1 /* ssl/s3_lib.c */
   2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   3  * All rights reserved.
   4  *
   5  * This package is an SSL implementation written
   6  * by Eric Young (eay@cryptsoft.com).
   7  * The implementation was written so as to conform with Netscapes SSL.
   8  *
   9  * This library is free for commercial and non-commercial use as long as
  10  * the following conditions are aheared to.  The following conditions
  11  * apply to all code found in this distribution, be it the RC4, RSA,
  12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  13  * included with this distribution is covered by the same copyright terms
  14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15  *
  16  * Copyright remains Eric Young's, and as such any Copyright notices in
  17  * the code are not to be removed.
  18  * If this package is used in a product, Eric Young should be given attribution
  19  * as the author of the parts of the library used.
  20  * This can be in the form of a textual message at program startup or
  21  * in documentation (online or textual) provided with the package.
  22  *
  23  * Redistribution and use in source and binary forms, with or without
  24  * modification, are permitted provided that the following conditions
  25  * are met:
  26  * 1. Redistributions of source code must retain the copyright
  27  *    notice, this list of conditions and the following disclaimer.
  28  * 2. Redistributions in binary form must reproduce the above copyright
  29  *    notice, this list of conditions and the following disclaimer in the
  30  *    documentation and/or other materials provided with the distribution.
  31  * 3. All advertising materials mentioning features or use of this software
  32  *    must display the following acknowledgement:
  33  *    "This product includes cryptographic software written by
  34  *     Eric Young (eay@cryptsoft.com)"
  35  *    The word 'cryptographic' can be left out if the rouines from the library
  36  *    being used are not cryptographic related :-).
  37  * 4. If you include any Windows specific code (or a derivative thereof) from
  38  *    the apps directory (application code) you must include an acknowledgement:
  39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40  *
  41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51  * SUCH DAMAGE.
  52  *
  53  * The licence and distribution terms for any publically available version or
  54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  55  * copied and put under another distribution licence
  56  * [including the GNU Public Licence.]
  57  */
  58 /* ====================================================================
  59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
  60  *
  61  * Redistribution and use in source and binary forms, with or without
  62  * modification, are permitted provided that the following conditions
  63  * are met:
  64  *
  65  * 1. Redistributions of source code must retain the above copyright
  66  *    notice, this list of conditions and the following disclaimer.
  67  *
  68  * 2. Redistributions in binary form must reproduce the above copyright
  69  *    notice, this list of conditions and the following disclaimer in
  70  *    the documentation and/or other materials provided with the
  71  *    distribution.
  72  *
  73  * 3. All advertising materials mentioning features or use of this
  74  *    software must display the following acknowledgment:
  75  *    "This product includes software developed by the OpenSSL Project
  76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77  *
  78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79  *    endorse or promote products derived from this software without
  80  *    prior written permission. For written permission, please contact
  81  *    openssl-core@openssl.org.
  82  *
  83  * 5. Products derived from this software may not be called "OpenSSL"
  84  *    nor may "OpenSSL" appear in their names without prior written
  85  *    permission of the OpenSSL Project.
  86  *
  87  * 6. Redistributions of any form whatsoever must retain the following
  88  *    acknowledgment:
  89  *    "This product includes software developed by the OpenSSL Project
  90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91  *
  92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 103  * OF THE POSSIBILITY OF SUCH DAMAGE.
 104  * ====================================================================
 105  *
 106  * This product includes cryptographic software written by Eric Young
 107  * (eay@cryptsoft.com).  This product includes software written by Tim
 108  * Hudson (tjh@cryptsoft.com).
 109  *
 110  */
 111 /* ====================================================================
 112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 113  *
 114  * Portions of the attached software ("Contribution") are developed by
 115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
 116  *
 117  * The Contribution is licensed pursuant to the OpenSSL open source
 118  * license provided above.
 119  *
 120  * ECC cipher suite support in OpenSSL originally written by
 121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 122  *
 123  */
 124 /* ====================================================================
 125  * Copyright 2005 Nokia. All rights reserved.
 126  *
 127  * The portions of the attached software ("Contribution") is developed by
 128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 129  * license.
 130  *
 131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 133  * support (see RFC 4279) to OpenSSL.
 134  *
 135  * No patent licenses or other rights except those expressly stated in
 136  * the OpenSSL open source license shall be deemed granted or received
 137  * expressly, by implication, estoppel, or otherwise.
 138  *
 139  * No assurances are provided by Nokia that the Contribution does not
 140  * infringe the patent or other intellectual property rights of any third
 141  * party or that the license provides you with all the necessary rights
 142  * to make use of the Contribution.
 143  *
 144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 148  * OTHERWISE.
 149  */
 150 
 151 #include <stdio.h>
 152 #include <openssl/objects.h>
 153 #include "ssl_locl.h"
 154 #include "kssl_lcl.h"
 155 #ifndef OPENSSL_NO_TLSEXT
 156 #ifndef OPENSSL_NO_EC
 157 #include "../crypto/ec/ec_lcl.h"
 158 #endif /* OPENSSL_NO_EC */
 159 #endif /* OPENSSL_NO_TLSEXT */
 160 #include <openssl/md5.h>
 161 #ifndef OPENSSL_NO_DH
 162 #include <openssl/dh.h>
 163 #endif
 164 
 165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
 166 
 167 #define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 168 
 169 /* list of available SSLv3 ciphers (sorted by id) */
 170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 171 
 172 /* The RSA ciphers */
 173 /* Cipher 01 */
 174         {
 175         1,
 176         SSL3_TXT_RSA_NULL_MD5,
 177         SSL3_CK_RSA_NULL_MD5,
 178         SSL_kRSA,
 179         SSL_aRSA,
 180         SSL_eNULL,
 181         SSL_MD5,
 182         SSL_SSLV3,
 183         SSL_NOT_EXP|SSL_STRONG_NONE,
 184         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 185         0,
 186         0,
 187         },
 188 
 189 /* Cipher 02 */
 190         {
 191         1,
 192         SSL3_TXT_RSA_NULL_SHA,
 193         SSL3_CK_RSA_NULL_SHA,
 194         SSL_kRSA,
 195         SSL_aRSA,
 196         SSL_eNULL,
 197         SSL_SHA1,
 198         SSL_SSLV3,
 199         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
 200         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 201         0,
 202         0,
 203         },
 204 
 205 /* Cipher 03 */
 206         {
 207         1,
 208         SSL3_TXT_RSA_RC4_40_MD5,
 209         SSL3_CK_RSA_RC4_40_MD5,
 210         SSL_kRSA,
 211         SSL_aRSA,
 212         SSL_RC4,
 213         SSL_MD5,
 214         SSL_SSLV3,
 215         SSL_EXPORT|SSL_EXP40,
 216         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 217         40,
 218         128,
 219         },
 220 
 221 /* Cipher 04 */
 222         {
 223         1,
 224         SSL3_TXT_RSA_RC4_128_MD5,
 225         SSL3_CK_RSA_RC4_128_MD5,
 226         SSL_kRSA,
 227         SSL_aRSA,
 228         SSL_RC4,
 229         SSL_MD5,
 230         SSL_SSLV3,
 231         SSL_NOT_EXP|SSL_MEDIUM,
 232         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 233         128,
 234         128,
 235         },
 236 
 237 /* Cipher 05 */
 238         {
 239         1,
 240         SSL3_TXT_RSA_RC4_128_SHA,
 241         SSL3_CK_RSA_RC4_128_SHA,
 242         SSL_kRSA,
 243         SSL_aRSA,
 244         SSL_RC4,
 245         SSL_SHA1,
 246         SSL_SSLV3,
 247         SSL_NOT_EXP|SSL_MEDIUM,
 248         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 249         128,
 250         128,
 251         },
 252 
 253 /* Cipher 06 */
 254         {
 255         1,
 256         SSL3_TXT_RSA_RC2_40_MD5,
 257         SSL3_CK_RSA_RC2_40_MD5,
 258         SSL_kRSA,
 259         SSL_aRSA,
 260         SSL_RC2,
 261         SSL_MD5,
 262         SSL_SSLV3,
 263         SSL_EXPORT|SSL_EXP40,
 264         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 265         40,
 266         128,
 267         },
 268 
 269 /* Cipher 07 */
 270 #ifndef OPENSSL_NO_IDEA
 271         {
 272         1,
 273         SSL3_TXT_RSA_IDEA_128_SHA,
 274         SSL3_CK_RSA_IDEA_128_SHA,
 275         SSL_kRSA,
 276         SSL_aRSA,
 277         SSL_IDEA,
 278         SSL_SHA1,
 279         SSL_SSLV3,
 280         SSL_NOT_EXP|SSL_MEDIUM,
 281         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 282         128,
 283         128,
 284         },
 285 #endif
 286 
 287 /* Cipher 08 */
 288         {
 289         1,
 290         SSL3_TXT_RSA_DES_40_CBC_SHA,
 291         SSL3_CK_RSA_DES_40_CBC_SHA,
 292         SSL_kRSA,
 293         SSL_aRSA,
 294         SSL_DES,
 295         SSL_SHA1,
 296         SSL_SSLV3,
 297         SSL_EXPORT|SSL_EXP40,
 298         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 299         40,
 300         56,
 301         },
 302 
 303 /* Cipher 09 */
 304         {
