xref: /freebsd/crypto/openssl/ssl/s3_lib.c (revision f4b37ed0f8b307b1f3f0f630ca725d68f1dff30d)
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 # ifndef OPENSSL_NO_EC
157 #  include "../crypto/ec/ec_lcl.h"
158 # endif                         /* OPENSSL_NO_EC */
159 #endif                          /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 # include <openssl/dh.h>
163 #endif
164 
165 const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
166 
167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168 
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
171 
172 /* The RSA ciphers */
173 /* Cipher 01 */
174     {
175      1,
176      SSL3_TXT_RSA_NULL_MD5,
177      SSL3_CK_RSA_NULL_MD5,
178      SSL_kRSA,
179      SSL_aRSA,
180      SSL_eNULL,
181      SSL_MD5,
182      SSL_SSLV3,
183      SSL_NOT_EXP | SSL_STRONG_NONE,
184      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
185      0,
186      0,
187      },
188 
189 /* Cipher 02 */
190     {
191      1,
192      SSL3_TXT_RSA_NULL_SHA,
193      SSL3_CK_RSA_NULL_SHA,
194      SSL_kRSA,
195      SSL_aRSA,
196      SSL_eNULL,
197      SSL_SHA1,
198      SSL_SSLV3,
199      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
200      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
201      0,
202      0,
203      },
204 
205 /* Cipher 03 */
206     {
207      1,
208      SSL3_TXT_RSA_RC4_40_MD5,
209      SSL3_CK_RSA_RC4_40_MD5,
210      SSL_kRSA,
211      SSL_aRSA,
212      SSL_RC4,
213      SSL_MD5,
214      SSL_SSLV3,
215      SSL_EXPORT | SSL_EXP40,
216      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
217      40,
218      128,
219      },
220 
221 /* Cipher 04 */
222     {
223      1,
224      SSL3_TXT_RSA_RC4_128_MD5,
225      SSL3_CK_RSA_RC4_128_MD5,
226      SSL_kRSA,
227      SSL_aRSA,
228      SSL_RC4,
229      SSL_MD5,
230      SSL_SSLV3,
231      SSL_NOT_EXP | SSL_MEDIUM,
232      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
233      128,
234      128,
235      },
236 
237 /* Cipher 05 */
238     {
239      1,
240      SSL3_TXT_RSA_RC4_128_SHA,
241      SSL3_CK_RSA_RC4_128_SHA,
242      SSL_kRSA,
243      SSL_aRSA,
244      SSL_RC4,
245      SSL_SHA1,
246      SSL_SSLV3,
247      SSL_NOT_EXP | SSL_MEDIUM,
248      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
249      128,
250      128,
251      },
252 
253 /* Cipher 06 */
254     {
255      1,
256      SSL3_TXT_RSA_RC2_40_MD5,
257      SSL3_CK_RSA_RC2_40_MD5,
258      SSL_kRSA,
259      SSL_aRSA,
260      SSL_RC2,
261      SSL_MD5,
262      SSL_SSLV3,
263      SSL_EXPORT | SSL_EXP40,
264      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
265      40,
266      128,
267      },
268 
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271     {
272      1,
273      SSL3_TXT_RSA_IDEA_128_SHA,
274      SSL3_CK_RSA_IDEA_128_SHA,
275      SSL_kRSA,
276      SSL_aRSA,
277      SSL_IDEA,
278      SSL_SHA1,
279      SSL_SSLV3,
280      SSL_NOT_EXP | SSL_MEDIUM,
281      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
282      128,
283      128,
284      },
285 #endif
286 
287 /* Cipher 08 */
288     {
289      1,
290      SSL3_TXT_RSA_DES_40_CBC_SHA,
291      SSL3_CK_RSA_DES_40_CBC_SHA,
292      SSL_kRSA,
293      SSL_aRSA,
294      SSL_DES,
295      SSL_SHA1,
296      SSL_SSLV3,
297      SSL_EXPORT | SSL_EXP40,
298      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
299      40,
300      56,
301      },
302 
303 /* Cipher 09 */
304     {
305      1,
306      SSL3_TXT_RSA_DES_64_CBC_SHA,
307      SSL3_CK_RSA_DES_64_CBC_SHA,
308      SSL_kRSA,
309      SSL_aRSA,
310      SSL_DES,
311      SSL_SHA1,
312      SSL_SSLV3,
313      SSL_NOT_EXP | SSL_LOW,
314      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
315      56,
316      56,
317      },
318 
319 /* Cipher 0A */
320     {
321      1,
322      SSL3_TXT_RSA_DES_192_CBC3_SHA,
323      SSL3_CK_RSA_DES_192_CBC3_SHA,
324      SSL_kRSA,
325      SSL_aRSA,
326      SSL_3DES,
327      SSL_SHA1,
328      SSL_SSLV3,
329      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
330      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
331      112,
332      168,
333      },
334 
335 /* The DH ciphers */
336 /* Cipher 0B */
337     {
338      0,
339      SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340      SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341      SSL_kDHd,
342      SSL_aDH,
343      SSL_DES,
344      SSL_SHA1,
345      SSL_SSLV3,
346      SSL_EXPORT | SSL_EXP40,
347      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
348      40,
349      56,
350      },
351 
352 /* Cipher 0C */
353     {
354      0,                         /* not implemented (non-ephemeral DH) */
355      SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356      SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357      SSL_kDHd,
358      SSL_aDH,
359      SSL_DES,
360      SSL_SHA1,
361      SSL_SSLV3,
362      SSL_NOT_EXP | SSL_LOW,
363      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
364      56,
365      56,
366      },
367 
368 /* Cipher 0D */
369     {
370      0,                         /* not implemented (non-ephemeral DH) */
371      SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372      SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373      SSL_kDHd,
374      SSL_aDH,
375      SSL_3DES,
376      SSL_SHA1,
377      SSL_SSLV3,
378      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
379      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
380      112,
381      168,
382      },
383 
384 /* Cipher 0E */
385     {
386      0,                         /* not implemented (non-ephemeral DH) */
387      SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388      SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389      SSL_kDHr,
390      SSL_aDH,
391      SSL_DES,
392      SSL_SHA1,
393      SSL_SSLV3,
394      SSL_EXPORT | SSL_EXP40,
395      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
396      40,
397      56,
398      },
399 
400 /* Cipher 0F */
401     {
402      0,                         /* not implemented (non-ephemeral DH) */
403      SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404      SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405      SSL_kDHr,
406      SSL_aDH,
407      SSL_DES,
408      SSL_SHA1,
409      SSL_SSLV3,
410      SSL_NOT_EXP | SSL_LOW,
411      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
412      56,
413      56,
414      },
415 
416 /* Cipher 10 */
417     {
418      0,                         /* not implemented (non-ephemeral DH) */
419      SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420      SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421      SSL_kDHr,
422      SSL_aDH,
423      SSL_3DES,
424      SSL_SHA1,
425      SSL_SSLV3,
426      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
427      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
428      112,
429      168,
430      },
431 
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434     {
435      1,
436      SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437      SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438      SSL_kEDH,
439      SSL_aDSS,
440      SSL_DES,
441      SSL_SHA1,
442      SSL_SSLV3,
443      SSL_EXPORT | SSL_EXP40,
444      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
445      40,
446      56,
447      },
448 
449 /* Cipher 12 */
450     {
451      1,
452      SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453      SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454      SSL_kEDH,
455      SSL_aDSS,
456      SSL_DES,
457      SSL_SHA1,
458      SSL_SSLV3,
459      SSL_NOT_EXP | SSL_LOW,
460      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
461      56,
462      56,
463      },
464 
465 /* Cipher 13 */
466     {
467      1,
468      SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469      SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470      SSL_kEDH,
471      SSL_aDSS,
472      SSL_3DES,
473      SSL_SHA1,
474      SSL_SSLV3,
475      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
476      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
477      112,
478      168,
479      },
480 
481 /* Cipher 14 */
482     {
483      1,
484      SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485      SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486      SSL_kEDH,
487      SSL_aRSA,
488      SSL_DES,
489      SSL_SHA1,
490      SSL_SSLV3,
491      SSL_EXPORT | SSL_EXP40,
492      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
493      40,
494      56,
495      },
496 
497 /* Cipher 15 */
498     {
499      1,
500      SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501      SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502      SSL_kEDH,
503      SSL_aRSA,
504      SSL_DES,
505      SSL_SHA1,
506      SSL_SSLV3,
507      SSL_NOT_EXP | SSL_LOW,
508      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
509      56,
510      56,
511      },
512 
513 /* Cipher 16 */
514     {
515      1,
516      SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517      SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518      SSL_kEDH,
519      SSL_aRSA,
520      SSL_3DES,
521      SSL_SHA1,
522      SSL_SSLV3,
523      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
524      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
525      112,
526      168,
527      },
528 
529 /* Cipher 17 */
530     {
531      1,
532      SSL3_TXT_ADH_RC4_40_MD5,
533      SSL3_CK_ADH_RC4_40_MD5,
534      SSL_kEDH,
535      SSL_aNULL,
536      SSL_RC4,
537      SSL_MD5,
538      SSL_SSLV3,
539      SSL_EXPORT | SSL_EXP40,
540      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
541      40,
542      128,
543      },
544 
545 /* Cipher 18 */
546     {
547      1,
548      SSL3_TXT_ADH_RC4_128_MD5,
549      SSL3_CK_ADH_RC4_128_MD5,
550      SSL_kEDH,
551      SSL_aNULL,
552      SSL_RC4,
553      SSL_MD5,
554      SSL_SSLV3,
555      SSL_NOT_EXP | SSL_MEDIUM,
556      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
557      128,
558      128,
559      },
560 
561 /* Cipher 19 */
562     {
563      1,
564      SSL3_TXT_ADH_DES_40_CBC_SHA,
565      SSL3_CK_ADH_DES_40_CBC_SHA,
566      SSL_kEDH,
567      SSL_aNULL,
568      SSL_DES,
569      SSL_SHA1,
570      SSL_SSLV3,
571      SSL_EXPORT | SSL_EXP40,
572      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
573      40,
574      128,
575      },
576 
577 /* Cipher 1A */
578     {
579      1,
580      SSL3_TXT_ADH_DES_64_CBC_SHA,
581      SSL3_CK_ADH_DES_64_CBC_SHA,
582      SSL_kEDH,
583      SSL_aNULL,
584      SSL_DES,
585      SSL_SHA1,
586      SSL_SSLV3,
587      SSL_NOT_EXP | SSL_LOW,
588      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
589      56,
590      56,
591      },
592 
593 /* Cipher 1B */
594     {
595      1,
596      SSL3_TXT_ADH_DES_192_CBC_SHA,
597      SSL3_CK_ADH_DES_192_CBC_SHA,
598      SSL_kEDH,
599      SSL_aNULL,
600      SSL_3DES,
601      SSL_SHA1,
602      SSL_SSLV3,
603      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
604      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
605      112,
606      168,
607      },
608 
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612     {
613      0,
614      SSL3_TXT_FZA_DMS_NULL_SHA,
615      SSL3_CK_FZA_DMS_NULL_SHA,
616      SSL_kFZA,
617      SSL_aFZA,
618      SSL_eNULL,
619      SSL_SHA1,
620      SSL_SSLV3,
621      SSL_NOT_EXP | SSL_STRONG_NONE,
622      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
623      0,
624      0,
625      },
626 
627 /* Cipher 1D */
628     {
629      0,
630      SSL3_TXT_FZA_DMS_FZA_SHA,
631      SSL3_CK_FZA_DMS_FZA_SHA,
632      SSL_kFZA,
633      SSL_aFZA,
634      SSL_eFZA,
635      SSL_SHA1,
636      SSL_SSLV3,
637      SSL_NOT_EXP | SSL_STRONG_NONE,
638      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
639      0,
640      0,
641      },
642 
643 /* Cipher 1E */
644     {
645      0,
646      SSL3_TXT_FZA_DMS_RC4_SHA,
647      SSL3_CK_FZA_DMS_RC4_SHA,
648      SSL_kFZA,
649      SSL_aFZA,
650      SSL_RC4,
651      SSL_SHA1,
652      SSL_SSLV3,
653      SSL_NOT_EXP | SSL_MEDIUM,
654      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
655      128,
656      128,
657      },
658 #endif
659 
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663     {
664      1,
665      SSL3_TXT_KRB5_DES_64_CBC_SHA,
666      SSL3_CK_KRB5_DES_64_CBC_SHA,
667      SSL_kKRB5,
668      SSL_aKRB5,
669      SSL_DES,
670      SSL_SHA1,
671      SSL_SSLV3,
672      SSL_NOT_EXP | SSL_LOW,
673      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
674      56,
675      56,
676      },
677 
678 /* Cipher 1F */
679     {
680      1,
681      SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682      SSL3_CK_KRB5_DES_192_CBC3_SHA,
683      SSL_kKRB5,
684      SSL_aKRB5,
685      SSL_3DES,
686      SSL_SHA1,
687      SSL_SSLV3,
688      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
689      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
690      112,
691      168,
692      },
693 
694 /* Cipher 20 */
695     {
696      1,
697      SSL3_TXT_KRB5_RC4_128_SHA,
698      SSL3_CK_KRB5_RC4_128_SHA,
699      SSL_kKRB5,
700      SSL_aKRB5,
701      SSL_RC4,
702      SSL_SHA1,
703      SSL_SSLV3,
704      SSL_NOT_EXP | SSL_MEDIUM,
705      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
706      128,
707      128,
708      },
709 
710 /* Cipher 21 */
711     {
712      1,
713      SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714      SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715      SSL_kKRB5,
716      SSL_aKRB5,
717      SSL_IDEA,
718      SSL_SHA1,
719      SSL_SSLV3,
720      SSL_NOT_EXP | SSL_MEDIUM,
721      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
722      128,
723      128,
724      },
725 
726 /* Cipher 22 */
727     {
728      1,
729      SSL3_TXT_KRB5_DES_64_CBC_MD5,
730      SSL3_CK_KRB5_DES_64_CBC_MD5,
731      SSL_kKRB5,
732      SSL_aKRB5,
733      SSL_DES,
734      SSL_MD5,
735      SSL_SSLV3,
736      SSL_NOT_EXP | SSL_LOW,
737      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
738      56,
739      56,
740      },
741 
742 /* Cipher 23 */
743     {
744      1,
745      SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746      SSL3_CK_KRB5_DES_192_CBC3_MD5,
747      SSL_kKRB5,
748      SSL_aKRB5,
749      SSL_3DES,
750      SSL_MD5,
751      SSL_SSLV3,
752      SSL_NOT_EXP | SSL_HIGH,
753      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
754      112,
755      168,
756      },
757 
758 /* Cipher 24 */
759     {
760      1,
761      SSL3_TXT_KRB5_RC4_128_MD5,
762      SSL3_CK_KRB5_RC4_128_MD5,
763      SSL_kKRB5,
764      SSL_aKRB5,
765      SSL_RC4,
