s3_lib.c revision 296341
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 *    notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 *    notice, this list of conditions and the following disclaimer in
70 *    the documentation and/or other materials provided with the
71 *    distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 *    software must display the following acknowledgment:
75 *    "This product includes software developed by the OpenSSL Project
76 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 *    endorse or promote products derived from this software without
80 *    prior written permission. For written permission, please contact
81 *    openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 *    nor may "OpenSSL" appear in their names without prior written
85 *    permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 *    acknowledgment:
89 *    "This product includes software developed by the OpenSSL Project
90 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com).  This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include <openssl/objects.h>
153#include "ssl_locl.h"
154#include "kssl_lcl.h"
155#ifndef OPENSSL_NO_TLSEXT
156# ifndef OPENSSL_NO_EC
157#  include "../crypto/ec/ec_lcl.h"
158# endif                         /* OPENSSL_NO_EC */
159#endif                          /* OPENSSL_NO_TLSEXT */
160#include <openssl/md5.h>
161#ifndef OPENSSL_NO_DH
162# include <openssl/dh.h>
163#endif
164
165const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
166
167#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
171
172/* The RSA ciphers */
173/* Cipher 01 */
174    {
175     1,
176     SSL3_TXT_RSA_NULL_MD5,
177     SSL3_CK_RSA_NULL_MD5,
178     SSL_kRSA,
179     SSL_aRSA,
180     SSL_eNULL,
181     SSL_MD5,
182     SSL_SSLV3,
183     SSL_NOT_EXP | SSL_STRONG_NONE,
184     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
185     0,
186     0,
187     },
188
189/* Cipher 02 */
190    {
191     1,
192     SSL3_TXT_RSA_NULL_SHA,
193     SSL3_CK_RSA_NULL_SHA,
194     SSL_kRSA,
195     SSL_aRSA,
196     SSL_eNULL,
197     SSL_SHA1,
198     SSL_SSLV3,
199     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
200     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
201     0,
202     0,
203     },
204
205/* Cipher 03 */
206#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
207    {
208     1,
209     SSL3_TXT_RSA_RC4_40_MD5,
210     SSL3_CK_RSA_RC4_40_MD5,
211     SSL_kRSA,
212     SSL_aRSA,
213     SSL_RC4,
214     SSL_MD5,
215     SSL_SSLV3,
216     SSL_EXPORT | SSL_EXP40,
217     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
218     40,
219     128,
220     },
221#endif
222
223/* Cipher 04 */
224    {
225     1,
226     SSL3_TXT_RSA_RC4_128_MD5,
227     SSL3_CK_RSA_RC4_128_MD5,
228     SSL_kRSA,
229     SSL_aRSA,
230     SSL_RC4,
231     SSL_MD5,
232     SSL_SSLV3,
233     SSL_NOT_EXP | SSL_MEDIUM,
234     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
235     128,
236     128,
237     },
238
239/* Cipher 05 */
240    {
241     1,
242     SSL3_TXT_RSA_RC4_128_SHA,
243     SSL3_CK_RSA_RC4_128_SHA,
244     SSL_kRSA,
245     SSL_aRSA,
246     SSL_RC4,
247     SSL_SHA1,
248     SSL_SSLV3,
249     SSL_NOT_EXP | SSL_MEDIUM,
250     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
251     128,
252     128,
253     },
254
255/* Cipher 06 */
256#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
257    {
258     1,
259     SSL3_TXT_RSA_RC2_40_MD5,
260     SSL3_CK_RSA_RC2_40_MD5,
261     SSL_kRSA,
262     SSL_aRSA,
263     SSL_RC2,
264     SSL_MD5,
265     SSL_SSLV3,
266     SSL_EXPORT | SSL_EXP40,
267     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
268     40,
269     128,
270     },
271#endif
272
273/* Cipher 07 */
274#ifndef OPENSSL_NO_IDEA
275    {
276     1,
277     SSL3_TXT_RSA_IDEA_128_SHA,
278     SSL3_CK_RSA_IDEA_128_SHA,
279     SSL_kRSA,
280     SSL_aRSA,
281     SSL_IDEA,
282     SSL_SHA1,
283     SSL_SSLV3,
284     SSL_NOT_EXP | SSL_MEDIUM,
285     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
286     128,
287     128,
288     },
289#endif
290
291/* Cipher 08 */
292#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
293    {
294     1,
295     SSL3_TXT_RSA_DES_40_CBC_SHA,
296     SSL3_CK_RSA_DES_40_CBC_SHA,
297     SSL_kRSA,
298     SSL_aRSA,
299     SSL_DES,
300     SSL_SHA1,
301     SSL_SSLV3,
302     SSL_EXPORT | SSL_EXP40,
303     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
304     40,
305     56,
306     },
307#endif
308
309/* Cipher 09 */
310#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
311    {
312     1,
313     SSL3_TXT_RSA_DES_64_CBC_SHA,
314     SSL3_CK_RSA_DES_64_CBC_SHA,
315     SSL_kRSA,
316     SSL_aRSA,
317     SSL_DES,
318     SSL_SHA1,
319     SSL_SSLV3,
320     SSL_NOT_EXP | SSL_LOW,
321     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
322     56,
323     56,
324     },
325#endif
326
327/* Cipher 0A */
328    {
329     1,
330     SSL3_TXT_RSA_DES_192_CBC3_SHA,
331     SSL3_CK_RSA_DES_192_CBC3_SHA,
332     SSL_kRSA,
333     SSL_aRSA,
334     SSL_3DES,
335     SSL_SHA1,
336     SSL_SSLV3,
337     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
338     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
339     112,
340     168,
341     },
342
343/* The DH ciphers */
344/* Cipher 0B */
345#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
346    {
347     0,
348     SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
349     SSL3_CK_DH_DSS_DES_40_CBC_SHA,
350     SSL_kDHd,
351     SSL_aDH,
352     SSL_DES,
353     SSL_SHA1,
354     SSL_SSLV3,
355     SSL_EXPORT | SSL_EXP40,
356     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
357     40,
358     56,
359     },
360#endif
361
362/* Cipher 0C */
363#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
364    {
365     0,                         /* not implemented (non-ephemeral DH) */
366     SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
367     SSL3_CK_DH_DSS_DES_64_CBC_SHA,
368     SSL_kDHd,
369     SSL_aDH,
370     SSL_DES,
371     SSL_SHA1,
372     SSL_SSLV3,
373     SSL_NOT_EXP | SSL_LOW,
374     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
375     56,
376     56,
377     },
378#endif
379
380/* Cipher 0D */
381    {
382     0,                         /* not implemented (non-ephemeral DH) */
383     SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
384     SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
385     SSL_kDHd,
386     SSL_aDH,
387     SSL_3DES,
388     SSL_SHA1,
389     SSL_SSLV3,
390     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
391     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
392     112,
393     168,
394     },
395
396/* Cipher 0E */
397#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
398    {
399     0,                         /* not implemented (non-ephemeral DH) */
400     SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
401     SSL3_CK_DH_RSA_DES_40_CBC_SHA,
402     SSL_kDHr,
403     SSL_aDH,
404     SSL_DES,
405     SSL_SHA1,
406     SSL_SSLV3,
407     SSL_EXPORT | SSL_EXP40,
408     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
409     40,
410     56,
411     },
412#endif
413
414/* Cipher 0F */
415#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
416    {
417     0,                         /* not implemented (non-ephemeral DH) */
418     SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
419     SSL3_CK_DH_RSA_DES_64_CBC_SHA,
420     SSL_kDHr,
421     SSL_aDH,
422     SSL_DES,
423     SSL_SHA1,
424     SSL_SSLV3,
425     SSL_NOT_EXP | SSL_LOW,
426     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
427     56,
428     56,
429     },
430#endif
431
432/* Cipher 10 */
433    {
434     0,                         /* not implemented (non-ephemeral DH) */
435     SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
436     SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
437     SSL_kDHr,
438     SSL_aDH,
439     SSL_3DES,
440     SSL_SHA1,
441     SSL_SSLV3,
442     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
443     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
444     112,
445     168,
446     },
447
448/* The Ephemeral DH ciphers */
449/* Cipher 11 */
450#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
451    {
452     1,
453     SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
454     SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
455     SSL_kEDH,
456     SSL_aDSS,
457     SSL_DES,
458     SSL_SHA1,
459     SSL_SSLV3,
460     SSL_EXPORT | SSL_EXP40,
461     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
462     40,
463     56,
464     },
465#endif
466
467/* Cipher 12 */
468#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
469    {
470     1,
471     SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
472     SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
473     SSL_kEDH,
474     SSL_aDSS,
475     SSL_DES,
476     SSL_SHA1,
477     SSL_SSLV3,
478     SSL_NOT_EXP | SSL_LOW,
479     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
480     56,
481     56,
482     },
483#endif
484
485/* Cipher 13 */
486    {
487     1,
488     SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
489     SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
490     SSL_kEDH,
491     SSL_aDSS,
492     SSL_3DES,
493     SSL_SHA1,
494     SSL_SSLV3,
495     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
496     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
497     112,
498     168,
499     },
500
501/* Cipher 14 */
502#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
503    {
504     1,
505     SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
506     SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
507     SSL_kEDH,
508     SSL_aRSA,
509     SSL_DES,
510     SSL_SHA1,
511     SSL_SSLV3,
512     SSL_EXPORT | SSL_EXP40,
513     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
514     40,
515     56,
516     },
517#endif
518
519/* Cipher 15 */
520#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
521    {
522     1,
523     SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
524     SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
525     SSL_kEDH,
526     SSL_aRSA,
527     SSL_DES,
528     SSL_SHA1,
529     SSL_SSLV3,
530     SSL_NOT_EXP | SSL_LOW,
531     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
532     56,
533     56,
534     },
535#endif
536
537/* Cipher 16 */
538    {
539     1,
540     SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
541     SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
542     SSL_kEDH,
543     SSL_aRSA,
544     SSL_3DES,
545     SSL_SHA1,
546     SSL_SSLV3,
547     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
548     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
549     112,
550     168,
551     },
552
553/* Cipher 17 */
554#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
555    {
556     1,
557     SSL3_TXT_ADH_RC4_40_MD5,
558     SSL3_CK_ADH_RC4_40_MD5,
559     SSL_kEDH,
560     SSL_aNULL,
561     SSL_RC4,
562     SSL_MD5,
563     SSL_SSLV3,
564     SSL_EXPORT | SSL_EXP40,
565     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
566     40,
567     128,
568     },
569#endif
570
571/* Cipher 18 */
572    {
573     1,
574     SSL3_TXT_ADH_RC4_128_MD5,
575     SSL3_CK_ADH_RC4_128_MD5,
576     SSL_kEDH,
577     SSL_aNULL,
578     SSL_RC4,
579     SSL_MD5,
580     SSL_SSLV3,
581     SSL_NOT_EXP | SSL_MEDIUM,
582     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
583     128,
584     128,
585     },
586
587/* Cipher 19 */
588#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
589    {
590     1,
591     SSL3_TXT_ADH_DES_40_CBC_SHA,
592     SSL3_CK_ADH_DES_40_CBC_SHA,
593     SSL_kEDH,
594     SSL_aNULL,
595     SSL_DES,
596     SSL_SHA1,
597     SSL_SSLV3,
598     SSL_EXPORT | SSL_EXP40,
599     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
600     40,
601     128,
602     },
603#endif
604
605/* Cipher 1A */
606#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
607    {
608     1,
609     SSL3_TXT_ADH_DES_64_CBC_SHA,
610     SSL3_CK_ADH_DES_64_CBC_SHA,
611     SSL_kEDH,
612     SSL_aNULL,
613     SSL_DES,
614     SSL_SHA1,
615     SSL_SSLV3,
616     SSL_NOT_EXP | SSL_LOW,
617     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
618     56,
619     56,
620     },
621#endif
622
623/* Cipher 1B */
624    {
625     1,
626     SSL3_TXT_ADH_DES_192_CBC_SHA,
627     SSL3_CK_ADH_DES_192_CBC_SHA,
628     SSL_kEDH,
629     SSL_aNULL,
630     SSL_3DES,
631     SSL_SHA1,
632     SSL_SSLV3,
633     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
634     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
635     112,
636     168,
637     },
638
639/* Fortezza ciphersuite from SSL 3.0 spec */
640#if 0
641/* Cipher 1C */
642    {
643     0,
644     SSL3_TXT_FZA_DMS_NULL_SHA,
645     SSL3_CK_FZA_DMS_NULL_SHA,
646     SSL_kFZA,
647     SSL_aFZA,
648     SSL_eNULL,
649     SSL_SHA1,
650     SSL_SSLV3,
651     SSL_NOT_EXP | SSL_STRONG_NONE,
652     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
653     0,
654     0,
655     },
656
657/* Cipher 1D */
658    {
659     0,
660     SSL3_TXT_FZA_DMS_FZA_SHA,
661     SSL3_CK_FZA_DMS_FZA_SHA,
662     SSL_kFZA,
663     SSL_aFZA,
664     SSL_eFZA,
665     SSL_SHA1,
666     SSL_SSLV3,
667     SSL_NOT_EXP | SSL_STRONG_NONE,
668     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
669     0,
670     0,
671     },
672
673/* Cipher 1E */
674    {
675     0,
676     SSL3_TXT_FZA_DMS_RC4_SHA,
677     SSL3_CK_FZA_DMS_RC4_SHA,
678     SSL_kFZA,
679     SSL_aFZA,
680     SSL_RC4,
681     SSL_SHA1,
682     SSL_SSLV3,
683     SSL_NOT_EXP | SSL_MEDIUM,
684     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
685     128,
686     128,
687     },
688#endif
689
690#ifndef OPENSSL_NO_KRB5
691/* The Kerberos ciphers*/
692/* Cipher 1E */
693# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
694    {
695     1,
696     SSL3_TXT_KRB5_DES_64_CBC_SHA,
697     SSL3_CK_KRB5_DES_64_CBC_SHA,
698     SSL_kKRB5,
699     SSL_aKRB5,
700     SSL_DES,
701     SSL_SHA1,
702     SSL_SSLV3,
703     SSL_NOT_EXP | SSL_LOW,
704     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
705     56,
706     56,
707     },
708# endif
709
710/* Cipher 1F */
711    {
712     1,
713     SSL3_TXT_KRB5_DES_192_CBC3_SHA,
714     SSL3_CK_KRB5_DES_192_CBC3_SHA,
715     SSL_kKRB5,
716     SSL_aKRB5,
717     SSL_3DES,
718     SSL_SHA1,
719     SSL_SSLV3,
720     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
721     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
722     112,
723     168,
724     },
725
726/* Cipher 20 */
727    {
728     1,
729     SSL3_TXT_KRB5_RC4_128_SHA,