 305         1,
 306         SSL3_TXT_RSA_DES_64_CBC_SHA,
 307         SSL3_CK_RSA_DES_64_CBC_SHA,
 308         SSL_kRSA,
 309         SSL_aRSA,
 310         SSL_DES,
 311         SSL_SHA1,
 312         SSL_SSLV3,
 313         SSL_NOT_EXP|SSL_LOW,
 314         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 315         56,
 316         56,
 317         },
 318 
 319 /* Cipher 0A */
 320         {
 321         1,
 322         SSL3_TXT_RSA_DES_192_CBC3_SHA,
 323         SSL3_CK_RSA_DES_192_CBC3_SHA,
 324         SSL_kRSA,
 325         SSL_aRSA,
 326         SSL_3DES,
 327         SSL_SHA1,
 328         SSL_SSLV3,
 329         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 330         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 331         112,
 332         168,
 333         },
 334 
 335 /* The DH ciphers */
 336 /* Cipher 0B */
 337         {
 338         0,
 339         SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
 340         SSL3_CK_DH_DSS_DES_40_CBC_SHA,
 341         SSL_kDHd,
 342         SSL_aDH,
 343         SSL_DES,
 344         SSL_SHA1,
 345         SSL_SSLV3,
 346         SSL_EXPORT|SSL_EXP40,
 347         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 348         40,
 349         56,
 350         },
 351 
 352 /* Cipher 0C */
 353         {
 354         0, /* not implemented (non-ephemeral DH) */
 355         SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
 356         SSL3_CK_DH_DSS_DES_64_CBC_SHA,
 357         SSL_kDHd,
 358         SSL_aDH,
 359         SSL_DES,
 360         SSL_SHA1,
 361         SSL_SSLV3,
 362         SSL_NOT_EXP|SSL_LOW,
 363         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 364         56,
 365         56,
 366         },
 367 
 368 /* Cipher 0D */
 369         {
 370         0, /* not implemented (non-ephemeral DH) */
 371         SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
 372         SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
 373         SSL_kDHd,
 374         SSL_aDH,
 375         SSL_3DES,
 376         SSL_SHA1,
 377         SSL_SSLV3,
 378         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 379         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 380         112,
 381         168,
 382         },
 383 
 384 /* Cipher 0E */
 385         {
 386         0, /* not implemented (non-ephemeral DH) */
 387         SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
 388         SSL3_CK_DH_RSA_DES_40_CBC_SHA,
 389         SSL_kDHr,
 390         SSL_aDH,
 391         SSL_DES,
 392         SSL_SHA1,
 393         SSL_SSLV3,
 394         SSL_EXPORT|SSL_EXP40,
 395         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 396         40,
 397         56,
 398         },
 399 
 400 /* Cipher 0F */
 401         {
 402         0, /* not implemented (non-ephemeral DH) */
 403         SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
 404         SSL3_CK_DH_RSA_DES_64_CBC_SHA,
 405         SSL_kDHr,
 406         SSL_aDH,
 407         SSL_DES,
 408         SSL_SHA1,
 409         SSL_SSLV3,
 410         SSL_NOT_EXP|SSL_LOW,
 411         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 412         56,
 413         56,
 414         },
 415 
 416 /* Cipher 10 */
 417         {
 418         0, /* not implemented (non-ephemeral DH) */
 419         SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
 420         SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
 421         SSL_kDHr,
 422         SSL_aDH,
 423         SSL_3DES,
 424         SSL_SHA1,
 425         SSL_SSLV3,
 426         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 427         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 428         112,
 429         168,
 430         },
 431 
 432 /* The Ephemeral DH ciphers */
 433 /* Cipher 11 */
 434         {
 435         1,
 436         SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 437         SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
 438         SSL_kEDH,
 439         SSL_aDSS,
 440         SSL_DES,
 441         SSL_SHA1,
 442         SSL_SSLV3,
 443         SSL_EXPORT|SSL_EXP40,
 444         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 445         40,
 446         56,
 447         },
 448 
 449 /* Cipher 12 */
 450         {
 451         1,
 452         SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
 453         SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
 454         SSL_kEDH,
 455         SSL_aDSS,
 456         SSL_DES,
 457         SSL_SHA1,
 458         SSL_SSLV3,
 459         SSL_NOT_EXP|SSL_LOW,
 460         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 461         56,
 462         56,
 463         },
 464 
 465 /* Cipher 13 */
 466         {
 467         1,
 468         SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
 469         SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
 470         SSL_kEDH,
 471         SSL_aDSS,
 472         SSL_3DES,
 473         SSL_SHA1,
 474         SSL_SSLV3,
 475         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 476         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 477         112,
 478         168,
 479         },
 480 
 481 /* Cipher 14 */
 482         {
 483         1,
 484         SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 485         SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
 486         SSL_kEDH,
 487         SSL_aRSA,
 488         SSL_DES,
 489         SSL_SHA1,
 490         SSL_SSLV3,
 491         SSL_EXPORT|SSL_EXP40,
 492         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 493         40,
 494         56,
 495         },
 496 
 497 /* Cipher 15 */
 498         {
 499         1,
 500         SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
 501         SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
 502         SSL_kEDH,
 503         SSL_aRSA,
 504         SSL_DES,
 505         SSL_SHA1,
 506         SSL_SSLV3,
 507         SSL_NOT_EXP|SSL_LOW,
 508         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 509         56,
 510         56,
 511         },
 512 
 513 /* Cipher 16 */
 514         {
 515         1,
 516         SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
 517         SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
 518         SSL_kEDH,
 519         SSL_aRSA,
 520         SSL_3DES,
 521         SSL_SHA1,
 522         SSL_SSLV3,
 523         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 524         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 525         112,
 526         168,
 527         },
 528 
 529 /* Cipher 17 */
 530         {
 531         1,
 532         SSL3_TXT_ADH_RC4_40_MD5,
 533         SSL3_CK_ADH_RC4_40_MD5,
 534         SSL_kEDH,
 535         SSL_aNULL,
 536         SSL_RC4,
 537         SSL_MD5,
 538         SSL_SSLV3,
 539         SSL_EXPORT|SSL_EXP40,
 540         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 541         40,
 542         128,
 543         },
 544 
 545 /* Cipher 18 */
 546         {
 547         1,
 548         SSL3_TXT_ADH_RC4_128_MD5,
 549         SSL3_CK_ADH_RC4_128_MD5,
 550         SSL_kEDH,
 551         SSL_aNULL,
 552         SSL_RC4,
 553         SSL_MD5,
 554         SSL_SSLV3,
 555         SSL_NOT_EXP|SSL_MEDIUM,
 556         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 557         128,
 558         128,
 559         },
 560 
 561 /* Cipher 19 */
 562         {
 563         1,
 564         SSL3_TXT_ADH_DES_40_CBC_SHA,
 565         SSL3_CK_ADH_DES_40_CBC_SHA,
 566         SSL_kEDH,
 567         SSL_aNULL,
 568         SSL_DES,
 569         SSL_SHA1,
 570         SSL_SSLV3,
 571         SSL_EXPORT|SSL_EXP40,
 572         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 573         40,
 574         128,
 575         },
 576 
 577 /* Cipher 1A */
 578         {
 579         1,
 580         SSL3_TXT_ADH_DES_64_CBC_SHA,
 581         SSL3_CK_ADH_DES_64_CBC_SHA,
 582         SSL_kEDH,
 583         SSL_aNULL,
 584         SSL_DES,
 585         SSL_SHA1,
 586         SSL_SSLV3,
 587         SSL_NOT_EXP|SSL_LOW,
 588         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 589         56,
 590         56,
 591         },
 592 
 593 /* Cipher 1B */
 594         {
 595         1,
 596         SSL3_TXT_ADH_DES_192_CBC_SHA,
 597         SSL3_CK_ADH_DES_192_CBC_SHA,
 598         SSL_kEDH,
 599         SSL_aNULL,
 600         SSL_3DES,
 601         SSL_SHA1,
 602         SSL_SSLV3,
 603         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 604         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 605         112,
 606         168,
 607         },
 608 
 609 /* Fortezza ciphersuite from SSL 3.0 spec */
 610 #if 0
 611 /* Cipher 1C */
 612         {
 613         0,
 614         SSL3_TXT_FZA_DMS_NULL_SHA,
 615         SSL3_CK_FZA_DMS_NULL_SHA,
 616         SSL_kFZA,
 617         SSL_aFZA,
 618         SSL_eNULL,
 619         SSL_SHA1,
 620         SSL_SSLV3,
 621         SSL_NOT_EXP|SSL_STRONG_NONE,
 622         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 623         0,
 624         0,
 625         },
 626 
 627 /* Cipher 1D */
 628         {
 629         0,
 630         SSL3_TXT_FZA_DMS_FZA_SHA,
 631         SSL3_CK_FZA_DMS_FZA_SHA,
 632         SSL_kFZA,
 633         SSL_aFZA,
 634         SSL_eFZA,
 635         SSL_SHA1,
 636         SSL_SSLV3,
 637         SSL_NOT_EXP|SSL_STRONG_NONE,
 638         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 639         0,
 640         0,
 641         },
 642 
 643 /* Cipher 1E */
 644         {
 645         0,
 646         SSL3_TXT_FZA_DMS_RC4_SHA,
 647         SSL3_CK_FZA_DMS_RC4_SHA,
 648         SSL_kFZA,
 649         SSL_aFZA,
 650         SSL_RC4,
 651         SSL_SHA1,
 652         SSL_SSLV3,
 653         SSL_NOT_EXP|SSL_MEDIUM,
 654         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 655         128,
 656         128,
 657         },
 658 #endif
 659 
 660 #ifndef OPENSSL_NO_KRB5
 661 /* The Kerberos ciphers*/
 662 /* Cipher 1E */
 663         {
 664         1,
 665         SSL3_TXT_KRB5_DES_64_CBC_SHA,
 666         SSL3_CK_KRB5_DES_64_CBC_SHA,
 667         SSL_kKRB5,
 668         SSL_aKRB5,
 669         SSL_DES,