766      SSL_MD5,
767      SSL_SSLV3,
768      SSL_NOT_EXP | SSL_MEDIUM,
769      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
770      128,
771      128,
772      },
773 
774 /* Cipher 25 */
775     {
776      1,
777      SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778      SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779      SSL_kKRB5,
780      SSL_aKRB5,
781      SSL_IDEA,
782      SSL_MD5,
783      SSL_SSLV3,
784      SSL_NOT_EXP | SSL_MEDIUM,
785      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
786      128,
787      128,
788      },
789 
790 /* Cipher 26 */
791     {
792      1,
793      SSL3_TXT_KRB5_DES_40_CBC_SHA,
794      SSL3_CK_KRB5_DES_40_CBC_SHA,
795      SSL_kKRB5,
796      SSL_aKRB5,
797      SSL_DES,
798      SSL_SHA1,
799      SSL_SSLV3,
800      SSL_EXPORT | SSL_EXP40,
801      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
802      40,
803      56,
804      },
805 
806 /* Cipher 27 */
807     {
808      1,
809      SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810      SSL3_CK_KRB5_RC2_40_CBC_SHA,
811      SSL_kKRB5,
812      SSL_aKRB5,
813      SSL_RC2,
814      SSL_SHA1,
815      SSL_SSLV3,
816      SSL_EXPORT | SSL_EXP40,
817      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
818      40,
819      128,
820      },
821 
822 /* Cipher 28 */
823     {
824      1,
825      SSL3_TXT_KRB5_RC4_40_SHA,
826      SSL3_CK_KRB5_RC4_40_SHA,
827      SSL_kKRB5,
828      SSL_aKRB5,
829      SSL_RC4,
830      SSL_SHA1,
831      SSL_SSLV3,
832      SSL_EXPORT | SSL_EXP40,
833      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
834      40,
835      128,
836      },
837 
838 /* Cipher 29 */
839     {
840      1,
841      SSL3_TXT_KRB5_DES_40_CBC_MD5,
842      SSL3_CK_KRB5_DES_40_CBC_MD5,
843      SSL_kKRB5,
844      SSL_aKRB5,
845      SSL_DES,
846      SSL_MD5,
847      SSL_SSLV3,
848      SSL_EXPORT | SSL_EXP40,
849      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
850      40,
851      56,
852      },
853 
854 /* Cipher 2A */
855     {
856      1,
857      SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858      SSL3_CK_KRB5_RC2_40_CBC_MD5,
859      SSL_kKRB5,
860      SSL_aKRB5,
861      SSL_RC2,
862      SSL_MD5,
863      SSL_SSLV3,
864      SSL_EXPORT | SSL_EXP40,
865      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
866      40,
867      128,
868      },
869 
870 /* Cipher 2B */
871     {
872      1,
873      SSL3_TXT_KRB5_RC4_40_MD5,
874      SSL3_CK_KRB5_RC4_40_MD5,
875      SSL_kKRB5,
876      SSL_aKRB5,
877      SSL_RC4,
878      SSL_MD5,
879      SSL_SSLV3,
880      SSL_EXPORT | SSL_EXP40,
881      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
882      40,
883      128,
884      },
885 #endif                          /* OPENSSL_NO_KRB5 */
886 
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889     {
890      1,
891      TLS1_TXT_RSA_WITH_AES_128_SHA,
892      TLS1_CK_RSA_WITH_AES_128_SHA,
893      SSL_kRSA,
894      SSL_aRSA,
895      SSL_AES128,
896      SSL_SHA1,
897      SSL_TLSV1,
898      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
899      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
900      128,
901      128,
902      },
903 /* Cipher 30 */
904     {
905      0,
906      TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907      TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908      SSL_kDHd,
909      SSL_aDH,
910      SSL_AES128,
911      SSL_SHA1,
912      SSL_TLSV1,
913      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
914      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
915      128,
916      128,
917      },
918 /* Cipher 31 */
919     {
920      0,
921      TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922      TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923      SSL_kDHr,
924      SSL_aDH,
925      SSL_AES128,
926      SSL_SHA1,
927      SSL_TLSV1,
928      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
929      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
930      128,
931      128,
932      },
933 /* Cipher 32 */
934     {
935      1,
936      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937      TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938      SSL_kEDH,
939      SSL_aDSS,
940      SSL_AES128,
941      SSL_SHA1,
942      SSL_TLSV1,
943      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
944      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
945      128,
946      128,
947      },
948 /* Cipher 33 */
949     {
950      1,
951      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952      TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953      SSL_kEDH,
954      SSL_aRSA,
955      SSL_AES128,
956      SSL_SHA1,
957      SSL_TLSV1,
958      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
959      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
960      128,
961      128,
962      },
963 /* Cipher 34 */
964     {
965      1,
966      TLS1_TXT_ADH_WITH_AES_128_SHA,
967      TLS1_CK_ADH_WITH_AES_128_SHA,
968      SSL_kEDH,
969      SSL_aNULL,
970      SSL_AES128,
971      SSL_SHA1,
972      SSL_TLSV1,
973      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
974      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
975      128,
976      128,
977      },
978 
979 /* Cipher 35 */
980     {
981      1,
982      TLS1_TXT_RSA_WITH_AES_256_SHA,
983      TLS1_CK_RSA_WITH_AES_256_SHA,
984      SSL_kRSA,
985      SSL_aRSA,
986      SSL_AES256,
987      SSL_SHA1,
988      SSL_TLSV1,
989      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
990      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
991      256,
992      256,
993      },
994 /* Cipher 36 */
995     {
996      0,
997      TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998      TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999      SSL_kDHd,
1000      SSL_aDH,
1001      SSL_AES256,
1002      SSL_SHA1,
1003      SSL_TLSV1,
1004      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1005      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1006      256,
1007      256,
1008      },
1009 
1010 /* Cipher 37 */
1011     {
1012      0,                         /* not implemented (non-ephemeral DH) */
1013      TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014      TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015      SSL_kDHr,
1016      SSL_aDH,
1017      SSL_AES256,
1018      SSL_SHA1,
1019      SSL_TLSV1,
1020      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1021      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1022      256,
1023      256,
1024      },
1025 
1026 /* Cipher 38 */
1027     {
1028      1,
1029      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030      TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031      SSL_kEDH,
1032      SSL_aDSS,
1033      SSL_AES256,
1034      SSL_SHA1,
1035      SSL_TLSV1,
1036      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1037      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1038      256,
1039      256,
1040      },
1041 
1042 /* Cipher 39 */
1043     {
1044      1,
1045      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046      TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047      SSL_kEDH,
1048      SSL_aRSA,
1049      SSL_AES256,
1050      SSL_SHA1,
1051      SSL_TLSV1,
1052      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1053      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1054      256,
1055      256,
1056      },
1057 
1058     /* Cipher 3A */
1059     {
1060      1,
1061      TLS1_TXT_ADH_WITH_AES_256_SHA,
1062      TLS1_CK_ADH_WITH_AES_256_SHA,
1063      SSL_kEDH,
1064      SSL_aNULL,
1065      SSL_AES256,
1066      SSL_SHA1,
1067      SSL_TLSV1,
1068      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1069      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1070      256,
1071      256,
1072      },
1073 
1074     /* TLS v1.2 ciphersuites */
1075     /* Cipher 3B */
1076     {
1077      1,
1078      TLS1_TXT_RSA_WITH_NULL_SHA256,
1079      TLS1_CK_RSA_WITH_NULL_SHA256,
1080      SSL_kRSA,
1081      SSL_aRSA,
1082      SSL_eNULL,
1083      SSL_SHA256,
1084      SSL_TLSV1_2,
1085      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
1086      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1087      0,
1088      0,
1089      },
1090 
1091     /* Cipher 3C */
1092     {
1093      1,
1094      TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095      TLS1_CK_RSA_WITH_AES_128_SHA256,
1096      SSL_kRSA,
1097      SSL_aRSA,
1098      SSL_AES128,
1099      SSL_SHA256,
1100      SSL_TLSV1_2,
1101      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1102      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1103      128,
1104      128,
1105      },
1106 
1107     /* Cipher 3D */
1108     {
1109      1,
1110      TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111      TLS1_CK_RSA_WITH_AES_256_SHA256,
1112      SSL_kRSA,
1113      SSL_aRSA,
1114      SSL_AES256,
1115      SSL_SHA256,
1116      SSL_TLSV1_2,
1117      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1118      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1119      256,
1120      256,
1121      },
1122 
1123     /* Cipher 3E */
1124     {
1125      0,                         /* not implemented (non-ephemeral DH) */
1126      TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127      TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128      SSL_kDHd,
1129      SSL_aDH,
1130      SSL_AES128,
1131      SSL_SHA256,
1132      SSL_TLSV1_2,
1133      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1134      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1135      128,
1136      128,
1137      },
1138 
1139     /* Cipher 3F */
1140     {
1141      0,                         /* not implemented (non-ephemeral DH) */
1142      TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143      TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144      SSL_kDHr,
1145      SSL_aDH,
1146      SSL_AES128,
1147      SSL_SHA256,
1148      SSL_TLSV1_2,
1149      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1150      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1151      128,
1152      128,
1153      },
1154 
1155     /* Cipher 40 */
1156     {
1157      1,
1158      TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159      TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160      SSL_kEDH,
1161      SSL_aDSS,
1162      SSL_AES128,
1163      SSL_SHA256,
1164      SSL_TLSV1_2,
1165      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1166      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1167      128,
1168      128,
1169      },
1170 
1171 #ifndef OPENSSL_NO_CAMELLIA
1172     /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173 
1174     /* Cipher 41 */
1175     {
1176      1,
1177      TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178      TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179      SSL_kRSA,
1180      SSL_aRSA,
1181      SSL_CAMELLIA128,
1182      SSL_SHA1,
1183      SSL_TLSV1,
1184      SSL_NOT_EXP | SSL_HIGH,
1185      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1186      128,
1187      128,
1188      },
1189 
1190     /* Cipher 42 */
1191     {
1192      0,                         /* not implemented (non-ephemeral DH) */
1193      TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194      TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195      SSL_kDHd,
1196      SSL_aDH,
1197      SSL_CAMELLIA128,
1198      SSL_SHA1,
1199      SSL_TLSV1,
1200      SSL_NOT_EXP | SSL_HIGH,
1201      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1202      128,
1203      128,
1204      },
1205 
1206     /* Cipher 43 */
1207     {
1208      0,                         /* not implemented (non-ephemeral DH) */
1209      TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210      TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211      SSL_kDHr,
1212      SSL_aDH,
1213      SSL_CAMELLIA128,
1214      SSL_SHA1,
1215      SSL_TLSV1,
1216      SSL_NOT_EXP | SSL_HIGH,
1217      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1218      128,
1219      128,
1220      },
1221 
1222     /* Cipher 44 */
1223     {
1224      1,
1225      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227      SSL_kEDH,
1228      SSL_aDSS,
1229      SSL_CAMELLIA128,
1230      SSL_SHA1,
1231      SSL_TLSV1,
1232      SSL_NOT_EXP | SSL_HIGH,
1233      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1234      128,
1235      128,
1236      },
1237 
1238     /* Cipher 45 */
1239     {
1240      1,
1241      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243      SSL_kEDH,
1244      SSL_aRSA,
1245      SSL_CAMELLIA128,
1246      SSL_SHA1,
1247      SSL_TLSV1,
1248      SSL_NOT_EXP | SSL_HIGH,
1249      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1250      128,
1251      128,
1252      },
1253 
1254     /* Cipher 46 */
1255     {
1256      1,
1257      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259      SSL_kEDH,
1260      SSL_aNULL,
1261      SSL_CAMELLIA128,
1262      SSL_SHA1,
1263      SSL_TLSV1,
1264      SSL_NOT_EXP | SSL_HIGH,
1265      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1266      128,
1267      128,
1268      },
1269 #endif                          /* OPENSSL_NO_CAMELLIA */
1270 
1271 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272     /* New TLS Export CipherSuites from expired ID */
1273 # if 0
1274     /* Cipher 60 */
1275     {
1276      1,
1277      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279      SSL_kRSA,
1280      SSL_aRSA,
1281      SSL_RC4,
1282      SSL_MD5,
1283      SSL_TLSV1,
1284      SSL_EXPORT | SSL_EXP56,
1285      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1286      56,
1287      128,
1288      },
1289 
1290     /* Cipher 61 */
1291     {
1292      1,
1293      TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294      TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295      SSL_kRSA,
1296      SSL_aRSA,
1297      SSL_RC2,
1298      SSL_MD5,
1299      SSL_TLSV1,
1300      SSL_EXPORT | SSL_EXP56,
1301      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1302      56,
1303      128,
1304      },
1305 # endif
1306 
1307     /* Cipher 62 */
1308     {
1309      1,
1310      TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311      TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312      SSL_kRSA,
1313      SSL_aRSA,
1314      SSL_DES,
1315      SSL_SHA1,
1316      SSL_TLSV1,
1317      SSL_EXPORT | SSL_EXP56,
1318      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1319      56,
1320      56,
1321      },
1322 
1323     /* Cipher 63 */
1324     {
1325      1,