730     SSL3_CK_KRB5_RC4_128_SHA,
731     SSL_kKRB5,
732     SSL_aKRB5,
733     SSL_RC4,
734     SSL_SHA1,
735     SSL_SSLV3,
736     SSL_NOT_EXP | SSL_MEDIUM,
737     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
738     128,
739     128,
740     },
741
742/* Cipher 21 */
743    {
744     1,
745     SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
746     SSL3_CK_KRB5_IDEA_128_CBC_SHA,
747     SSL_kKRB5,
748     SSL_aKRB5,
749     SSL_IDEA,
750     SSL_SHA1,
751     SSL_SSLV3,
752     SSL_NOT_EXP | SSL_MEDIUM,
753     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
754     128,
755     128,
756     },
757
758/* Cipher 22 */
759# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
760    {
761     1,
762     SSL3_TXT_KRB5_DES_64_CBC_MD5,
763     SSL3_CK_KRB5_DES_64_CBC_MD5,
764     SSL_kKRB5,
765     SSL_aKRB5,
766     SSL_DES,
767     SSL_MD5,
768     SSL_SSLV3,
769     SSL_NOT_EXP | SSL_LOW,
770     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
771     56,
772     56,
773     },
774# endif
775
776/* Cipher 23 */
777    {
778     1,
779     SSL3_TXT_KRB5_DES_192_CBC3_MD5,
780     SSL3_CK_KRB5_DES_192_CBC3_MD5,
781     SSL_kKRB5,
782     SSL_aKRB5,
783     SSL_3DES,
784     SSL_MD5,
785     SSL_SSLV3,
786     SSL_NOT_EXP | SSL_HIGH,
787     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
788     112,
789     168,
790     },
791
792/* Cipher 24 */
793    {
794     1,
795     SSL3_TXT_KRB5_RC4_128_MD5,
796     SSL3_CK_KRB5_RC4_128_MD5,
797     SSL_kKRB5,
798     SSL_aKRB5,
799     SSL_RC4,
800     SSL_MD5,
801     SSL_SSLV3,
802     SSL_NOT_EXP | SSL_MEDIUM,
803     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
804     128,
805     128,
806     },
807
808/* Cipher 25 */
809    {
810     1,
811     SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
812     SSL3_CK_KRB5_IDEA_128_CBC_MD5,
813     SSL_kKRB5,
814     SSL_aKRB5,
815     SSL_IDEA,
816     SSL_MD5,
817     SSL_SSLV3,
818     SSL_NOT_EXP | SSL_MEDIUM,
819     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
820     128,
821     128,
822     },
823
824/* Cipher 26 */
825# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
826    {
827     1,
828     SSL3_TXT_KRB5_DES_40_CBC_SHA,
829     SSL3_CK_KRB5_DES_40_CBC_SHA,
830     SSL_kKRB5,
831     SSL_aKRB5,
832     SSL_DES,
833     SSL_SHA1,
834     SSL_SSLV3,
835     SSL_EXPORT | SSL_EXP40,
836     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
837     40,
838     56,
839     },
840# endif
841
842/* Cipher 27 */
843# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
844    {
845     1,
846     SSL3_TXT_KRB5_RC2_40_CBC_SHA,
847     SSL3_CK_KRB5_RC2_40_CBC_SHA,
848     SSL_kKRB5,
849     SSL_aKRB5,
850     SSL_RC2,
851     SSL_SHA1,
852     SSL_SSLV3,
853     SSL_EXPORT | SSL_EXP40,
854     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
855     40,
856     128,
857     },
858# endif
859
860/* Cipher 28 */
861# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
862    {
863     1,
864     SSL3_TXT_KRB5_RC4_40_SHA,
865     SSL3_CK_KRB5_RC4_40_SHA,
866     SSL_kKRB5,
867     SSL_aKRB5,
868     SSL_RC4,
869     SSL_SHA1,
870     SSL_SSLV3,
871     SSL_EXPORT | SSL_EXP40,
872     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
873     40,
874     128,
875     },
876# endif
877
878/* Cipher 29 */
879# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
880    {
881     1,
882     SSL3_TXT_KRB5_DES_40_CBC_MD5,
883     SSL3_CK_KRB5_DES_40_CBC_MD5,
884     SSL_kKRB5,
885     SSL_aKRB5,
886     SSL_DES,
887     SSL_MD5,
888     SSL_SSLV3,
889     SSL_EXPORT | SSL_EXP40,
890     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
891     40,
892     56,
893     },
894# endif
895
896/* Cipher 2A */
897# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
898    {
899     1,
900     SSL3_TXT_KRB5_RC2_40_CBC_MD5,
901     SSL3_CK_KRB5_RC2_40_CBC_MD5,
902     SSL_kKRB5,
903     SSL_aKRB5,
904     SSL_RC2,
905     SSL_MD5,
906     SSL_SSLV3,
907     SSL_EXPORT | SSL_EXP40,
908     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
909     40,
910     128,
911     },
912# endif
913
914/* Cipher 2B */
915# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
916    {
917     1,
918     SSL3_TXT_KRB5_RC4_40_MD5,
919     SSL3_CK_KRB5_RC4_40_MD5,
920     SSL_kKRB5,
921     SSL_aKRB5,
922     SSL_RC4,
923     SSL_MD5,
924     SSL_SSLV3,
925     SSL_EXPORT | SSL_EXP40,
926     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
927     40,
928     128,
929     },
930# endif
931#endif                          /* OPENSSL_NO_KRB5 */
932
933/* New AES ciphersuites */
934/* Cipher 2F */
935    {
936     1,
937     TLS1_TXT_RSA_WITH_AES_128_SHA,
938     TLS1_CK_RSA_WITH_AES_128_SHA,
939     SSL_kRSA,
940     SSL_aRSA,
941     SSL_AES128,
942     SSL_SHA1,
943     SSL_TLSV1,
944     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
945     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
946     128,
947     128,
948     },
949/* Cipher 30 */
950    {
951     0,
952     TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
953     TLS1_CK_DH_DSS_WITH_AES_128_SHA,
954     SSL_kDHd,
955     SSL_aDH,
956     SSL_AES128,
957     SSL_SHA1,
958     SSL_TLSV1,
959     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
960     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
961     128,
962     128,
963     },
964/* Cipher 31 */
965    {
966     0,
967     TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
968     TLS1_CK_DH_RSA_WITH_AES_128_SHA,
969     SSL_kDHr,
970     SSL_aDH,
971     SSL_AES128,
972     SSL_SHA1,
973     SSL_TLSV1,
974     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
975     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
976     128,
977     128,
978     },
979/* Cipher 32 */
980    {
981     1,
982     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
983     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
984     SSL_kEDH,
985     SSL_aDSS,
986     SSL_AES128,
987     SSL_SHA1,
988     SSL_TLSV1,
989     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
990     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
991     128,
992     128,
993     },
994/* Cipher 33 */
995    {
996     1,
997     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
998     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
999     SSL_kEDH,
1000     SSL_aRSA,
1001     SSL_AES128,
1002     SSL_SHA1,
1003     SSL_TLSV1,
1004     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1005     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1006     128,
1007     128,
1008     },
1009/* Cipher 34 */
1010    {
1011     1,
1012     TLS1_TXT_ADH_WITH_AES_128_SHA,
1013     TLS1_CK_ADH_WITH_AES_128_SHA,
1014     SSL_kEDH,
1015     SSL_aNULL,
1016     SSL_AES128,
1017     SSL_SHA1,
1018     SSL_TLSV1,
1019     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1020     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1021     128,
1022     128,
1023     },
1024
1025/* Cipher 35 */
1026    {
1027     1,
1028     TLS1_TXT_RSA_WITH_AES_256_SHA,
1029     TLS1_CK_RSA_WITH_AES_256_SHA,
1030     SSL_kRSA,
1031     SSL_aRSA,
1032     SSL_AES256,
1033     SSL_SHA1,
1034     SSL_TLSV1,
1035     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1036     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1037     256,
1038     256,
1039     },
1040/* Cipher 36 */
1041    {
1042     0,
1043     TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
1044     TLS1_CK_DH_DSS_WITH_AES_256_SHA,
1045     SSL_kDHd,
1046     SSL_aDH,
1047     SSL_AES256,
1048     SSL_SHA1,
1049     SSL_TLSV1,
1050     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1051     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1052     256,
1053     256,
1054     },
1055
1056/* Cipher 37 */
1057    {
1058     0,                         /* not implemented (non-ephemeral DH) */
1059     TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1060     TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1061     SSL_kDHr,
1062     SSL_aDH,
1063     SSL_AES256,
1064     SSL_SHA1,
1065     SSL_TLSV1,
1066     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1067     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1068     256,
1069     256,
1070     },
1071
1072/* Cipher 38 */
1073    {
1074     1,
1075     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1076     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1077     SSL_kEDH,
1078     SSL_aDSS,
1079     SSL_AES256,
1080     SSL_SHA1,
1081     SSL_TLSV1,
1082     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1083     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1084     256,
1085     256,
1086     },
1087
1088/* Cipher 39 */
1089    {
1090     1,
1091     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1092     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1093     SSL_kEDH,
1094     SSL_aRSA,
1095     SSL_AES256,
1096     SSL_SHA1,
1097     SSL_TLSV1,
1098     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1099     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1100     256,
1101     256,
1102     },
1103
1104    /* Cipher 3A */
1105    {
1106     1,
1107     TLS1_TXT_ADH_WITH_AES_256_SHA,
1108     TLS1_CK_ADH_WITH_AES_256_SHA,
1109     SSL_kEDH,
1110     SSL_aNULL,
1111     SSL_AES256,
1112     SSL_SHA1,
1113     SSL_TLSV1,
1114     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1115     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1116     256,
1117     256,
1118     },
1119
1120    /* TLS v1.2 ciphersuites */
1121    /* Cipher 3B */
1122    {
1123     1,
1124     TLS1_TXT_RSA_WITH_NULL_SHA256,
1125     TLS1_CK_RSA_WITH_NULL_SHA256,
1126     SSL_kRSA,
1127     SSL_aRSA,
1128     SSL_eNULL,
1129     SSL_SHA256,
1130     SSL_TLSV1_2,
1131     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
1132     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1133     0,
1134     0,
1135     },
1136
1137    /* Cipher 3C */
1138    {
1139     1,
1140     TLS1_TXT_RSA_WITH_AES_128_SHA256,
1141     TLS1_CK_RSA_WITH_AES_128_SHA256,
1142     SSL_kRSA,
1143     SSL_aRSA,
1144     SSL_AES128,
1145     SSL_SHA256,
1146     SSL_TLSV1_2,
1147     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1148     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1149     128,
1150     128,
1151     },
1152
1153    /* Cipher 3D */
1154    {
1155     1,
1156     TLS1_TXT_RSA_WITH_AES_256_SHA256,
1157     TLS1_CK_RSA_WITH_AES_256_SHA256,
1158     SSL_kRSA,
1159     SSL_aRSA,
1160     SSL_AES256,
1161     SSL_SHA256,
1162     SSL_TLSV1_2,
1163     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1164     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1165     256,
1166     256,
1167     },
1168
1169    /* Cipher 3E */
1170    {
1171     0,                         /* not implemented (non-ephemeral DH) */
1172     TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1173     TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1174     SSL_kDHd,
1175     SSL_aDH,
1176     SSL_AES128,
1177     SSL_SHA256,
1178     SSL_TLSV1_2,
1179     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1180     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1181     128,
1182     128,
1183     },
1184
1185    /* Cipher 3F */
1186    {
1187     0,                         /* not implemented (non-ephemeral DH) */
1188     TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1189     TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1190     SSL_kDHr,
1191     SSL_aDH,
1192     SSL_AES128,
1193     SSL_SHA256,
1194     SSL_TLSV1_2,
1195     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1196     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1197     128,
1198     128,
1199     },
1200
1201    /* Cipher 40 */
1202    {
1203     1,
1204     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1205     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1206     SSL_kEDH,
1207     SSL_aDSS,
1208     SSL_AES128,
1209     SSL_SHA256,
1210     SSL_TLSV1_2,
1211     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1212     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1213     128,
1214     128,
1215     },
1216
1217#ifndef OPENSSL_NO_CAMELLIA
1218    /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1219
1220    /* Cipher 41 */
1221    {
1222     1,
1223     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1224     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1225     SSL_kRSA,
1226     SSL_aRSA,
1227     SSL_CAMELLIA128,
1228     SSL_SHA1,
1229     SSL_TLSV1,
1230     SSL_NOT_EXP | SSL_HIGH,
1231     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1232     128,
1233     128,
1234     },
1235
1236    /* Cipher 42 */
1237    {
1238     0,                         /* not implemented (non-ephemeral DH) */
1239     TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1240     TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1241     SSL_kDHd,
1242     SSL_aDH,
1243     SSL_CAMELLIA128,
1244     SSL_SHA1,
1245     SSL_TLSV1,
1246     SSL_NOT_EXP | SSL_HIGH,
1247     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1248     128,
1249     128,
1250     },
1251
1252    /* Cipher 43 */
1253    {
1254     0,                         /* not implemented (non-ephemeral DH) */
1255     TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1256     TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1257     SSL_kDHr,
1258     SSL_aDH,
1259     SSL_CAMELLIA128,
1260     SSL_SHA1,
1261     SSL_TLSV1,
1262     SSL_NOT_EXP | SSL_HIGH,
1263     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1264     128,
1265     128,
1266     },
1267
1268    /* Cipher 44 */
1269    {
1270     1,
1271     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1272     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1273     SSL_kEDH,
1274     SSL_aDSS,
1275     SSL_CAMELLIA128,
1276     SSL_SHA1,
1277     SSL_TLSV1,
1278     SSL_NOT_EXP | SSL_HIGH,
1279     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1280     128,
1281     128,
1282     },
1283
1284    /* Cipher 45 */
1285    {
1286     1,
1287     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1288     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1289     SSL_kEDH,
1290     SSL_aRSA,
1291     SSL_CAMELLIA128,
1292     SSL_SHA1,
1293     SSL_TLSV1,
1294     SSL_NOT_EXP | SSL_HIGH,
1295     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1296     128,
1297     128,
1298     },
1299
1300    /* Cipher 46 */
1301    {
1302     1,
1303     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1304     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1305     SSL_kEDH,
1306     SSL_aNULL,
1307     SSL_CAMELLIA128,
1308     SSL_SHA1,
