,
1992      SSL_AES256GCM,
1993      SSL_AEAD,
1994      SSL_TLSV1_2,
1995      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1996      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1997      256,
1998      256,
1999      },
2000 
2001     /* Cipher A4 */
2002     {
2003      1,
2004      TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
2005      TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
2006      SSL_kDHd,
2007      SSL_aDH,
2008      SSL_AES128GCM,
2009      SSL_AEAD,
2010      SSL_TLSV1_2,
2011      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2012      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2013      128,
2014      128,
2015      },
2016 
2017     /* Cipher A5 */
2018     {
2019      1,
2020      TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
2021      TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
2022      SSL_kDHd,
2023      SSL_aDH,
2024      SSL_AES256GCM,
2025      SSL_AEAD,
2026      SSL_TLSV1_2,
2027      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2028      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2029      256,
2030      256,
2031      },
2032 
2033     /* Cipher A6 */
2034     {
2035      1,
2036      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
2037      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
2038      SSL_kEDH,
2039      SSL_aNULL,
2040      SSL_AES128GCM,
2041      SSL_AEAD,
2042      SSL_TLSV1_2,
2043      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2044      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2045      128,
2046      128,
2047      },
2048 
2049     /* Cipher A7 */
2050     {
2051      1,
2052      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2053      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2054      SSL_kEDH,
2055      SSL_aNULL,
2056      SSL_AES256GCM,
2057      SSL_AEAD,
2058      SSL_TLSV1_2,
2059      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2060      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2061      256,
2062      256,
2063      },
2064 #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
2065     {
2066      1,
2067      "SCSV",
2068      SSL3_CK_SCSV,
2069      0,
2070      0,
2071      0,
2072      0,
2073      0,
2074      0,
2075      0,
2076      0,
2077      0},
2078 #endif
2079 
2080 #ifndef OPENSSL_NO_ECDH
2081     /* Cipher C001 */
2082     {
2083      1,
2084      TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2085      TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2086      SSL_kECDHe,
2087      SSL_aECDH,
2088      SSL_eNULL,
2089      SSL_SHA1,
2090      SSL_TLSV1,
2091      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2092      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2093      0,
2094      0,
2095      },
2096 
2097     /* Cipher C002 */
2098     {
2099      1,
2100      TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2101      TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2102      SSL_kECDHe,
2103      SSL_aECDH,
2104      SSL_RC4,
2105      SSL_SHA1,
2106      SSL_TLSV1,
2107      SSL_NOT_EXP | SSL_MEDIUM,
2108      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2109      128,
2110      128,
2111      },
2112 
2113     /* Cipher C003 */
2114     {
2115      1,
2116      TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2117      TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2118      SSL_kECDHe,
2119      SSL_aECDH,
2120      SSL_3DES,
2121      SSL_SHA1,
2122      SSL_TLSV1,
2123      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
2124      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2125      112,
2126      168,
2127      },
2128 
2129     /* Cipher C004 */
2130     {
2131      1,
2132      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2133      TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2134      SSL_kECDHe,
2135      SSL_aECDH,
2136      SSL_AES128,
2137      SSL_SHA1,
2138      SSL_TLSV1,
2139      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2140      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2141      128,
2142      128,
2143      },
2144 
2145     /* Cipher C005 */
2146     {
2147      1,
2148      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2149      TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2150      SSL_kECDHe,
2151      SSL_aECDH,
2152      SSL_AES256,
2153      SSL_SHA1,
2154      SSL_TLSV1,
2155      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2156      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2157      256,
2158      256,
2159      },
2160 
2161     /* Cipher C006 */
2162     {
2163      1,
2164      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2165      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2166      SSL_kEECDH,
2167      SSL_aECDSA,
2168      SSL_eNULL,
2169      SSL_SHA1,
2170      SSL_TLSV1,
2171      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2172      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2173      0,
2174      0,
2175      },
2176 
2177     /* Cipher C007 */
2178     {
2179      1,
2180      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2181      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2182      SSL_kEECDH,
2183      SSL_aECDSA,
2184      SSL_RC4,
2185      SSL_SHA1,
2186      SSL_TLSV1,
2187      SSL_NOT_EXP | SSL_MEDIUM,
2188      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2189      128,
2190      128,
2191      },
2192 
2193     /* Cipher C008 */
2194     {
2195      1,
2196      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2197      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2198      SSL_kEECDH,
2199      SSL_aECDSA,
2200      SSL_3DES,
2201      SSL_SHA1,
2202      SSL_TLSV1,
2203      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
2204      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2205      112,
2206      168,
2207      },
2208 
2209     /* Cipher C009 */
2210     {
2211      1,
2212      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2213      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2214      SSL_kEECDH,
2215      SSL_aECDSA,
2216      SSL_AES128,
2217      SSL_SHA1,
2218      SSL_TLSV1,
2219      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2220      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2221      128,
2222      128,
2223      },
2224 
2225     /* Cipher C00A */
2226     {
2227      1,
2228      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2229      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2230      SSL_kEECDH,
2231      SSL_aECDSA,
2232      SSL_AES256,
2233      SSL_SHA1,
2234      SSL_TLSV1,
2235      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2236      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2237      256,
2238      256,
2239      },
2240 
2241     /* Cipher C00B */
2242     {
2243      1,
2244      TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2245      TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2246      SSL_kECDHr,
2247      SSL_aECDH,
2248      SSL_eNULL,
2249      SSL_SHA1,
2250      SSL_TLSV1,
2251      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2252      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2253      0,
2254      0,
2255      },
2256 
2257     /* Cipher C00C */
2258     {
2259      1,
2260      TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2261      TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2262      SSL_kECDHr,
2263      SSL_aECDH,
2264      SSL_RC4,
2265      SSL_SHA1,
2266      SSL_TLSV1,
2267      SSL_NOT_EXP | SSL_MEDIUM,
2268      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2269      128,
2270      128,
2271      },
2272 
2273     /* Cipher C00D */
2274     {
2275      1,
2276      TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2277      TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2278      SSL_kECDHr,
2279      SSL_aECDH,
2280      SSL_3DES,
2281      SSL_SHA1,
2282      SSL_TLSV1,
2283      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
2284      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2285      112,
2286      168,
2287      },
2288 
2289     /* Cipher C00E */
2290     {
2291      1,
2292      TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2293      TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2294      SSL_kECDHr,
2295      SSL_aECDH,
2296      SSL_AES128,
2297      SSL_SHA1,
2298      SSL_TLSV1,
2299      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2300      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2301      128,
2302      128,
2303      },
2304 
2305     /* Cipher C00F */
2306     {
2307      1,
2308      TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2309      TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2310      SSL_kECDHr,
2311      SSL_aECDH,
2312      SSL_AES256,
2313      SSL_SHA1,
2314      SSL_TLSV1,
2315      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2316      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2317      256,
2318      256,
2319      },
2320 
2321     /* Cipher C010 */
2322     {
2323      1,
2324      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2325      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2326      SSL_kEECDH,
2327      SSL_aRSA,
2328      SSL_eNULL,
2329      SSL_SHA1,
2330      SSL_TLSV1,
2331      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2332      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2333      0,
2334      0,
2335      },
2336 
2337     /* Cipher C011 */
2338     {
2339      1,
2340      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2341      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2342      SSL_kEECDH,
2343      SSL_aRSA,
2344      SSL_RC4,
2345      SSL_SHA1,
2346      SSL_TLSV1,
2347      SSL_NOT_EXP | SSL_MEDIUM,
2348      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2349      128,
2350      128,
2351      },
2352 
2353     /* Cipher C012 */
2354     {