1326      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327      TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328      SSL_kEDH,
1329      SSL_aDSS,
1330      SSL_DES,
1331      SSL_SHA1,
1332      SSL_TLSV1,
1333      SSL_EXPORT | SSL_EXP56,
1334      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1335      56,
1336      56,
1337      },
1338 
1339     /* Cipher 64 */
1340     {
1341      1,
1342      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343      TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344      SSL_kRSA,
1345      SSL_aRSA,
1346      SSL_RC4,
1347      SSL_SHA1,
1348      SSL_TLSV1,
1349      SSL_EXPORT | SSL_EXP56,
1350      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1351      56,
1352      128,
1353      },
1354 
1355     /* Cipher 65 */
1356     {
1357      1,
1358      TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359      TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360      SSL_kEDH,
1361      SSL_aDSS,
1362      SSL_RC4,
1363      SSL_SHA1,
1364      SSL_TLSV1,
1365      SSL_EXPORT | SSL_EXP56,
1366      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1367      56,
1368      128,
1369      },
1370 
1371     /* Cipher 66 */
1372     {
1373      1,
1374      TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375      TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376      SSL_kEDH,
1377      SSL_aDSS,
1378      SSL_RC4,
1379      SSL_SHA1,
1380      SSL_TLSV1,
1381      SSL_NOT_EXP | SSL_MEDIUM,
1382      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1383      128,
1384      128,
1385      },
1386 #endif
1387 
1388     /* TLS v1.2 ciphersuites */
1389     /* Cipher 67 */
1390     {
1391      1,
1392      TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393      TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394      SSL_kEDH,
1395      SSL_aRSA,
1396      SSL_AES128,
1397      SSL_SHA256,
1398      SSL_TLSV1_2,
1399      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1400      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1401      128,
1402      128,
1403      },
1404 
1405     /* Cipher 68 */
1406     {
1407      0,                         /* not implemented (non-ephemeral DH) */
1408      TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409      TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410      SSL_kDHd,
1411      SSL_aDH,
1412      SSL_AES256,
1413      SSL_SHA256,
1414      SSL_TLSV1_2,
1415      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1416      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1417      256,
1418      256,
1419      },
1420 
1421     /* Cipher 69 */
1422     {
1423      0,                         /* not implemented (non-ephemeral DH) */
1424      TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425      TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426      SSL_kDHr,
1427      SSL_aDH,
1428      SSL_AES256,
1429      SSL_SHA256,
1430      SSL_TLSV1_2,
1431      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1432      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1433      256,
1434      256,
1435      },
1436 
1437     /* Cipher 6A */
1438     {
1439      1,
1440      TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441      TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442      SSL_kEDH,
1443      SSL_aDSS,
1444      SSL_AES256,
1445      SSL_SHA256,
1446      SSL_TLSV1_2,
1447      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1448      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1449      256,
1450      256,
1451      },
1452 
1453     /* Cipher 6B */
1454     {
1455      1,
1456      TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457      TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458      SSL_kEDH,
1459      SSL_aRSA,
1460      SSL_AES256,
1461      SSL_SHA256,
1462      SSL_TLSV1_2,
1463      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1464      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1465      256,
1466      256,
1467      },
1468 
1469     /* Cipher 6C */
1470     {
1471      1,
1472      TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473      TLS1_CK_ADH_WITH_AES_128_SHA256,
1474      SSL_kEDH,
1475      SSL_aNULL,
1476      SSL_AES128,
1477      SSL_SHA256,
1478      SSL_TLSV1_2,
1479      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1480      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1481      128,
1482      128,
1483      },
1484 
1485     /* Cipher 6D */
1486     {
1487      1,
1488      TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489      TLS1_CK_ADH_WITH_AES_256_SHA256,
1490      SSL_kEDH,
1491      SSL_aNULL,
1492      SSL_AES256,
1493      SSL_SHA256,
1494      SSL_TLSV1_2,
1495      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1496      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1497      256,
1498      256,
1499      },
1500 
1501     /* GOST Ciphersuites */
1502 
1503     {
1504      1,
1505      "GOST94-GOST89-GOST89",
1506      0x3000080,
1507      SSL_kGOST,
1508      SSL_aGOST94,
1509      SSL_eGOST2814789CNT,
1510      SSL_GOST89MAC,
1511      SSL_TLSV1,
1512      SSL_NOT_EXP | SSL_HIGH,
1513      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1514      256,
1515      256},
1516     {
1517      1,
1518      "GOST2001-GOST89-GOST89",
1519      0x3000081,
1520      SSL_kGOST,
1521      SSL_aGOST01,
1522      SSL_eGOST2814789CNT,
1523      SSL_GOST89MAC,
1524      SSL_TLSV1,
1525      SSL_NOT_EXP | SSL_HIGH,
1526      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1527      256,
1528      256},
1529     {
1530      1,
1531      "GOST94-NULL-GOST94",
1532      0x3000082,
1533      SSL_kGOST,
1534      SSL_aGOST94,
1535      SSL_eNULL,
1536      SSL_GOST94,
1537      SSL_TLSV1,
1538      SSL_NOT_EXP | SSL_STRONG_NONE,
1539      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1540      0,
1541      0},
1542     {
1543      1,
1544      "GOST2001-NULL-GOST94",
1545      0x3000083,
1546      SSL_kGOST,
1547      SSL_aGOST01,
1548      SSL_eNULL,
1549      SSL_GOST94,
1550      SSL_TLSV1,
1551      SSL_NOT_EXP | SSL_STRONG_NONE,
1552      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1553      0,
1554      0},
1555 
1556 #ifndef OPENSSL_NO_CAMELLIA
1557     /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1558 
1559     /* Cipher 84 */
1560     {
1561      1,
1562      TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1563      TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1564      SSL_kRSA,
1565      SSL_aRSA,
1566      SSL_CAMELLIA256,
1567      SSL_SHA1,
1568      SSL_TLSV1,
1569      SSL_NOT_EXP | SSL_HIGH,
1570      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1571      256,
1572      256,
1573      },
1574     /* Cipher 85 */
1575     {
1576      0,                         /* not implemented (non-ephemeral DH) */
1577      TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1578      TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1579      SSL_kDHd,
1580      SSL_aDH,
1581      SSL_CAMELLIA256,
1582      SSL_SHA1,
1583      SSL_TLSV1,
1584      SSL_NOT_EXP | SSL_HIGH,
1585      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1586      256,
1587      256,
1588      },
1589 
1590     /* Cipher 86 */
1591     {
1592      0,                         /* not implemented (non-ephemeral DH) */
1593      TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1594      TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1595      SSL_kDHr,
1596      SSL_aDH,
1597      SSL_CAMELLIA256,
1598      SSL_SHA1,
1599      SSL_TLSV1,
1600      SSL_NOT_EXP | SSL_HIGH,
1601      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1602      256,
1603      256,
1604      },
1605 
1606     /* Cipher 87 */
1607     {
1608      1,
1609      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1610      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1611      SSL_kEDH,
1612      SSL_aDSS,
1613      SSL_CAMELLIA256,
1614      SSL_SHA1,
1615      SSL_TLSV1,
1616      SSL_NOT_EXP | SSL_HIGH,
1617      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1618      256,
1619      256,
1620      },
1621 
1622     /* Cipher 88 */
1623     {
1624      1,
1625      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1626      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1627      SSL_kEDH,
1628      SSL_aRSA,
1629      SSL_CAMELLIA256,
1630      SSL_SHA1,
1631      SSL_TLSV1,
1632      SSL_NOT_EXP | SSL_HIGH,
1633      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1634      256,
1635      256,
1636      },
1637 
1638     /* Cipher 89 */
1639     {
1640      1,
1641      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1642      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1643      SSL_kEDH,
1644      SSL_aNULL,
1645      SSL_CAMELLIA256,
1646      SSL_SHA1,
1647      SSL_TLSV1,
1648      SSL_NOT_EXP | SSL_HIGH,
1649      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1650      256,
1651      256,
1652      },
1653 #endif                          /* OPENSSL_NO_CAMELLIA */
1654 
1655 #ifndef OPENSSL_NO_PSK
1656     /* Cipher 8A */
1657     {
1658      1,
1659      TLS1_TXT_PSK_WITH_RC4_128_SHA,
1660      TLS1_CK_PSK_WITH_RC4_128_SHA,
1661      SSL_kPSK,
1662      SSL_aPSK,
1663      SSL_RC4,
1664      SSL_SHA1,
1665      SSL_TLSV1,
1666      SSL_NOT_EXP | SSL_MEDIUM,
1667      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1668      128,
1669      128,
1670      },
1671 
1672     /* Cipher 8B */
1673     {
1674      1,
1675      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1676      TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1677      SSL_kPSK,
1678      SSL_aPSK,
1679      SSL_3DES,
1680      SSL_SHA1,
1681      SSL_TLSV1,
1682      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1683      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1684      112,
1685      168,
1686      },
1687 
1688     /* Cipher 8C */
1689     {
1690      1,
1691      TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1692      TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1693      SSL_kPSK,
1694      SSL_aPSK,
1695      SSL_AES128,
1696      SSL_SHA1,
1697      SSL_TLSV1,
1698      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1699      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1700      128,
1701      128,
1702      },
1703 
1704     /* Cipher 8D */
1705     {
1706      1,
1707      TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1708      TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1709      SSL_kPSK,
1710      SSL_aPSK,
1711      SSL_AES256,
1712      SSL_SHA1,
1713      SSL_TLSV1,
1714      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1715      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1716      256,
1717      256,
1718      },
1719 #endif                          /* OPENSSL_NO_PSK */
1720 
1721 #ifndef OPENSSL_NO_SEED
1722     /* SEED ciphersuites from RFC4162 */
1723 
1724     /* Cipher 96 */
1725     {
1726      1,
1727      TLS1_TXT_RSA_WITH_SEED_SHA,
1728      TLS1_CK_RSA_WITH_SEED_SHA,
1729      SSL_kRSA,
1730      SSL_aRSA,
1731      SSL_SEED,
1732      SSL_SHA1,
1733      SSL_TLSV1,
1734      SSL_NOT_EXP | SSL_MEDIUM,
1735      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1736      128,
1737      128,
1738      },
1739 
1740     /* Cipher 97 */
1741     {
1742      0,                         /* not implemented (non-ephemeral DH) */
1743      TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1744      TLS1_CK_DH_DSS_WITH_SEED_SHA,
1745      SSL_kDHd,
1746      SSL_aDH,
1747      SSL_SEED,
1748      SSL_SHA1,
1749      SSL_TLSV1,
1750      SSL_NOT_EXP | SSL_MEDIUM,
1751      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1752      128,
1753      128,
1754      },
1755 
1756     /* Cipher 98 */
1757     {
1758      0,                         /* not implemented (non-ephemeral DH) */
1759      TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1760      TLS1_CK_DH_RSA_WITH_SEED_SHA,
1761      SSL_kDHr,
1762      SSL_aDH,
1763      SSL_SEED,
1764      SSL_SHA1,
1765      SSL_TLSV1,
1766      SSL_NOT_EXP | SSL_MEDIUM,
1767      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1768      128,
1769      128,
1770      },
1771 
1772     /* Cipher 99 */
1773     {
1774      1,
1775      TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1776      TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1777      SSL_kEDH,
1778      SSL_aDSS,
1779      SSL_SEED,
1780      SSL_SHA1,
1781      SSL_TLSV1,
1782      SSL_NOT_EXP | SSL_MEDIUM,
1783      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1784      128,
1785      128,
1786      },
1787 
1788     /* Cipher 9A */
1789     {
1790      1,
1791      TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1792      TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1793      SSL_kEDH,
1794      SSL_aRSA,
1795      SSL_SEED,
1796      SSL_SHA1,
1797      SSL_TLSV1,
1798      SSL_NOT_EXP | SSL_MEDIUM,
1799      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1800      128,
1801      128,
1802      },
1803 
1804     /* Cipher 9B */
1805     {
1806      1,
1807      TLS1_TXT_ADH_WITH_SEED_SHA,
1808      TLS1_CK_ADH_WITH_SEED_SHA,
1809      SSL_kEDH,
1810      SSL_aNULL,
1811      SSL_SEED,
1812      SSL_SHA1,
1813      SSL_TLSV1,
1814      SSL_NOT_EXP | SSL_MEDIUM,
1815      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1816      128,
1817      128,
1818      },
1819 
1820 #endif                          /* OPENSSL_NO_SEED */
1821 
1822     /* GCM ciphersuites from RFC5288 */
1823 
1824     /* Cipher 9C */
1825     {
1826      1,
1827      TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1828      TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1829      SSL_kRSA,
1830      SSL_aRSA,
1831      SSL_AES128GCM,
1832      SSL_AEAD,
1833      SSL_TLSV1_2,
1834      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1835      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1836      128,
1837      128,
1838      },
1839 
1840     /* Cipher 9D */
1841     {
1842      1,
1843      TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1844      TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1845      SSL_kRSA,
1846      SSL_aRSA,
1847      SSL_AES256GCM,
1848      SSL_AEAD,
1849      SSL_TLSV1_2,
1850      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1851      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1852      256,
1853      256,
1854      },
1855 
1856     /* Cipher 9E */
1857     {
1858      1,
1859      TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1860      TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1861      SSL_kEDH,
1862      SSL_aRSA,