1309     SSL_TLSV1,
1310     SSL_NOT_EXP | SSL_HIGH,
1311     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1312     128,
1313     128,
1314     },
1315#endif                          /* OPENSSL_NO_CAMELLIA */
1316
1317#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1318    /* New TLS Export CipherSuites from expired ID */
1319# if 0
1320    /* Cipher 60 */
1321    {
1322     1,
1323     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1324     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1325     SSL_kRSA,
1326     SSL_aRSA,
1327     SSL_RC4,
1328     SSL_MD5,
1329     SSL_TLSV1,
1330     SSL_EXPORT | SSL_EXP56,
1331     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1332     56,
1333     128,
1334     },
1335
1336    /* Cipher 61 */
1337    {
1338     1,
1339     TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1340     TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1341     SSL_kRSA,
1342     SSL_aRSA,
1343     SSL_RC2,
1344     SSL_MD5,
1345     SSL_TLSV1,
1346     SSL_EXPORT | SSL_EXP56,
1347     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1348     56,
1349     128,
1350     },
1351# endif
1352
1353    /* Cipher 62 */
1354# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1355    {
1356     1,
1357     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1358     TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1359     SSL_kRSA,
1360     SSL_aRSA,
1361     SSL_DES,
1362     SSL_SHA1,
1363     SSL_TLSV1,
1364     SSL_EXPORT | SSL_EXP56,
1365     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1366     56,
1367     56,
1368     },
1369# endif
1370
1371    /* Cipher 63 */
1372# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1373    {
1374     1,
1375     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1376     TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1377     SSL_kEDH,
1378     SSL_aDSS,
1379     SSL_DES,
1380     SSL_SHA1,
1381     SSL_TLSV1,
1382     SSL_EXPORT | SSL_EXP56,
1383     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1384     56,
1385     56,
1386     },
1387# endif
1388
1389    /* Cipher 64 */
1390# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1391    {
1392     1,
1393     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1394     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1395     SSL_kRSA,
1396     SSL_aRSA,
1397     SSL_RC4,
1398     SSL_SHA1,
1399     SSL_TLSV1,
1400     SSL_EXPORT | SSL_EXP56,
1401     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1402     56,
1403     128,
1404     },
1405# endif
1406
1407    /* Cipher 65 */
1408# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
1409    {
1410     1,
1411     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1412     TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1413     SSL_kEDH,
1414     SSL_aDSS,
1415     SSL_RC4,
1416     SSL_SHA1,
1417     SSL_TLSV1,
1418     SSL_EXPORT | SSL_EXP56,
1419     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1420     56,
1421     128,
1422     },
1423# endif
1424
1425    /* Cipher 66 */
1426    {
1427     1,
1428     TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1429     TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1430     SSL_kEDH,
1431     SSL_aDSS,
1432     SSL_RC4,
1433     SSL_SHA1,
1434     SSL_TLSV1,
1435     SSL_NOT_EXP | SSL_MEDIUM,
1436     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1437     128,
1438     128,
1439     },
1440#endif
1441
1442    /* TLS v1.2 ciphersuites */
1443    /* Cipher 67 */
1444    {
1445     1,
1446     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1447     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1448     SSL_kEDH,
1449     SSL_aRSA,
1450     SSL_AES128,
1451     SSL_SHA256,
1452     SSL_TLSV1_2,
1453     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1454     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1455     128,
1456     128,
1457     },
1458
1459    /* Cipher 68 */
1460    {
1461     0,                         /* not implemented (non-ephemeral DH) */
1462     TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1463     TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1464     SSL_kDHd,
1465     SSL_aDH,
1466     SSL_AES256,
1467     SSL_SHA256,
1468     SSL_TLSV1_2,
1469     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1470     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1471     256,
1472     256,
1473     },
1474
1475    /* Cipher 69 */
1476    {
1477     0,                         /* not implemented (non-ephemeral DH) */
1478     TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1479     TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1480     SSL_kDHr,
1481     SSL_aDH,
1482     SSL_AES256,
1483     SSL_SHA256,
1484     SSL_TLSV1_2,
1485     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1486     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1487     256,
1488     256,
1489     },
1490
1491    /* Cipher 6A */
1492    {
1493     1,
1494     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1495     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1496     SSL_kEDH,
1497     SSL_aDSS,
1498     SSL_AES256,
1499     SSL_SHA256,
1500     SSL_TLSV1_2,
1501     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1502     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1503     256,
1504     256,
1505     },
1506
1507    /* Cipher 6B */
1508    {
1509     1,
1510     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1511     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1512     SSL_kEDH,
1513     SSL_aRSA,
1514     SSL_AES256,
1515     SSL_SHA256,
1516     SSL_TLSV1_2,
1517     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1518     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1519     256,
1520     256,
1521     },
1522
1523    /* Cipher 6C */
1524    {
1525     1,
1526     TLS1_TXT_ADH_WITH_AES_128_SHA256,
1527     TLS1_CK_ADH_WITH_AES_128_SHA256,
1528     SSL_kEDH,
1529     SSL_aNULL,
1530     SSL_AES128,
1531     SSL_SHA256,
1532     SSL_TLSV1_2,
1533     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1534     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1535     128,
1536     128,
1537     },
1538
1539    /* Cipher 6D */
1540    {
1541     1,
1542     TLS1_TXT_ADH_WITH_AES_256_SHA256,
1543     TLS1_CK_ADH_WITH_AES_256_SHA256,
1544     SSL_kEDH,
1545     SSL_aNULL,
1546     SSL_AES256,
1547     SSL_SHA256,
1548     SSL_TLSV1_2,
1549     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1550     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1551     256,
1552     256,
1553     },
1554
1555    /* GOST Ciphersuites */
1556
1557    {
1558     1,
1559     "GOST94-GOST89-GOST89",
1560     0x3000080,
1561     SSL_kGOST,
1562     SSL_aGOST94,
1563     SSL_eGOST2814789CNT,
1564     SSL_GOST89MAC,
1565     SSL_TLSV1,
1566     SSL_NOT_EXP | SSL_HIGH,
1567     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1568     256,
1569     256},
1570    {
1571     1,
1572     "GOST2001-GOST89-GOST89",
1573     0x3000081,
1574     SSL_kGOST,
1575     SSL_aGOST01,
1576     SSL_eGOST2814789CNT,
1577     SSL_GOST89MAC,
1578     SSL_TLSV1,
1579     SSL_NOT_EXP | SSL_HIGH,
1580     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
1581     256,
1582     256},
1583    {
1584     1,
1585     "GOST94-NULL-GOST94",
1586     0x3000082,
1587     SSL_kGOST,
1588     SSL_aGOST94,
1589     SSL_eNULL,
1590     SSL_GOST94,
1591     SSL_TLSV1,
1592     SSL_NOT_EXP | SSL_STRONG_NONE,
1593     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1594     0,
1595     0},
1596    {
1597     1,
1598     "GOST2001-NULL-GOST94",
1599     0x3000083,
1600     SSL_kGOST,
1601     SSL_aGOST01,
1602     SSL_eNULL,
1603     SSL_GOST94,
1604     SSL_TLSV1,
1605     SSL_NOT_EXP | SSL_STRONG_NONE,
1606     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
1607     0,
1608     0},
1609
1610#ifndef OPENSSL_NO_CAMELLIA
1611    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1612
1613    /* Cipher 84 */
1614    {
1615     1,
1616     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1617     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1618     SSL_kRSA,
1619     SSL_aRSA,
1620     SSL_CAMELLIA256,
1621     SSL_SHA1,
1622     SSL_TLSV1,
1623     SSL_NOT_EXP | SSL_HIGH,
1624     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1625     256,
1626     256,
1627     },
1628    /* Cipher 85 */
1629    {
1630     0,                         /* not implemented (non-ephemeral DH) */
1631     TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1632     TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1633     SSL_kDHd,
1634     SSL_aDH,
1635     SSL_CAMELLIA256,
1636     SSL_SHA1,
1637     SSL_TLSV1,
1638     SSL_NOT_EXP | SSL_HIGH,
1639     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1640     256,
1641     256,
1642     },
1643
1644    /* Cipher 86 */
1645    {
1646     0,                         /* not implemented (non-ephemeral DH) */
1647     TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1648     TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1649     SSL_kDHr,
1650     SSL_aDH,
1651     SSL_CAMELLIA256,
1652     SSL_SHA1,
1653     SSL_TLSV1,
1654     SSL_NOT_EXP | SSL_HIGH,
1655     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1656     256,
1657     256,
1658     },
1659
1660    /* Cipher 87 */
1661    {
1662     1,
1663     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1664     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1665     SSL_kEDH,
1666     SSL_aDSS,
1667     SSL_CAMELLIA256,
1668     SSL_SHA1,
1669     SSL_TLSV1,
1670     SSL_NOT_EXP | SSL_HIGH,
1671     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1672     256,
1673     256,
1674     },
1675
1676    /* Cipher 88 */
1677    {
1678     1,
1679     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1680     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1681     SSL_kEDH,
1682     SSL_aRSA,
1683     SSL_CAMELLIA256,
1684     SSL_SHA1,
1685     SSL_TLSV1,
1686     SSL_NOT_EXP | SSL_HIGH,
1687     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1688     256,
1689     256,
1690     },
1691
1692    /* Cipher 89 */
1693    {
1694     1,
1695     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1696     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1697     SSL_kEDH,
1698     SSL_aNULL,
1699     SSL_CAMELLIA256,
1700     SSL_SHA1,
1701     SSL_TLSV1,
1702     SSL_NOT_EXP | SSL_HIGH,
1703     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1704     256,
1705     256,
1706     },
1707#endif                          /* OPENSSL_NO_CAMELLIA */
1708
1709#ifndef OPENSSL_NO_PSK
1710    /* Cipher 8A */
1711    {
1712     1,
1713     TLS1_TXT_PSK_WITH_RC4_128_SHA,
1714     TLS1_CK_PSK_WITH_RC4_128_SHA,
1715     SSL_kPSK,
1716     SSL_aPSK,
1717     SSL_RC4,
1718     SSL_SHA1,
1719     SSL_TLSV1,
1720     SSL_NOT_EXP | SSL_MEDIUM,
1721     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1722     128,
1723     128,
1724     },
1725
1726    /* Cipher 8B */
1727    {
1728     1,
1729     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1730     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1731     SSL_kPSK,
1732     SSL_aPSK,
1733     SSL_3DES,
1734     SSL_SHA1,
1735     SSL_TLSV1,
1736     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1737     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1738     112,
1739     168,
1740     },
1741
1742    /* Cipher 8C */
1743    {
1744     1,
1745     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1746     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1747     SSL_kPSK,
1748     SSL_aPSK,
1749     SSL_AES128,
1750     SSL_SHA1,
1751     SSL_TLSV1,
1752     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1753     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1754     128,
1755     128,
1756     },
1757
1758    /* Cipher 8D */
1759    {
1760     1,
1761     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1762     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1763     SSL_kPSK,
1764     SSL_aPSK,
1765     SSL_AES256,
1766     SSL_SHA1,
1767     SSL_TLSV1,
1768     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1769     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1770     256,
1771     256,
1772     },
1773#endif                          /* OPENSSL_NO_PSK */
1774
1775#ifndef OPENSSL_NO_SEED
1776    /* SEED ciphersuites from RFC4162 */
1777
1778    /* Cipher 96 */
1779    {
1780     1,
1781     TLS1_TXT_RSA_WITH_SEED_SHA,
1782     TLS1_CK_RSA_WITH_SEED_SHA,
1783     SSL_kRSA,
1784     SSL_aRSA,
1785     SSL_SEED,
1786     SSL_SHA1,
1787     SSL_TLSV1,
1788     SSL_NOT_EXP | SSL_MEDIUM,
1789     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1790     128,
1791     128,
1792     },
1793
1794    /* Cipher 97 */
1795    {
1796     0,                         /* not implemented (non-ephemeral DH) */
1797     TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1798     TLS1_CK_DH_DSS_WITH_SEED_SHA,
1799     SSL_kDHd,
1800     SSL_aDH,
1801     SSL_SEED,
1802     SSL_SHA1,
1803     SSL_TLSV1,
1804     SSL_NOT_EXP | SSL_MEDIUM,
1805     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1806     128,
1807     128,
1808     },
1809
1810    /* Cipher 98 */
1811    {
1812     0,                         /* not implemented (non-ephemeral DH) */
1813     TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1814     TLS1_CK_DH_RSA_WITH_SEED_SHA,
1815     SSL_kDHr,
1816     SSL_aDH,
1817     SSL_SEED,
1818     SSL_SHA1,
1819     SSL_TLSV1,
1820     SSL_NOT_EXP | SSL_MEDIUM,
1821     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1822     128,
1823     128,
1824     },
1825
1826    /* Cipher 99 */
1827    {
1828     1,
1829     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1830     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1831     SSL_kEDH,
1832     SSL_aDSS,
1833     SSL_SEED,
1834     SSL_SHA1,
1835     SSL_TLSV1,
1836     SSL_NOT_EXP | SSL_MEDIUM,
1837     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1838     128,
1839     128,
1840     },
1841
1842    /* Cipher 9A */
1843    {
1844     1,
1845     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1846     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1847     SSL_kEDH,
1848     SSL_aRSA,
1849     SSL_SEED,
1850     SSL_SHA1,
1851     SSL_TLSV1,
1852     SSL_NOT_EXP | SSL_MEDIUM,
1853     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1854     128,
1855     128,
1856     },
1857
1858    /* Cipher 9B */
1859    {
1860     1,
1861     TLS1_TXT_ADH_WITH_SEED_SHA,
1862     TLS1_CK_ADH_WITH_SEED_SHA,
1863     SSL_kEDH,
1864     SSL_aNULL,
1865     SSL_SEED,
1866     SSL_SHA1,