2355      1,
2356      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2357      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2358      SSL_kEECDH,
2359      SSL_aRSA,
2360      SSL_3DES,
2361      SSL_SHA1,
2362      SSL_TLSV1,
2363      SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
2364      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2365      112,
2366      168,
2367      },
2368 
2369     /* Cipher C013 */
2370     {
2371      1,
2372      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2373      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2374      SSL_kEECDH,
2375      SSL_aRSA,
2376      SSL_AES128,
2377      SSL_SHA1,
2378      SSL_TLSV1,
2379      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2380      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2381      128,
2382      128,
2383      },
2384 
2385     /* Cipher C014 */
2386     {
2387      1,
2388      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2389      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2390      SSL_kEECDH,
2391      SSL_aRSA,
2392      SSL_AES256,
2393      SSL_SHA1,
2394      SSL_TLSV1,
2395      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2396      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2397      256,
2398      256,
2399      },
2400 
2401     /* Cipher C015 */
2402     {
2403      1,
2404      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2405      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2406      SSL_kEECDH,
2407      SSL_aNULL,
2408      SSL_eNULL,
2409      SSL_SHA1,
2410      SSL_TLSV1,
2411      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2412      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2413      0,
2414      0,
2415      },
2416 
2417     /* Cipher C016 */
2418     {
2419      1,
2420      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2421      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2422      SSL_kEECDH,
2423      SSL_aNULL,
2424      SSL_RC4,
2425      SSL_SHA1,
2426      SSL_TLSV1,
2427      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
2428      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2429      128,
2430      128,
2431      },
2432 
2433     /* Cipher C017 */
2434     {
2435      1,
2436      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2437      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2438      SSL_kEECDH,
2439      SSL_aNULL,
2440      SSL_3DES,
2441      SSL_SHA1,
2442      SSL_TLSV1,
2443      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
2444      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2445      112,
2446      168,
2447      },
2448 
2449     /* Cipher C018 */
2450     {
2451      1,
2452      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2453      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2454      SSL_kEECDH,
2455      SSL_aNULL,
2456      SSL_AES128,
2457      SSL_SHA1,
2458      SSL_TLSV1,
2459      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2460      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2461      128,
2462      128,
2463      },
2464 
2465     /* Cipher C019 */
2466     {
2467      1,
2468      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2469      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2470      SSL_kEECDH,
2471      SSL_aNULL,
2472      SSL_AES256,
2473      SSL_SHA1,
2474      SSL_TLSV1,
2475      SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2476      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2477      256,
2478      256,
2479      },
2480 #endif                          /* OPENSSL_NO_ECDH */
2481 
2482 #ifndef OPENSSL_NO_SRP
2483     /* Cipher C01A */
2484     {
2485      1,
2486      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2487      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2488      SSL_kSRP,
2489      SSL_aSRP,
2490      SSL_3DES,
2491      SSL_SHA1,
2492      SSL_TLSV1,
2493      SSL_NOT_EXP | SSL_MEDIUM,
2494      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2495      112,
2496      168,
2497      },
2498 
2499     /* Cipher C01B */
2500     {
2501      1,
2502      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2503      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2504      SSL_kSRP,
2505      SSL_aRSA,
2506      SSL_3DES,
2507      SSL_SHA1,
2508      SSL_TLSV1,
2509      SSL_NOT_EXP | SSL_MEDIUM,
2510      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2511      112,
2512      168,
2513      },
2514 
2515     /* Cipher C01C */
2516     {
2517      1,
2518      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2519      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2520      SSL_kSRP,
2521      SSL_aDSS,
2522      SSL_3DES,
2523      SSL_SHA1,
2524      SSL_TLSV1,
2525      SSL_NOT_EXP | SSL_MEDIUM,
2526      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2527      112,
2528      168,
2529      },
2530 
2531     /* Cipher C01D */
2532     {
2533      1,
2534      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2535      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2536      SSL_kSRP,
2537      SSL_aSRP,
2538      SSL_AES128,
2539      SSL_SHA1,
2540      SSL_TLSV1,
2541      SSL_NOT_EXP | SSL_HIGH,
2542      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2543      128,
2544      128,
2545      },
2546 
2547     /* Cipher C01E */
2548     {
2549      1,
2550      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2551      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2552      SSL_kSRP,
2553      SSL_aRSA,
2554      SSL_AES128,
2555      SSL_SHA1,
2556      SSL_TLSV1,
2557      SSL_NOT_EXP | SSL_HIGH,
2558      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2559      128,
2560      128,
2561      },
2562 
2563     /* Cipher C01F */
2564     {
2565      1,
2566      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2567      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2568      SSL_kSRP,
2569      SSL_aDSS,
2570      SSL_AES128,
2571      SSL_SHA1,
2572      SSL_TLSV1,
2573      SSL_NOT_EXP | SSL_HIGH,
2574      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2575      128,
2576      128,
2577      },
2578 
2579     /* Cipher C020 */
2580     {
2581      1,
2582      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2583      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2584      SSL_kSRP,
2585      SSL_aSRP,
2586      SSL_AES256,
2587      SSL_SHA1,
2588      SSL_TLSV1,
2589      SSL_NOT_EXP | SSL_HIGH,
2590      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2591      256,
2592      256,
2593      },
2594 
2595     /* Cipher C021 */
2596     {
2597      1,
2598      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2599      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2600      SSL_kSRP,
2601      SSL_aRSA,
2602      SSL_AES256,
2603      SSL_SHA1,
2604      SSL_TLSV1,
2605      SSL_NOT_EXP | SSL_HIGH,
2606      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2607      256,
2608      256,
2609      },
2610 
2611     /* Cipher C022 */
2612     {
2613      1,
2614      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2615      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2616      SSL_kSRP,
2617      SSL_aDSS,
2618      SSL_AES256,
2619      SSL_SHA1,
2620      SSL_TLSV1,
2621      SSL_NOT_EXP | SSL_HIGH,
2622      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2623      256,
2624      256,
2625      },
2626 #endif                          /* OPENSSL_NO_SRP */
2627 #ifndef OPENSSL_NO_ECDH
2628 
2629     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2630 
2631     /* Cipher C023 */
2632     {
2633      1,
2634      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2635      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2636      SSL_kEECDH,
2637      SSL_aECDSA,
2638      SSL_AES128,
2639      SSL_SHA256,
2640      SSL_TLSV1_2,
2641      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2642      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2643      128,
2644      128,
2645      },
2646 
2647     /* Cipher C024 */
2648     {
2649      1,
2650      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2651      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2652      SSL_kEECDH,
2653      SSL_aECDSA,
2654      SSL_AES256,
2655      SSL_SHA384,
2656      SSL_TLSV1_2,
2657      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2658      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2659      256,
2660      256,
2661      },
2662 
2663     /* Cipher C025 */
2664     {
2665      1,
2666      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2667      TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2668      SSL_kECDHe,
2669      SSL_aECDH,
2670      SSL_AES128,
2671      SSL_SHA256,
2672      SSL_TLSV1_2,
2673      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2674      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2675      128,
2676      128,
2677      },
2678 
2679     /* Cipher C026 */
2680     {
2681      1,
2682      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2683      TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2684      SSL_kECDHe,
2685      SSL_aECDH,
2686      SSL_AES256,
2687      SSL_SHA384,
2688      SSL_TLSV1_2,
2689      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2690      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2691      256,
2692      256,
2693      },
2694 
2695     /* Cipher C027 */
2696     {
2697      1,
2698      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2699      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2700      SSL_kEECDH,
2701      SSL_aRSA,
2702      SSL_AES128,
2703      SSL_SHA256,
2704      SSL_TLSV1_2,
2705      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2706      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2707      128,
2708      128,
2709      },
2710 
2711     /* Cipher C028 */
2712     {
2713      1,