1863      SSL_AES128GCM,
1864      SSL_AEAD,
1865      SSL_TLSV1_2,
1866      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1867      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1868      128,
1869      128,
1870      },
1871 
1872     /* Cipher 9F */
1873     {
1874      1,
1875      TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1876      TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1877      SSL_kEDH,
1878      SSL_aRSA,
1879      SSL_AES256GCM,
1880      SSL_AEAD,
1881      SSL_TLSV1_2,
1882      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1883      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1884      256,
1885      256,
1886      },
1887 
1888     /* Cipher A0 */
1889     {
1890      0,
1891      TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1892      TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1893      SSL_kDHr,
1894      SSL_aDH,
1895      SSL_AES128GCM,
1896      SSL_AEAD,
1897      SSL_TLSV1_2,
1898      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1899      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1900      128,
1901      128,
1902      },
1903 
1904     /* Cipher A1 */
1905     {
1906      0,
1907      TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1908      TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1909      SSL_kDHr,
1910      SSL_aDH,
1911      SSL_AES256GCM,
1912      SSL_AEAD,
1913      SSL_TLSV1_2,
1914      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1915      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1916      256,
1917      256,
1918      },
1919 
1920     /* Cipher A2 */
1921     {
1922      1,
1923      TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1924      TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1925      SSL_kEDH,
1926      SSL_aDSS,
1927      SSL_AES128GCM,
1928      SSL_AEAD,
1929      SSL_TLSV1_2,
1930      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1931      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1932      128,
1933      128,
1934      },
1935 
1936     /* Cipher A3 */
1937     {
1938      1,
1939      TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1940      TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1941      SSL_kEDH,
1942      SSL_aDSS,
1943      SSL_AES256GCM,
1944      SSL_AEAD,
1945      SSL_TLSV1_2,
1946      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1947      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1948      256,
1949      256,
1950      },
1951 
1952     /* Cipher A4 */
1953     {
1954      0,
1955      TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1956      TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1957      SSL_kDHd,
1958      SSL_aDH,
1959      SSL_AES128GCM,
1960      SSL_AEAD,
1961      SSL_TLSV1_2,
1962      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1963      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1964      128,
1965      128,
1966      },
1967 
1968     /* Cipher A5 */
1969     {
1970      0,
1971      TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1972      TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1973      SSL_kDHd,
1974      SSL_aDH,
1975      SSL_AES256GCM,
1976      SSL_AEAD,
1977      SSL_TLSV1_2,
1978      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1979      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1980      256,
1981      256,
1982      },
1983 
1984     /* Cipher A6 */
1985     {
1986      1,
1987      TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1988      TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1989      SSL_kEDH,
1990      SSL_aNULL,
1991      SSL_AES128GCM,
1992      SSL_AEAD,
1993      SSL_TLSV1_2,
1994      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1995      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1996      128,
1997      128,
1998      },
1999 
2000     /* Cipher A7 */
2001     {
2002      1,
2003      TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2004      TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2005      SSL_kEDH,
2006      SSL_aNULL,
2007      SSL_AES256GCM,
2008      SSL_AEAD,
2009      SSL_TLSV1_2,
2010      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2011      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2012      256,
2013      256,
2014      },
2015 
2016 #ifndef OPENSSL_NO_ECDH
2017     /* Cipher C001 */
2018     {
2019      1,
2020      TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2021      TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2022      SSL_kECDHe,
2023      SSL_aECDH,
2024      SSL_eNULL,
2025      SSL_SHA1,
2026      SSL_TLSV1,
2027      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2028      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2029      0,
2030      0,
2031      },
2032 
2033     /* Cipher C002 */
2034     {
2035      1,
2036      TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2037      TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2038      SSL_kECDHe,
2039      SSL_aECDH,
2040      SSL_RC4,
2041      SSL_SHA1,
2042      SSL_TLSV1,
2043      SSL_NOT_EXP | SSL_MEDIUM,
2044      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2045      128,
2046      128,
2047      },
2048 
2049     /* Cipher C003 */
2050     {
2051      1,
2052      TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2053      TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2054      SSL_kECDHe,
2055      SSL_aECDH,
2056      SSL_3DES,
2057      SSL_SHA1,
2058      SSL_TLSV1,
2059      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2060      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2061      112,
2062      168,
2063      },
2064 
2065     /* Cipher C004 */
2066     {
2067      1,
2068      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2069      TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2070      SSL_kECDHe,
2071      SSL_aECDH,
2072      SSL_AES128,
2073      SSL_SHA1,
2074      SSL_TLSV1,
2075      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2076      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2077      128,
2078      128,
2079      },
2080 
2081     /* Cipher C005 */
2082     {
2083      1,
2084      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2085      TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2086      SSL_kECDHe,
2087      SSL_aECDH,
2088      SSL_AES256,
2089      SSL_SHA1,
2090      SSL_TLSV1,
2091      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2092      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2093      256,
2094      256,
2095      },
2096 
2097     /* Cipher C006 */
2098     {
2099      1,
2100      TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2101      TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2102      SSL_kEECDH,
2103      SSL_aECDSA,
2104      SSL_eNULL,
2105      SSL_SHA1,
2106      SSL_TLSV1,
2107      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2108      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2109      0,
2110      0,
2111      },
2112 
2113     /* Cipher C007 */
2114     {
2115      1,
2116      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2117      TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2118      SSL_kEECDH,
2119      SSL_aECDSA,
2120      SSL_RC4,
2121      SSL_SHA1,
2122      SSL_TLSV1,
2123      SSL_NOT_EXP | SSL_MEDIUM,
2124      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2125      128,
2126      128,
2127      },
2128 
2129     /* Cipher C008 */
2130     {
2131      1,
2132      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2133      TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2134      SSL_kEECDH,
2135      SSL_aECDSA,
2136      SSL_3DES,
2137      SSL_SHA1,
2138      SSL_TLSV1,
2139      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2140      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2141      112,
2142      168,
2143      },
2144 
2145     /* Cipher C009 */
2146     {
2147      1,
2148      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2149      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2150      SSL_kEECDH,
2151      SSL_aECDSA,
2152      SSL_AES128,
2153      SSL_SHA1,
2154      SSL_TLSV1,
2155      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2156      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2157      128,
2158      128,
2159      },
2160 
2161     /* Cipher C00A */
2162     {
2163      1,
2164      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2165      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2166      SSL_kEECDH,
2167      SSL_aECDSA,
2168      SSL_AES256,
2169      SSL_SHA1,
2170      SSL_TLSV1,
2171      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2172      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2173      256,
2174      256,
2175      },
2176 
2177     /* Cipher C00B */
2178     {
2179      1,
2180      TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2181      TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2182      SSL_kECDHr,
2183      SSL_aECDH,
2184      SSL_eNULL,
2185      SSL_SHA1,
2186      SSL_TLSV1,
2187      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2188      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2189      0,
2190      0,
2191      },
2192 
2193     /* Cipher C00C */
2194     {
2195      1,
2196      TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2197      TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2198      SSL_kECDHr,
2199      SSL_aECDH,
2200      SSL_RC4,
2201      SSL_SHA1,
2202      SSL_TLSV1,
2203      SSL_NOT_EXP | SSL_MEDIUM,
2204      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2205      128,
2206      128,
2207      },
2208 
2209     /* Cipher C00D */
2210     {
2211      1,
2212      TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2213      TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2214      SSL_kECDHr,
2215      SSL_aECDH,
2216      SSL_3DES,
2217      SSL_SHA1,
2218      SSL_TLSV1,
2219      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2220      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2221      112,
2222      168,
2223      },
2224 
2225     /* Cipher C00E */
2226     {
2227      1,
2228      TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2229      TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2230      SSL_kECDHr,
2231      SSL_aECDH,
2232      SSL_AES128,
2233      SSL_SHA1,
2234      SSL_TLSV1,
2235      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2236      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2237      128,
2238      128,
2239      },
2240 
2241     /* Cipher C00F */
2242     {
2243      1,
2244      TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2245      TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2246      SSL_kECDHr,
2247      SSL_aECDH,
2248      SSL_AES256,
2249      SSL_SHA1,
2250      SSL_TLSV1,
2251      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2252      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2253      256,
2254      256,
2255      },
2256 
2257     /* Cipher C010 */
2258     {
2259      1,
2260      TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2261      TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2262      SSL_kEECDH,
2263      SSL_aRSA,
2264      SSL_eNULL,
2265      SSL_SHA1,
2266      SSL_TLSV1,
2267      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2268      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2269      0,
2270      0,
2271      },
2272 
2273     /* Cipher C011 */
2274     {
2275      1,
2276      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2277      TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2278      SSL_kEECDH,
2279      SSL_aRSA,
2280      SSL_RC4,
2281      SSL_SHA1,
2282      SSL_TLSV1,
2283      SSL_NOT_EXP | SSL_MEDIUM,
2284      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2285      128,
2286      128,
2287      },
2288 
2289     /* Cipher C012 */
2290     {
2291      1,
2292      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2293      TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2294      SSL_kEECDH,
2295      SSL_aRSA,
2296      SSL_3DES,
2297      SSL_SHA1,
2298      SSL_TLSV1,
2299      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2300      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2301      112,
2302      168,
2303      },
2304 
2305     /* Cipher C013 */
2306     {
2307      1,
2308      TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2309      TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2310      SSL_kEECDH,
2311      SSL_aRSA,
2312      SSL_AES128,
2313      SSL_SHA1,
2314      SSL_TLSV1,
2315      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2316      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2317      128,
2318      128,
2319      },
2320 
2321     /* Cipher C014 */
2322     {
2323      1,
2324      TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2325      TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2326      SSL_kEECDH,
2327      SSL_aRSA,
2328      SSL_AES256,
2329      SSL_SHA1,
2330      SSL_TLSV1,
2331      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2332      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2333      256,
2334      256,
2335      },
2336 
2337     /* Cipher C015 */
2338     {
2339      1,
2340      TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2341      TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2342      SSL_kEECDH,
2343      SSL_aNULL,
2344      SSL_eNULL,
2345      SSL_SHA1,
2346      SSL_TLSV1,
2347      SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2348      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2349      0,
2350      0,
2351      },
2352 
2353     /* Cipher C016 */
2354     {
2355      1,
2356      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2357      TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2358      SSL_kEECDH,
2359      SSL_aNULL,
2360      SSL_RC4,
2361      SSL_SHA1,
2362      SSL_TLSV1,
2363      SSL_NOT_EXP | SSL_MEDIUM,
2364      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2365      128,
2366      128,
2367      },
2368 
2369     /* Cipher C017 */
2370     {
2371      1,
2372      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2373      TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2374      SSL_kEECDH,
2375      SSL_aNULL,
2376      SSL_3DES,
2377      SSL_SHA1,
2378      SSL_TLSV1,
2379      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2380      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2381      112,
2382      168,
2383      },
2384 
2385     /* Cipher C018 */
2386     {
2387      1,