 670         SSL_SHA1,
 671         SSL_SSLV3,
 672         SSL_NOT_EXP|SSL_LOW,
 673         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 674         56,
 675         56,
 676         },
 677 
 678 /* Cipher 1F */
 679         {
 680         1,
 681         SSL3_TXT_KRB5_DES_192_CBC3_SHA,
 682         SSL3_CK_KRB5_DES_192_CBC3_SHA,
 683         SSL_kKRB5,
 684         SSL_aKRB5,
 685         SSL_3DES,
 686         SSL_SHA1,
 687         SSL_SSLV3,
 688         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 689         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 690         112,
 691         168,
 692         },
 693 
 694 /* Cipher 20 */
 695         {
 696         1,
 697         SSL3_TXT_KRB5_RC4_128_SHA,
 698         SSL3_CK_KRB5_RC4_128_SHA,
 699         SSL_kKRB5,
 700         SSL_aKRB5,
 701         SSL_RC4,
 702         SSL_SHA1,
 703         SSL_SSLV3,
 704         SSL_NOT_EXP|SSL_MEDIUM,
 705         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 706         128,
 707         128,
 708         },
 709 
 710 /* Cipher 21 */
 711         {
 712         1,
 713         SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
 714         SSL3_CK_KRB5_IDEA_128_CBC_SHA,
 715         SSL_kKRB5,
 716         SSL_aKRB5,
 717         SSL_IDEA,
 718         SSL_SHA1,
 719         SSL_SSLV3,
 720         SSL_NOT_EXP|SSL_MEDIUM,
 721         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 722         128,
 723         128,
 724         },
 725 
 726 /* Cipher 22 */
 727         {
 728         1,
 729         SSL3_TXT_KRB5_DES_64_CBC_MD5,
 730         SSL3_CK_KRB5_DES_64_CBC_MD5,
 731         SSL_kKRB5,
 732         SSL_aKRB5,
 733         SSL_DES,
 734         SSL_MD5,
 735         SSL_SSLV3,
 736         SSL_NOT_EXP|SSL_LOW,
 737         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 738         56,
 739         56,
 740         },
 741 
 742 /* Cipher 23 */
 743         {
 744         1,
 745         SSL3_TXT_KRB5_DES_192_CBC3_MD5,
 746         SSL3_CK_KRB5_DES_192_CBC3_MD5,
 747         SSL_kKRB5,
 748         SSL_aKRB5,
 749         SSL_3DES,
 750         SSL_MD5,
 751         SSL_SSLV3,
 752         SSL_NOT_EXP|SSL_HIGH,
 753         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 754         112,
 755         168,
 756         },
 757 
 758 /* Cipher 24 */
 759         {
 760         1,
 761         SSL3_TXT_KRB5_RC4_128_MD5,
 762         SSL3_CK_KRB5_RC4_128_MD5,
 763         SSL_kKRB5,
 764         SSL_aKRB5,
 765         SSL_RC4,
 766         SSL_MD5,
 767         SSL_SSLV3,
 768         SSL_NOT_EXP|SSL_MEDIUM,
 769         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 770         128,
 771         128,
 772         },
 773 
 774 /* Cipher 25 */
 775         {
 776         1,
 777         SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
 778         SSL3_CK_KRB5_IDEA_128_CBC_MD5,
 779         SSL_kKRB5,
 780         SSL_aKRB5,
 781         SSL_IDEA,
 782         SSL_MD5,
 783         SSL_SSLV3,
 784         SSL_NOT_EXP|SSL_MEDIUM,
 785         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 786         128,
 787         128,
 788         },
 789 
 790 /* Cipher 26 */
 791         {
 792         1,
 793         SSL3_TXT_KRB5_DES_40_CBC_SHA,
 794         SSL3_CK_KRB5_DES_40_CBC_SHA,
 795         SSL_kKRB5,
 796         SSL_aKRB5,
 797         SSL_DES,
 798         SSL_SHA1,
 799         SSL_SSLV3,
 800         SSL_EXPORT|SSL_EXP40,
 801         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 802         40,
 803         56,
 804         },
 805 
 806 /* Cipher 27 */
 807         {
 808         1,
 809         SSL3_TXT_KRB5_RC2_40_CBC_SHA,
 810         SSL3_CK_KRB5_RC2_40_CBC_SHA,
 811         SSL_kKRB5,
 812         SSL_aKRB5,
 813         SSL_RC2,
 814         SSL_SHA1,
 815         SSL_SSLV3,
 816         SSL_EXPORT|SSL_EXP40,
 817         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 818         40,
 819         128,
 820         },
 821 
 822 /* Cipher 28 */
 823         {
 824         1,
 825         SSL3_TXT_KRB5_RC4_40_SHA,
 826         SSL3_CK_KRB5_RC4_40_SHA,
 827         SSL_kKRB5,
 828         SSL_aKRB5,
 829         SSL_RC4,
 830         SSL_SHA1,
 831         SSL_SSLV3,
 832         SSL_EXPORT|SSL_EXP40,
 833         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 834         40,
 835         128,
 836         },
 837 
 838 /* Cipher 29 */
 839         {
 840         1,
 841         SSL3_TXT_KRB5_DES_40_CBC_MD5,
 842         SSL3_CK_KRB5_DES_40_CBC_MD5,
 843         SSL_kKRB5,
 844         SSL_aKRB5,
 845         SSL_DES,
 846         SSL_MD5,
 847         SSL_SSLV3,
 848         SSL_EXPORT|SSL_EXP40,
 849         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 850         40,
 851         56,
 852         },
 853 
 854 /* Cipher 2A */
 855         {
 856         1,
 857         SSL3_TXT_KRB5_RC2_40_CBC_MD5,
 858         SSL3_CK_KRB5_RC2_40_CBC_MD5,
 859         SSL_kKRB5,
 860         SSL_aKRB5,
 861         SSL_RC2,
 862         SSL_MD5,
 863         SSL_SSLV3,
 864         SSL_EXPORT|SSL_EXP40,
 865         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 866         40,
 867         128,
 868         },
 869 
 870 /* Cipher 2B */
 871         {
 872         1,
 873         SSL3_TXT_KRB5_RC4_40_MD5,
 874         SSL3_CK_KRB5_RC4_40_MD5,
 875         SSL_kKRB5,
 876         SSL_aKRB5,
 877         SSL_RC4,
 878         SSL_MD5,
 879         SSL_SSLV3,
 880         SSL_EXPORT|SSL_EXP40,
 881         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 882         40,
 883         128,
 884         },
 885 #endif  /* OPENSSL_NO_KRB5 */
 886 
 887 /* New AES ciphersuites */
 888 /* Cipher 2F */
 889         {
 890         1,
 891         TLS1_TXT_RSA_WITH_AES_128_SHA,
 892         TLS1_CK_RSA_WITH_AES_128_SHA,
 893         SSL_kRSA,
 894         SSL_aRSA,
 895         SSL_AES128,
 896         SSL_SHA1,
 897         SSL_TLSV1,
 898         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 899         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 900         128,
 901         128,
 902         },
 903 /* Cipher 30 */
 904         {
 905         0,
 906         TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
 907         TLS1_CK_DH_DSS_WITH_AES_128_SHA,
 908         SSL_kDHd,
 909         SSL_aDH,
 910         SSL_AES128,
 911         SSL_SHA1,
 912         SSL_TLSV1,
 913         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 914         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 915         128,
 916         128,
 917         },
 918 /* Cipher 31 */
 919         {
 920         0,
 921         TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
 922         TLS1_CK_DH_RSA_WITH_AES_128_SHA,
 923         SSL_kDHr,
 924         SSL_aDH,
 925         SSL_AES128,
 926         SSL_SHA1,
 927         SSL_TLSV1,
 928         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 929         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 930         128,
 931         128,
 932         },
 933 /* Cipher 32 */
 934         {
 935         1,
 936         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
 937         TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
 938         SSL_kEDH,
 939         SSL_aDSS,
 940         SSL_AES128,
 941         SSL_SHA1,
 942         SSL_TLSV1,
 943         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 944         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 945         128,
 946         128,
 947         },
 948 /* Cipher 33 */
 949         {
 950         1,
 951         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
 952         TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
 953         SSL_kEDH,
 954         SSL_aRSA,
 955         SSL_AES128,
 956         SSL_SHA1,
 957         SSL_TLSV1,
 958         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 959         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 960         128,
 961         128,
 962         },
 963 /* Cipher 34 */
 964         {
 965         1,
 966         TLS1_TXT_ADH_WITH_AES_128_SHA,
 967         TLS1_CK_ADH_WITH_AES_128_SHA,
 968         SSL_kEDH,
 969         SSL_aNULL,
 970         SSL_AES128,
 971         SSL_SHA1,
 972         SSL_TLSV1,
 973         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 974         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 975         128,
 976         128,
 977         },
 978 
 979 /* Cipher 35 */
 980         {
 981         1,
 982         TLS1_TXT_RSA_WITH_AES_256_SHA,
 983         TLS1_CK_RSA_WITH_AES_256_SHA,
 984         SSL_kRSA,
 985         SSL_aRSA,
 986         SSL_AES256,
 987         SSL_SHA1,
 988         SSL_TLSV1,
 989         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 990         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 991         256,
 992         256,
 993         },
 994 /* Cipher 36 */
 995         {
 996         0,
 997         TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
 998         TLS1_CK_DH_DSS_WITH_AES_256_SHA,
 999         SSL_kDHd,
1000         SSL_aDH,
1001         SSL_AES256,
1002         SSL_SHA1,
1003         SSL_TLSV1,
1004         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006         256,
1007         256,
1008         },
1009 
1010 /* Cipher 37 */
1011         {
1012         0, /* not implemented (non-ephemeral DH) */
1013         TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014         TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015         SSL_kDHr,
1016         SSL_aDH,
1017         SSL_AES256,
1018         SSL_SHA1,
1019         SSL_TLSV1,
1020         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022         256,
1023         256,
1024         },
1025 
1026 /* Cipher 38 */
1027         {
1028         1,
1029         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030         TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031         SSL_kEDH,
1032         SSL_aDSS,
1033         SSL_AES256,
1034         SSL_SHA1,
1035         SSL_TLSV1,
1036         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038         256,
1039         256,
1040         },
1041 
1042 /* Cipher 39 */