2714      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2715      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2716      SSL_kEECDH,
2717      SSL_aRSA,
2718      SSL_AES256,
2719      SSL_SHA384,
2720      SSL_TLSV1_2,
2721      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2722      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2723      256,
2724      256,
2725      },
2726 
2727     /* Cipher C029 */
2728     {
2729      1,
2730      TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2731      TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2732      SSL_kECDHr,
2733      SSL_aECDH,
2734      SSL_AES128,
2735      SSL_SHA256,
2736      SSL_TLSV1_2,
2737      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2738      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2739      128,
2740      128,
2741      },
2742 
2743     /* Cipher C02A */
2744     {
2745      1,
2746      TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2747      TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2748      SSL_kECDHr,
2749      SSL_aECDH,
2750      SSL_AES256,
2751      SSL_SHA384,
2752      SSL_TLSV1_2,
2753      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2754      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2755      256,
2756      256,
2757      },
2758 
2759     /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2760 
2761     /* Cipher C02B */
2762     {
2763      1,
2764      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2765      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2766      SSL_kEECDH,
2767      SSL_aECDSA,
2768      SSL_AES128GCM,
2769      SSL_AEAD,
2770      SSL_TLSV1_2,
2771      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2772      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2773      128,
2774      128,
2775      },
2776 
2777     /* Cipher C02C */
2778     {
2779      1,
2780      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2781      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2782      SSL_kEECDH,
2783      SSL_aECDSA,
2784      SSL_AES256GCM,
2785      SSL_AEAD,
2786      SSL_TLSV1_2,
2787      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2788      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2789      256,
2790      256,
2791      },
2792 
2793     /* Cipher C02D */
2794     {
2795      1,
2796      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2797      TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2798      SSL_kECDHe,
2799      SSL_aECDH,
2800      SSL_AES128GCM,
2801      SSL_AEAD,
2802      SSL_TLSV1_2,
2803      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2804      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2805      128,
2806      128,
2807      },
2808 
2809     /* Cipher C02E */
2810     {
2811      1,
2812      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2813      TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2814      SSL_kECDHe,
2815      SSL_aECDH,
2816      SSL_AES256GCM,
2817      SSL_AEAD,
2818      SSL_TLSV1_2,
2819      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2820      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2821      256,
2822      256,
2823      },
2824 
2825     /* Cipher C02F */
2826     {
2827      1,
2828      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2829      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2830      SSL_kEECDH,
2831      SSL_aRSA,
2832      SSL_AES128GCM,
2833      SSL_AEAD,
2834      SSL_TLSV1_2,
2835      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2836      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2837      128,
2838      128,
2839      },
2840 
2841     /* Cipher C030 */
2842     {
2843      1,
2844      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2845      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2846      SSL_kEECDH,
2847      SSL_aRSA,
2848      SSL_AES256GCM,
2849      SSL_AEAD,
2850      SSL_TLSV1_2,
2851      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2852      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2853      256,
2854      256,
2855      },
2856 
2857     /* Cipher C031 */
2858     {
2859      1,
2860      TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2861      TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2862      SSL_kECDHr,
2863      SSL_aECDH,
2864      SSL_AES128GCM,
2865      SSL_AEAD,
2866      SSL_TLSV1_2,
2867      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2868      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2869      128,
2870      128,
2871      },
2872 
2873     /* Cipher C032 */
2874     {
2875      1,
2876      TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2877      TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2878      SSL_kECDHr,
2879      SSL_aECDH,
2880      SSL_AES256GCM,
2881      SSL_AEAD,
2882      SSL_TLSV1_2,
2883      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2884      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2885      256,
2886      256,
2887      },
2888 
2889 #endif                          /* OPENSSL_NO_ECDH */
2890 
2891 #ifdef TEMP_GOST_TLS
2892 /* Cipher FF00 */
2893     {
2894      1,
2895      "GOST-MD5",
2896      0x0300ff00,
2897      SSL_kRSA,
2898      SSL_aRSA,
2899      SSL_eGOST2814789CNT,
2900      SSL_MD5,
2901      SSL_TLSV1,
2902      SSL_NOT_EXP | SSL_HIGH,
2903      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2904      256,
2905      256,
2906      },
2907     {
2908      1,
2909      "GOST-GOST94",
2910      0x0300ff01,
2911      SSL_kRSA,
2912      SSL_aRSA,
2913      SSL_eGOST2814789CNT,
2914      SSL_GOST94,
2915      SSL_TLSV1,
2916      SSL_NOT_EXP | SSL_HIGH,
2917      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2918      256,
2919      256},
2920     {
2921      1,
2922      "GOST-GOST89MAC",
2923      0x0300ff02,
2924      SSL_kRSA,
2925      SSL_aRSA,
2926      SSL_eGOST2814789CNT,
2927      SSL_GOST89MAC,
2928      SSL_TLSV1,
2929      SSL_NOT_EXP | SSL_HIGH,
2930      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2931      256,
2932      256},
2933     {
2934      1,
2935      "GOST-GOST89STREAM",
2936      0x0300ff03,
2937      SSL_kRSA,
2938      SSL_aRSA,
2939      SSL_eGOST2814789CNT,
2940      SSL_GOST89MAC,
2941      SSL_TLSV1,
2942      SSL_NOT_EXP | SSL_HIGH,
2943      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
2944      256,
2945      256},
2946 #endif
2947 
2948 /* end of list */
2949 };
2950 
2951 SSL3_ENC_METHOD SSLv3_enc_data = {
2952     ssl3_enc,
2953     n_ssl3_mac,
2954     ssl3_setup_key_block,
2955     ssl3_generate_master_secret,
2956     ssl3_change_cipher_state,
2957     ssl3_final_finish_mac,
2958     MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2959     ssl3_cert_verify_mac,
2960     SSL3_MD_CLIENT_FINISHED_CONST, 4,
2961     SSL3_MD_SERVER_FINISHED_CONST, 4,
2962     ssl3_alert_code,
2963     (int (*)(SSL *, unsigned char *, size_t, const char *,
2964              size_t, const unsigned char *, size_t,
2965              int use_context))ssl_undefined_function,
2966     0,
2967     SSL3_HM_HEADER_LENGTH,
2968     ssl3_set_handshake_header,
2969     ssl3_handshake_write
2970 };
2971 
2972 long ssl3_default_timeout(void)
2973 {
2974     /*
2975      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2976      * http, the cache would over fill
2977      */
2978     return (60 * 60 * 2);
2979 }
2980 
2981 int ssl3_num_ciphers(void)
2982 {
2983     return (SSL3_NUM_CIPHERS);
2984 }
2985 
2986 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2987 {
2988     if (u < SSL3_NUM_CIPHERS)
2989         return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2990     else
2991         return (NULL);
2992 }
2993 
2994 int ssl3_pending(const SSL *s)
2995 {
2996     if (s->rstate == SSL_ST_READ_BODY)
2997         return 0;
2998 
2999     return (s->s3->rrec.type ==
3000             SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
3001 }
3002 
3003 void ssl3_set_handshake_header(SSL *s, int htype, unsigned long len)
3004 {
3005     unsigned char *p = (unsigned char *)s->init_buf->data;
3006     *(p++) = htype;
3007     l2n3(len, p);
3008     s->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
3009     s->init_off = 0;
3010 }
3011 
3012 int ssl3_handshake_write(SSL *s)
3013 {
3014     return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3015 }
3016 
3017 int ssl3_new(SSL *s)
3018 {
3019     SSL3_STATE *s3;
3020 
3021     if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
3022         goto err;
3023     memset(s3, 0, sizeof *s3);
3024     memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
3025     memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
3026 
3027     s->s3 = s3;
3028 
3029 #ifndef OPENSSL_NO_SRP
3030     SSL_SRP_CTX_init(s);
3031 #endif
3032     s->method->ssl_clear(s);
3033     return (1);
3034  err:
3035     return (0);
3036 }
3037 
3038 void ssl3_free(SSL *s)
3039 {
3040     if (s == NULL || s->s3 == NULL)
3041         return;
3042 
3043 #ifdef TLSEXT_TYPE_opaque_prf_input
3044     if (s->s3->client_opaque_prf_input != NULL)
3045         OPENSSL_free(s->s3->client_opaque_prf_input);
3046     if (s->s3->server_opaque_prf_input != NULL)
3047         OPENSSL_free(s->s3->server_opaque_prf_input);
3048 #endif
3049 
3050     ssl3_cleanup_key_block(s);
3051     if (s->s3->rbuf.buf != NULL)
3052         ssl3_release_read_buffer(s);
3053     if (s->s3->wbuf.buf != NULL)
3054         ssl3_release_write_buffer(s);
3055     if (s->s3->rrec.comp != NULL)
3056         OPENSSL_free(s->s3->rrec.comp);
3057 #ifndef OPENSSL_NO_DH
3058     if (s->s3->tmp.dh != NULL)
3059         DH_free(s->s3->tmp.dh);
3060 #endif
3061 #ifndef OPENSSL_NO_ECDH
3062     if (s->s3->tmp.ecdh != NULL)
3063         EC_KEY_free(s->s3->tmp.ecdh);
3064 #endif
3065 
3066     if (s->s3->tmp.ca_names != NULL)
3067         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3068     if (s->s3->handshake_buffer) {
3069         BIO_free(s->s3->handshake_buffer);