2388      TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2389      TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2390      SSL_kEECDH,
2391      SSL_aNULL,
2392      SSL_AES128,
2393      SSL_SHA1,
2394      SSL_TLSV1,
2395      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2396      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2397      128,
2398      128,
2399      },
2400 
2401     /* Cipher C019 */
2402     {
2403      1,
2404      TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2405      TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2406      SSL_kEECDH,
2407      SSL_aNULL,
2408      SSL_AES256,
2409      SSL_SHA1,
2410      SSL_TLSV1,
2411      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2412      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2413      256,
2414      256,
2415      },
2416 #endif                          /* OPENSSL_NO_ECDH */
2417 
2418 #ifndef OPENSSL_NO_SRP
2419     /* Cipher C01A */
2420     {
2421      1,
2422      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2423      TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2424      SSL_kSRP,
2425      SSL_aSRP,
2426      SSL_3DES,
2427      SSL_SHA1,
2428      SSL_TLSV1,
2429      SSL_NOT_EXP | SSL_HIGH,
2430      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2431      112,
2432      168,
2433      },
2434 
2435     /* Cipher C01B */
2436     {
2437      1,
2438      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2439      TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2440      SSL_kSRP,
2441      SSL_aRSA,
2442      SSL_3DES,
2443      SSL_SHA1,
2444      SSL_TLSV1,
2445      SSL_NOT_EXP | SSL_HIGH,
2446      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2447      112,
2448      168,
2449      },
2450 
2451     /* Cipher C01C */
2452     {
2453      1,
2454      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2455      TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2456      SSL_kSRP,
2457      SSL_aDSS,
2458      SSL_3DES,
2459      SSL_SHA1,
2460      SSL_TLSV1,
2461      SSL_NOT_EXP | SSL_HIGH,
2462      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2463      112,
2464      168,
2465      },
2466 
2467     /* Cipher C01D */
2468     {
2469      1,
2470      TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2471      TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2472      SSL_kSRP,
2473      SSL_aSRP,
2474      SSL_AES128,
2475      SSL_SHA1,
2476      SSL_TLSV1,
2477      SSL_NOT_EXP | SSL_HIGH,
2478      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2479      128,
2480      128,
2481      },
2482 
2483     /* Cipher C01E */
2484     {
2485      1,
2486      TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2487      TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2488      SSL_kSRP,
2489      SSL_aRSA,
2490      SSL_AES128,
2491      SSL_SHA1,
2492      SSL_TLSV1,
2493      SSL_NOT_EXP | SSL_HIGH,
2494      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2495      128,
2496      128,
2497      },
2498 
2499     /* Cipher C01F */
2500     {
2501      1,
2502      TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2503      TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2504      SSL_kSRP,
2505      SSL_aDSS,
2506      SSL_AES128,
2507      SSL_SHA1,
2508      SSL_TLSV1,
2509      SSL_NOT_EXP | SSL_HIGH,
2510      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2511      128,
2512      128,
2513      },
2514 
2515     /* Cipher C020 */
2516     {
2517      1,
2518      TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2519      TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2520      SSL_kSRP,
2521      SSL_aSRP,
2522      SSL_AES256,
2523      SSL_SHA1,
2524      SSL_TLSV1,
2525      SSL_NOT_EXP | SSL_HIGH,
2526      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2527      256,
2528      256,
2529      },
2530 
2531     /* Cipher C021 */
2532     {
2533      1,
2534      TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2535      TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2536      SSL_kSRP,
2537      SSL_aRSA,
2538      SSL_AES256,
2539      SSL_SHA1,
2540      SSL_TLSV1,
2541      SSL_NOT_EXP | SSL_HIGH,
2542      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2543      256,
2544      256,
2545      },
2546 
2547     /* Cipher C022 */
2548     {
2549      1,
2550      TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2551      TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2552      SSL_kSRP,
2553      SSL_aDSS,
2554      SSL_AES256,
2555      SSL_SHA1,
2556      SSL_TLSV1,
2557      SSL_NOT_EXP | SSL_HIGH,
2558      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2559      256,
2560      256,
2561      },
2562 #endif                          /* OPENSSL_NO_SRP */
2563 #ifndef OPENSSL_NO_ECDH
2564 
2565     /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2566 
2567     /* Cipher C023 */
2568     {
2569      1,
2570      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2571      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2572      SSL_kEECDH,
2573      SSL_aECDSA,
2574      SSL_AES128,
2575      SSL_SHA256,
2576      SSL_TLSV1_2,
2577      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2578      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2579      128,
2580      128,
2581      },
2582 
2583     /* Cipher C024 */
2584     {
2585      1,
2586      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2587      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2588      SSL_kEECDH,
2589      SSL_aECDSA,
2590      SSL_AES256,
2591      SSL_SHA384,
2592      SSL_TLSV1_2,
2593      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2594      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2595      256,
2596      256,
2597      },
2598 
2599     /* Cipher C025 */
2600     {
2601      1,
2602      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2603      TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2604      SSL_kECDHe,
2605      SSL_aECDH,
2606      SSL_AES128,
2607      SSL_SHA256,
2608      SSL_TLSV1_2,
2609      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2610      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2611      128,
2612      128,
2613      },
2614 
2615     /* Cipher C026 */
2616     {
2617      1,
2618      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2619      TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2620      SSL_kECDHe,
2621      SSL_aECDH,
2622      SSL_AES256,
2623      SSL_SHA384,
2624      SSL_TLSV1_2,
2625      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2626      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2627      256,
2628      256,
2629      },
2630 
2631     /* Cipher C027 */
2632     {
2633      1,
2634      TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2635      TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2636      SSL_kEECDH,
2637      SSL_aRSA,
2638      SSL_AES128,
2639      SSL_SHA256,
2640      SSL_TLSV1_2,
2641      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2642      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2643      128,
2644      128,
2645      },
2646 
2647     /* Cipher C028 */
2648     {
2649      1,
2650      TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2651      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2652      SSL_kEECDH,
2653      SSL_aRSA,
2654      SSL_AES256,
2655      SSL_SHA384,
2656      SSL_TLSV1_2,
2657      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2658      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2659      256,
2660      256,
2661      },
2662 
2663     /* Cipher C029 */
2664     {
2665      1,
2666      TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2667      TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2668      SSL_kECDHr,
2669      SSL_aECDH,
2670      SSL_AES128,
2671      SSL_SHA256,
2672      SSL_TLSV1_2,
2673      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2674      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2675      128,
2676      128,
2677      },
2678 
2679     /* Cipher C02A */
2680     {
2681      1,
2682      TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2683      TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2684      SSL_kECDHr,
2685      SSL_aECDH,
2686      SSL_AES256,
2687      SSL_SHA384,
2688      SSL_TLSV1_2,
2689      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2690      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2691      256,
2692      256,
2693      },
2694 
2695     /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2696 
2697     /* Cipher C02B */
2698     {
2699      1,
2700      TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2701      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2702      SSL_kEECDH,
2703      SSL_aECDSA,
2704      SSL_AES128GCM,
2705      SSL_AEAD,
2706      SSL_TLSV1_2,
2707      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2708      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2709      128,
2710      128,
2711      },
2712 
2713     /* Cipher C02C */
2714     {
2715      1,
2716      TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2717      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2718      SSL_kEECDH,
2719      SSL_aECDSA,
2720      SSL_AES256GCM,
2721      SSL_AEAD,
2722      SSL_TLSV1_2,
2723      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2724      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2725      256,
2726      256,
2727      },
2728 
2729     /* Cipher C02D */
2730     {
2731      1,
2732      TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2733      TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2734      SSL_kECDHe,
2735      SSL_aECDH,
2736      SSL_AES128GCM,
2737      SSL_AEAD,
2738      SSL_TLSV1_2,
2739      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2740      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2741      128,
2742      128,
2743      },
2744 
2745     /* Cipher C02E */
2746     {
2747      1,
2748      TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2749      TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2750      SSL_kECDHe,
2751      SSL_aECDH,
2752      SSL_AES256GCM,
2753      SSL_AEAD,
2754      SSL_TLSV1_2,
2755      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2756      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2757      256,
2758      256,
2759      },
2760 
2761     /* Cipher C02F */
2762     {
2763      1,
2764      TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2765      TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2766      SSL_kEECDH,
2767      SSL_aRSA,
2768      SSL_AES128GCM,
2769      SSL_AEAD,
2770      SSL_TLSV1_2,
2771      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2772      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2773      128,
2774      128,
2775      },
2776 
2777     /* Cipher C030 */
2778     {
2779      1,
2780      TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2781      TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2782      SSL_kEECDH,
2783      SSL_aRSA,
2784      SSL_AES256GCM,
2785      SSL_AEAD,
2786      SSL_TLSV1_2,
2787      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2788      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2789      256,
2790      256,
2791      },
2792 
2793     /* Cipher C031 */
2794     {
2795      1,
2796      TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2797      TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2798      SSL_kECDHr,
2799      SSL_aECDH,
2800      SSL_AES128GCM,
2801      SSL_AEAD,
2802      SSL_TLSV1_2,
2803      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2804      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2805      128,
2806      128,
2807      },
2808 
2809     /* Cipher C032 */
2810     {
2811      1,
2812      TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2813      TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2814      SSL_kECDHr,
2815      SSL_aECDH,
2816      SSL_AES256GCM,
2817      SSL_AEAD,
2818      SSL_TLSV1_2,
2819      SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2820      SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2821      256,
2822      256,
2823      },
2824 
2825 #endif                          /* OPENSSL_NO_ECDH */
2826 
2827 #ifdef TEMP_GOST_TLS
2828 /* Cipher FF00 */
2829     {
2830      1,
2831      "GOST-MD5",
2832      0x0300ff00,
2833      SSL_kRSA,
2834      SSL_aRSA,
2835      SSL_eGOST2814789CNT,
2836      SSL_MD5,
2837      SSL_TLSV1,
2838      SSL_NOT_EXP | SSL_HIGH,
2839      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2840      256,
2841      256,
2842      },
2843     {
2844      1,
2845      "GOST-GOST94",
2846      0x0300ff01,
2847      SSL_kRSA,
2848      SSL_aRSA,
2849      SSL_eGOST2814789CNT,
2850      SSL_GOST94,
2851      SSL_TLSV1,
2852      SSL_NOT_EXP | SSL_HIGH,
2853      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2854      256,
2855      256},
2856     {
2857      1,
2858      "GOST-GOST89MAC",
2859      0x0300ff02,
2860      SSL_kRSA,
2861      SSL_aRSA,
2862      SSL_eGOST2814789CNT,
2863      SSL_GOST89MAC,
2864      SSL_TLSV1,
2865      SSL_NOT_EXP | SSL_HIGH,
2866      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2867      256,
2868      256},
2869     {
2870      1,
2871      "GOST-GOST89STREAM",
2872      0x0300ff03,
2873      SSL_kRSA,
2874      SSL_aRSA,
2875      SSL_eGOST2814789CNT,
2876      SSL_GOST89MAC,
2877      SSL_TLSV1,
2878      SSL_NOT_EXP | SSL_HIGH,
2879      SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
2880      256,
2881      256},
2882 #endif
2883 
2884 /* end of list */
2885 };
2886 
2887 SSL3_ENC_METHOD SSLv3_enc_data = {
2888     ssl3_enc,
2889     n_ssl3_mac,
2890     ssl3_setup_key_block,
2891     ssl3_generate_master_secret,
2892     ssl3_change_cipher_state,
2893     ssl3_final_finish_mac,
2894     MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2895     ssl3_cert_verify_mac,
2896     SSL3_MD_CLIENT_FINISHED_CONST, 4,
2897     SSL3_MD_SERVER_FINISHED_CONST, 4,
2898     ssl3_alert_code,
2899     (int (*)(SSL *, unsigned char *, size_t, const char *,
2900              size_t, const unsigned char *, size_t,
2901              int use_context))ssl_undefined_function,
2902 };
2903 
2904 long ssl3_default_timeout(void)
2905 {
2906     /*
2907      * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2908      * http, the cache would over fill
2909      */
2910     return (60 * 60 * 2);
2911 }
2912 
2913 int ssl3_num_ciphers(void)
2914 {
2915     return (SSL3_NUM_CIPHERS);
2916 }
2917 
2918 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2919 {