1043         {
1044         1,
1045         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046         TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047         SSL_kEDH,
1048         SSL_aRSA,
1049         SSL_AES256,
1050         SSL_SHA1,
1051         SSL_TLSV1,
1052         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054         256,
1055         256,
1056         },
1057 
1058         /* Cipher 3A */
1059         {
1060         1,
1061         TLS1_TXT_ADH_WITH_AES_256_SHA,
1062         TLS1_CK_ADH_WITH_AES_256_SHA,
1063         SSL_kEDH,
1064         SSL_aNULL,
1065         SSL_AES256,
1066         SSL_SHA1,
1067         SSL_TLSV1,
1068         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070         256,
1071         256,
1072         },
1073 
1074         /* TLS v1.2 ciphersuites */
1075         /* Cipher 3B */
1076         {
1077         1,
1078         TLS1_TXT_RSA_WITH_NULL_SHA256,
1079         TLS1_CK_RSA_WITH_NULL_SHA256,
1080         SSL_kRSA,
1081         SSL_aRSA,
1082         SSL_eNULL,
1083         SSL_SHA256,
1084         SSL_TLSV1_2,
1085         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087         0,
1088         0,
1089         },
1090 
1091         /* Cipher 3C */
1092         {
1093         1,
1094         TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095         TLS1_CK_RSA_WITH_AES_128_SHA256,
1096         SSL_kRSA,
1097         SSL_aRSA,
1098         SSL_AES128,
1099         SSL_SHA256,
1100         SSL_TLSV1_2,
1101         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103         128,
1104         128,
1105         },
1106 
1107         /* Cipher 3D */
1108         {
1109         1,
1110         TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111         TLS1_CK_RSA_WITH_AES_256_SHA256,
1112         SSL_kRSA,
1113         SSL_aRSA,
1114         SSL_AES256,
1115         SSL_SHA256,
1116         SSL_TLSV1_2,
1117         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119         256,
1120         256,
1121         },
1122 
1123         /* Cipher 3E */
1124         {
1125         0, /* not implemented (non-ephemeral DH) */
1126         TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127         TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128         SSL_kDHd,
1129         SSL_aDH,
1130         SSL_AES128,
1131         SSL_SHA256,
1132         SSL_TLSV1_2,
1133         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135         128,
1136         128,
1137         },
1138 
1139         /* Cipher 3F */
1140         {
1141         0, /* not implemented (non-ephemeral DH) */
1142         TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143         TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144         SSL_kDHr,
1145         SSL_aDH,
1146         SSL_AES128,
1147         SSL_SHA256,
1148         SSL_TLSV1_2,
1149         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151         128,
1152         128,
1153         },
1154 
1155         /* Cipher 40 */
1156         {
1157         1,
1158         TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159         TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160         SSL_kEDH,
1161         SSL_aDSS,
1162         SSL_AES128,
1163         SSL_SHA256,
1164         SSL_TLSV1_2,
1165         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167         128,
1168         128,
1169         },
1170 
1171 #ifndef OPENSSL_NO_CAMELLIA
1172         /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173 
1174         /* Cipher 41 */
1175         {
1176         1,
1177         TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178         TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179         SSL_kRSA,
1180         SSL_aRSA,
1181         SSL_CAMELLIA128,
1182         SSL_SHA1,
1183         SSL_TLSV1,
1184         SSL_NOT_EXP|SSL_HIGH,
1185         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186         128,
1187         128,
1188         },
1189 
1190         /* Cipher 42 */
1191         {
1192         0, /* not implemented (non-ephemeral DH) */
1193         TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194         TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195         SSL_kDHd,
1196         SSL_aDH,
1197         SSL_CAMELLIA128,
1198         SSL_SHA1,
1199         SSL_TLSV1,
1200         SSL_NOT_EXP|SSL_HIGH,
1201         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202         128,
1203         128,
1204         },
1205 
1206         /* Cipher 43 */
1207         {
1208         0, /* not implemented (non-ephemeral DH) */
1209         TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210         TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211         SSL_kDHr,
1212         SSL_aDH,
1213         SSL_CAMELLIA128,
1214         SSL_SHA1,
1215         SSL_TLSV1,
1216         SSL_NOT_EXP|SSL_HIGH,
1217         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218         128,
1219         128,
1220         },
1221 
1222         /* Cipher 44 */
1223         {
1224         1,
1225         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226         TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227         SSL_kEDH,
1228         SSL_aDSS,
1229         SSL_CAMELLIA128,
1230         SSL_SHA1,
1231         SSL_TLSV1,
1232         SSL_NOT_EXP|SSL_HIGH,
1233         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234         128,
1235         128,
1236         },
1237 
1238         /* Cipher 45 */
1239         {
1240         1,
1241         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242         TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243         SSL_kEDH,
1244         SSL_aRSA,
1245         SSL_CAMELLIA128,
1246         SSL_SHA1,
1247         SSL_TLSV1,
1248         SSL_NOT_EXP|SSL_HIGH,
1249         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250         128,
1251         128,
1252         },
1253 
1254         /* Cipher 46 */
1255         {
1256         1,
1257         TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258         TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259         SSL_kEDH,
1260         SSL_aNULL,
1261         SSL_CAMELLIA128,
1262         SSL_SHA1,
1263         SSL_TLSV1,
1264         SSL_NOT_EXP|SSL_HIGH,
1265         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266         128,
1267         128,
1268         },
1269 #endif /* OPENSSL_NO_CAMELLIA */
1270 
1271 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272         /* New TLS Export CipherSuites from expired ID */
1273 #if 0
1274         /* Cipher 60 */
1275         {
1276         1,
1277         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279         SSL_kRSA,
1280         SSL_aRSA,
1281         SSL_RC4,
1282         SSL_MD5,
1283         SSL_TLSV1,
1284         SSL_EXPORT|SSL_EXP56,
1285         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286         56,
1287         128,
1288         },
1289 
1290         /* Cipher 61 */
1291         {
1292         1,
1293         TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294         TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295         SSL_kRSA,
1296         SSL_aRSA,
1297         SSL_RC2,
1298         SSL_MD5,
1299         SSL_TLSV1,
1300         SSL_EXPORT|SSL_EXP56,
1301         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302         56,
1303         128,
1304         },
1305 #endif
1306 
1307         /* Cipher 62 */
1308         {
1309         1,
1310         TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311         TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312         SSL_kRSA,
1313         SSL_aRSA,
1314         SSL_DES,
1315         SSL_SHA1,
1316         SSL_TLSV1,
1317         SSL_EXPORT|SSL_EXP56,
1318         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319         56,
1320         56,
1321         },
1322 
1323         /* Cipher 63 */
1324         {
1325         1,
1326         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327         TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328         SSL_kEDH,
1329         SSL_aDSS,
1330         SSL_DES,
1331         SSL_SHA1,
1332         SSL_TLSV1,
1333         SSL_EXPORT|SSL_EXP56,
1334         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335         56,
1336         56,
1337         },
1338 
1339         /* Cipher 64 */
1340         {
1341         1,
1342         TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343         TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344         SSL_kRSA,
1345         SSL_aRSA,
1346         SSL_RC4,
1347         SSL_SHA1,
1348         SSL_TLSV1,
1349         SSL_EXPORT|SSL_EXP56,
1350         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351         56,
1352         128,
1353         },
1354 
1355         /* Cipher 65 */
1356         {
1357         1,
1358         TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359         TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360         SSL_kEDH,
1361         SSL_aDSS,
1362         SSL_RC4,
1363         SSL_SHA1,
1364         SSL_TLSV1,
1365         SSL_EXPORT|SSL_EXP56,
1366         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367         56,
1368         128,
1369         },
1370 
1371         /* Cipher 66 */
1372         {
1373         1,
1374         TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375         TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376         SSL_kEDH,
1377         SSL_aDSS,
1378         SSL_RC4,
1379         SSL_SHA1,
1380         SSL_TLSV1,
1381         SSL_NOT_EXP|SSL_MEDIUM,
1382         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383         128,
1384         128,
1385         },
1386 #endif
1387 
1388         /* TLS v1.2 ciphersuites */
1389         /* Cipher 67 */
1390         {
1391         1,
1392         TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393         TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394         SSL_kEDH,
1395         SSL_aRSA,
1396         SSL_AES128,
1397         SSL_SHA256,
1398         SSL_TLSV1_2,
1399         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401         128,