3070     }
3071     if (s->s3->handshake_dgst)
3072         ssl3_free_digest_list(s);
3073 #ifndef OPENSSL_NO_TLSEXT
3074     if (s->s3->alpn_selected)
3075         OPENSSL_free(s->s3->alpn_selected);
3076 #endif
3077 
3078 #ifndef OPENSSL_NO_SRP
3079     SSL_SRP_CTX_free(s);
3080 #endif
3081     OPENSSL_cleanse(s->s3, sizeof *s->s3);
3082     OPENSSL_free(s->s3);
3083     s->s3 = NULL;
3084 }
3085 
3086 void ssl3_clear(SSL *s)
3087 {
3088     unsigned char *rp, *wp;
3089     size_t rlen, wlen;
3090     int init_extra;
3091 
3092 #ifdef TLSEXT_TYPE_opaque_prf_input
3093     if (s->s3->client_opaque_prf_input != NULL)
3094         OPENSSL_free(s->s3->client_opaque_prf_input);
3095     s->s3->client_opaque_prf_input = NULL;
3096     if (s->s3->server_opaque_prf_input != NULL)
3097         OPENSSL_free(s->s3->server_opaque_prf_input);
3098     s->s3->server_opaque_prf_input = NULL;
3099 #endif
3100 
3101     ssl3_cleanup_key_block(s);
3102     if (s->s3->tmp.ca_names != NULL)
3103         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3104 
3105     if (s->s3->rrec.comp != NULL) {
3106         OPENSSL_free(s->s3->rrec.comp);
3107         s->s3->rrec.comp = NULL;
3108     }
3109 #ifndef OPENSSL_NO_DH
3110     if (s->s3->tmp.dh != NULL) {
3111         DH_free(s->s3->tmp.dh);
3112         s->s3->tmp.dh = NULL;
3113     }
3114 #endif
3115 #ifndef OPENSSL_NO_ECDH
3116     if (s->s3->tmp.ecdh != NULL) {
3117         EC_KEY_free(s->s3->tmp.ecdh);
3118         s->s3->tmp.ecdh = NULL;
3119     }
3120 #endif
3121 #ifndef OPENSSL_NO_TLSEXT
3122 # ifndef OPENSSL_NO_EC
3123     s->s3->is_probably_safari = 0;
3124 # endif                         /* !OPENSSL_NO_EC */
3125 #endif                          /* !OPENSSL_NO_TLSEXT */
3126 
3127     rp = s->s3->rbuf.buf;
3128     wp = s->s3->wbuf.buf;
3129     rlen = s->s3->rbuf.len;
3130     wlen = s->s3->wbuf.len;
3131     init_extra = s->s3->init_extra;
3132     if (s->s3->handshake_buffer) {
3133         BIO_free(s->s3->handshake_buffer);
3134         s->s3->handshake_buffer = NULL;
3135     }
3136     if (s->s3->handshake_dgst) {
3137         ssl3_free_digest_list(s);
3138     }
3139 #if !defined(OPENSSL_NO_TLSEXT)
3140     if (s->s3->alpn_selected) {
3141         OPENSSL_free(s->s3->alpn_selected);
3142         s->s3->alpn_selected = NULL;
3143     }
3144 #endif
3145     memset(s->s3, 0, sizeof *s->s3);
3146     s->s3->rbuf.buf = rp;
3147     s->s3->wbuf.buf = wp;
3148     s->s3->rbuf.len = rlen;
3149     s->s3->wbuf.len = wlen;
3150     s->s3->init_extra = init_extra;
3151 
3152     ssl_free_wbio_buffer(s);
3153 
3154     s->packet_length = 0;
3155     s->s3->renegotiate = 0;
3156     s->s3->total_renegotiations = 0;
3157     s->s3->num_renegotiations = 0;
3158     s->s3->in_read_app_data = 0;
3159     s->version = SSL3_VERSION;
3160 
3161 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3162     if (s->next_proto_negotiated) {
3163         OPENSSL_free(s->next_proto_negotiated);
3164         s->next_proto_negotiated = NULL;
3165         s->next_proto_negotiated_len = 0;
3166     }
3167 #endif
3168 }
3169 
3170 #ifndef OPENSSL_NO_SRP
3171 static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3172 {
3173     return BUF_strdup(s->srp_ctx.info);
3174 }
3175 #endif
3176 
3177 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p,
3178                                   size_t len);
3179 
3180 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3181 {
3182     int ret = 0;
3183 
3184 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3185     if (
3186 # ifndef OPENSSL_NO_RSA
3187            cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3188 # endif
3189 # ifndef OPENSSL_NO_DSA
3190            cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
3191 # endif
3192            0) {
3193         if (!ssl_cert_inst(&s->cert)) {
3194             SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3195             return (0);
3196         }
3197     }
3198 #endif
3199 
3200     switch (cmd) {
3201     case SSL_CTRL_GET_SESSION_REUSED:
3202         ret = s->hit;
3203         break;
3204     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3205         break;
3206     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3207         ret = s->s3->num_renegotiations;
3208         break;
3209     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3210         ret = s->s3->num_renegotiations;
3211         s->s3->num_renegotiations = 0;
3212         break;
3213     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3214         ret = s->s3->total_renegotiations;
3215         break;
3216     case SSL_CTRL_GET_FLAGS:
3217         ret = (int)(s->s3->flags);
3218         break;
3219 #ifndef OPENSSL_NO_RSA
3220     case SSL_CTRL_NEED_TMP_RSA:
3221         if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3222             ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3223              (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3224               (512 / 8))))
3225             ret = 1;
3226         break;
3227     case SSL_CTRL_SET_TMP_RSA:
3228         {
3229             RSA *rsa = (RSA *)parg;
3230             if (rsa == NULL) {
3231                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3232                 return (ret);
3233             }
3234             if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3235                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3236                 return (ret);
3237             }
3238             if (s->cert->rsa_tmp != NULL)
3239                 RSA_free(s->cert->rsa_tmp);
3240             s->cert->rsa_tmp = rsa;
3241             ret = 1;
3242         }
3243         break;
3244     case SSL_CTRL_SET_TMP_RSA_CB:
3245         {
3246             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3247             return (ret);
3248         }
3249         break;
3250 #endif
3251 #ifndef OPENSSL_NO_DH
3252     case SSL_CTRL_SET_TMP_DH:
3253         {
3254             DH *dh = (DH *)parg;
3255             if (dh == NULL) {
3256                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3257                 return (ret);
3258             }
3259             if ((dh = DHparams_dup(dh)) == NULL) {
3260                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3261                 return (ret);
3262             }
3263             if (s->cert->dh_tmp != NULL)
3264                 DH_free(s->cert->dh_tmp);
3265             s->cert->dh_tmp = dh;
3266             ret = 1;
3267         }
3268         break;
3269     case SSL_CTRL_SET_TMP_DH_CB:
3270         {
3271             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3272             return (ret);
3273         }
3274         break;
3275 #endif
3276 #ifndef OPENSSL_NO_ECDH
3277     case SSL_CTRL_SET_TMP_ECDH:
3278         {
3279             EC_KEY *ecdh = NULL;
3280 
3281             if (parg == NULL) {
3282                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3283                 return (ret);
3284             }
3285             if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3286                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3287                 return (ret);
3288             }
3289             ecdh = (EC_KEY *)parg;
3290             if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3291                 if (!EC_KEY_generate_key(ecdh)) {
3292                     EC_KEY_free(ecdh);
3293                     SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3294                     return (ret);
3295                 }
3296             }
3297             if (s->cert->ecdh_tmp != NULL)
3298                 EC_KEY_free(s->cert->ecdh_tmp);
3299             s->cert->ecdh_tmp = ecdh;
3300             ret = 1;
3301         }
3302         break;
3303     case SSL_CTRL_SET_TMP_ECDH_CB:
3304         {
3305             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3306             return (ret);
3307         }
3308         break;
3309 #endif                          /* !OPENSSL_NO_ECDH */
3310 #ifndef OPENSSL_NO_TLSEXT
3311     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3312         if (larg == TLSEXT_NAMETYPE_host_name) {
3313             size_t len;
3314 
3315             if (s->tlsext_hostname != NULL)
3316                 OPENSSL_free(s->tlsext_hostname);
3317             s->tlsext_hostname = NULL;
3318 
3319             ret = 1;
3320             if (parg == NULL)
3321                 break;
3322             len = strlen((char *)parg);
3323             if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
3324                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3325                 return 0;
3326             }
3327             if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3328                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3329                 return 0;
3330             }
3331         } else {
3332             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3333             return 0;
3334         }
3335         break;
3336     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3337         s->tlsext_debug_arg = parg;
3338         ret = 1;
3339         break;
3340 
3341 # ifdef TLSEXT_TYPE_opaque_prf_input
3342     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3343         if (larg > 12288) {     /* actual internal limit is 2^16 for the
3344                                  * complete hello message * (including the
3345                                  * cert chain and everything) */
3346             SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3347             break;
3348         }
3349         if (s->tlsext_opaque_prf_input != NULL)
3350             OPENSSL_free(s->tlsext_opaque_prf_input);
3351         if ((size_t)larg == 0)
3352             s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
3353                                                              * just to get
3354                                                              * non-NULL */