2920     if (u < SSL3_NUM_CIPHERS)
2921         return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2922     else
2923         return (NULL);
2924 }
2925 
2926 int ssl3_pending(const SSL *s)
2927 {
2928     if (s->rstate == SSL_ST_READ_BODY)
2929         return 0;
2930 
2931     return (s->s3->rrec.type ==
2932             SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2933 }
2934 
2935 int ssl3_new(SSL *s)
2936 {
2937     SSL3_STATE *s3;
2938 
2939     if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
2940         goto err;
2941     memset(s3, 0, sizeof *s3);
2942     memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2943     memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2944 
2945     s->s3 = s3;
2946 
2947 #ifndef OPENSSL_NO_SRP
2948     SSL_SRP_CTX_init(s);
2949 #endif
2950     s->method->ssl_clear(s);
2951     return (1);
2952  err:
2953     return (0);
2954 }
2955 
2956 void ssl3_free(SSL *s)
2957 {
2958     if (s == NULL)
2959         return;
2960 
2961 #ifdef TLSEXT_TYPE_opaque_prf_input
2962     if (s->s3->client_opaque_prf_input != NULL)
2963         OPENSSL_free(s->s3->client_opaque_prf_input);
2964     if (s->s3->server_opaque_prf_input != NULL)
2965         OPENSSL_free(s->s3->server_opaque_prf_input);
2966 #endif
2967 
2968     ssl3_cleanup_key_block(s);
2969     if (s->s3->rbuf.buf != NULL)
2970         ssl3_release_read_buffer(s);
2971     if (s->s3->wbuf.buf != NULL)
2972         ssl3_release_write_buffer(s);
2973     if (s->s3->rrec.comp != NULL)
2974         OPENSSL_free(s->s3->rrec.comp);
2975 #ifndef OPENSSL_NO_DH
2976     if (s->s3->tmp.dh != NULL)
2977         DH_free(s->s3->tmp.dh);
2978 #endif
2979 #ifndef OPENSSL_NO_ECDH
2980     if (s->s3->tmp.ecdh != NULL)
2981         EC_KEY_free(s->s3->tmp.ecdh);
2982 #endif
2983 
2984     if (s->s3->tmp.ca_names != NULL)
2985         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2986     if (s->s3->handshake_buffer) {
2987         BIO_free(s->s3->handshake_buffer);
2988     }
2989     if (s->s3->handshake_dgst)
2990         ssl3_free_digest_list(s);
2991 #ifndef OPENSSL_NO_SRP
2992     SSL_SRP_CTX_free(s);
2993 #endif
2994     OPENSSL_cleanse(s->s3, sizeof *s->s3);
2995     OPENSSL_free(s->s3);
2996     s->s3 = NULL;
2997 }
2998 
2999 void ssl3_clear(SSL *s)
3000 {
3001     unsigned char *rp, *wp;
3002     size_t rlen, wlen;
3003     int init_extra;
3004 
3005 #ifdef TLSEXT_TYPE_opaque_prf_input
3006     if (s->s3->client_opaque_prf_input != NULL)
3007         OPENSSL_free(s->s3->client_opaque_prf_input);
3008     s->s3->client_opaque_prf_input = NULL;
3009     if (s->s3->server_opaque_prf_input != NULL)
3010         OPENSSL_free(s->s3->server_opaque_prf_input);
3011     s->s3->server_opaque_prf_input = NULL;
3012 #endif
3013 
3014     ssl3_cleanup_key_block(s);
3015     if (s->s3->tmp.ca_names != NULL)
3016         sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3017 
3018     if (s->s3->rrec.comp != NULL) {
3019         OPENSSL_free(s->s3->rrec.comp);
3020         s->s3->rrec.comp = NULL;
3021     }
3022 #ifndef OPENSSL_NO_DH
3023     if (s->s3->tmp.dh != NULL) {
3024         DH_free(s->s3->tmp.dh);
3025         s->s3->tmp.dh = NULL;
3026     }
3027 #endif
3028 #ifndef OPENSSL_NO_ECDH
3029     if (s->s3->tmp.ecdh != NULL) {
3030         EC_KEY_free(s->s3->tmp.ecdh);
3031         s->s3->tmp.ecdh = NULL;
3032     }
3033 #endif
3034 #ifndef OPENSSL_NO_TLSEXT
3035 # ifndef OPENSSL_NO_EC
3036     s->s3->is_probably_safari = 0;
3037 # endif                         /* !OPENSSL_NO_EC */
3038 #endif                          /* !OPENSSL_NO_TLSEXT */
3039 
3040     rp = s->s3->rbuf.buf;
3041     wp = s->s3->wbuf.buf;
3042     rlen = s->s3->rbuf.len;
3043     wlen = s->s3->wbuf.len;
3044     init_extra = s->s3->init_extra;
3045     if (s->s3->handshake_buffer) {
3046         BIO_free(s->s3->handshake_buffer);
3047         s->s3->handshake_buffer = NULL;
3048     }
3049     if (s->s3->handshake_dgst) {
3050         ssl3_free_digest_list(s);
3051     }
3052     memset(s->s3, 0, sizeof *s->s3);
3053     s->s3->rbuf.buf = rp;
3054     s->s3->wbuf.buf = wp;
3055     s->s3->rbuf.len = rlen;
3056     s->s3->wbuf.len = wlen;
3057     s->s3->init_extra = init_extra;
3058 
3059     ssl_free_wbio_buffer(s);
3060 
3061     s->packet_length = 0;
3062     s->s3->renegotiate = 0;
3063     s->s3->total_renegotiations = 0;
3064     s->s3->num_renegotiations = 0;
3065     s->s3->in_read_app_data = 0;
3066     s->version = SSL3_VERSION;
3067 
3068 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3069     if (s->next_proto_negotiated) {
3070         OPENSSL_free(s->next_proto_negotiated);
3071         s->next_proto_negotiated = NULL;
3072         s->next_proto_negotiated_len = 0;
3073     }
3074 #endif
3075 }
3076 
3077 #ifndef OPENSSL_NO_SRP
3078 static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3079 {
3080     return BUF_strdup(s->srp_ctx.info);
3081 }
3082 #endif
3083 
3084 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3085 {
3086     int ret = 0;
3087 
3088 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3089     if (
3090 # ifndef OPENSSL_NO_RSA
3091            cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3092 # endif
3093 # ifndef OPENSSL_NO_DSA
3094            cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
3095 # endif
3096            0) {
3097         if (!ssl_cert_inst(&s->cert)) {
3098             SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3099             return (0);
3100         }
3101     }
3102 #endif
3103 
3104     switch (cmd) {
3105     case SSL_CTRL_GET_SESSION_REUSED:
3106         ret = s->hit;
3107         break;
3108     case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3109         break;
3110     case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3111         ret = s->s3->num_renegotiations;
3112         break;
3113     case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3114         ret = s->s3->num_renegotiations;
3115         s->s3->num_renegotiations = 0;
3116         break;
3117     case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3118         ret = s->s3->total_renegotiations;
3119         break;
3120     case SSL_CTRL_GET_FLAGS:
3121         ret = (int)(s->s3->flags);
3122         break;
3123 #ifndef OPENSSL_NO_RSA
3124     case SSL_CTRL_NEED_TMP_RSA:
3125         if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3126             ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3127              (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3128               (512 / 8))))
3129             ret = 1;
3130         break;
3131     case SSL_CTRL_SET_TMP_RSA:
3132         {
3133             RSA *rsa = (RSA *)parg;
3134             if (rsa == NULL) {
3135                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3136                 return (ret);
3137             }
3138             if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3139                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3140                 return (ret);
3141             }
3142             if (s->cert->rsa_tmp != NULL)
3143                 RSA_free(s->cert->rsa_tmp);
3144             s->cert->rsa_tmp = rsa;
3145             ret = 1;
3146         }
3147         break;
3148     case SSL_CTRL_SET_TMP_RSA_CB:
3149         {
3150             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3151             return (ret);
3152         }
3153         break;
3154 #endif
3155 #ifndef OPENSSL_NO_DH
3156     case SSL_CTRL_SET_TMP_DH:
3157         {
3158             DH *dh = (DH *)parg;
3159             if (dh == NULL) {
3160                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3161                 return (ret);
3162             }
3163             if ((dh = DHparams_dup(dh)) == NULL) {
3164                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3165                 return (ret);
3166             }
3167             if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3168                 if (!DH_generate_key(dh)) {
3169                     DH_free(dh);
3170                     SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3171                     return (ret);
3172                 }
3173             }
3174             if (s->cert->dh_tmp != NULL)
3175                 DH_free(s->cert->dh_tmp);
3176             s->cert->dh_tmp = dh;
3177             ret = 1;
3178         }
3179         break;
3180     case SSL_CTRL_SET_TMP_DH_CB:
3181         {
3182             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3183             return (ret);
3184         }
3185         break;
3186 #endif
3187 #ifndef OPENSSL_NO_ECDH
3188     case SSL_CTRL_SET_TMP_ECDH:
3189         {
3190             EC_KEY *ecdh = NULL;
3191 
3192             if (parg == NULL) {
3193                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3194                 return (ret);
3195             }
3196             if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3197                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3198                 return (ret);
3199             }
3200             ecdh = (EC_KEY *)parg;
3201             if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3202                 if (!EC_KEY_generate_key(ecdh)) {
3203                     EC_KEY_free(ecdh);
3204                     SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3205                     return (ret);
3206                 }
3207             }
3208             if (s->cert->ecdh_tmp != NULL)
3209                 EC_KEY_free(s->cert->ecdh_tmp);
3210             s->cert->ecdh_tmp = ecdh;
3211             ret = 1;
3212         }
3213         break;
3214     case SSL_CTRL_SET_TMP_ECDH_CB:
3215         {
3216             SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3217             return (ret);
3218         }
3219         break;
3220 #endif                          /* !OPENSSL_NO_ECDH */
3221 #ifndef OPENSSL_NO_TLSEXT
3222     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3223         if (larg == TLSEXT_NAMETYPE_host_name) {
3224             if (s->tlsext_hostname != NULL)
3225                 OPENSSL_free(s->tlsext_hostname);
3226             s->tlsext_hostname = NULL;
3227 
3228             ret = 1;
3229             if (parg == NULL)
3230                 break;
3231             if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3232                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3233                 return 0;
3234             }
3235             if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3236                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3237                 return 0;
3238             }
3239         } else {
3240             SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3241             return 0;
3242         }
3243         break;
3244     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3245         s->tlsext_debug_arg = parg;
3246         ret = 1;
3247         break;
3248 
3249 # ifdef TLSEXT_TYPE_opaque_prf_input
3250     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3251         if (larg > 12288) {     /* actual internal limit is 2^16 for the
3252                                  * complete hello message * (including the
3253                                  * cert chain and everything) */
3254             SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3255             break;
3256         }
3257         if (s->tlsext_opaque_prf_input != NULL)
3258             OPENSSL_free(s->tlsext_opaque_prf_input);
3259         if ((size_t)larg == 0)
3260             s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
3261                                                              * just to get
3262                                                              * non-NULL */
3263         else
3264             s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3265         if (s->tlsext_opaque_prf_input != NULL) {
3266             s->tlsext_opaque_prf_input_len = (size_t)larg;
3267             ret = 1;
3268         } else
3269             s->tlsext_opaque_prf_input_len = 0;
3270         break;
3271 # endif
3272 
3273     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3274         s->tlsext_status_type = larg;
3275         ret = 1;
3276         break;
3277 
3278     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3279         *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3280         ret = 1;
3281         break;
3282 
3283     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3284         s->tlsext_ocsp_exts = parg;
3285         ret = 1;
3286         break;
3287 
3288     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3289         *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3290         ret = 1;
3291         break;
3292 
3293     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3294         s->tlsext_ocsp_ids = parg;
3295         ret = 1;
3296         break;
3297 
3298     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3299         *(unsigned char **)parg = s->tlsext_ocsp_resp;
3300         return s->tlsext_ocsp_resplen;
3301 
3302     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3303         if (s->tlsext_ocsp_resp)
3304             OPENSSL_free(s->tlsext_ocsp_resp);
3305         s->tlsext_ocsp_resp = parg;
3306         s->tlsext_ocsp_resplen = larg;
3307         ret = 1;
3308         break;
3309 
3310 # ifndef OPENSSL_NO_HEARTBEATS
3311     case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3312         if (SSL_version(s) == DTLS1_VERSION
3313             || SSL_version(s) == DTLS1_BAD_VER)
3314             ret = dtls1_heartbeat(s);
3315         else
3316             ret = tls1_heartbeat(s);
3317         break;
3318 
3319     case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3320         ret = s->tlsext_hb_pending;
3321         break;
3322 
3323     case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3324         if (larg)
3325             s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3326         else
3327             s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3328         ret = 1;
3329         break;
3330 # endif
3331 
3332 #endif                          /* !OPENSSL_NO_TLSEXT */
3333 
3334     case SSL_CTRL_CHECK_PROTO_VERSION:
3335         /*
3336          * For library-internal use; checks that the current protocol is the
3337          * highest enabled version (according to s->ctx->method, as version
3338          * negotiation may have changed s->method).
3339          */
3340         if (s->version == s->ctx->method->version)
3341             return 1;
3342         /*
3343          * Apparently we're using a version-flexible SSL_METHOD (not at its
3344          * highest protocol version).