1867     SSL_TLSV1,
1868     SSL_NOT_EXP | SSL_MEDIUM,
1869     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
1870     128,
1871     128,
1872     },
1873
1874#endif                          /* OPENSSL_NO_SEED */
1875
1876    /* GCM ciphersuites from RFC5288 */
1877
1878    /* Cipher 9C */
1879    {
1880     1,
1881     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1882     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1883     SSL_kRSA,
1884     SSL_aRSA,
1885     SSL_AES128GCM,
1886     SSL_AEAD,
1887     SSL_TLSV1_2,
1888     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1889     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1890     128,
1891     128,
1892     },
1893
1894    /* Cipher 9D */
1895    {
1896     1,
1897     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1898     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1899     SSL_kRSA,
1900     SSL_aRSA,
1901     SSL_AES256GCM,
1902     SSL_AEAD,
1903     SSL_TLSV1_2,
1904     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1905     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1906     256,
1907     256,
1908     },
1909
1910    /* Cipher 9E */
1911    {
1912     1,
1913     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1914     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1915     SSL_kEDH,
1916     SSL_aRSA,
1917     SSL_AES128GCM,
1918     SSL_AEAD,
1919     SSL_TLSV1_2,
1920     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1921     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1922     128,
1923     128,
1924     },
1925
1926    /* Cipher 9F */
1927    {
1928     1,
1929     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1930     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1931     SSL_kEDH,
1932     SSL_aRSA,
1933     SSL_AES256GCM,
1934     SSL_AEAD,
1935     SSL_TLSV1_2,
1936     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1937     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1938     256,
1939     256,
1940     },
1941
1942    /* Cipher A0 */
1943    {
1944     0,
1945     TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1946     TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1947     SSL_kDHr,
1948     SSL_aDH,
1949     SSL_AES128GCM,
1950     SSL_AEAD,
1951     SSL_TLSV1_2,
1952     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1953     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1954     128,
1955     128,
1956     },
1957
1958    /* Cipher A1 */
1959    {
1960     0,
1961     TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1962     TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1963     SSL_kDHr,
1964     SSL_aDH,
1965     SSL_AES256GCM,
1966     SSL_AEAD,
1967     SSL_TLSV1_2,
1968     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1969     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
1970     256,
1971     256,
1972     },
1973
1974    /* Cipher A2 */
1975    {
1976     1,
1977     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1978     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1979     SSL_kEDH,
1980     SSL_aDSS,
1981     SSL_AES128GCM,
1982     SSL_AEAD,
1983     SSL_TLSV1_2,
1984     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
1985     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
1986     128,
1987     128,
1988     },
1989
1990    /* Cipher A3 */
1991    {
1992     1,
1993     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1994     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1995     SSL_kEDH,
1996     SSL_aDSS,
1997     SSL_AES256GCM,
1998     SSL_AEAD,
1999     SSL_TLSV1_2,
2000     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2001     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2002     256,
2003     256,
2004     },
2005
2006    /* Cipher A4 */
2007    {
2008     0,
2009     TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
2010     TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
2011     SSL_kDHd,
2012     SSL_aDH,
2013     SSL_AES128GCM,
2014     SSL_AEAD,
2015     SSL_TLSV1_2,
2016     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2017     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2018     128,
2019     128,
2020     },
2021
2022    /* Cipher A5 */
2023    {
2024     0,
2025     TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
2026     TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
2027     SSL_kDHd,
2028     SSL_aDH,
2029     SSL_AES256GCM,
2030     SSL_AEAD,
2031     SSL_TLSV1_2,
2032     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2033     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2034     256,
2035     256,
2036     },
2037
2038    /* Cipher A6 */
2039    {
2040     1,
2041     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
2042     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
2043     SSL_kEDH,
2044     SSL_aNULL,
2045     SSL_AES128GCM,
2046     SSL_AEAD,
2047     SSL_TLSV1_2,
2048     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2049     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2050     128,
2051     128,
2052     },
2053
2054    /* Cipher A7 */
2055    {
2056     1,
2057     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2058     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2059     SSL_kEDH,
2060     SSL_aNULL,
2061     SSL_AES256GCM,
2062     SSL_AEAD,
2063     SSL_TLSV1_2,
2064     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2065     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2066     256,
2067     256,
2068     },
2069
2070#ifndef OPENSSL_NO_ECDH
2071    /* Cipher C001 */
2072    {
2073     1,
2074     TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2075     TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2076     SSL_kECDHe,
2077     SSL_aECDH,
2078     SSL_eNULL,
2079     SSL_SHA1,
2080     SSL_TLSV1,
2081     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2082     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2083     0,
2084     0,
2085     },
2086
2087    /* Cipher C002 */
2088    {
2089     1,
2090     TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2091     TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2092     SSL_kECDHe,
2093     SSL_aECDH,
2094     SSL_RC4,
2095     SSL_SHA1,
2096     SSL_TLSV1,
2097     SSL_NOT_EXP | SSL_MEDIUM,
2098     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2099     128,
2100     128,
2101     },
2102
2103    /* Cipher C003 */
2104    {
2105     1,
2106     TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2107     TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2108     SSL_kECDHe,
2109     SSL_aECDH,
2110     SSL_3DES,
2111     SSL_SHA1,
2112     SSL_TLSV1,
2113     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2114     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2115     112,
2116     168,
2117     },
2118
2119    /* Cipher C004 */
2120    {
2121     1,
2122     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2123     TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2124     SSL_kECDHe,
2125     SSL_aECDH,
2126     SSL_AES128,
2127     SSL_SHA1,
2128     SSL_TLSV1,
2129     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2130     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2131     128,
2132     128,
2133     },
2134
2135    /* Cipher C005 */
2136    {
2137     1,
2138     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2139     TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2140     SSL_kECDHe,
2141     SSL_aECDH,
2142     SSL_AES256,
2143     SSL_SHA1,
2144     SSL_TLSV1,
2145     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2146     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2147     256,
2148     256,
2149     },
2150
2151    /* Cipher C006 */
2152    {
2153     1,
2154     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2155     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2156     SSL_kEECDH,
2157     SSL_aECDSA,
2158     SSL_eNULL,
2159     SSL_SHA1,
2160     SSL_TLSV1,
2161     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2162     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2163     0,
2164     0,
2165     },
2166
2167    /* Cipher C007 */
2168    {
2169     1,
2170     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2171     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2172     SSL_kEECDH,
2173     SSL_aECDSA,
2174     SSL_RC4,
2175     SSL_SHA1,
2176     SSL_TLSV1,
2177     SSL_NOT_EXP | SSL_MEDIUM,
2178     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2179     128,
2180     128,
2181     },
2182
2183    /* Cipher C008 */
2184    {
2185     1,
2186     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2187     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2188     SSL_kEECDH,
2189     SSL_aECDSA,
2190     SSL_3DES,
2191     SSL_SHA1,
2192     SSL_TLSV1,
2193     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2194     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2195     112,
2196     168,
2197     },
2198
2199    /* Cipher C009 */
2200    {
2201     1,
2202     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2203     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2204     SSL_kEECDH,
2205     SSL_aECDSA,
2206     SSL_AES128,
2207     SSL_SHA1,
2208     SSL_TLSV1,
2209     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2210     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2211     128,
2212     128,
2213     },
2214
2215    /* Cipher C00A */
2216    {
2217     1,
2218     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2219     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2220     SSL_kEECDH,
2221     SSL_aECDSA,
2222     SSL_AES256,
2223     SSL_SHA1,
2224     SSL_TLSV1,
2225     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2226     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2227     256,
2228     256,
2229     },
2230
2231    /* Cipher C00B */
2232    {
2233     1,
2234     TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2235     TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2236     SSL_kECDHr,
2237     SSL_aECDH,
2238     SSL_eNULL,
2239     SSL_SHA1,
2240     SSL_TLSV1,
2241     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2242     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2243     0,
2244     0,
2245     },
2246
2247    /* Cipher C00C */
2248    {
2249     1,
2250     TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2251     TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2252     SSL_kECDHr,
2253     SSL_aECDH,
2254     SSL_RC4,
2255     SSL_SHA1,
2256     SSL_TLSV1,
2257     SSL_NOT_EXP | SSL_MEDIUM,
2258     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2259     128,
2260     128,
2261     },
2262
2263    /* Cipher C00D */
2264    {
2265     1,
2266     TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2267     TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2268     SSL_kECDHr,
2269     SSL_aECDH,
2270     SSL_3DES,
2271     SSL_SHA1,
2272     SSL_TLSV1,
2273     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2274     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2275     112,
2276     168,
2277     },
2278
2279    /* Cipher C00E */
2280    {
2281     1,
2282     TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2283     TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2284     SSL_kECDHr,
2285     SSL_aECDH,
2286     SSL_AES128,
2287     SSL_SHA1,
2288     SSL_TLSV1,
2289     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2290     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2291     128,
2292     128,
2293     },
2294
2295    /* Cipher C00F */
2296    {
2297     1,
2298     TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2299     TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2300     SSL_kECDHr,
2301     SSL_aECDH,
2302     SSL_AES256,
2303     SSL_SHA1,
2304     SSL_TLSV1,
2305     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2306     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2307     256,
2308     256,
2309     },
2310
2311    /* Cipher C010 */
2312    {
2313     1,
2314     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2315     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2316     SSL_kEECDH,
2317     SSL_aRSA,
2318     SSL_eNULL,
2319     SSL_SHA1,
2320     SSL_TLSV1,
2321     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2322     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2323     0,
2324     0,
2325     },
2326
2327    /* Cipher C011 */
2328    {
2329     1,
2330     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2331     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2332     SSL_kEECDH,
2333     SSL_aRSA,
2334     SSL_RC4,
2335     SSL_SHA1,
2336     SSL_TLSV1,
2337     SSL_NOT_EXP | SSL_MEDIUM,
2338     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2339     128,
2340     128,
2341     },
2342
2343    /* Cipher C012 */
2344    {
2345     1,
2346     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2347     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2348     SSL_kEECDH,
2349     SSL_aRSA,
2350     SSL_3DES,
2351     SSL_SHA1,
2352     SSL_TLSV1,
2353     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2354     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2355     112,
2356     168,
2357     },
2358
2359    /* Cipher C013 */
2360    {
2361     1,
2362     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2363     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2364     SSL_kEECDH,
2365     SSL_aRSA,
2366     SSL_AES128,
2367     SSL_SHA1,
2368     SSL_TLSV1,
2369     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2370     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2371     128,
2372     128,
2373     },
2374
2375    /* Cipher C014 */
2376    {
2377     1,
2378     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2379     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2380     SSL_kEECDH,
2381     SSL_aRSA,
2382     SSL_AES256,
2383     SSL_SHA1,
2384     SSL_TLSV1,
2385     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2386     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2387     256,
2388     256,
2389     },
2390
2391    /* Cipher C015 */
2392    {
2393     1,
2394     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2395     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2396     SSL_kEECDH,
2397     SSL_aNULL,
2398     SSL_eNULL,
2399     SSL_SHA1,
2400     SSL_TLSV1,
2401     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
2402     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2403     0,
2404     0,
2405     },
2406
2407    /* Cipher C016 */
2408    {