3355         else
3356             s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3357         if (s->tlsext_opaque_prf_input != NULL) {
3358             s->tlsext_opaque_prf_input_len = (size_t)larg;
3359             ret = 1;
3360         } else
3361             s->tlsext_opaque_prf_input_len = 0;
3362         break;
3363 # endif
3364 
3365     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3366         s->tlsext_status_type = larg;
3367         ret = 1;
3368         break;
3369 
3370     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3371         *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3372         ret = 1;
3373         break;
3374 
3375     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3376         s->tlsext_ocsp_exts = parg;
3377         ret = 1;
3378         break;
3379 
3380     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3381         *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3382         ret = 1;
3383         break;
3384 
3385     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3386         s->tlsext_ocsp_ids = parg;
3387         ret = 1;
3388         break;
3389 
3390     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3391         *(unsigned char **)parg = s->tlsext_ocsp_resp;
3392         return s->tlsext_ocsp_resplen;
3393 
3394     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3395         if (s->tlsext_ocsp_resp)
3396             OPENSSL_free(s->tlsext_ocsp_resp);
3397         s->tlsext_ocsp_resp = parg;
3398         s->tlsext_ocsp_resplen = larg;
3399         ret = 1;
3400         break;
3401 
3402 # ifndef OPENSSL_NO_HEARTBEATS
3403     case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3404         if (SSL_IS_DTLS(s))
3405             ret = dtls1_heartbeat(s);
3406         else
3407             ret = tls1_heartbeat(s);
3408         break;
3409 
3410     case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3411         ret = s->tlsext_hb_pending;
3412         break;
3413 
3414     case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3415         if (larg)
3416             s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3417         else
3418             s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3419         ret = 1;
3420         break;
3421 # endif
3422 
3423 #endif                          /* !OPENSSL_NO_TLSEXT */
3424 
3425     case SSL_CTRL_CHAIN:
3426         if (larg)
3427             return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
3428         else
3429             return ssl_cert_set0_chain(s->cert, (STACK_OF(X509) *)parg);
3430 
3431     case SSL_CTRL_CHAIN_CERT:
3432         if (larg)
3433             return ssl_cert_add1_chain_cert(s->cert, (X509 *)parg);
3434         else
3435             return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
3436 
3437     case SSL_CTRL_GET_CHAIN_CERTS:
3438         *(STACK_OF(X509) **)parg = s->cert->key->chain;
3439         break;
3440 
3441     case SSL_CTRL_SELECT_CURRENT_CERT:
3442         return ssl_cert_select_current(s->cert, (X509 *)parg);
3443 
3444     case SSL_CTRL_SET_CURRENT_CERT:
3445         if (larg == SSL_CERT_SET_SERVER) {
3446             CERT_PKEY *cpk;
3447             const SSL_CIPHER *cipher;
3448             if (!s->server)
3449                 return 0;
3450             cipher = s->s3->tmp.new_cipher;
3451             if (!cipher)
3452                 return 0;
3453             /*
3454              * No certificate for unauthenticated ciphersuites or using SRP
3455              * authentication
3456              */
3457             if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
3458                 return 2;
3459             cpk = ssl_get_server_send_pkey(s);
3460             if (!cpk)
3461                 return 0;
3462             s->cert->key = cpk;
3463             return 1;
3464         }
3465         return ssl_cert_set_current(s->cert, larg);
3466 
3467 #ifndef OPENSSL_NO_EC
3468     case SSL_CTRL_GET_CURVES:
3469         {
3470             unsigned char *clist;
3471             size_t clistlen;
3472             if (!s->session)
3473                 return 0;
3474             clist = s->session->tlsext_ellipticcurvelist;
3475             clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
3476             if (parg) {
3477                 size_t i;
3478                 int *cptr = parg;
3479                 unsigned int cid, nid;
3480                 for (i = 0; i < clistlen; i++) {
3481                     n2s(clist, cid);
3482                     nid = tls1_ec_curve_id2nid(cid);
3483                     if (nid != 0)
3484                         cptr[i] = nid;
3485                     else
3486                         cptr[i] = TLSEXT_nid_unknown | cid;
3487                 }
3488             }
3489             return (int)clistlen;
3490         }
3491 
3492     case SSL_CTRL_SET_CURVES:
3493         return tls1_set_curves(&s->tlsext_ellipticcurvelist,
3494                                &s->tlsext_ellipticcurvelist_length,
3495                                parg, larg);
3496 
3497     case SSL_CTRL_SET_CURVES_LIST:
3498         return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
3499                                     &s->tlsext_ellipticcurvelist_length,
3500                                     parg);
3501 
3502     case SSL_CTRL_GET_SHARED_CURVE:
3503         return tls1_shared_curve(s, larg);
3504 
3505 # ifndef OPENSSL_NO_ECDH
3506     case SSL_CTRL_SET_ECDH_AUTO:
3507         s->cert->ecdh_tmp_auto = larg;
3508         return 1;
3509 # endif
3510 #endif
3511     case SSL_CTRL_SET_SIGALGS:
3512         return tls1_set_sigalgs(s->cert, parg, larg, 0);
3513 
3514     case SSL_CTRL_SET_SIGALGS_LIST:
3515         return tls1_set_sigalgs_list(s->cert, parg, 0);
3516 
3517     case SSL_CTRL_SET_CLIENT_SIGALGS:
3518         return tls1_set_sigalgs(s->cert, parg, larg, 1);
3519 
3520     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3521         return tls1_set_sigalgs_list(s->cert, parg, 1);
3522 
3523     case SSL_CTRL_GET_CLIENT_CERT_TYPES:
3524         {
3525             const unsigned char **pctype = parg;
3526             if (s->server || !s->s3->tmp.cert_req)
3527                 return 0;
3528             if (s->cert->ctypes) {
3529                 if (pctype)
3530                     *pctype = s->cert->ctypes;
3531                 return (int)s->cert->ctype_num;
3532             }
3533             if (pctype)
3534                 *pctype = (unsigned char *)s->s3->tmp.ctype;
3535             return s->s3->tmp.ctype_num;
3536         }
3537 
3538     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3539         if (!s->server)
3540             return 0;
3541         return ssl3_set_req_cert_type(s->cert, parg, larg);
3542 
3543     case SSL_CTRL_BUILD_CERT_CHAIN:
3544         return ssl_build_cert_chain(s->cert, s->ctx->cert_store, larg);
3545 
3546     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3547         return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
3548 
3549     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3550         return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
3551 
3552     case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3553         if (SSL_USE_SIGALGS(s)) {
3554             if (s->session && s->session->sess_cert) {
3555                 const EVP_MD *sig;
3556                 sig = s->session->sess_cert->peer_key->digest;
3557                 if (sig) {
3558                     *(int *)parg = EVP_MD_type(sig);
3559                     return 1;
3560                 }
3561             }
3562             return 0;
3563         }
3564         /* Might want to do something here for other versions */
3565         else
3566             return 0;
3567 
3568     case SSL_CTRL_GET_SERVER_TMP_KEY:
3569         if (s->server || !s->session || !s->session->sess_cert)
3570             return 0;
3571         else {
3572             SESS_CERT *sc;
3573             EVP_PKEY *ptmp;
3574             int rv = 0;
3575             sc = s->session->sess_cert;
3576 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH)
3577             if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
3578                 return 0;
3579 #endif
3580             ptmp = EVP_PKEY_new();
3581             if (!ptmp)
3582                 return 0;
3583             if (0) ;
3584 #ifndef OPENSSL_NO_RSA
3585             else if (sc->peer_rsa_tmp)
3586                 rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
3587 #endif
3588 #ifndef OPENSSL_NO_DH
3589             else if (sc->peer_dh_tmp)
3590                 rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
3591 #endif
3592 #ifndef OPENSSL_NO_ECDH
3593             else if (sc->peer_ecdh_tmp)
3594                 rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
3595 #endif
3596             if (rv) {
3597                 *(EVP_PKEY **)parg = ptmp;
3598                 return 1;
3599             }
3600             EVP_PKEY_free(ptmp);
3601             return 0;
3602         }
3603 #ifndef OPENSSL_NO_EC
3604     case SSL_CTRL_GET_EC_POINT_FORMATS:
3605         {
3606             SSL_SESSION *sess = s->session;
3607             const unsigned char **pformat = parg;
3608             if (!sess || !sess->tlsext_ecpointformatlist)
3609                 return 0;
3610             *pformat = sess->tlsext_ecpointformatlist;
3611             return (int)sess->tlsext_ecpointformatlist_length;
3612         }
3613 #endif
3614 
3615     case SSL_CTRL_CHECK_PROTO_VERSION:
3616         /*
3617          * For library-internal use; checks that the current protocol is the
3618          * highest enabled version (according to s->ctx->method, as version
3619          * negotiation may have changed s->method).
3620          */
3621         if (s->version == s->ctx->method->version)
3622             return 1;
3623         /*
3624          * Apparently we're using a version-flexible SSL_METHOD (not at its
3625          * highest protocol version).