3345          */
3346         if (s->ctx->method->version == SSLv23_method()->version) {
3347 #if TLS_MAX_VERSION != TLS1_2_VERSION
3348 # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3349 #endif
3350             if (!(s->options & SSL_OP_NO_TLSv1_2))
3351                 return s->version == TLS1_2_VERSION;
3352             if (!(s->options & SSL_OP_NO_TLSv1_1))
3353                 return s->version == TLS1_1_VERSION;
3354             if (!(s->options & SSL_OP_NO_TLSv1))
3355                 return s->version == TLS1_VERSION;
3356             if (!(s->options & SSL_OP_NO_SSLv3))
3357                 return s->version == SSL3_VERSION;
3358             if (!(s->options & SSL_OP_NO_SSLv2))
3359                 return s->version == SSL2_VERSION;
3360         }
3361         return 0;               /* Unexpected state; fail closed. */
3362 
3363     default:
3364         break;
3365     }
3366     return (ret);
3367 }
3368 
3369 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3370 {
3371     int ret = 0;
3372 
3373 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3374     if (
3375 # ifndef OPENSSL_NO_RSA
3376            cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3377 # endif
3378 # ifndef OPENSSL_NO_DSA
3379            cmd == SSL_CTRL_SET_TMP_DH_CB ||
3380 # endif
3381            0) {
3382         if (!ssl_cert_inst(&s->cert)) {
3383             SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3384             return (0);
3385         }
3386     }
3387 #endif
3388 
3389     switch (cmd) {
3390 #ifndef OPENSSL_NO_RSA
3391     case SSL_CTRL_SET_TMP_RSA_CB:
3392         {
3393             s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3394         }
3395         break;
3396 #endif
3397 #ifndef OPENSSL_NO_DH
3398     case SSL_CTRL_SET_TMP_DH_CB:
3399         {
3400             s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3401         }
3402         break;
3403 #endif
3404 #ifndef OPENSSL_NO_ECDH
3405     case SSL_CTRL_SET_TMP_ECDH_CB:
3406         {
3407             s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3408         }
3409         break;
3410 #endif
3411 #ifndef OPENSSL_NO_TLSEXT
3412     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3413         s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3414                                        unsigned char *, int, void *))fp;
3415         break;
3416 #endif
3417     default:
3418         break;
3419     }
3420     return (ret);
3421 }
3422 
3423 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3424 {
3425     CERT *cert;
3426 
3427     cert = ctx->cert;
3428 
3429     switch (cmd) {
3430 #ifndef OPENSSL_NO_RSA
3431     case SSL_CTRL_NEED_TMP_RSA:
3432         if ((cert->rsa_tmp == NULL) &&
3433             ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3434              (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3435               (512 / 8)))
3436             )
3437             return (1);
3438         else
3439             return (0);
3440         /* break; */
3441     case SSL_CTRL_SET_TMP_RSA:
3442         {
3443             RSA *rsa;
3444             int i;
3445 
3446             rsa = (RSA *)parg;
3447             i = 1;
3448             if (rsa == NULL)
3449                 i = 0;
3450             else {
3451                 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3452                     i = 0;
3453             }
3454             if (!i) {
3455                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3456                 return (0);
3457             } else {
3458                 if (cert->rsa_tmp != NULL)
3459                     RSA_free(cert->rsa_tmp);
3460                 cert->rsa_tmp = rsa;
3461                 return (1);
3462             }
3463         }
3464         /* break; */
3465     case SSL_CTRL_SET_TMP_RSA_CB:
3466         {
3467             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3468             return (0);
3469         }
3470         break;
3471 #endif
3472 #ifndef OPENSSL_NO_DH
3473     case SSL_CTRL_SET_TMP_DH:
3474         {
3475             DH *new = NULL, *dh;
3476 
3477             dh = (DH *)parg;
3478             if ((new = DHparams_dup(dh)) == NULL) {
3479                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3480                 return 0;
3481             }
3482             if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3483                 if (!DH_generate_key(new)) {
3484                     SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3485                     DH_free(new);
3486                     return 0;
3487                 }
3488             }
3489             if (cert->dh_tmp != NULL)
3490                 DH_free(cert->dh_tmp);
3491             cert->dh_tmp = new;
3492             return 1;
3493         }
3494         /*
3495          * break;
3496          */
3497     case SSL_CTRL_SET_TMP_DH_CB:
3498         {
3499             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3500             return (0);
3501         }
3502         break;
3503 #endif
3504 #ifndef OPENSSL_NO_ECDH
3505     case SSL_CTRL_SET_TMP_ECDH:
3506         {
3507             EC_KEY *ecdh = NULL;
3508 
3509             if (parg == NULL) {
3510                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3511                 return 0;
3512             }
3513             ecdh = EC_KEY_dup((EC_KEY *)parg);
3514             if (ecdh == NULL) {
3515                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3516                 return 0;
3517             }
3518             if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3519                 if (!EC_KEY_generate_key(ecdh)) {
3520                     EC_KEY_free(ecdh);
3521                     SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3522                     return 0;
3523                 }
3524             }
3525 
3526             if (cert->ecdh_tmp != NULL) {
3527                 EC_KEY_free(cert->ecdh_tmp);
3528             }
3529             cert->ecdh_tmp = ecdh;
3530             return 1;
3531         }
3532         /* break; */
3533     case SSL_CTRL_SET_TMP_ECDH_CB:
3534         {
3535             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3536             return (0);
3537         }
3538         break;
3539 #endif                          /* !OPENSSL_NO_ECDH */
3540 #ifndef OPENSSL_NO_TLSEXT
3541     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3542         ctx->tlsext_servername_arg = parg;
3543         break;
3544     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3545     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3546         {
3547             unsigned char *keys = parg;
3548             if (!keys)
3549                 return 48;
3550             if (larg != 48) {
3551                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3552                 return 0;
3553             }
3554             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3555                 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3556                 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3557                 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3558             } else {
3559                 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3560                 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3561                 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3562             }
3563             return 1;
3564         }
3565 
3566 # ifdef TLSEXT_TYPE_opaque_prf_input
3567     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3568         ctx->tlsext_opaque_prf_input_callback_arg = parg;
3569         return 1;
3570 # endif
3571 
3572     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3573         ctx->tlsext_status_arg = parg;
3574         return 1;
3575         break;
3576 
3577 # ifndef OPENSSL_NO_SRP
3578     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3579         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3580         if (ctx->srp_ctx.login != NULL)
3581             OPENSSL_free(ctx->srp_ctx.login);
3582         ctx->srp_ctx.login = NULL;
3583         if (parg == NULL)
3584             break;
3585         if (strlen((const char *)parg) > 255
3586             || strlen((const char *)parg) < 1) {
3587             SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3588             return 0;
3589         }
3590         if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3591             SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3592             return 0;
3593         }
3594         break;
3595     case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3596         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3597             srp_password_from_info_cb;
3598         ctx->srp_ctx.info = parg;
3599         break;
3600     case SSL_CTRL_SET_SRP_ARG:
3601         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3602         ctx->srp_ctx.SRP_cb_arg = parg;
3603         break;
3604 
3605     case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3606         ctx->srp_ctx.strength = larg;
3607         break;
3608 # endif
3609 #endif                          /* !OPENSSL_NO_TLSEXT */
3610 
3611         /* A Thawte special :-) */
3612     case SSL_CTRL_EXTRA_CHAIN_CERT:
3613         if (ctx->extra_certs == NULL) {
3614             if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3615                 return (0);
3616         }
3617         sk_X509_push(ctx->extra_certs, (X509 *)parg);
3618         break;
3619 
3620     case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3621         *(STACK_OF(X509) **)parg = ctx->extra_certs;
3622         break;
3623 
3624     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3625         if (ctx->extra_certs) {
3626             sk_X509_pop_free(ctx->extra_certs, X509_free);
3627             ctx->extra_certs = NULL;
3628         }
3629         break;
3630 
3631     default:
3632         return (0);
3633     }
3634     return (1);
3635 }
3636 
3637 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3638 {
3639     CERT *cert;
3640 
3641     cert = ctx->cert;
3642 
3643     switch (cmd) {
3644 #ifndef OPENSSL_NO_RSA
3645     case SSL_CTRL_SET_TMP_RSA_CB:
3646         {
3647             cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3648         }
3649         break;
3650 #endif
3651 #ifndef OPENSSL_NO_DH
3652     case SSL_CTRL_SET_TMP_DH_CB:
3653         {
3654             cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3655         }
3656         break;
3657 #endif
3658 #ifndef OPENSSL_NO_ECDH
3659     case SSL_CTRL_SET_TMP_ECDH_CB:
3660         {
3661             cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3662         }
3663         break;
3664 #endif
3665 #ifndef OPENSSL_NO_TLSEXT
3666     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3667         ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3668         break;
3669 
3670 # ifdef TLSEXT_TYPE_opaque_prf_input
3671     case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3672         ctx->tlsext_opaque_prf_input_callback =
3673             (int (*)(SSL *, void *, size_t, void *))fp;
3674         break;
3675 # endif
3676 
3677     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3678         ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3679         break;
3680 
3681     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3682         ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3683                                              unsigned char *,
3684                                              EVP_CIPHER_CTX *,
3685                                              HMAC_CTX *, int))fp;
3686         break;
3687 
3688 # ifndef OPENSSL_NO_SRP
3689     case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3690         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3691         ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3692         break;
3693     case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3694         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3695         ctx->srp_ctx.TLS_ext_srp_username_callback =
3696             (int (*)(SSL *, int *, void *))fp;
3697         break;
3698     case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3699         ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3700         ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3701             (char *(*)(SSL *, void *))fp;
3702         break;
3703 # endif
3704 #endif
3705 
3706     default:
3707         return (0);
3708     }
3709     return (1);
3710 }
3711 
3712 /*
3713  * This function needs to check if the ciphers required are actually
3714  * available
3715  */
3716 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3717 {
3718     SSL_CIPHER c;
3719     const SSL_CIPHER *cp;
3720     unsigned long id;
3721 
3722     id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3723     c.id = id;
3724     cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3725 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3726     if (cp == NULL)
3727         fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3728 #endif
3729     if (cp == NULL || cp->valid == 0)
3730         return NULL;
3731     else
3732         return cp;
3733 }
3734 
3735 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3736 {
3737     long l;
3738 
3739     if (p != NULL) {
3740         l = c->id;
3741         if ((l & 0xff000000) != 0x03000000)
3742             return (0);
3743         p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3744         p[1] = ((unsigned char)(l)) & 0xFF;
3745     }
3746     return (2);
3747 }
3748 
3749 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3750                                STACK_OF(SSL_CIPHER) *srvr)
3751 {
3752     SSL_CIPHER *c, *ret = NULL;
3753     STACK_OF(SSL_CIPHER) *prio, *allow;
3754     int i, ii, ok;
3755 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3756     unsigned int j;
3757     int ec_ok, ec_nid;
3758     unsigned char ec_search1 = 0, ec_search2 = 0;
3759 #endif
3760     CERT *cert;
3761     unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
3762 
3763     /* Let's see which ciphers we can support */
3764     cert = s->cert;
3765 
3766 #if 0
3767     /*
3768      * Do not set the compare functions, because this may lead to a
3769      * reordering by "id". We want to keep the original ordering. We may pay
3770      * a price in performance during sk_SSL_CIPHER_find(), but would have to
3771      * pay with the price of sk_SSL_CIPHER_dup().