2409     1,
2410     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2411     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2412     SSL_kEECDH,
2413     SSL_aNULL,
2414     SSL_RC4,
2415     SSL_SHA1,
2416     SSL_TLSV1,
2417     SSL_NOT_EXP | SSL_MEDIUM,
2418     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2419     128,
2420     128,
2421     },
2422
2423    /* Cipher C017 */
2424    {
2425     1,
2426     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2427     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2428     SSL_kEECDH,
2429     SSL_aNULL,
2430     SSL_3DES,
2431     SSL_SHA1,
2432     SSL_TLSV1,
2433     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2434     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2435     112,
2436     168,
2437     },
2438
2439    /* Cipher C018 */
2440    {
2441     1,
2442     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2443     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2444     SSL_kEECDH,
2445     SSL_aNULL,
2446     SSL_AES128,
2447     SSL_SHA1,
2448     SSL_TLSV1,
2449     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2450     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2451     128,
2452     128,
2453     },
2454
2455    /* Cipher C019 */
2456    {
2457     1,
2458     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2459     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2460     SSL_kEECDH,
2461     SSL_aNULL,
2462     SSL_AES256,
2463     SSL_SHA1,
2464     SSL_TLSV1,
2465     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2466     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2467     256,
2468     256,
2469     },
2470#endif                          /* OPENSSL_NO_ECDH */
2471
2472#ifndef OPENSSL_NO_SRP
2473    /* Cipher C01A */
2474    {
2475     1,
2476     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2477     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2478     SSL_kSRP,
2479     SSL_aSRP,
2480     SSL_3DES,
2481     SSL_SHA1,
2482     SSL_TLSV1,
2483     SSL_NOT_EXP | SSL_HIGH,
2484     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2485     112,
2486     168,
2487     },
2488
2489    /* Cipher C01B */
2490    {
2491     1,
2492     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2493     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2494     SSL_kSRP,
2495     SSL_aRSA,
2496     SSL_3DES,
2497     SSL_SHA1,
2498     SSL_TLSV1,
2499     SSL_NOT_EXP | SSL_HIGH,
2500     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2501     112,
2502     168,
2503     },
2504
2505    /* Cipher C01C */
2506    {
2507     1,
2508     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2509     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2510     SSL_kSRP,
2511     SSL_aDSS,
2512     SSL_3DES,
2513     SSL_SHA1,
2514     SSL_TLSV1,
2515     SSL_NOT_EXP | SSL_HIGH,
2516     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2517     112,
2518     168,
2519     },
2520
2521    /* Cipher C01D */
2522    {
2523     1,
2524     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2525     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2526     SSL_kSRP,
2527     SSL_aSRP,
2528     SSL_AES128,
2529     SSL_SHA1,
2530     SSL_TLSV1,
2531     SSL_NOT_EXP | SSL_HIGH,
2532     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2533     128,
2534     128,
2535     },
2536
2537    /* Cipher C01E */
2538    {
2539     1,
2540     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2541     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2542     SSL_kSRP,
2543     SSL_aRSA,
2544     SSL_AES128,
2545     SSL_SHA1,
2546     SSL_TLSV1,
2547     SSL_NOT_EXP | SSL_HIGH,
2548     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2549     128,
2550     128,
2551     },
2552
2553    /* Cipher C01F */
2554    {
2555     1,
2556     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2557     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2558     SSL_kSRP,
2559     SSL_aDSS,
2560     SSL_AES128,
2561     SSL_SHA1,
2562     SSL_TLSV1,
2563     SSL_NOT_EXP | SSL_HIGH,
2564     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2565     128,
2566     128,
2567     },
2568
2569    /* Cipher C020 */
2570    {
2571     1,
2572     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2573     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2574     SSL_kSRP,
2575     SSL_aSRP,
2576     SSL_AES256,
2577     SSL_SHA1,
2578     SSL_TLSV1,
2579     SSL_NOT_EXP | SSL_HIGH,
2580     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2581     256,
2582     256,
2583     },
2584
2585    /* Cipher C021 */
2586    {
2587     1,
2588     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2589     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2590     SSL_kSRP,
2591     SSL_aRSA,
2592     SSL_AES256,
2593     SSL_SHA1,
2594     SSL_TLSV1,
2595     SSL_NOT_EXP | SSL_HIGH,
2596     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2597     256,
2598     256,
2599     },
2600
2601    /* Cipher C022 */
2602    {
2603     1,
2604     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2605     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2606     SSL_kSRP,
2607     SSL_aDSS,
2608     SSL_AES256,
2609     SSL_SHA1,
2610     SSL_TLSV1,
2611     SSL_NOT_EXP | SSL_HIGH,
2612     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2613     256,
2614     256,
2615     },
2616#endif                          /* OPENSSL_NO_SRP */
2617#ifndef OPENSSL_NO_ECDH
2618
2619    /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2620
2621    /* Cipher C023 */
2622    {
2623     1,
2624     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2625     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2626     SSL_kEECDH,
2627     SSL_aECDSA,
2628     SSL_AES128,
2629     SSL_SHA256,
2630     SSL_TLSV1_2,
2631     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2632     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2633     128,
2634     128,
2635     },
2636
2637    /* Cipher C024 */
2638    {
2639     1,
2640     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2641     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2642     SSL_kEECDH,
2643     SSL_aECDSA,
2644     SSL_AES256,
2645     SSL_SHA384,
2646     SSL_TLSV1_2,
2647     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2648     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2649     256,
2650     256,
2651     },
2652
2653    /* Cipher C025 */
2654    {
2655     1,
2656     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2657     TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2658     SSL_kECDHe,
2659     SSL_aECDH,
2660     SSL_AES128,
2661     SSL_SHA256,
2662     SSL_TLSV1_2,
2663     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2664     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2665     128,
2666     128,
2667     },
2668
2669    /* Cipher C026 */
2670    {
2671     1,
2672     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2673     TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2674     SSL_kECDHe,
2675     SSL_aECDH,
2676     SSL_AES256,
2677     SSL_SHA384,
2678     SSL_TLSV1_2,
2679     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2680     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2681     256,
2682     256,
2683     },
2684
2685    /* Cipher C027 */
2686    {
2687     1,
2688     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2689     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2690     SSL_kEECDH,
2691     SSL_aRSA,
2692     SSL_AES128,
2693     SSL_SHA256,
2694     SSL_TLSV1_2,
2695     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2696     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2697     128,
2698     128,
2699     },
2700
2701    /* Cipher C028 */
2702    {
2703     1,
2704     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2705     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2706     SSL_kEECDH,
2707     SSL_aRSA,
2708     SSL_AES256,
2709     SSL_SHA384,
2710     SSL_TLSV1_2,
2711     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2712     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2713     256,
2714     256,
2715     },
2716
2717    /* Cipher C029 */
2718    {
2719     1,
2720     TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2721     TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2722     SSL_kECDHr,
2723     SSL_aECDH,
2724     SSL_AES128,
2725     SSL_SHA256,
2726     SSL_TLSV1_2,
2727     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2728     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2729     128,
2730     128,
2731     },
2732
2733    /* Cipher C02A */
2734    {
2735     1,
2736     TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2737     TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2738     SSL_kECDHr,
2739     SSL_aECDH,
2740     SSL_AES256,
2741     SSL_SHA384,
2742     SSL_TLSV1_2,
2743     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2744     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2745     256,
2746     256,
2747     },
2748
2749    /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2750
2751    /* Cipher C02B */
2752    {
2753     1,
2754     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2755     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2756     SSL_kEECDH,
2757     SSL_aECDSA,
2758     SSL_AES128GCM,
2759     SSL_AEAD,
2760     SSL_TLSV1_2,
2761     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2762     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2763     128,
2764     128,
2765     },
2766
2767    /* Cipher C02C */
2768    {
2769     1,
2770     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2771     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2772     SSL_kEECDH,
2773     SSL_aECDSA,
2774     SSL_AES256GCM,
2775     SSL_AEAD,
2776     SSL_TLSV1_2,
2777     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2778     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2779     256,
2780     256,
2781     },
2782
2783    /* Cipher C02D */
2784    {
2785     1,
2786     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2787     TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2788     SSL_kECDHe,
2789     SSL_aECDH,
2790     SSL_AES128GCM,
2791     SSL_AEAD,
2792     SSL_TLSV1_2,
2793     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2794     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2795     128,
2796     128,
2797     },
2798
2799    /* Cipher C02E */
2800    {
2801     1,
2802     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2803     TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2804     SSL_kECDHe,
2805     SSL_aECDH,
2806     SSL_AES256GCM,
2807     SSL_AEAD,
2808     SSL_TLSV1_2,
2809     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2810     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2811     256,
2812     256,
2813     },
2814
2815    /* Cipher C02F */
2816    {
2817     1,
2818     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2819     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2820     SSL_kEECDH,
2821     SSL_aRSA,
2822     SSL_AES128GCM,
2823     SSL_AEAD,
2824     SSL_TLSV1_2,
2825     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2826     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2827     128,
2828     128,
2829     },
2830
2831    /* Cipher C030 */
2832    {
2833     1,
2834     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2835     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2836     SSL_kEECDH,
2837     SSL_aRSA,
2838     SSL_AES256GCM,
2839     SSL_AEAD,
2840     SSL_TLSV1_2,
2841     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2842     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2843     256,
2844     256,
2845     },
2846
2847    /* Cipher C031 */
2848    {
2849     1,
2850     TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2851     TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2852     SSL_kECDHr,
2853     SSL_aECDH,
2854     SSL_AES128GCM,
2855     SSL_AEAD,
2856     SSL_TLSV1_2,
2857     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2858     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
2859     128,
2860     128,
2861     },
2862
2863    /* Cipher C032 */
2864    {
2865     1,
2866     TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2867     TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2868     SSL_kECDHr,
2869     SSL_aECDH,
2870     SSL_AES256GCM,
2871     SSL_AEAD,
2872     SSL_TLSV1_2,
2873     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
2874     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
2875     256,
2876     256,
2877     },
2878
2879#endif                          /* OPENSSL_NO_ECDH */
2880
2881#ifdef TEMP_GOST_TLS
2882/* Cipher FF00 */
2883    {
2884     1,
2885     "GOST-MD5",
2886     0x0300ff00,
2887     SSL_kRSA,
2888     SSL_aRSA,
2889     SSL_eGOST2814789CNT,
2890     SSL_MD5,
2891     SSL_TLSV1,
2892     SSL_NOT_EXP | SSL_HIGH,
2893     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2894     256,
2895     256,
2896     },
2897    {
2898     1,
2899     "GOST-GOST94",
2900     0x0300ff01,
2901     SSL_kRSA,
2902     SSL_aRSA,
2903     SSL_eGOST2814789CNT,
2904     SSL_GOST94,
2905     SSL_TLSV1,
2906     SSL_NOT_EXP | SSL_HIGH,
2907     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2908     256,
2909     256},
2910    {
2911     1,
2912     "GOST-GOST89MAC",
2913     0x0300ff02,
2914     SSL_kRSA,
2915     SSL_aRSA,
2916     SSL_eGOST2814789CNT,
2917     SSL_GOST89MAC,
2918     SSL_TLSV1,
2919     SSL_NOT_EXP | SSL_HIGH,
2920     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
2921     256,
2922     256},
2923    {
2924     1,
2925     "GOST-GOST89STREAM",
2926     0x0300ff03,
2927     SSL_kRSA,
2928     SSL_aRSA,
2929     SSL_eGOST2814789CNT,
2930     SSL_GOST89MAC,
2931     SSL_TLSV1,
2932     SSL_NOT_EXP | SSL_HIGH,
2933     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
2934     256,
2935     256},
2936#endif
2937
2938/* end of list */
2939};
2940
2941SSL3_ENC_METHOD SSLv3_enc_data = {
2942    ssl3_enc,
2943    n_ssl3_mac,
2944    ssl3_setup_key_block,
2945    ssl3_generate_master_secret,
2946    ssl3_change_cipher_state,
2947    ssl3_final_finish_mac,
2948    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
2949    ssl3_cert_verify_mac,
2950    SSL3_MD_CLIENT_FINISHED_CONST, 4,
2951    SSL3_MD_SERVER_FINISHED_CONST, 4,
2952    ssl3_alert_code,
2953    (int (*)(SSL *, unsigned char *, size_t, const char *,
2954             size_t, const unsigned char *, size_t,
2955             int use_context))ssl_undefined_function,