1402         128,
1403         },
1404 
1405         /* Cipher 68 */
1406         {
1407         0, /* not implemented (non-ephemeral DH) */
1408         TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409         TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410         SSL_kDHd,
1411         SSL_aDH,
1412         SSL_AES256,
1413         SSL_SHA256,
1414         SSL_TLSV1_2,
1415         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417         256,
1418         256,
1419         },
1420 
1421         /* Cipher 69 */
1422         {
1423         0, /* not implemented (non-ephemeral DH) */
1424         TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425         TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426         SSL_kDHr,
1427         SSL_aDH,
1428         SSL_AES256,
1429         SSL_SHA256,
1430         SSL_TLSV1_2,
1431         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433         256,
1434         256,
1435         },
1436 
1437         /* Cipher 6A */
1438         {
1439         1,
1440         TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441         TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442         SSL_kEDH,
1443         SSL_aDSS,
1444         SSL_AES256,
1445         SSL_SHA256,
1446         SSL_TLSV1_2,
1447         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449         256,
1450         256,
1451         },
1452 
1453         /* Cipher 6B */
1454         {
1455         1,
1456         TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457         TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458         SSL_kEDH,
1459         SSL_aRSA,
1460         SSL_AES256,
1461         SSL_SHA256,
1462         SSL_TLSV1_2,
1463         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465         256,
1466         256,
1467         },
1468 
1469         /* Cipher 6C */
1470         {
1471         1,
1472         TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473         TLS1_CK_ADH_WITH_AES_128_SHA256,
1474         SSL_kEDH,
1475         SSL_aNULL,
1476         SSL_AES128,
1477         SSL_SHA256,
1478         SSL_TLSV1_2,
1479         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481         128,
1482         128,
1483         },
1484 
1485         /* Cipher 6D */
1486         {
1487         1,
1488         TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489         TLS1_CK_ADH_WITH_AES_256_SHA256,
1490         SSL_kEDH,
1491         SSL_aNULL,
1492         SSL_AES256,
1493         SSL_SHA256,
1494         SSL_TLSV1_2,
1495         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497         256,
1498         256,
1499         },
1500 
1501         /* GOST Ciphersuites */
1502 
1503         {
1504         1,
1505         "GOST94-GOST89-GOST89",
1506         0x3000080,
1507         SSL_kGOST,
1508         SSL_aGOST94,
1509         SSL_eGOST2814789CNT,
1510         SSL_GOST89MAC,
1511         SSL_TLSV1,
1512         SSL_NOT_EXP|SSL_HIGH,
1513         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514         256,
1515         256
1516         },
1517         {
1518         1,
1519         "GOST2001-GOST89-GOST89",
1520         0x3000081,
1521         SSL_kGOST,
1522         SSL_aGOST01,
1523         SSL_eGOST2814789CNT,
1524         SSL_GOST89MAC,
1525         SSL_TLSV1,
1526         SSL_NOT_EXP|SSL_HIGH,
1527         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528         256,
1529         256
1530         },
1531         {
1532         1,
1533         "GOST94-NULL-GOST94",
1534         0x3000082,
1535         SSL_kGOST,
1536         SSL_aGOST94,
1537         SSL_eNULL,
1538         SSL_GOST94,
1539         SSL_TLSV1,
1540         SSL_NOT_EXP|SSL_STRONG_NONE,
1541         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542         0,
1543         0
1544         },
1545         {
1546         1,
1547         "GOST2001-NULL-GOST94",
1548         0x3000083,
1549         SSL_kGOST,
1550         SSL_aGOST01,
1551         SSL_eNULL,
1552         SSL_GOST94,
1553         SSL_TLSV1,
1554         SSL_NOT_EXP|SSL_STRONG_NONE,
1555         SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556         0,
1557         0
1558         },
1559 
1560 #ifndef OPENSSL_NO_CAMELLIA
1561         /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1562 
1563         /* Cipher 84 */
1564         {
1565         1,
1566         TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567         TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568         SSL_kRSA,
1569         SSL_aRSA,
1570         SSL_CAMELLIA256,
1571         SSL_SHA1,
1572         SSL_TLSV1,
1573         SSL_NOT_EXP|SSL_HIGH,
1574         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575         256,
1576         256,
1577         },
1578         /* Cipher 85 */
1579         {
1580         0, /* not implemented (non-ephemeral DH) */
1581         TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582         TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583         SSL_kDHd,
1584         SSL_aDH,
1585         SSL_CAMELLIA256,
1586         SSL_SHA1,
1587         SSL_TLSV1,
1588         SSL_NOT_EXP|SSL_HIGH,
1589         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590         256,
1591         256,
1592         },
1593 
1594         /* Cipher 86 */
1595         {
1596         0, /* not implemented (non-ephemeral DH) */
1597         TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598         TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599         SSL_kDHr,
1600         SSL_aDH,
1601         SSL_CAMELLIA256,
1602         SSL_SHA1,
1603         SSL_TLSV1,
1604         SSL_NOT_EXP|SSL_HIGH,
1605         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606         256,
1607         256,
1608         },
1609 
1610         /* Cipher 87 */
1611         {
1612         1,
1613         TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614         TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615         SSL_kEDH,
1616         SSL_aDSS,
1617         SSL_CAMELLIA256,
1618         SSL_SHA1,
1619         SSL_TLSV1,
1620         SSL_NOT_EXP|SSL_HIGH,
1621         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622         256,
1623         256,
1624         },
1625 
1626         /* Cipher 88 */
1627         {
1628         1,
1629         TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630         TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631         SSL_kEDH,
1632         SSL_aRSA,
1633         SSL_CAMELLIA256,
1634         SSL_SHA1,
1635         SSL_TLSV1,
1636         SSL_NOT_EXP|SSL_HIGH,
1637         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638         256,
1639         256,
1640         },
1641 
1642         /* Cipher 89 */
1643         {
1644         1,
1645         TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646         TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647         SSL_kEDH,
1648         SSL_aNULL,
1649         SSL_CAMELLIA256,
1650         SSL_SHA1,
1651         SSL_TLSV1,
1652         SSL_NOT_EXP|SSL_HIGH,
1653         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654         256,
1655         256,
1656         },
1657 #endif /* OPENSSL_NO_CAMELLIA */
1658 
1659 #ifndef OPENSSL_NO_PSK
1660         /* Cipher 8A */
1661         {
1662         1,
1663         TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664         TLS1_CK_PSK_WITH_RC4_128_SHA,
1665         SSL_kPSK,
1666         SSL_aPSK,
1667         SSL_RC4,
1668         SSL_SHA1,
1669         SSL_TLSV1,
1670         SSL_NOT_EXP|SSL_MEDIUM,
1671         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672         128,
1673         128,
1674         },
1675 
1676         /* Cipher 8B */
1677         {
1678         1,
1679         TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680         TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681         SSL_kPSK,
1682         SSL_aPSK,
1683         SSL_3DES,
1684         SSL_SHA1,
1685         SSL_TLSV1,
1686         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1687         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688         112,
1689         168,
1690         },
1691 
1692         /* Cipher 8C */
1693         {
1694         1,
1695         TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696         TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697         SSL_kPSK,
1698         SSL_aPSK,
1699         SSL_AES128,
1700         SSL_SHA1,
1701         SSL_TLSV1,
1702         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1703         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704         128,
1705         128,
1706         },
1707 
1708         /* Cipher 8D */
1709         {
1710         1,
1711         TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712         TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713         SSL_kPSK,
1714         SSL_aPSK,
1715         SSL_AES256,
1716         SSL_SHA1,
1717         SSL_TLSV1,
1718         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1719         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720         256,
1721         256,
1722         },
1723 #endif  /* OPENSSL_NO_PSK */
1724 
1725 #ifndef OPENSSL_NO_SEED
1726         /* SEED ciphersuites from RFC4162 */
1727 
1728         /* Cipher 96 */
1729         {
1730         1,
1731         TLS1_TXT_RSA_WITH_SEED_SHA,
1732         TLS1_CK_RSA_WITH_SEED_SHA,
1733         SSL_kRSA,
1734         SSL_aRSA,
1735         SSL_SEED,
1736         SSL_SHA1,
1737         SSL_TLSV1,
1738         SSL_NOT_EXP|SSL_MEDIUM,
1739         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740         128,
1741         128,
1742         },
1743 
1744         /* Cipher 97 */
1745         {
1746         0, /* not implemented (non-ephemeral DH) */
1747         TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748         TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749         SSL_kDHd,
1750         SSL_aDH,
1751         SSL_SEED,
1752         SSL_SHA1,
1753         SSL_TLSV1,
1754         SSL_NOT_EXP|SSL_MEDIUM,