3772      */
3773     sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3774     sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3775 #endif
3776 
3777 #ifdef CIPHER_DEBUG
3778     fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3779             (void *)srvr);
3780     for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3781         c = sk_SSL_CIPHER_value(srvr, i);
3782         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3783     }
3784     fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3785             (void *)clnt);
3786     for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3787         c = sk_SSL_CIPHER_value(clnt, i);
3788         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3789     }
3790 #endif
3791 
3792     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3793         prio = srvr;
3794         allow = clnt;
3795     } else {
3796         prio = clnt;
3797         allow = srvr;
3798     }
3799 
3800     for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3801         c = sk_SSL_CIPHER_value(prio, i);
3802 
3803         /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3804         if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3805             (TLS1_get_version(s) < TLS1_2_VERSION))
3806             continue;
3807 
3808         ssl_set_cert_masks(cert, c);
3809         mask_k = cert->mask_k;
3810         mask_a = cert->mask_a;
3811         emask_k = cert->export_mask_k;
3812         emask_a = cert->export_mask_a;
3813 #ifndef OPENSSL_NO_SRP
3814         if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3815             mask_k |= SSL_kSRP;
3816             emask_k |= SSL_kSRP;
3817             mask_a |= SSL_aSRP;
3818             emask_a |= SSL_aSRP;
3819         }
3820 #endif
3821 
3822 #ifdef KSSL_DEBUG
3823         /*
3824          * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
3825          * i,c->algorithms);
3826          */
3827 #endif                          /* KSSL_DEBUG */
3828 
3829         alg_k = c->algorithm_mkey;
3830         alg_a = c->algorithm_auth;
3831 
3832 #ifndef OPENSSL_NO_KRB5
3833         if (alg_k & SSL_kKRB5) {
3834             if (!kssl_keytab_is_available(s->kssl_ctx))
3835                 continue;
3836         }
3837 #endif                          /* OPENSSL_NO_KRB5 */
3838 #ifndef OPENSSL_NO_PSK
3839         /* with PSK there must be server callback set */
3840         if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3841             continue;
3842 #endif                          /* OPENSSL_NO_PSK */
3843 
3844         if (SSL_C_IS_EXPORT(c)) {
3845             ok = (alg_k & emask_k) && (alg_a & emask_a);
3846 #ifdef CIPHER_DEBUG
3847             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3848                     ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
3849 #endif
3850         } else {
3851             ok = (alg_k & mask_k) && (alg_a & mask_a);
3852 #ifdef CIPHER_DEBUG
3853             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3854                     alg_a, mask_k, mask_a, (void *)c, c->name);
3855 #endif
3856         }
3857 
3858 #ifndef OPENSSL_NO_TLSEXT
3859 # ifndef OPENSSL_NO_EC
3860         if (
3861                /*
3862                 * if we are considering an ECC cipher suite that uses our
3863                 * certificate
3864                 */
3865                (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3866                /* and we have an ECC certificate */
3867                && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3868                /*
3869                 * and the client specified a Supported Point Formats
3870                 * extension
3871                 */
3872                && ((s->session->tlsext_ecpointformatlist_length > 0)
3873                    && (s->session->tlsext_ecpointformatlist != NULL))
3874                /* and our certificate's point is compressed */
3875                && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3876                    && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key !=
3877                        NULL)
3878                    && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3879                        key->public_key != NULL)
3880                    && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3881                        key->public_key->data != NULL)
3882                    &&
3883                    ((*
3884                      (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3885                       key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3886                     ||
3887                     (*
3888                      (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3889                       key->public_key->data) ==
3890                      POINT_CONVERSION_COMPRESSED + 1)
3891                    )
3892                )
3893             ) {
3894             ec_ok = 0;
3895             /*
3896              * if our certificate's curve is over a field type that the
3897              * client does not support then do not allow this cipher suite to
3898              * be negotiated
3899              */
3900             if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3901                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
3902                     NULL)
3903                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3904                     group->meth != NULL)
3905                 &&
3906                 (EC_METHOD_get_field_type
3907                  (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3908                   group->meth) == NID_X9_62_prime_field)
3909                 ) {
3910                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
3911                      j++) {
3912                     if (s->session->tlsext_ecpointformatlist[j] ==
3913                         TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
3914                         ec_ok = 1;
3915                         break;
3916                     }
3917                 }
3918             } else
3919                 if (EC_METHOD_get_field_type
3920                     (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3921                      group->meth) == NID_X9_62_characteristic_two_field) {
3922                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
3923                      j++) {
3924                     if (s->session->tlsext_ecpointformatlist[j] ==
3925                         TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
3926                         ec_ok = 1;
3927                         break;
3928                     }
3929                 }
3930             }
3931             ok = ok && ec_ok;
3932         }
3933         if (
3934                /*
3935                 * if we are considering an ECC cipher suite that uses our
3936                 * certificate
3937                 */
3938                (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3939                /* and we have an ECC certificate */
3940                && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3941                /*
3942                 * and the client specified an EllipticCurves extension
3943                 */
3944                && ((s->session->tlsext_ellipticcurvelist_length > 0)
3945                    && (s->session->tlsext_ellipticcurvelist != NULL))
3946             ) {
3947             ec_ok = 0;
3948             if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3949                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
3950                     NULL)
3951                 ) {
3952                 ec_nid =
3953                     EC_GROUP_get_curve_name(s->cert->
3954                                             pkeys[SSL_PKEY_ECC].privatekey->
3955                                             pkey.ec->group);
3956                 if ((ec_nid == 0)
3957                     && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
3958                         ec->group->meth != NULL)
3959                     ) {
3960                     if (EC_METHOD_get_field_type
3961                         (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
3962                          ec->group->meth) == NID_X9_62_prime_field) {
3963                         ec_search1 = 0xFF;
3964                         ec_search2 = 0x01;
3965                     } else
3966                         if (EC_METHOD_get_field_type
3967                             (s->cert->pkeys[SSL_PKEY_ECC].privatekey->
3968                              pkey.ec->group->meth) ==
3969                             NID_X9_62_characteristic_two_field) {
3970                         ec_search1 = 0xFF;
3971                         ec_search2 = 0x02;
3972                     }
3973                 } else {
3974                     ec_search1 = 0x00;
3975                     ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3976                 }
3977                 if ((ec_search1 != 0) || (ec_search2 != 0)) {
3978                     for (j = 0;
3979                          j < s->session->tlsext_ellipticcurvelist_length / 2;
3980                          j++) {
3981                         if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
3982                              ec_search1)
3983                             && (s->session->tlsext_ellipticcurvelist[2 * j +
3984                                                                      1] ==
3985                                 ec_search2)) {
3986                             ec_ok = 1;
3987                             break;
3988                         }
3989                     }
3990                 }
3991             }
3992             ok = ok && ec_ok;
3993         }
3994 #  ifndef OPENSSL_NO_ECDH
3995         if (
3996                /*
3997                 * if we are considering an ECC cipher suite that uses an
3998                 * ephemeral EC key
3999                 */
4000                (alg_k & SSL_kEECDH)
4001                /* and we have an ephemeral EC key */
4002                && (s->cert->ecdh_tmp != NULL)
4003                /*
4004                 * and the client specified an EllipticCurves extension
4005                 */
4006                && ((s->session->tlsext_ellipticcurvelist_length > 0)
4007                    && (s->session->tlsext_ellipticcurvelist != NULL))
4008             ) {
4009             ec_ok = 0;
4010             if (s->cert->ecdh_tmp->group != NULL) {
4011                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
4012                 if ((ec_nid == 0)
4013                     && (s->cert->ecdh_tmp->group->meth != NULL)
4014                     ) {
4015                     if (EC_METHOD_get_field_type
4016                         (s->cert->ecdh_tmp->group->meth) ==
4017                         NID_X9_62_prime_field) {
4018                         ec_search1 = 0xFF;
4019                         ec_search2 = 0x01;
4020                     } else
4021                         if (EC_METHOD_get_field_type
4022                             (s->cert->ecdh_tmp->group->meth) ==
4023                             NID_X9_62_characteristic_two_field) {
4024                         ec_search1 = 0xFF;
4025                         ec_search2 = 0x02;
4026                     }
4027                 } else {
4028                     ec_search1 = 0x00;
4029                     ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4030                 }
4031                 if ((ec_search1 != 0) || (ec_search2 != 0)) {
4032                     for (j = 0;
4033                          j < s->session->tlsext_ellipticcurvelist_length / 2;
4034                          j++) {
4035                         if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
4036                              ec_search1)
4037                             && (s->session->tlsext_ellipticcurvelist[2 * j +
4038                                                                      1] ==
4039                                 ec_search2)) {
4040                             ec_ok = 1;
4041                             break;
4042                         }
4043                     }
4044                 }
4045             }
4046             ok = ok && ec_ok;
4047         }
4048 #  endif                        /* OPENSSL_NO_ECDH */
4049 # endif                         /* OPENSSL_NO_EC */
4050 #endif                          /* OPENSSL_NO_TLSEXT */
4051 
4052         if (!ok)
4053             continue;
4054         ii = sk_SSL_CIPHER_find(allow, c);
4055         if (ii >= 0) {
4056 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4057             if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
4058                 && s->s3->is_probably_safari) {
4059                 if (!ret)
4060                     ret = sk_SSL_CIPHER_value(allow, ii);
4061                 continue;
4062             }
4063 #endif
4064             ret = sk_SSL_CIPHER_value(allow, ii);
4065             break;
4066         }
4067     }
4068     return (ret);
4069 }
4070 
4071 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4072 {
4073     int ret = 0;
4074     unsigned long alg_k;
4075 
4076     alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4077 
4078 #ifndef OPENSSL_NO_GOST
4079     if (s->version >= TLS1_VERSION) {
4080         if (alg_k & SSL_kGOST) {
4081             p[ret++] = TLS_CT_GOST94_SIGN;
4082             p[ret++] = TLS_CT_GOST01_SIGN;
4083             return (ret);
4084         }
4085     }
4086 #endif
4087 
4088 #ifndef OPENSSL_NO_DH
4089     if (alg_k & (SSL_kDHr | SSL_kEDH)) {
4090 # ifndef OPENSSL_NO_RSA
4091         p[ret++] = SSL3_CT_RSA_FIXED_DH;
4092 # endif
4093 # ifndef OPENSSL_NO_DSA
4094         p[ret++] = SSL3_CT_DSS_FIXED_DH;
4095 # endif
4096     }
4097     if ((s->version == SSL3_VERSION) &&
4098         (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
4099 # ifndef OPENSSL_NO_RSA
4100         p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4101 # endif
4102 # ifndef OPENSSL_NO_DSA
4103         p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4104 # endif
4105     }
4106 #endif                          /* !OPENSSL_NO_DH */
4107 #ifndef OPENSSL_NO_RSA
4108     p[ret++] = SSL3_CT_RSA_SIGN;
4109 #endif
4110 #ifndef OPENSSL_NO_DSA
4111     p[ret++] = SSL3_CT_DSS_SIGN;
4112 #endif
4113 #ifndef OPENSSL_NO_ECDH
4114     if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4115         p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4116         p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4117     }
4118 #endif
4119 
4120 #ifndef OPENSSL_NO_ECDSA
4121     /*
4122      * ECDSA certs can be used with RSA cipher suites as well so we don't
4123      * need to check for SSL_kECDH or SSL_kEECDH
4124      */
4125     if (s->version >= TLS1_VERSION) {
4126         p[ret++] = TLS_CT_ECDSA_SIGN;
4127     }
4128 #endif
4129     return (ret);
4130 }
4131 
4132 int ssl3_shutdown(SSL *s)
4133 {
4134     int ret;
4135 
4136     /*
4137      * Don't do anything much if we have not done the handshake or we don't
4138      * want to send messages :-)
4139      */
4140     if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4141         s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4142         return (1);
4143     }
4144 
4145     if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4146         s->shutdown |= SSL_SENT_SHUTDOWN;
4147 #if 1
4148         ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4149 #endif
4150         /*
4151          * our shutdown alert has been sent now, and if it still needs to be
4152          * written, s->s3->alert_dispatch will be true
4153          */
4154         if (s->s3->alert_dispatch)
4155             return (-1);        /* return WANT_WRITE */
4156     } else if (s->s3->alert_dispatch) {
4157         /* resend it if not sent */
4158 #if 1
4159         ret = s->method->ssl_dispatch_alert(s);
4160         if (ret == -1) {
4161             /*
4162              * we only get to return -1 here the 2nd/Nth invocation, we must
4163              * have already signalled return 0 upon a previous invoation,
4164              * return WANT_WRITE
4165              */
4166             return (ret);
4167         }
4168 #endif
4169     } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4170         /*
4171          * If we are waiting for a close from our peer, we are closed
4172          */
4173         s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4174         if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4175             return (-1);        /* return WANT_READ */
4176         }
4177     }
4178 
4179     if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4180         !s->s3->alert_dispatch)
4181         return (1);
4182     else
4183         return (0);
4184 }
4185 
4186 int ssl3_write(SSL *s, const void *buf, int len)
4187 {
4188     int ret, n;
4189 
4190 #if 0
4191     if (s->shutdown & SSL_SEND_SHUTDOWN) {
4192         s->rwstate = SSL_NOTHING;
4193         return (0);
4194     }
4195 #endif
4196     clear_sys_error();
4197     if (s->s3->renegotiate)
4198         ssl3_renegotiate_check(s);
4199 
4200     /*
4201      * This is an experimental flag that sends the last handshake message in
4202      * the same packet as the first use data - used to see if it helps the
4203      * TCP protocol during session-id reuse
4204      */
4205     /* The second test is because the buffer may have been removed */
4206     if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4207         /* First time through, we write into the buffer */
4208         if (s->s3->delay_buf_pop_ret == 0) {
4209             ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
4210             if (ret <= 0)
4211                 return (ret);
4212 
4213             s->s3->delay_buf_pop_ret = ret;
4214         }
4215 
4216         s->rwstate = SSL_WRITING;
4217         n = BIO_flush(s->wbio);
4218         if (n <= 0)
4219             return (n);
4220         s->rwstate = SSL_NOTHING;
4221 
4222         /* We have flushed the buffer, so remove it */
4223         ssl_free_wbio_buffer(s);
4224         s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
4225 
4226         ret = s->s3->delay_buf_pop_ret;
4227         s->s3->delay_buf_pop_ret = 0;
4228     } else {
4229         ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4230                                          buf, len);
4231         if (ret <= 0)
4232             return (ret);
4233     }
4234 
4235     return (ret);
4236 }
4237 
4238 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4239 {
4240     int ret;
4241 
4242     clear_sys_error();
4243     if (s->s3->renegotiate)
4244         ssl3_renegotiate_check(s);
4245     s->s3->in_read_app_data = 1;
4246     ret =
4247         s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4248                                   peek);
4249     if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4250         /*
4251          * ssl3_read_bytes decided to call s->handshake_func, which called
4252          * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4253          * actually found application data and thinks that application data
4254          * makes sense here; so disable handshake processing and try to read
4255          * application data again.
4256          */
4257         s->in_handshake++;
4258         ret =
4259             s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4260                                       peek);
4261         s->in_handshake--;
4262     } else
4263         s->s3->in_read_app_data = 0;
4264 
4265     return (ret);
4266 }
4267 
4268 int ssl3_read(SSL *s, void *buf, int len)
4269 {
4270     return ssl3_read_internal(s, buf, len, 0);
4271 }
4272 
4273 int ssl3_peek(SSL *s, void *buf, int len)
4274 {
4275     return ssl3_read_internal(s, buf, len, 1);
4276 }
4277 
4278 int ssl3_renegotiate(SSL *s)
4279 {
4280     if (s->handshake_func == NULL)
4281         return (1);
4282 
4283     if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4284         return (0);
4285 
4286     s->s3->renegotiate = 1;
4287     return (1);
4288 }
4289 
4290 int ssl3_renegotiate_check(SSL *s)
4291 {
4292     int ret = 0;
4293 
4294     if (s->s3->renegotiate) {
4295         if ((s->s3->rbuf.left == 0) &&
4296             (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
4297             /*
4298              * if we are the server, and we have sent a 'RENEGOTIATE'
4299              * message, we need to go to SSL_ST_ACCEPT.
4300              */
4301             /* SSL_ST_ACCEPT */
4302             s->state = SSL_ST_RENEGOTIATE;
4303             s->s3->renegotiate = 0;
4304             s->s3->num_renegotiations++;
4305             s->s3->total_renegotiations++;
4306             ret = 1;
4307         }
4308     }
4309     return (ret);
4310 }
4311 
4312 /*
4313  * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4314  * to new SHA256 PRF and handshake macs
4315  */
4316 long ssl_get_algorithm2(SSL *s)
4317 {
4318     long alg2 = s->s3->tmp.new_cipher->algorithm2;
4319     if (s->method->version == TLS1_2_VERSION &&
4320         alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4321         return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4322     return alg2;
4323 }
4324