2956};
2957
2958long ssl3_default_timeout(void)
2959{
2960    /*
2961     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
2962     * http, the cache would over fill
2963     */
2964    return (60 * 60 * 2);
2965}
2966
2967int ssl3_num_ciphers(void)
2968{
2969    return (SSL3_NUM_CIPHERS);
2970}
2971
2972const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2973{
2974    if (u < SSL3_NUM_CIPHERS)
2975        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
2976    else
2977        return (NULL);
2978}
2979
2980int ssl3_pending(const SSL *s)
2981{
2982    if (s->rstate == SSL_ST_READ_BODY)
2983        return 0;
2984
2985    return (s->s3->rrec.type ==
2986            SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2987}
2988
2989int ssl3_new(SSL *s)
2990{
2991    SSL3_STATE *s3;
2992
2993    if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
2994        goto err;
2995    memset(s3, 0, sizeof *s3);
2996    memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2997    memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2998
2999    s->s3 = s3;
3000
3001#ifndef OPENSSL_NO_SRP
3002    SSL_SRP_CTX_init(s);
3003#endif
3004    s->method->ssl_clear(s);
3005    return (1);
3006 err:
3007    return (0);
3008}
3009
3010void ssl3_free(SSL *s)
3011{
3012    if (s == NULL)
3013        return;
3014
3015#ifdef TLSEXT_TYPE_opaque_prf_input
3016    if (s->s3->client_opaque_prf_input != NULL)
3017        OPENSSL_free(s->s3->client_opaque_prf_input);
3018    if (s->s3->server_opaque_prf_input != NULL)
3019        OPENSSL_free(s->s3->server_opaque_prf_input);
3020#endif
3021
3022    ssl3_cleanup_key_block(s);
3023    if (s->s3->rbuf.buf != NULL)
3024        ssl3_release_read_buffer(s);
3025    if (s->s3->wbuf.buf != NULL)
3026        ssl3_release_write_buffer(s);
3027    if (s->s3->rrec.comp != NULL)
3028        OPENSSL_free(s->s3->rrec.comp);
3029#ifndef OPENSSL_NO_DH
3030    if (s->s3->tmp.dh != NULL)
3031        DH_free(s->s3->tmp.dh);
3032#endif
3033#ifndef OPENSSL_NO_ECDH
3034    if (s->s3->tmp.ecdh != NULL)
3035        EC_KEY_free(s->s3->tmp.ecdh);
3036#endif
3037
3038    if (s->s3->tmp.ca_names != NULL)
3039        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3040    if (s->s3->handshake_buffer) {
3041        BIO_free(s->s3->handshake_buffer);
3042    }
3043    if (s->s3->handshake_dgst)
3044        ssl3_free_digest_list(s);
3045#ifndef OPENSSL_NO_SRP
3046    SSL_SRP_CTX_free(s);
3047#endif
3048    OPENSSL_cleanse(s->s3, sizeof *s->s3);
3049    OPENSSL_free(s->s3);
3050    s->s3 = NULL;
3051}
3052
3053void ssl3_clear(SSL *s)
3054{
3055    unsigned char *rp, *wp;
3056    size_t rlen, wlen;
3057    int init_extra;
3058
3059#ifdef TLSEXT_TYPE_opaque_prf_input
3060    if (s->s3->client_opaque_prf_input != NULL)
3061        OPENSSL_free(s->s3->client_opaque_prf_input);
3062    s->s3->client_opaque_prf_input = NULL;
3063    if (s->s3->server_opaque_prf_input != NULL)
3064        OPENSSL_free(s->s3->server_opaque_prf_input);
3065    s->s3->server_opaque_prf_input = NULL;
3066#endif
3067
3068    ssl3_cleanup_key_block(s);
3069    if (s->s3->tmp.ca_names != NULL)
3070        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
3071
3072    if (s->s3->rrec.comp != NULL) {
3073        OPENSSL_free(s->s3->rrec.comp);
3074        s->s3->rrec.comp = NULL;
3075    }
3076#ifndef OPENSSL_NO_DH
3077    if (s->s3->tmp.dh != NULL) {
3078        DH_free(s->s3->tmp.dh);
3079        s->s3->tmp.dh = NULL;
3080    }
3081#endif
3082#ifndef OPENSSL_NO_ECDH
3083    if (s->s3->tmp.ecdh != NULL) {
3084        EC_KEY_free(s->s3->tmp.ecdh);
3085        s->s3->tmp.ecdh = NULL;
3086    }
3087#endif
3088#ifndef OPENSSL_NO_TLSEXT
3089# ifndef OPENSSL_NO_EC
3090    s->s3->is_probably_safari = 0;
3091# endif                         /* !OPENSSL_NO_EC */
3092#endif                          /* !OPENSSL_NO_TLSEXT */
3093
3094    rp = s->s3->rbuf.buf;
3095    wp = s->s3->wbuf.buf;
3096    rlen = s->s3->rbuf.len;
3097    wlen = s->s3->wbuf.len;
3098    init_extra = s->s3->init_extra;
3099    if (s->s3->handshake_buffer) {
3100        BIO_free(s->s3->handshake_buffer);
3101        s->s3->handshake_buffer = NULL;
3102    }
3103    if (s->s3->handshake_dgst) {
3104        ssl3_free_digest_list(s);
3105    }
3106    memset(s->s3, 0, sizeof *s->s3);
3107    s->s3->rbuf.buf = rp;
3108    s->s3->wbuf.buf = wp;
3109    s->s3->rbuf.len = rlen;
3110    s->s3->wbuf.len = wlen;
3111    s->s3->init_extra = init_extra;
3112
3113    ssl_free_wbio_buffer(s);
3114
3115    s->packet_length = 0;
3116    s->s3->renegotiate = 0;
3117    s->s3->total_renegotiations = 0;
3118    s->s3->num_renegotiations = 0;
3119    s->s3->in_read_app_data = 0;
3120    s->version = SSL3_VERSION;
3121
3122#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3123    if (s->next_proto_negotiated) {
3124        OPENSSL_free(s->next_proto_negotiated);
3125        s->next_proto_negotiated = NULL;
3126        s->next_proto_negotiated_len = 0;
3127    }
3128#endif
3129}
3130
3131#ifndef OPENSSL_NO_SRP
3132static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3133{
3134    return BUF_strdup(s->srp_ctx.info);
3135}
3136#endif
3137
3138long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3139{
3140    int ret = 0;
3141
3142#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3143    if (
3144# ifndef OPENSSL_NO_RSA
3145           cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3146# endif
3147# ifndef OPENSSL_NO_DSA
3148           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
3149# endif
3150           0) {
3151        if (!ssl_cert_inst(&s->cert)) {
3152            SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3153            return (0);
3154        }
3155    }
3156#endif
3157
3158    switch (cmd) {
3159    case SSL_CTRL_GET_SESSION_REUSED:
3160        ret = s->hit;
3161        break;
3162    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3163        break;
3164    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3165        ret = s->s3->num_renegotiations;
3166        break;
3167    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3168        ret = s->s3->num_renegotiations;
3169        s->s3->num_renegotiations = 0;
3170        break;
3171    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3172        ret = s->s3->total_renegotiations;
3173        break;
3174    case SSL_CTRL_GET_FLAGS:
3175        ret = (int)(s->s3->flags);
3176        break;
3177#ifndef OPENSSL_NO_RSA
3178    case SSL_CTRL_NEED_TMP_RSA:
3179        if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3180            ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3181             (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3182              (512 / 8))))
3183            ret = 1;
3184        break;
3185    case SSL_CTRL_SET_TMP_RSA:
3186        {
3187            RSA *rsa = (RSA *)parg;
3188            if (rsa == NULL) {
3189                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3190                return (ret);
3191            }
3192            if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
3193                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3194                return (ret);
3195            }
3196            if (s->cert->rsa_tmp != NULL)
3197                RSA_free(s->cert->rsa_tmp);
3198            s->cert->rsa_tmp = rsa;
3199            ret = 1;
3200        }
3201        break;
3202    case SSL_CTRL_SET_TMP_RSA_CB:
3203        {
3204            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3205            return (ret);
3206        }
3207        break;
3208#endif
3209#ifndef OPENSSL_NO_DH
3210    case SSL_CTRL_SET_TMP_DH:
3211        {
3212            DH *dh = (DH *)parg;
3213            if (dh == NULL) {
3214                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3215                return (ret);
3216            }
3217            if ((dh = DHparams_dup(dh)) == NULL) {
3218                SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3219                return (ret);
3220            }
3221            if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
3222                if (!DH_generate_key(dh)) {
3223                    DH_free(dh);
3224                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3225                    return (ret);
3226                }
3227            }
3228            if (s->cert->dh_tmp != NULL)
3229                DH_free(s->cert->dh_tmp);
3230            s->cert->dh_tmp = dh;
3231            ret = 1;
3232        }
3233        break;
3234    case SSL_CTRL_SET_TMP_DH_CB:
3235        {
3236            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3237            return (ret);
3238        }
3239        break;
3240#endif
3241#ifndef OPENSSL_NO_ECDH
3242    case SSL_CTRL_SET_TMP_ECDH:
3243        {
3244            EC_KEY *ecdh = NULL;
3245
3246            if (parg == NULL) {
3247                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3248                return (ret);
3249            }
3250            if (!EC_KEY_up_ref((EC_KEY *)parg)) {
3251                SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3252                return (ret);
3253            }
3254            ecdh = (EC_KEY *)parg;
3255            if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
3256                if (!EC_KEY_generate_key(ecdh)) {
3257                    EC_KEY_free(ecdh);
3258                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
3259                    return (ret);
3260                }
3261            }
3262            if (s->cert->ecdh_tmp != NULL)
3263                EC_KEY_free(s->cert->ecdh_tmp);
3264            s->cert->ecdh_tmp = ecdh;
3265            ret = 1;
3266        }
3267        break;
3268    case SSL_CTRL_SET_TMP_ECDH_CB:
3269        {
3270            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3271            return (ret);
3272        }
3273        break;
3274#endif                          /* !OPENSSL_NO_ECDH */
3275#ifndef OPENSSL_NO_TLSEXT
3276    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3277        if (larg == TLSEXT_NAMETYPE_host_name) {
3278            if (s->tlsext_hostname != NULL)
3279                OPENSSL_free(s->tlsext_hostname);
3280            s->tlsext_hostname = NULL;
3281
3282            ret = 1;
3283            if (parg == NULL)
3284                break;
3285            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
3286                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3287                return 0;
3288            }
3289            if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
3290                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3291                return 0;
3292            }
3293        } else {
3294            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3295            return 0;
3296        }
3297        break;
3298    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3299        s->tlsext_debug_arg = parg;
3300        ret = 1;
3301        break;
3302
3303# ifdef TLSEXT_TYPE_opaque_prf_input
3304    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3305        if (larg > 12288) {     /* actual internal limit is 2^16 for the
3306                                 * complete hello message * (including the
3307                                 * cert chain and everything) */
3308            SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3309            break;
3310        }
3311        if (s->tlsext_opaque_prf_input != NULL)
3312            OPENSSL_free(s->tlsext_opaque_prf_input);
3313        if ((size_t)larg == 0)
3314            s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
3315                                                             * just to get
3316                                                             * non-NULL */
3317        else
3318            s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3319        if (s->tlsext_opaque_prf_input != NULL) {
3320            s->tlsext_opaque_prf_input_len = (size_t)larg;
3321            ret = 1;
3322        } else
3323            s->tlsext_opaque_prf_input_len = 0;
3324        break;
3325# endif
3326
3327    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3328        s->tlsext_status_type = larg;
3329        ret = 1;
3330        break;
3331
3332    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3333        *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3334        ret = 1;
3335        break;
3336
3337    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3338        s->tlsext_ocsp_exts = parg;
3339        ret = 1;
3340        break;
3341
3342    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3343        *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3344        ret = 1;
3345        break;
3346
3347    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3348        s->tlsext_ocsp_ids = parg;
3349        ret = 1;
3350        break;
3351
3352    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3353        *(unsigned char **)parg = s->tlsext_ocsp_resp;
3354        return s->tlsext_ocsp_resplen;
3355
3356    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3357        if (s->tlsext_ocsp_resp)
3358            OPENSSL_free(s->tlsext_ocsp_resp);
3359        s->tlsext_ocsp_resp = parg;
3360        s->tlsext_ocsp_resplen = larg;
3361        ret = 1;
3362        break;
3363
3364# ifndef OPENSSL_NO_HEARTBEATS
3365    case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3366        if (SSL_version(s) == DTLS1_VERSION
3367            || SSL_version(s) == DTLS1_BAD_VER)
3368            ret = dtls1_heartbeat(s);
3369        else
3370            ret = tls1_heartbeat(s);
3371        break;
3372
3373    case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3374        ret = s->tlsext_hb_pending;
3375        break;
3376
3377    case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3378        if (larg)
3379            s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3380        else
3381            s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3382        ret = 1;
3383        break;
3384# endif
3385
3386#endif                          /* !OPENSSL_NO_TLSEXT */
3387
3388    case SSL_CTRL_CHECK_PROTO_VERSION:
3389        /*
3390         * For library-internal use; checks that the current protocol is the
3391         * highest enabled version (according to s->ctx->method, as version
3392         * negotiation may have changed s->method).
3393         */
3394        if (s->version == s->ctx->method->version)
3395            return 1;
3396        /*
3397         * Apparently we're using a version-flexible SSL_METHOD (not at its
3398         * highest protocol version).