1755         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756         128,
1757         128,
1758         },
1759 
1760         /* Cipher 98 */
1761         {
1762         0, /* not implemented (non-ephemeral DH) */
1763         TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764         TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765         SSL_kDHr,
1766         SSL_aDH,
1767         SSL_SEED,
1768         SSL_SHA1,
1769         SSL_TLSV1,
1770         SSL_NOT_EXP|SSL_MEDIUM,
1771         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772         128,
1773         128,
1774         },
1775 
1776         /* Cipher 99 */
1777         {
1778         1,
1779         TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780         TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781         SSL_kEDH,
1782         SSL_aDSS,
1783         SSL_SEED,
1784         SSL_SHA1,
1785         SSL_TLSV1,
1786         SSL_NOT_EXP|SSL_MEDIUM,
1787         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788         128,
1789         128,
1790         },
1791 
1792         /* Cipher 9A */
1793         {
1794         1,
1795         TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796         TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797         SSL_kEDH,
1798         SSL_aRSA,
1799         SSL_SEED,
1800         SSL_SHA1,
1801         SSL_TLSV1,
1802         SSL_NOT_EXP|SSL_MEDIUM,
1803         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804         128,
1805         128,
1806         },
1807 
1808         /* Cipher 9B */
1809         {
1810         1,
1811         TLS1_TXT_ADH_WITH_SEED_SHA,
1812         TLS1_CK_ADH_WITH_SEED_SHA,
1813         SSL_kEDH,
1814         SSL_aNULL,
1815         SSL_SEED,
1816         SSL_SHA1,
1817         SSL_TLSV1,
1818         SSL_NOT_EXP|SSL_MEDIUM,
1819         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820         128,
1821         128,
1822         },
1823 
1824 #endif /* OPENSSL_NO_SEED */
1825 
1826         /* GCM ciphersuites from RFC5288 */
1827 
1828         /* Cipher 9C */
1829         {
1830         1,
1831         TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832         TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833         SSL_kRSA,
1834         SSL_aRSA,
1835         SSL_AES128GCM,
1836         SSL_AEAD,
1837         SSL_TLSV1_2,
1838         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840         128,
1841         128,
1842         },
1843 
1844         /* Cipher 9D */
1845         {
1846         1,
1847         TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848         TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849         SSL_kRSA,
1850         SSL_aRSA,
1851         SSL_AES256GCM,
1852         SSL_AEAD,
1853         SSL_TLSV1_2,
1854         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856         256,
1857         256,
1858         },
1859 
1860         /* Cipher 9E */
1861         {
1862         1,
1863         TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864         TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865         SSL_kEDH,
1866         SSL_aRSA,
1867         SSL_AES128GCM,
1868         SSL_AEAD,
1869         SSL_TLSV1_2,
1870         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872         128,
1873         128,
1874         },
1875 
1876         /* Cipher 9F */
1877         {
1878         1,
1879         TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880         TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881         SSL_kEDH,
1882         SSL_aRSA,
1883         SSL_AES256GCM,
1884         SSL_AEAD,
1885         SSL_TLSV1_2,
1886         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888         256,
1889         256,
1890         },
1891 
1892         /* Cipher A0 */
1893         {
1894         0,
1895         TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896         TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897         SSL_kDHr,
1898         SSL_aDH,
1899         SSL_AES128GCM,
1900         SSL_AEAD,
1901         SSL_TLSV1_2,
1902         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904         128,
1905         128,
1906         },
1907 
1908         /* Cipher A1 */
1909         {
1910         0,
1911         TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912         TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913         SSL_kDHr,
1914         SSL_aDH,
1915         SSL_AES256GCM,
1916         SSL_AEAD,
1917         SSL_TLSV1_2,
1918         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920         256,
1921         256,
1922         },
1923 
1924         /* Cipher A2 */
1925         {
1926         1,
1927         TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928         TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929         SSL_kEDH,
1930         SSL_aDSS,
1931         SSL_AES128GCM,
1932         SSL_AEAD,
1933         SSL_TLSV1_2,
1934         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936         128,
1937         128,
1938         },
1939 
1940         /* Cipher A3 */
1941         {
1942         1,
1943         TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944         TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945         SSL_kEDH,
1946         SSL_aDSS,
1947         SSL_AES256GCM,
1948         SSL_AEAD,
1949         SSL_TLSV1_2,
1950         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952         256,
1953         256,
1954         },
1955 
1956         /* Cipher A4 */
1957         {
1958         0,
1959         TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960         TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961         SSL_kDHd,
1962         SSL_aDH,
1963         SSL_AES128GCM,
1964         SSL_AEAD,
1965         SSL_TLSV1_2,
1966         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968         128,
1969         128,
1970         },
1971 
1972         /* Cipher A5 */
1973         {
1974         0,
1975         TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976         TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977         SSL_kDHd,
1978         SSL_aDH,
1979         SSL_AES256GCM,
1980         SSL_AEAD,
1981         SSL_TLSV1_2,
1982         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984         256,
1985         256,
1986         },
1987 
1988         /* Cipher A6 */
1989         {
1990         1,
1991         TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992         TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993         SSL_kEDH,
1994         SSL_aNULL,
1995         SSL_AES128GCM,
1996         SSL_AEAD,
1997         SSL_TLSV1_2,
1998         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000         128,
2001         128,
2002         },
2003 
2004         /* Cipher A7 */
2005         {
2006         1,
2007         TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008         TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009         SSL_kEDH,
2010         SSL_aNULL,
2011         SSL_AES256GCM,
2012         SSL_AEAD,
2013         SSL_TLSV1_2,
2014         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016         256,
2017         256,
2018         },
2019 
2020 #ifndef OPENSSL_NO_ECDH
2021         /* Cipher C001 */
2022         {
2023         1,
2024         TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025         TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026         SSL_kECDHe,
2027         SSL_aECDH,
2028         SSL_eNULL,
2029         SSL_SHA1,
2030         SSL_TLSV1,
2031         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033         0,
2034         0,
2035         },
2036 
2037         /* Cipher C002 */
2038         {
2039         1,
2040         TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041         TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042         SSL_kECDHe,
2043         SSL_aECDH,
2044         SSL_RC4,
2045         SSL_SHA1,
2046         SSL_TLSV1,
2047         SSL_NOT_EXP|SSL_MEDIUM,
2048         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049         128,
2050         128,
2051         },
2052 
2053         /* Cipher C003 */
2054         {
2055         1,
2056         TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057         TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058         SSL_kECDHe,
2059         SSL_aECDH,
2060         SSL_3DES,
2061         SSL_SHA1,
2062         SSL_TLSV1,
2063         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065         112,
2066         168,
2067         },
2068 
2069         /* Cipher C004 */
2070         {
2071         1,
2072         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073         TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074         SSL_kECDHe,
2075         SSL_aECDH,
2076         SSL_AES128,
2077         SSL_SHA1,
2078         SSL_TLSV1,
2079         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081         128,
2082         128,
2083         },
2084 
2085         /* Cipher C005 */
2086         {
2087         1,
2088         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089         TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090         SSL_kECDHe,
2091         SSL_aECDH,
2092         SSL_AES256,
2093         SSL_SHA1,
2094         SSL_TLSV1,
2095         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097         256,
2098         256,
2099         },
2100 
2101         /* Cipher C006 */
2102         {
2103         1,
2104         TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105         TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106         SSL_kEECDH,
2107         SSL_aECDSA,
2108         SSL_eNULL,
2109         SSL_SHA1,
2110         SSL_TLSV1,
2111         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113         0,
2114         0,
2115         },
2116 
2117         /* Cipher C007 */
2118         {
2119         1,
2120         TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121         TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122         SSL_kEECDH,
2123         SSL_aECDSA,