3626          */
3627         if (s->ctx->method->version == SSLv23_method()->version) {
3628 #if TLS_MAX_VERSION != TLS1_2_VERSION
3629 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3630 #endif
3631             if (!(s->options & SSL_OP_NO_TLSv1_2))
3632                 return s->version == TLS1_2_VERSION;
3633             if (!(s->options & SSL_OP_NO_TLSv1_1))
3634                 return s->version == TLS1_1_VERSION;
3635             if (!(s->options & SSL_OP_NO_TLSv1))
3636                 return s->version == TLS1_VERSION;
3637             if (!(s->options & SSL_OP_NO_SSLv3))
3638                 return s->version == SSL3_VERSION;
3639             if (!(s->options & SSL_OP_NO_SSLv2))
3640                 return s->version == SSL2_VERSION;
3641         }
3642         return 0;               /* Unexpected state; fail closed. */
3643 
3644     default:
3645         break;
3646     }
3647     return (ret);
3648 }
3649 
3650 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3651 {
3652     int ret = 0;
3653 
3654 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3655     if (
3656 # ifndef OPENSSL_NO_RSA
3657            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3658 # endif
3659 # ifndef OPENSSL_NO_DSA
3660            cmd == SSL_CTRL_SET_TMP_DH_CB ||
3661 # endif
3662            0) {
3663         if (!ssl_cert_inst(&s->cert)) {
3664             SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3665             return (0);
3666         }
3667     }
3668 #endif
3669 
3670     switch (cmd) {
3671 #ifndef OPENSSL_NO_RSA
3672     case SSL_CTRL_SET_TMP_RSA_CB:
3673         {
3674             s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3675         }
3676         break;
3677 #endif
3678 #ifndef OPENSSL_NO_DH
3679     case SSL_CTRL_SET_TMP_DH_CB:
3680         {
3681             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3682         }
3683         break;
3684 #endif
3685 #ifndef OPENSSL_NO_ECDH
3686     case SSL_CTRL_SET_TMP_ECDH_CB:
3687         {
3688             s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3689         }
3690         break;
3691 #endif
3692 #ifndef OPENSSL_NO_TLSEXT
3693     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3694         s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3695                                        unsigned char *, int, void *))fp;
3696         break;
3697 #endif
3698     default:
3699         break;
3700     }
3701     return (ret);
3702 }
3703 
3704 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3705 {
3706     CERT *cert;
3707 
3708     cert = ctx->cert;
3709 
3710     switch (cmd) {
3711 #ifndef OPENSSL_NO_RSA
3712     case SSL_CTRL_NEED_TMP_RSA:
3713         if ((cert->rsa_tmp == NULL) &&
3714             ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3715              (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3716               (512 / 8)))
3717             )
3718             return (1);
3719         else
3720             return (0);
3721         /* break; */
3722     case SSL_CTRL_SET_TMP_RSA:
3723         {
3724             RSA *rsa;
3725             int i;
3726 
3727             rsa = (RSA *)parg;
3728             i = 1;
3729             if (rsa == NULL)
3730                 i = 0;
3731             else {
3732                 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3733                     i = 0;
3734             }
3735             if (!i) {
3736                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3737                 return (0);
3738             } else {
3739                 if (cert->rsa_tmp != NULL)
3740                     RSA_free(cert->rsa_tmp);
3741                 cert->rsa_tmp = rsa;
3742                 return (1);
3743             }
3744         }
3745         /* break; */
3746     case SSL_CTRL_SET_TMP_RSA_CB:
3747         {
3748             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3749             return (0);
3750         }
3751         break;
3752 #endif
3753 #ifndef OPENSSL_NO_DH
3754     case SSL_CTRL_SET_TMP_DH:
3755         {
3756             DH *new = NULL, *dh;
3757 
3758             dh = (DH *)parg;
3759             if ((new = DHparams_dup(dh)) == NULL) {
3760                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3761                 return 0;
3762             }
3763             if (cert->dh_tmp != NULL)
3764                 DH_free(cert->dh_tmp);
3765             cert->dh_tmp = new;
3766             return 1;
3767         }
3768         /*
3769          * break;
3770          */
3771     case SSL_CTRL_SET_TMP_DH_CB:
3772         {
3773             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3774             return (0);
3775         }
3776         break;
3777 #endif
3778 #ifndef OPENSSL_NO_ECDH
3779     case SSL_CTRL_SET_TMP_ECDH:
3780         {
3781             EC_KEY *ecdh = NULL;
3782 
3783             if (parg == NULL) {
3784                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3785                 return 0;
3786             }
3787             ecdh = EC_KEY_dup((EC_KEY *)parg);
3788             if (ecdh == NULL) {
3789                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3790                 return 0;
3791             }
3792             if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3793                 if (!EC_KEY_generate_key(ecdh)) {
3794                     EC_KEY_free(ecdh);
3795                     SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3796                     return 0;
3797                 }
3798             }
3799 
3800             if (cert->ecdh_tmp != NULL) {
3801                 EC_KEY_free(cert->ecdh_tmp);
3802             }
3803             cert->ecdh_tmp = ecdh;
3804             return 1;
3805         }
3806         /* break; */
3807     case SSL_CTRL_SET_TMP_ECDH_CB:
3808         {
3809             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3810             return (0);
3811         }
3812         break;
3813 #endif                          /* !OPENSSL_NO_ECDH */
3814 #ifndef OPENSSL_NO_TLSEXT
3815     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3816         ctx->tlsext_servername_arg = parg;
3817         break;
3818     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3819     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3820         {
3821             unsigned char *keys = parg;
3822             if (!keys)
3823                 return 48;
3824             if (larg != 48) {
3825                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3826                 return 0;
3827             }
3828             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3829                 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3830                 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3831                 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3832             } else {
3833                 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3834                 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3835                 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3836             }
3837             return 1;
3838         }
3839 
3840 # ifdef TLSEXT_TYPE_opaque_prf_input
3841     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3842         ctx->tlsext_opaque_prf_input_callback_arg = parg;
3843         return 1;
3844 # endif
3845 
3846     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3847         ctx->tlsext_status_arg = parg;
3848         return 1;
3849         break;
3850 
3851 # ifndef OPENSSL_NO_SRP
3852     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3853         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3854         if (ctx->srp_ctx.login != NULL)
3855             OPENSSL_free(ctx->srp_ctx.login);
3856         ctx->srp_ctx.login = NULL;
3857         if (parg == NULL)
3858             break;
3859         if (strlen((const char *)parg) > 255
3860             || strlen((const char *)parg) < 1) {
3861             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3862             return 0;
3863         }
3864         if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3865             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3866             return 0;
3867         }
3868         break;
3869     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3870         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3871             srp_password_from_info_cb;
3872         ctx->srp_ctx.info = parg;
3873         break;
3874     case SSL_CTRL_SET_SRP_ARG:
3875         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3876         ctx->srp_ctx.SRP_cb_arg = parg;
3877         break;
3878 
3879     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3880         ctx->srp_ctx.strength = larg;
3881         break;
3882 # endif
3883 
3884 # ifndef OPENSSL_NO_EC
3885     case SSL_CTRL_SET_CURVES:
3886         return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
3887                                &ctx->tlsext_ellipticcurvelist_length,
3888                                parg, larg);
3889 
3890     case SSL_CTRL_SET_CURVES_LIST:
3891         return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
3892                                     &ctx->tlsext_ellipticcurvelist_length,
3893                                     parg);
3894 #  ifndef OPENSSL_NO_ECDH
3895     case SSL_CTRL_SET_ECDH_AUTO:
3896         ctx->cert->ecdh_tmp_auto = larg;
3897         return 1;
3898 #  endif
3899 # endif
3900     case SSL_CTRL_SET_SIGALGS:
3901         return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
3902 
3903     case SSL_CTRL_SET_SIGALGS_LIST:
3904         return tls1_set_sigalgs_list(ctx->cert, parg, 0);
3905 
3906     case SSL_CTRL_SET_CLIENT_SIGALGS:
3907         return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
3908 
3909     case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
3910         return tls1_set_sigalgs_list(ctx->cert, parg, 1);
3911 
3912     case SSL_CTRL_SET_CLIENT_CERT_TYPES:
3913         return ssl3_set_req_cert_type(ctx->cert, parg, larg);
3914 
3915     case SSL_CTRL_BUILD_CERT_CHAIN:
3916         return ssl_build_cert_chain(ctx->cert, ctx->cert_store, larg);
3917 
3918     case SSL_CTRL_SET_VERIFY_CERT_STORE:
3919         return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
3920 
3921     case SSL_CTRL_SET_CHAIN_CERT_STORE:
3922         return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3923 
3924 #endif                          /* !OPENSSL_NO_TLSEXT */
3925 
3926         /* A Thawte special :-) */
3927     case SSL_CTRL_EXTRA_CHAIN_CERT:
3928         if (ctx->extra_certs == NULL) {
3929             if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3930                 return (0);
3931         }
3932         sk_X509_push(ctx->extra_certs, (X509 *)parg);
3933         break;
3934 
3935     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3936         if (ctx->extra_certs == NULL && larg == 0)
3937             *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3938         else
3939             *(STACK_OF(X509) **)parg = ctx->extra_certs;
3940         break;
3941 
3942     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3943         if (ctx->extra_certs) {
3944             sk_X509_pop_free(ctx->extra_certs, X509_free);