3399         */
3400        if (s->ctx->method->version == SSLv23_method()->version) {
3401#if TLS_MAX_VERSION != TLS1_2_VERSION
3402# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
3403#endif
3404            if (!(s->options & SSL_OP_NO_TLSv1_2))
3405                return s->version == TLS1_2_VERSION;
3406            if (!(s->options & SSL_OP_NO_TLSv1_1))
3407                return s->version == TLS1_1_VERSION;
3408            if (!(s->options & SSL_OP_NO_TLSv1))
3409                return s->version == TLS1_VERSION;
3410            if (!(s->options & SSL_OP_NO_SSLv3))
3411                return s->version == SSL3_VERSION;
3412            if (!(s->options & SSL_OP_NO_SSLv2))
3413                return s->version == SSL2_VERSION;
3414        }
3415        return 0;               /* Unexpected state; fail closed. */
3416
3417    default:
3418        break;
3419    }
3420    return (ret);
3421}
3422
3423long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
3424{
3425    int ret = 0;
3426
3427#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3428    if (
3429# ifndef OPENSSL_NO_RSA
3430           cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3431# endif
3432# ifndef OPENSSL_NO_DSA
3433           cmd == SSL_CTRL_SET_TMP_DH_CB ||
3434# endif
3435           0) {
3436        if (!ssl_cert_inst(&s->cert)) {
3437            SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3438            return (0);
3439        }
3440    }
3441#endif
3442
3443    switch (cmd) {
3444#ifndef OPENSSL_NO_RSA
3445    case SSL_CTRL_SET_TMP_RSA_CB:
3446        {
3447            s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3448        }
3449        break;
3450#endif
3451#ifndef OPENSSL_NO_DH
3452    case SSL_CTRL_SET_TMP_DH_CB:
3453        {
3454            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3455        }
3456        break;
3457#endif
3458#ifndef OPENSSL_NO_ECDH
3459    case SSL_CTRL_SET_TMP_ECDH_CB:
3460        {
3461            s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3462        }
3463        break;
3464#endif
3465#ifndef OPENSSL_NO_TLSEXT
3466    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3467        s->tlsext_debug_cb = (void (*)(SSL *, int, int,
3468                                       unsigned char *, int, void *))fp;
3469        break;
3470#endif
3471    default:
3472        break;
3473    }
3474    return (ret);
3475}
3476
3477long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3478{
3479    CERT *cert;
3480
3481    cert = ctx->cert;
3482
3483    switch (cmd) {
3484#ifndef OPENSSL_NO_RSA
3485    case SSL_CTRL_NEED_TMP_RSA:
3486        if ((cert->rsa_tmp == NULL) &&
3487            ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3488             (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
3489              (512 / 8)))
3490            )
3491            return (1);
3492        else
3493            return (0);
3494        /* break; */
3495    case SSL_CTRL_SET_TMP_RSA:
3496        {
3497            RSA *rsa;
3498            int i;
3499
3500            rsa = (RSA *)parg;
3501            i = 1;
3502            if (rsa == NULL)
3503                i = 0;
3504            else {
3505                if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3506                    i = 0;
3507            }
3508            if (!i) {
3509                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
3510                return (0);
3511            } else {
3512                if (cert->rsa_tmp != NULL)
3513                    RSA_free(cert->rsa_tmp);
3514                cert->rsa_tmp = rsa;
3515                return (1);
3516            }
3517        }
3518        /* break; */
3519    case SSL_CTRL_SET_TMP_RSA_CB:
3520        {
3521            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3522            return (0);
3523        }
3524        break;
3525#endif
3526#ifndef OPENSSL_NO_DH
3527    case SSL_CTRL_SET_TMP_DH:
3528        {
3529            DH *new = NULL, *dh;
3530
3531            dh = (DH *)parg;
3532            if ((new = DHparams_dup(dh)) == NULL) {
3533                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3534                return 0;
3535            }
3536            if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
3537                if (!DH_generate_key(new)) {
3538                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
3539                    DH_free(new);
3540                    return 0;
3541                }
3542            }
3543            if (cert->dh_tmp != NULL)
3544                DH_free(cert->dh_tmp);
3545            cert->dh_tmp = new;
3546            return 1;
3547        }
3548        /*
3549         * break;
3550         */
3551    case SSL_CTRL_SET_TMP_DH_CB:
3552        {
3553            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3554            return (0);
3555        }
3556        break;
3557#endif
3558#ifndef OPENSSL_NO_ECDH
3559    case SSL_CTRL_SET_TMP_ECDH:
3560        {
3561            EC_KEY *ecdh = NULL;
3562
3563            if (parg == NULL) {
3564                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3565                return 0;
3566            }
3567            ecdh = EC_KEY_dup((EC_KEY *)parg);
3568            if (ecdh == NULL) {
3569                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
3570                return 0;
3571            }
3572            if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
3573                if (!EC_KEY_generate_key(ecdh)) {
3574                    EC_KEY_free(ecdh);
3575                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
3576                    return 0;
3577                }
3578            }
3579
3580            if (cert->ecdh_tmp != NULL) {
3581                EC_KEY_free(cert->ecdh_tmp);
3582            }
3583            cert->ecdh_tmp = ecdh;
3584            return 1;
3585        }
3586        /* break; */
3587    case SSL_CTRL_SET_TMP_ECDH_CB:
3588        {
3589            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3590            return (0);
3591        }
3592        break;
3593#endif                          /* !OPENSSL_NO_ECDH */
3594#ifndef OPENSSL_NO_TLSEXT
3595    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3596        ctx->tlsext_servername_arg = parg;
3597        break;
3598    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3599    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3600        {
3601            unsigned char *keys = parg;
3602            if (!keys)
3603                return 48;
3604            if (larg != 48) {
3605                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3606                return 0;
3607            }
3608            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
3609                memcpy(ctx->tlsext_tick_key_name, keys, 16);
3610                memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3611                memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3612            } else {
3613                memcpy(keys, ctx->tlsext_tick_key_name, 16);
3614                memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3615                memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3616            }
3617            return 1;
3618        }
3619
3620# ifdef TLSEXT_TYPE_opaque_prf_input
3621    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3622        ctx->tlsext_opaque_prf_input_callback_arg = parg;
3623        return 1;
3624# endif
3625
3626    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3627        ctx->tlsext_status_arg = parg;
3628        return 1;
3629        break;
3630
3631# ifndef OPENSSL_NO_SRP
3632    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3633        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3634        if (ctx->srp_ctx.login != NULL)
3635            OPENSSL_free(ctx->srp_ctx.login);
3636        ctx->srp_ctx.login = NULL;
3637        if (parg == NULL)
3638            break;
3639        if (strlen((const char *)parg) > 255
3640            || strlen((const char *)parg) < 1) {
3641            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3642            return 0;
3643        }
3644        if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
3645            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3646            return 0;
3647        }
3648        break;
3649    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3650        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3651            srp_password_from_info_cb;
3652        ctx->srp_ctx.info = parg;
3653        break;
3654    case SSL_CTRL_SET_SRP_ARG:
3655        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3656        ctx->srp_ctx.SRP_cb_arg = parg;
3657        break;
3658
3659    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3660        ctx->srp_ctx.strength = larg;
3661        break;
3662# endif
3663#endif                          /* !OPENSSL_NO_TLSEXT */
3664
3665        /* A Thawte special :-) */
3666    case SSL_CTRL_EXTRA_CHAIN_CERT:
3667        if (ctx->extra_certs == NULL) {
3668            if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
3669                return (0);
3670        }
3671        sk_X509_push(ctx->extra_certs, (X509 *)parg);
3672        break;
3673
3674    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3675        *(STACK_OF(X509) **)parg = ctx->extra_certs;
3676        break;
3677
3678    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3679        if (ctx->extra_certs) {
3680            sk_X509_pop_free(ctx->extra_certs, X509_free);
3681            ctx->extra_certs = NULL;
3682        }
3683        break;
3684
3685    default:
3686        return (0);
3687    }
3688    return (1);
3689}
3690
3691long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
3692{
3693    CERT *cert;
3694
3695    cert = ctx->cert;
3696
3697    switch (cmd) {
3698#ifndef OPENSSL_NO_RSA
3699    case SSL_CTRL_SET_TMP_RSA_CB:
3700        {
3701            cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3702        }
3703        break;
3704#endif
3705#ifndef OPENSSL_NO_DH
3706    case SSL_CTRL_SET_TMP_DH_CB:
3707        {
3708            cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3709        }
3710        break;
3711#endif
3712#ifndef OPENSSL_NO_ECDH
3713    case SSL_CTRL_SET_TMP_ECDH_CB:
3714        {
3715            cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3716        }
3717        break;
3718#endif
3719#ifndef OPENSSL_NO_TLSEXT
3720    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3721        ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
3722        break;
3723
3724# ifdef TLSEXT_TYPE_opaque_prf_input
3725    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3726        ctx->tlsext_opaque_prf_input_callback =
3727            (int (*)(SSL *, void *, size_t, void *))fp;
3728        break;
3729# endif
3730
3731    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3732        ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
3733        break;
3734
3735    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3736        ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
3737                                             unsigned char *,
3738                                             EVP_CIPHER_CTX *,
3739                                             HMAC_CTX *, int))fp;
3740        break;
3741
3742# ifndef OPENSSL_NO_SRP
3743    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3744        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3745        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
3746        break;
3747    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3748        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3749        ctx->srp_ctx.TLS_ext_srp_username_callback =
3750            (int (*)(SSL *, int *, void *))fp;
3751        break;
3752    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3753        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
3754        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
3755            (char *(*)(SSL *, void *))fp;
3756        break;
3757# endif
3758#endif
3759
3760    default:
3761        return (0);
3762    }
3763    return (1);
3764}
3765
3766/*
3767 * This function needs to check if the ciphers required are actually
3768 * available
3769 */
3770const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3771{
3772    SSL_CIPHER c;
3773    const SSL_CIPHER *cp;
3774    unsigned long id;
3775
3776    id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
3777    c.id = id;
3778    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3779#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3780    if (cp == NULL)
3781        fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3782#endif
3783    if (cp == NULL || cp->valid == 0)
3784        return NULL;
3785    else
3786        return cp;
3787}
3788
3789int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3790{
3791    long l;
3792
3793    if (p != NULL) {
3794        l = c->id;
3795        if ((l & 0xff000000) != 0x03000000)
3796            return (0);
3797        p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
3798        p[1] = ((unsigned char)(l)) & 0xFF;
3799    }
3800    return (2);
3801}
3802
3803SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3804                               STACK_OF(SSL_CIPHER) *srvr)
3805{
3806    SSL_CIPHER *c, *ret = NULL;
3807    STACK_OF(SSL_CIPHER) *prio, *allow;
3808    int i, ii, ok;
3809#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3810    unsigned int j;
3811    int ec_ok, ec_nid;
3812    unsigned char ec_search1 = 0, ec_search2 = 0;
3813#endif
3814    CERT *cert;
3815    unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
3816
3817    /* Let's see which ciphers we can support */
3818    cert = s->cert;
3819
3820#if 0
3821    /*
3822     * Do not set the compare functions, because this may lead to a
3823     * reordering by "id". We want to keep the original ordering. We may pay
3824     * a price in performance during sk_SSL_CIPHER_find(), but would have to
3825     * pay with the price of sk_SSL_CIPHER_dup().