2124         SSL_RC4,
2125         SSL_SHA1,
2126         SSL_TLSV1,
2127         SSL_NOT_EXP|SSL_MEDIUM,
2128         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129         128,
2130         128,
2131         },
2132 
2133         /* Cipher C008 */
2134         {
2135         1,
2136         TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137         TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138         SSL_kEECDH,
2139         SSL_aECDSA,
2140         SSL_3DES,
2141         SSL_SHA1,
2142         SSL_TLSV1,
2143         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145         112,
2146         168,
2147         },
2148 
2149         /* Cipher C009 */
2150         {
2151         1,
2152         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154         SSL_kEECDH,
2155         SSL_aECDSA,
2156         SSL_AES128,
2157         SSL_SHA1,
2158         SSL_TLSV1,
2159         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161         128,
2162         128,
2163         },
2164 
2165         /* Cipher C00A */
2166         {
2167         1,
2168         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170         SSL_kEECDH,
2171         SSL_aECDSA,
2172         SSL_AES256,
2173         SSL_SHA1,
2174         SSL_TLSV1,
2175         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177         256,
2178         256,
2179         },
2180 
2181         /* Cipher C00B */
2182         {
2183         1,
2184         TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185         TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186         SSL_kECDHr,
2187         SSL_aECDH,
2188         SSL_eNULL,
2189         SSL_SHA1,
2190         SSL_TLSV1,
2191         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193         0,
2194         0,
2195         },
2196 
2197         /* Cipher C00C */
2198         {
2199         1,
2200         TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201         TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202         SSL_kECDHr,
2203         SSL_aECDH,
2204         SSL_RC4,
2205         SSL_SHA1,
2206         SSL_TLSV1,
2207         SSL_NOT_EXP|SSL_MEDIUM,
2208         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209         128,
2210         128,
2211         },
2212 
2213         /* Cipher C00D */
2214         {
2215         1,
2216         TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217         TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218         SSL_kECDHr,
2219         SSL_aECDH,
2220         SSL_3DES,
2221         SSL_SHA1,
2222         SSL_TLSV1,
2223         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225         112,
2226         168,
2227         },
2228 
2229         /* Cipher C00E */
2230         {
2231         1,
2232         TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233         TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234         SSL_kECDHr,
2235         SSL_aECDH,
2236         SSL_AES128,
2237         SSL_SHA1,
2238         SSL_TLSV1,
2239         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241         128,
2242         128,
2243         },
2244 
2245         /* Cipher C00F */
2246         {
2247         1,
2248         TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249         TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250         SSL_kECDHr,
2251         SSL_aECDH,
2252         SSL_AES256,
2253         SSL_SHA1,
2254         SSL_TLSV1,
2255         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257         256,
2258         256,
2259         },
2260 
2261         /* Cipher C010 */
2262         {
2263         1,
2264         TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265         TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266         SSL_kEECDH,
2267         SSL_aRSA,
2268         SSL_eNULL,
2269         SSL_SHA1,
2270         SSL_TLSV1,
2271         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273         0,
2274         0,
2275         },
2276 
2277         /* Cipher C011 */
2278         {
2279         1,
2280         TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281         TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282         SSL_kEECDH,
2283         SSL_aRSA,
2284         SSL_RC4,
2285         SSL_SHA1,
2286         SSL_TLSV1,
2287         SSL_NOT_EXP|SSL_MEDIUM,
2288         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289         128,
2290         128,
2291         },
2292 
2293         /* Cipher C012 */
2294         {
2295         1,
2296         TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297         TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298         SSL_kEECDH,
2299         SSL_aRSA,
2300         SSL_3DES,
2301         SSL_SHA1,
2302         SSL_TLSV1,
2303         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305         112,
2306         168,
2307         },
2308 
2309         /* Cipher C013 */
2310         {
2311         1,
2312         TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313         TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314         SSL_kEECDH,
2315         SSL_aRSA,
2316         SSL_AES128,
2317         SSL_SHA1,
2318         SSL_TLSV1,
2319         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321         128,
2322         128,
2323         },
2324 
2325         /* Cipher C014 */
2326         {
2327         1,
2328         TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329         TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330         SSL_kEECDH,
2331         SSL_aRSA,
2332         SSL_AES256,
2333         SSL_SHA1,
2334         SSL_TLSV1,
2335         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337         256,
2338         256,
2339         },
2340 
2341         /* Cipher C015 */
2342         {
2343         1,
2344         TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345         TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346         SSL_kEECDH,
2347         SSL_aNULL,
2348         SSL_eNULL,
2349         SSL_SHA1,
2350         SSL_TLSV1,
2351         SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353         0,
2354         0,
2355         },
2356 
2357         /* Cipher C016 */
2358         {
2359         1,
2360         TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361         TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362         SSL_kEECDH,
2363         SSL_aNULL,
2364         SSL_RC4,
2365         SSL_SHA1,
2366         SSL_TLSV1,
2367         SSL_NOT_EXP|SSL_MEDIUM,
2368         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369         128,
2370         128,
2371         },
2372 
2373         /* Cipher C017 */
2374         {
2375         1,
2376         TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377         TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378         SSL_kEECDH,
2379         SSL_aNULL,
2380         SSL_3DES,
2381         SSL_SHA1,
2382         SSL_TLSV1,
2383         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385         112,
2386         168,
2387         },
2388 
2389         /* Cipher C018 */
2390         {
2391         1,
2392         TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393         TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394         SSL_kEECDH,
2395         SSL_aNULL,
2396         SSL_AES128,
2397         SSL_SHA1,
2398         SSL_TLSV1,
2399         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401         128,
2402         128,
2403         },
2404 
2405         /* Cipher C019 */
2406         {
2407         1,
2408         TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409         TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410         SSL_kEECDH,
2411         SSL_aNULL,
2412         SSL_AES256,
2413         SSL_SHA1,
2414         SSL_TLSV1,
2415         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417         256,
2418         256,
2419         },
2420 #endif  /* OPENSSL_NO_ECDH */
2421 
2422 #ifndef OPENSSL_NO_SRP
2423         /* Cipher C01A */
2424         {
2425         1,
2426         TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427         TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428         SSL_kSRP,
2429         SSL_aSRP,
2430         SSL_3DES,
2431         SSL_SHA1,
2432         SSL_TLSV1,
2433         SSL_NOT_EXP|SSL_HIGH,
2434         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435         112,
2436         168,
2437         },
2438 
2439         /* Cipher C01B */
2440         {
2441         1,
2442         TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443         TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444         SSL_kSRP,
2445         SSL_aRSA,
2446         SSL_3DES,
2447         SSL_SHA1,
2448         SSL_TLSV1,
2449         SSL_NOT_EXP|SSL_HIGH,
2450         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451         112,
2452         168,
2453         },
2454 
2455         /* Cipher C01C */
2456         {
2457         1,
2458         TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459         TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460         SSL_kSRP,
2461         SSL_aDSS,
2462         SSL_3DES,
2463         SSL_SHA1,
2464         SSL_TLSV1,
2465         SSL_NOT_EXP|SSL_HIGH,
2466         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467         112,
2468         168,
2469         },
2470 
2471         /* Cipher C01D */
2472         {
2473         1,
2474         TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475         TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476         SSL_kSRP,
2477         SSL_aSRP,
2478         SSL_AES128,
2479         SSL_SHA1,
2480         SSL_TLSV1,
2481         SSL_NOT_EXP|SSL_HIGH,
2482         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483         128,
2484         128,
2485         },
2486 
2487         /* Cipher C01E */
2488         {
2489         1,
2490         TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491         TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492         SSL_kSRP,
2493         SSL_aRSA,
2494         SSL_AES128,