3945             ctx->extra_certs = NULL;
3946         }
3947         break;
3948 
3949     case SSL_CTRL_CHAIN:
3950         if (larg)
3951             return ssl_cert_set1_chain(ctx->cert, (STACK_OF(X509) *)parg);
3952         else
3953             return ssl_cert_set0_chain(ctx->cert, (STACK_OF(X509) *)parg);
3954 
3955     case SSL_CTRL_CHAIN_CERT:
3956         if (larg)
3957             return ssl_cert_add1_chain_cert(ctx->cert, (X509 *)parg);
3958         else
3959             return ssl_cert_add0_chain_cert(ctx->cert, (X509 *)parg);
3960 
3961     case SSL_CTRL_GET_CHAIN_CERTS:
3962         *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
3963         break;
3964 
3965     case SSL_CTRL_SELECT_CURRENT_CERT:
3966         return ssl_cert_select_current(ctx->cert, (X509 *)parg);
3967 
3968     case SSL_CTRL_SET_CURRENT_CERT:
3969         return ssl_cert_set_current(ctx->cert, larg);
3970 
3971     default:
3972         return (0);
3973     }
3974     return (1);
3975 }
3976 
3977 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3978 {
3979     CERT *cert;
3980 
3981     cert = ctx->cert;
3982 
3983     switch (cmd) {
3984 #ifndef OPENSSL_NO_RSA
3985     case SSL_CTRL_SET_TMP_RSA_CB:
3986         {
3987             cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3988         }
3989         break;
3990 #endif
3991 #ifndef OPENSSL_NO_DH
3992     case SSL_CTRL_SET_TMP_DH_CB:
3993         {
3994             cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3995         }
3996         break;
3997 #endif
3998 #ifndef OPENSSL_NO_ECDH
3999     case SSL_CTRL_SET_TMP_ECDH_CB:
4000         {
4001             cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
4002         }
4003         break;
4004 #endif
4005 #ifndef OPENSSL_NO_TLSEXT
4006     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
4007         ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
4008         break;
4009 
4010 # ifdef TLSEXT_TYPE_opaque_prf_input
4011     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
4012         ctx->tlsext_opaque_prf_input_callback =
4013             (int (*)(SSL *, void *, size_t, void *))fp;
4014         break;
4015 # endif
4016 
4017     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
4018         ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
4019         break;
4020 
4021     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
4022         ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
4023                                              unsigned char *,
4024                                              EVP_CIPHER_CTX *,
4025                                              HMAC_CTX *, int))fp;
4026         break;
4027 
4028 # ifndef OPENSSL_NO_SRP
4029     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
4030         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4031         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
4032         break;
4033     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
4034         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4035         ctx->srp_ctx.TLS_ext_srp_username_callback =
4036             (int (*)(SSL *, int *, void *))fp;
4037         break;
4038     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
4039         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
4040         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
4041             (char *(*)(SSL *, void *))fp;
4042         break;
4043 # endif
4044 #endif
4045     default:
4046         return (0);
4047     }
4048     return (1);
4049 }
4050 
4051 /*
4052  * This function needs to check if the ciphers required are actually
4053  * available
4054  */
4055 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
4056 {
4057     SSL_CIPHER c;
4058     const SSL_CIPHER *cp;
4059     unsigned long id;
4060 
4061     id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
4062     c.id = id;
4063     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
4064 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
4065     if (cp == NULL)
4066         fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
4067 #endif
4068     return cp;
4069 }
4070 
4071 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
4072 {
4073     long l;
4074 
4075     if (p != NULL) {
4076         l = c->id;
4077         if ((l & 0xff000000) != 0x03000000)
4078             return (0);
4079         p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
4080         p[1] = ((unsigned char)(l)) & 0xFF;
4081     }
4082     return (2);
4083 }
4084 
4085 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
4086                                STACK_OF(SSL_CIPHER) *srvr)
4087 {
4088     SSL_CIPHER *c, *ret = NULL;
4089     STACK_OF(SSL_CIPHER) *prio, *allow;
4090     int i, ii, ok;
4091     CERT *cert;
4092     unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
4093 
4094     /* Let's see which ciphers we can support */
4095     cert = s->cert;
4096 
4097 #if 0
4098     /*
4099      * Do not set the compare functions, because this may lead to a
4100      * reordering by "id". We want to keep the original ordering. We may pay
4101      * a price in performance during sk_SSL_CIPHER_find(), but would have to
4102      * pay with the price of sk_SSL_CIPHER_dup().
4103      */
4104     sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
4105     sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
4106 #endif
4107 
4108 #ifdef CIPHER_DEBUG
4109     fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
4110             (void *)srvr);
4111     for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
4112         c = sk_SSL_CIPHER_value(srvr, i);
4113         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4114     }
4115     fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
4116             (void *)clnt);
4117     for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
4118         c = sk_SSL_CIPHER_value(clnt, i);
4119         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
4120     }
4121 #endif
4122 
4123     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
4124         prio = srvr;
4125         allow = clnt;
4126     } else {
4127         prio = clnt;
4128         allow = srvr;
4129     }
4130 
4131     tls1_set_cert_validity(s);
4132 
4133     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
4134         c = sk_SSL_CIPHER_value(prio, i);
4135 
4136         /* Skip TLS v1.2 only ciphersuites if not supported */
4137         if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
4138             continue;
4139 
4140         ssl_set_cert_masks(cert, c);
4141         mask_k = cert->mask_k;
4142         mask_a = cert->mask_a;
4143         emask_k = cert->export_mask_k;
4144         emask_a = cert->export_mask_a;
4145 #ifndef OPENSSL_NO_SRP
4146         if (s->srp_ctx.srp_Mask & SSL_kSRP) {
4147             mask_k |= SSL_kSRP;
4148             emask_k |= SSL_kSRP;
4149             mask_a |= SSL_aSRP;
4150             emask_a |= SSL_aSRP;
4151         }
4152 #endif
4153 
4154 #ifdef KSSL_DEBUG
4155         /*
4156          * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
4157          * i,c->algorithms);
4158          */
4159 #endif                          /* KSSL_DEBUG */
4160 
4161         alg_k = c->algorithm_mkey;
4162         alg_a = c->algorithm_auth;
4163 
4164 #ifndef OPENSSL_NO_KRB5
4165         if (alg_k & SSL_kKRB5) {
4166             if (!kssl_keytab_is_available(s->kssl_ctx))
4167                 continue;
4168         }
4169 #endif                          /* OPENSSL_NO_KRB5 */
4170 #ifndef OPENSSL_NO_PSK
4171         /* with PSK there must be server callback set */
4172         if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
4173             continue;
4174 #endif                          /* OPENSSL_NO_PSK */
4175 
4176         if (SSL_C_IS_EXPORT(c)) {
4177             ok = (alg_k & emask_k) && (alg_a & emask_a);
4178 #ifdef CIPHER_DEBUG
4179             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
4180                     ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
4181 #endif
4182         } else {
4183             ok = (alg_k & mask_k) && (alg_a & mask_a);
4184 #ifdef CIPHER_DEBUG
4185             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
4186                     alg_a, mask_k, mask_a, (void *)c, c->name);
4187 #endif
4188         }
4189 
4190 #ifndef OPENSSL_NO_TLSEXT
4191 # ifndef OPENSSL_NO_EC
4192 #  ifndef OPENSSL_NO_ECDH
4193         /*
4194          * if we are considering an ECC cipher suite that uses an ephemeral
4195          * EC key check it
4196          */
4197         if (alg_k & SSL_kEECDH)
4198             ok = ok && tls1_check_ec_tmp_key(s, c->id);
4199 #  endif                        /* OPENSSL_NO_ECDH */
4200 # endif                         /* OPENSSL_NO_EC */
4201 #endif                          /* OPENSSL_NO_TLSEXT */
4202 
4203         if (!ok)
4204             continue;
4205         ii = sk_SSL_CIPHER_find(allow, c);
4206         if (ii >= 0) {
4207 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4208             if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
4209                 && s->s3->is_probably_safari) {
4210                 if (!ret)
4211                     ret = sk_SSL_CIPHER_value(allow, ii);
4212                 continue;
4213             }
4214 #endif
4215             ret = sk_SSL_CIPHER_value(allow, ii);
4216             break;
4217         }
4218     }
4219     return (ret);
4220 }
4221 
4222 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4223 {
4224     int ret = 0;
4225     const unsigned char *sig;
4226     size_t i, siglen;
4227     int have_rsa_sign = 0, have_dsa_sign = 0;
4228 #ifndef OPENSSL_NO_ECDSA
4229     int have_ecdsa_sign = 0;
4230 #endif
4231     int nostrict = 1;
4232     unsigned long alg_k;
4233 
4234     /* If we have custom certificate types set, use them */
4235     if (s->cert->ctypes) {
4236         memcpy(p, s->cert->ctypes, s->cert->ctype_num);
4237         return (int)s->cert->ctype_num;
4238     }
4239     /* get configured sigalgs */
4240     siglen = tls12_get_psigalgs(s, 1, &sig);
4241     if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
4242         nostrict = 0;
4243     for (i = 0; i < siglen; i += 2, sig += 2) {
4244         switch (sig[1]) {
4245         case TLSEXT_signature_rsa:
4246             have_rsa_sign = 1;
4247             break;
4248 
4249         case TLSEXT_signature_dsa:
4250             have_dsa_sign = 1;
4251             break;
4252 #ifndef OPENSSL_NO_ECDSA
4253         case TLSEXT_signature_ecdsa:
4254             have_ecdsa_sign = 1;
4255             break;
4256 #endif
4257         }
4258     }
4259 
4260     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4261 
4262 #ifndef OPENSSL_NO_GOST
4263     if (s->version >= TLS1_VERSION) {
4264         if (alg_k & SSL_kGOST) {
4265             p[ret++] = TLS_CT_GOST94_SIGN;
4266             p[ret++] = TLS_CT_GOST01_SIGN;
4267             return (ret);
4268         }
4269     }
4270 #endif
4271 
4272 #ifndef OPENSSL_NO_DH
4273     if (alg_k & (SSL_kDHr | SSL_kEDH)) {
4274 # ifndef OPENSSL_NO_RSA
4275         /*
4276          * Since this refers to a certificate signed with an RSA algorithm,
4277          * only check for rsa signing in strict mode.