3826     */
3827    sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3828    sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3829#endif
3830
3831#ifdef CIPHER_DEBUG
3832    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
3833            (void *)srvr);
3834    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
3835        c = sk_SSL_CIPHER_value(srvr, i);
3836        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3837    }
3838    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
3839            (void *)clnt);
3840    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
3841        c = sk_SSL_CIPHER_value(clnt, i);
3842        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
3843    }
3844#endif
3845
3846    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
3847        prio = srvr;
3848        allow = clnt;
3849    } else {
3850        prio = clnt;
3851        allow = srvr;
3852    }
3853
3854    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
3855        c = sk_SSL_CIPHER_value(prio, i);
3856
3857        /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3858        if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3859            (TLS1_get_version(s) < TLS1_2_VERSION))
3860            continue;
3861
3862        ssl_set_cert_masks(cert, c);
3863        mask_k = cert->mask_k;
3864        mask_a = cert->mask_a;
3865        emask_k = cert->export_mask_k;
3866        emask_a = cert->export_mask_a;
3867#ifndef OPENSSL_NO_SRP
3868        if (s->srp_ctx.srp_Mask & SSL_kSRP) {
3869            mask_k |= SSL_kSRP;
3870            emask_k |= SSL_kSRP;
3871            mask_a |= SSL_aSRP;
3872            emask_a |= SSL_aSRP;
3873        }
3874#endif
3875
3876#ifdef KSSL_DEBUG
3877        /*
3878         * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
3879         * i,c->algorithms);
3880         */
3881#endif                          /* KSSL_DEBUG */
3882
3883        alg_k = c->algorithm_mkey;
3884        alg_a = c->algorithm_auth;
3885
3886#ifndef OPENSSL_NO_KRB5
3887        if (alg_k & SSL_kKRB5) {
3888            if (!kssl_keytab_is_available(s->kssl_ctx))
3889                continue;
3890        }
3891#endif                          /* OPENSSL_NO_KRB5 */
3892#ifndef OPENSSL_NO_PSK
3893        /* with PSK there must be server callback set */
3894        if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3895            continue;
3896#endif                          /* OPENSSL_NO_PSK */
3897
3898        if (SSL_C_IS_EXPORT(c)) {
3899            ok = (alg_k & emask_k) && (alg_a & emask_a);
3900#ifdef CIPHER_DEBUG
3901            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
3902                    ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
3903#endif
3904        } else {
3905            ok = (alg_k & mask_k) && (alg_a & mask_a);
3906#ifdef CIPHER_DEBUG
3907            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
3908                    alg_a, mask_k, mask_a, (void *)c, c->name);
3909#endif
3910        }
3911
3912#ifndef OPENSSL_NO_TLSEXT
3913# ifndef OPENSSL_NO_EC
3914        if (
3915               /*
3916                * if we are considering an ECC cipher suite that uses our
3917                * certificate
3918                */
3919               (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3920               /* and we have an ECC certificate */
3921               && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3922               /*
3923                * and the client specified a Supported Point Formats
3924                * extension
3925                */
3926               && ((s->session->tlsext_ecpointformatlist_length > 0)
3927                   && (s->session->tlsext_ecpointformatlist != NULL))
3928               /* and our certificate's point is compressed */
3929               && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3930                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key !=
3931                       NULL)
3932                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3933                       key->public_key != NULL)
3934                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3935                       key->public_key->data != NULL)
3936                   &&
3937                   ((*
3938                     (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3939                      key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3940                    ||
3941                    (*
3942                     (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
3943                      key->public_key->data) ==
3944                     POINT_CONVERSION_COMPRESSED + 1)
3945                   )
3946               )
3947            ) {
3948            ec_ok = 0;
3949            /*
3950             * if our certificate's curve is over a field type that the
3951             * client does not support then do not allow this cipher suite to
3952             * be negotiated
3953             */
3954            if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3955                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
3956                    NULL)
3957                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3958                    group->meth != NULL)
3959                &&
3960                (EC_METHOD_get_field_type
3961                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3962                  group->meth) == NID_X9_62_prime_field)
3963                ) {
3964                for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
3965                     j++) {
3966                    if (s->session->tlsext_ecpointformatlist[j] ==
3967                        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
3968                        ec_ok = 1;
3969                        break;
3970                    }
3971                }
3972            } else
3973                if (EC_METHOD_get_field_type
3974                    (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
3975                     group->meth) == NID_X9_62_characteristic_two_field) {
3976                for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
3977                     j++) {
3978                    if (s->session->tlsext_ecpointformatlist[j] ==
3979                        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
3980                        ec_ok = 1;
3981                        break;
3982                    }
3983                }
3984            }
3985            ok = ok && ec_ok;
3986        }
3987        if (
3988               /*
3989                * if we are considering an ECC cipher suite that uses our
3990                * certificate
3991                */
3992               (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3993               /* and we have an ECC certificate */
3994               && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3995               /*
3996                * and the client specified an EllipticCurves extension
3997                */
3998               && ((s->session->tlsext_ellipticcurvelist_length > 0)
3999                   && (s->session->tlsext_ellipticcurvelist != NULL))
4000            ) {
4001            ec_ok = 0;
4002            if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
4003                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
4004                    NULL)
4005                ) {
4006                ec_nid =
4007                    EC_GROUP_get_curve_name(s->cert->
4008                                            pkeys[SSL_PKEY_ECC].privatekey->
4009                                            pkey.ec->group);
4010                if ((ec_nid == 0)
4011                    && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
4012                        ec->group->meth != NULL)
4013                    ) {
4014                    if (EC_METHOD_get_field_type
4015                        (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
4016                         ec->group->meth) == NID_X9_62_prime_field) {
4017                        ec_search1 = 0xFF;
4018                        ec_search2 = 0x01;
4019                    } else
4020                        if (EC_METHOD_get_field_type
4021                            (s->cert->pkeys[SSL_PKEY_ECC].privatekey->
4022                             pkey.ec->group->meth) ==
4023                            NID_X9_62_characteristic_two_field) {
4024                        ec_search1 = 0xFF;
4025                        ec_search2 = 0x02;
4026                    }
4027                } else {
4028                    ec_search1 = 0x00;
4029                    ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4030                }
4031                if ((ec_search1 != 0) || (ec_search2 != 0)) {
4032                    for (j = 0;
4033                         j < s->session->tlsext_ellipticcurvelist_length / 2;
4034                         j++) {
4035                        if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
4036                             ec_search1)
4037                            && (s->session->tlsext_ellipticcurvelist[2 * j +
4038                                                                     1] ==
4039                                ec_search2)) {
4040                            ec_ok = 1;
4041                            break;
4042                        }
4043                    }
4044                }
4045            }
4046            ok = ok && ec_ok;
4047        }
4048#  ifndef OPENSSL_NO_ECDH
4049        if (
4050               /*
4051                * if we are considering an ECC cipher suite that uses an
4052                * ephemeral EC key
4053                */
4054               (alg_k & SSL_kEECDH)
4055               /* and we have an ephemeral EC key */
4056               && (s->cert->ecdh_tmp != NULL)
4057               /*
4058                * and the client specified an EllipticCurves extension
4059                */
4060               && ((s->session->tlsext_ellipticcurvelist_length > 0)
4061                   && (s->session->tlsext_ellipticcurvelist != NULL))
4062            ) {
4063            ec_ok = 0;
4064            if (s->cert->ecdh_tmp->group != NULL) {
4065                ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
4066                if ((ec_nid == 0)
4067                    && (s->cert->ecdh_tmp->group->meth != NULL)
4068                    ) {
4069                    if (EC_METHOD_get_field_type
4070                        (s->cert->ecdh_tmp->group->meth) ==
4071                        NID_X9_62_prime_field) {
4072                        ec_search1 = 0xFF;
4073                        ec_search2 = 0x01;
4074                    } else
4075                        if (EC_METHOD_get_field_type
4076                            (s->cert->ecdh_tmp->group->meth) ==
4077                            NID_X9_62_characteristic_two_field) {
4078                        ec_search1 = 0xFF;
4079                        ec_search2 = 0x02;
4080                    }
4081                } else {
4082                    ec_search1 = 0x00;
4083                    ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4084                }
4085                if ((ec_search1 != 0) || (ec_search2 != 0)) {
4086                    for (j = 0;
4087                         j < s->session->tlsext_ellipticcurvelist_length / 2;
4088                         j++) {
4089                        if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
4090                             ec_search1)
4091                            && (s->session->tlsext_ellipticcurvelist[2 * j +
4092                                                                     1] ==
4093                                ec_search2)) {
4094                            ec_ok = 1;
4095                            break;
4096                        }
4097                    }
4098                }
4099            }
4100            ok = ok && ec_ok;
4101        }
4102#  endif                        /* OPENSSL_NO_ECDH */
4103# endif                         /* OPENSSL_NO_EC */
4104#endif                          /* OPENSSL_NO_TLSEXT */
4105
4106        if (!ok)
4107            continue;
4108        ii = sk_SSL_CIPHER_find(allow, c);
4109        if (ii >= 0) {
4110#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4111            if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
4112                && s->s3->is_probably_safari) {
4113                if (!ret)
4114                    ret = sk_SSL_CIPHER_value(allow, ii);
4115                continue;
4116            }
4117#endif
4118            ret = sk_SSL_CIPHER_value(allow, ii);
4119            break;
4120        }
4121    }
4122    return (ret);
4123}
4124
4125int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4126{
4127    int ret = 0;
4128    unsigned long alg_k;
4129
4130    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4131
4132#ifndef OPENSSL_NO_GOST
4133    if (s->version >= TLS1_VERSION) {
4134        if (alg_k & SSL_kGOST) {
4135            p[ret++] = TLS_CT_GOST94_SIGN;
4136            p[ret++] = TLS_CT_GOST01_SIGN;
4137            return (ret);
4138        }
4139    }
4140#endif
4141
4142#ifndef OPENSSL_NO_DH
4143    if (alg_k & (SSL_kDHr | SSL_kEDH)) {
4144# ifndef OPENSSL_NO_RSA
4145        p[ret++] = SSL3_CT_RSA_FIXED_DH;
4146# endif
4147# ifndef OPENSSL_NO_DSA
4148        p[ret++] = SSL3_CT_DSS_FIXED_DH;
4149# endif
4150    }
4151    if ((s->version == SSL3_VERSION) &&
4152        (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
4153# ifndef OPENSSL_NO_RSA
4154        p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
4155# endif
4156# ifndef OPENSSL_NO_DSA
4157        p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
4158# endif
4159    }
4160#endif                          /* !OPENSSL_NO_DH */
4161#ifndef OPENSSL_NO_RSA
4162    p[ret++] = SSL3_CT_RSA_SIGN;
4163#endif
4164#ifndef OPENSSL_NO_DSA
4165    p[ret++] = SSL3_CT_DSS_SIGN;
4166#endif
4167#ifndef OPENSSL_NO_ECDH
4168    if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
4169        p[ret++] = TLS_CT_RSA_FIXED_ECDH;
4170        p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
4171    }
4172#endif
4173
4174#ifndef OPENSSL_NO_ECDSA
4175    /*
4176     * ECDSA certs can be used with RSA cipher suites as well so we don't
4177     * need to check for SSL_kECDH or SSL_kEECDH
4178     */
4179    if (s->version >= TLS1_VERSION) {
4180        p[ret++] = TLS_CT_ECDSA_SIGN;
4181    }
4182#endif
4183    return (ret);
4184}
4185
4186int ssl3_shutdown(SSL *s)
4187{
4188    int ret;
4189
4190    /*
4191     * Don't do anything much if we have not done the handshake or we don't
4192     * want to send messages :-)
4193     */
4194    if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
4195        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
4196        return (1);
4197    }
4198
4199    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
4200        s->shutdown |= SSL_SENT_SHUTDOWN;
4201#if 1
4202        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
4203#endif
4204        /*
4205         * our shutdown alert has been sent now, and if it still needs to be
4206         * written, s->s3->alert_dispatch will be true
4207         */
4208        if (s->s3->alert_dispatch)
4209            return (-1);        /* return WANT_WRITE */
4210    } else if (s->s3->alert_dispatch) {
4211        /* resend it if not sent */
4212#if 1
4213        ret = s->method->ssl_dispatch_alert(s);
4214        if (ret == -1) {
4215            /*
4216             * we only get to return -1 here the 2nd/Nth invocation, we must
4217             * have already signalled return 0 upon a previous invoation,
4218             * return WANT_WRITE
4219             */
4220            return (ret);
4221        }
4222#endif
4223    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4224        /*
4225         * If we are waiting for a close from our peer, we are closed
4226         */
4227        s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
4228        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
4229            return (-1);        /* return WANT_READ */
4230        }
4231    }
4232
4233    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
4234        !s->s3->alert_dispatch)
4235        return (1);
4236    else
4237        return (0);
4238}
4239
4240int ssl3_write(SSL *s, const void *buf, int len)
4241{
4242    int ret, n;
4243
4244#if 0
4245    if (s->shutdown & SSL_SEND_SHUTDOWN) {
4246        s->rwstate = SSL_NOTHING;
4247        return (0);
4248    }
4249#endif
4250    clear_sys_error();
4251    if (s->s3->renegotiate)
4252        ssl3_renegotiate_check(s);
4253
4254    /*
4255     * This is an experimental flag that sends the last handshake message in
4256     * the same packet as the first use data - used to see if it helps the
4257     * TCP protocol during session-id reuse
4258     */
4259    /* The second test is because the buffer may have been removed */
4260    if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
4261        /* First time through, we write into the buffer */
4262        if (s->s3->delay_buf_pop_ret == 0) {
4263            ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
4264            if (ret <= 0)
4265                return (ret);
4266
4267            s->s3->delay_buf_pop_ret = ret;
4268        }
4269
4270        s->rwstate = SSL_WRITING;
4271        n = BIO_flush(s->wbio);
4272        if (n <= 0)
4273            return (n);
4274        s->rwstate = SSL_NOTHING;
4275
4276        /* We have flushed the buffer, so remove it */
4277        ssl_free_wbio_buffer(s);
4278        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
4279
4280        ret = s->s3->delay_buf_pop_ret;
4281        s->s3->delay_buf_pop_ret = 0;
4282    } else {
4283        ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
4284                                         buf, len);
4285        if (ret <= 0)
4286            return (ret);
4287    }
4288
4289    return (ret);
4290}
4291
4292static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4293{
4294    int ret;
4295
4296    clear_sys_error();
4297    if (s->s3->renegotiate)
4298        ssl3_renegotiate_check(s);
4299    s->s3->in_read_app_data = 1;
4300    ret =
4301        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4302                                  peek);
4303    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
4304        /*
4305         * ssl3_read_bytes decided to call s->handshake_func, which called
4306         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
4307         * actually found application data and thinks that application data
4308         * makes sense here; so disable handshake processing and try to read
4309         * application data again.
4310         */
4311        s->in_handshake++;
4312        ret =
4313            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
4314                                      peek);
4315        s->in_handshake--;
4316    } else
4317        s->s3->in_read_app_data = 0;
4318
4319    return (ret);
4320}
4321
4322int ssl3_read(SSL *s, void *buf, int len)
4323{
4324    return ssl3_read_internal(s, buf, len, 0);
4325}
4326
4327int ssl3_peek(SSL *s, void *buf, int len)
4328{
4329    return ssl3_read_internal(s, buf, len, 1);
4330}
4331
4332int ssl3_renegotiate(SSL *s)
4333{
4334    if (s->handshake_func == NULL)
4335        return (1);
4336
4337    if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4338        return (0);
4339
4340    s->s3->renegotiate = 1;
4341    return (1);
4342}
4343
4344int ssl3_renegotiate_check(SSL *s)
4345{
4346    int ret = 0;
4347
4348    if (s->s3->renegotiate) {
4349        if ((s->s3->rbuf.left == 0) &&
4350            (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
4351            /*
4352             * if we are the server, and we have sent a 'RENEGOTIATE'
4353             * message, we need to go to SSL_ST_ACCEPT.
4354             */
4355            /* SSL_ST_ACCEPT */
4356            s->state = SSL_ST_RENEGOTIATE;
4357            s->s3->renegotiate = 0;
4358            s->s3->num_renegotiations++;
4359            s->s3->total_renegotiations++;
4360            ret = 1;
4361        }
4362    }
4363    return (ret);
4364}
4365
4366/*
4367 * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4368 * to new SHA256 PRF and handshake macs
4369 */
4370long ssl_get_algorithm2(SSL *s)
4371{
4372    long alg2 = s->s3->tmp.new_cipher->algorithm2;
4373    if (s->method->version == TLS1_2_VERSION &&
4374        alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
4375        return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4376    return alg2;
4377}
4378