4278          */
4279         if (nostrict || have_rsa_sign)
4280             p[ret++] = SSL3_CT_RSA_FIXED_DH;
4281 # endif
4282 # ifndef OPENSSL_NO_DSA
4283         if (nostrict || have_dsa_sign)
4284             p[ret++] = SSL3_CT_DSS_FIXED_DH;
4285 # endif
4286     }
4287     if ((s->version == SSL3_VERSION) &&
4288         (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
4289 # ifndef OPENSSL_NO_RSA
4290         p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4291 # endif
4292 # ifndef OPENSSL_NO_DSA
4293         p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4294 # endif
4295     }
4296 #endif                          /* !OPENSSL_NO_DH */
4297 #ifndef OPENSSL_NO_RSA
4298     if (have_rsa_sign)
4299         p[ret++] = SSL3_CT_RSA_SIGN;
4300 #endif
4301 #ifndef OPENSSL_NO_DSA
4302     if (have_dsa_sign)
4303         p[ret++] = SSL3_CT_DSS_SIGN;
4304 #endif
4305 #ifndef OPENSSL_NO_ECDH
4306     if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4307         if (nostrict || have_rsa_sign)
4308             p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4309         if (nostrict || have_ecdsa_sign)
4310             p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4311     }
4312 #endif
4313 
4314 #ifndef OPENSSL_NO_ECDSA
4315     /*
4316      * ECDSA certs can be used with RSA cipher suites as well so we don't
4317      * need to check for SSL_kECDH or SSL_kEECDH
4318      */
4319     if (s->version >= TLS1_VERSION) {
4320         if (have_ecdsa_sign)
4321             p[ret++] = TLS_CT_ECDSA_SIGN;
4322     }
4323 #endif
4324     return (ret);
4325 }
4326 
4327 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
4328 {
4329     if (c->ctypes) {
4330         OPENSSL_free(c->ctypes);
4331         c->ctypes = NULL;
4332     }
4333     if (!p || !len)
4334         return 1;
4335     if (len > 0xff)
4336         return 0;
4337     c->ctypes = OPENSSL_malloc(len);
4338     if (!c->ctypes)
4339         return 0;
4340     memcpy(c->ctypes, p, len);
4341     c->ctype_num = len;
4342     return 1;
4343 }
4344 
4345 int ssl3_shutdown(SSL *s)
4346 {
4347     int ret;
4348 
4349     /*
4350      * Don't do anything much if we have not done the handshake or we don't
4351      * want to send messages :-)
4352      */
4353     if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4354         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4355         return (1);
4356     }
4357 
4358     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4359         s->shutdown |= SSL_SENT_SHUTDOWN;
4360 #if 1
4361         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4362 #endif
4363         /*
4364          * our shutdown alert has been sent now, and if it still needs to be
4365          * written, s->s3->alert_dispatch will be true
4366          */
4367         if (s->s3->alert_dispatch)
4368             return (-1);        /* return WANT_WRITE */
4369     } else if (s->s3->alert_dispatch) {
4370         /* resend it if not sent */
4371 #if 1
4372         ret = s->method->ssl_dispatch_alert(s);
4373         if (ret == -1) {
4374             /*
4375              * we only get to return -1 here the 2nd/Nth invocation, we must
4376              * have already signalled return 0 upon a previous invoation,
4377              * return WANT_WRITE
4378              */
4379             return (ret);
4380         }
4381 #endif
4382     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4383         /*
4384          * If we are waiting for a close from our peer, we are closed
4385          */
4386         s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4387         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4388             return (-1);        /* return WANT_READ */
4389         }
4390     }
4391 
4392     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4393         !s->s3->alert_dispatch)
4394         return (1);
4395     else
4396         return (0);
4397 }
4398 
4399 int ssl3_write(SSL *s, const void *buf, int len)
4400 {
4401     int ret, n;
4402 
4403 #if 0
4404     if (s->shutdown & SSL_SEND_SHUTDOWN) {
4405         s->rwstate = SSL_NOTHING;
4406         return (0);
4407     }
4408 #endif
4409     clear_sys_error();
4410     if (s->s3->renegotiate)
4411         ssl3_renegotiate_check(s);
4412 
4413     /*
4414      * This is an experimental flag that sends the last handshake message in
4415      * the same packet as the first use data - used to see if it helps the
4416      * TCP protocol during session-id reuse
4417      */
4418     /* The second test is because the buffer may have been removed */
4419     if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4420         /* First time through, we write into the buffer */
4421         if (s->s3->delay_buf_pop_ret == 0) {
4422             ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
4423             if (ret <= 0)
4424                 return (ret);
4425 
4426             s->s3->delay_buf_pop_ret = ret;
4427         }
4428 
4429         s->rwstate = SSL_WRITING;
4430         n = BIO_flush(s->wbio);
4431         if (n <= 0)
4432             return (n);
4433         s->rwstate = SSL_NOTHING;
4434 
4435         /* We have flushed the buffer, so remove it */
4436         ssl_free_wbio_buffer(s);
4437         s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
4438 
4439         ret = s->s3->delay_buf_pop_ret;
4440         s->s3->delay_buf_pop_ret = 0;
4441     } else {
4442         ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4443                                          buf, len);
4444         if (ret <= 0)
4445             return (ret);
4446     }
4447 
4448     return (ret);
4449 }
4450 
4451 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4452 {
4453     int ret;
4454 
4455     clear_sys_error();
4456     if (s->s3->renegotiate)
4457         ssl3_renegotiate_check(s);
4458     s->s3->in_read_app_data = 1;
4459     ret =
4460         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4461                                   peek);
4462     if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4463         /*
4464          * ssl3_read_bytes decided to call s->handshake_func, which called
4465          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4466          * actually found application data and thinks that application data
4467          * makes sense here; so disable handshake processing and try to read
4468          * application data again.
4469          */
4470         s->in_handshake++;
4471         ret =
4472             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4473                                       peek);
4474         s->in_handshake--;
4475     } else
4476         s->s3->in_read_app_data = 0;
4477 
4478     return (ret);
4479 }
4480 
4481 int ssl3_read(SSL *s, void *buf, int len)
4482 {
4483     return ssl3_read_internal(s, buf, len, 0);
4484 }
4485 
4486 int ssl3_peek(SSL *s, void *buf, int len)
4487 {
4488     return ssl3_read_internal(s, buf, len, 1);
4489 }
4490 
4491 int ssl3_renegotiate(SSL *s)
4492 {
4493     if (s->handshake_func == NULL)
4494         return (1);
4495 
4496     if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4497         return (0);
4498 
4499     s->s3->renegotiate = 1;
4500     return (1);
4501 }
4502 
4503 int ssl3_renegotiate_check(SSL *s)
4504 {
4505     int ret = 0;
4506 
4507     if (s->s3->renegotiate) {
4508         if ((s->s3->rbuf.left == 0) &&
4509             (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
4510             /*
4511              * if we are the server, and we have sent a 'RENEGOTIATE'
4512              * message, we need to go to SSL_ST_ACCEPT.
4513              */
4514             /* SSL_ST_ACCEPT */
4515             s->state = SSL_ST_RENEGOTIATE;
4516             s->s3->renegotiate = 0;
4517             s->s3->num_renegotiations++;
4518             s->s3->total_renegotiations++;
4519             ret = 1;
4520         }
4521     }
4522     return (ret);
4523 }
4524 
4525 /*
4526  * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
4527  * handshake macs if required.
4528  */
4529 long ssl_get_algorithm2(SSL *s)
4530 {
4531     long alg2;
4532     if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
4533         return -1;
4534     alg2 = s->s3->tmp.new_cipher->algorithm2;
4535     if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF
4536         && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4537         return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4538     return alg2;
4539 }
4540