2495         SSL_SHA1,
2496         SSL_TLSV1,
2497         SSL_NOT_EXP|SSL_HIGH,
2498         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499         128,
2500         128,
2501         },
2502 
2503         /* Cipher C01F */
2504         {
2505         1,
2506         TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507         TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508         SSL_kSRP,
2509         SSL_aDSS,
2510         SSL_AES128,
2511         SSL_SHA1,
2512         SSL_TLSV1,
2513         SSL_NOT_EXP|SSL_HIGH,
2514         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515         128,
2516         128,
2517         },
2518 
2519         /* Cipher C020 */
2520         {
2521         1,
2522         TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523         TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524         SSL_kSRP,
2525         SSL_aSRP,
2526         SSL_AES256,
2527         SSL_SHA1,
2528         SSL_TLSV1,
2529         SSL_NOT_EXP|SSL_HIGH,
2530         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531         256,
2532         256,
2533         },
2534 
2535         /* Cipher C021 */
2536         {
2537         1,
2538         TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539         TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540         SSL_kSRP,
2541         SSL_aRSA,
2542         SSL_AES256,
2543         SSL_SHA1,
2544         SSL_TLSV1,
2545         SSL_NOT_EXP|SSL_HIGH,
2546         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547         256,
2548         256,
2549         },
2550 
2551         /* Cipher C022 */
2552         {
2553         1,
2554         TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555         TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556         SSL_kSRP,
2557         SSL_aDSS,
2558         SSL_AES256,
2559         SSL_SHA1,
2560         SSL_TLSV1,
2561         SSL_NOT_EXP|SSL_HIGH,
2562         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563         256,
2564         256,
2565         },
2566 #endif  /* OPENSSL_NO_SRP */
2567 #ifndef OPENSSL_NO_ECDH
2568 
2569         /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2570 
2571         /* Cipher C023 */
2572         {
2573         1,
2574         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576         SSL_kEECDH,
2577         SSL_aECDSA,
2578         SSL_AES128,
2579         SSL_SHA256,
2580         SSL_TLSV1_2,
2581         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583         128,
2584         128,
2585         },
2586 
2587         /* Cipher C024 */
2588         {
2589         1,
2590         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592         SSL_kEECDH,
2593         SSL_aECDSA,
2594         SSL_AES256,
2595         SSL_SHA384,
2596         SSL_TLSV1_2,
2597         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599         256,
2600         256,
2601         },
2602 
2603         /* Cipher C025 */
2604         {
2605         1,
2606         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607         TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608         SSL_kECDHe,
2609         SSL_aECDH,
2610         SSL_AES128,
2611         SSL_SHA256,
2612         SSL_TLSV1_2,
2613         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615         128,
2616         128,
2617         },
2618 
2619         /* Cipher C026 */
2620         {
2621         1,
2622         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623         TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624         SSL_kECDHe,
2625         SSL_aECDH,
2626         SSL_AES256,
2627         SSL_SHA384,
2628         SSL_TLSV1_2,
2629         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631         256,
2632         256,
2633         },
2634 
2635         /* Cipher C027 */
2636         {
2637         1,
2638         TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639         TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640         SSL_kEECDH,
2641         SSL_aRSA,
2642         SSL_AES128,
2643         SSL_SHA256,
2644         SSL_TLSV1_2,
2645         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647         128,
2648         128,
2649         },
2650 
2651         /* Cipher C028 */
2652         {
2653         1,
2654         TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655         TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656         SSL_kEECDH,
2657         SSL_aRSA,
2658         SSL_AES256,
2659         SSL_SHA384,
2660         SSL_TLSV1_2,
2661         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663         256,
2664         256,
2665         },
2666 
2667         /* Cipher C029 */
2668         {
2669         1,
2670         TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671         TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672         SSL_kECDHr,
2673         SSL_aECDH,
2674         SSL_AES128,
2675         SSL_SHA256,
2676         SSL_TLSV1_2,
2677         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679         128,
2680         128,
2681         },
2682 
2683         /* Cipher C02A */
2684         {
2685         1,
2686         TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687         TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688         SSL_kECDHr,
2689         SSL_aECDH,
2690         SSL_AES256,
2691         SSL_SHA384,
2692         SSL_TLSV1_2,
2693         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695         256,
2696         256,
2697         },
2698 
2699         /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700 
2701         /* Cipher C02B */
2702         {
2703         1,
2704         TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705         TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706         SSL_kEECDH,
2707         SSL_aECDSA,
2708         SSL_AES128GCM,
2709         SSL_AEAD,
2710         SSL_TLSV1_2,
2711         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713         128,
2714         128,
2715         },
2716 
2717         /* Cipher C02C */
2718         {
2719         1,
2720         TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721         TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722         SSL_kEECDH,
2723         SSL_aECDSA,
2724         SSL_AES256GCM,
2725         SSL_AEAD,
2726         SSL_TLSV1_2,
2727         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729         256,
2730         256,
2731         },
2732 
2733         /* Cipher C02D */
2734         {
2735         1,
2736         TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737         TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738         SSL_kECDHe,
2739         SSL_aECDH,
2740         SSL_AES128GCM,
2741         SSL_AEAD,
2742         SSL_TLSV1_2,
2743         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745         128,
2746         128,
2747         },
2748 
2749         /* Cipher C02E */
2750         {
2751         1,
2752         TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753         TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754         SSL_kECDHe,
2755         SSL_aECDH,
2756         SSL_AES256GCM,
2757         SSL_AEAD,
2758         SSL_TLSV1_2,
2759         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761         256,
2762         256,
2763         },
2764 
2765         /* Cipher C02F */
2766         {
2767         1,
2768         TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769         TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770         SSL_kEECDH,
2771         SSL_aRSA,
2772         SSL_AES128GCM,
2773         SSL_AEAD,
2774         SSL_TLSV1_2,
2775         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777         128,
2778         128,
2779         },
2780 
2781         /* Cipher C030 */
2782         {
2783         1,
2784         TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785         TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786         SSL_kEECDH,
2787         SSL_aRSA,
2788         SSL_AES256GCM,
2789         SSL_AEAD,
2790         SSL_TLSV1_2,
2791         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793         256,
2794         256,
2795         },
2796 
2797         /* Cipher C031 */
2798         {
2799         1,
2800         TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801         TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802         SSL_kECDHr,
2803         SSL_aECDH,
2804         SSL_AES128GCM,
2805         SSL_AEAD,
2806         SSL_TLSV1_2,
2807         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808         SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809         128,
2810         128,
2811         },
2812 
2813         /* Cipher C032 */
2814         {
2815         1,
2816         TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817         TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818         SSL_kECDHr,
2819         SSL_aECDH,
2820         SSL_AES256GCM,
2821         SSL_AEAD,
2822         SSL_TLSV1_2,
2823         SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824         SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825         256,
2826         256,
2827         },
2828 
2829 #endif /* OPENSSL_NO_ECDH */
2830 
2831 
2832 #ifdef TEMP_GOST_TLS
2833 /* Cipher FF00 */
2834         {
2835         1,
2836         "GOST-MD5",
2837         0x0300ff00,
2838         SSL_kRSA,
2839         SSL_aRSA,
2840         SSL_eGOST2814789CNT,
2841         SSL_MD5,
2842         SSL_TLSV1,
2843         SSL_NOT_EXP|SSL_HIGH,
2844         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845         256,
2846         256,
2847         },
2848         {
2849         1,
2850         "GOST-GOST94",
2851         0x0300ff01,
2852         SSL_kRSA,
2853         SSL_aRSA,
2854         SSL_eGOST2814789CNT,
2855         SSL_GOST94,
2856         SSL_TLSV1,
2857         SSL_NOT_EXP|SSL_HIGH,
2858         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859         256,
2860         256
2861         },
2862         {
2863         1,
2864         "GOST-GOST89MAC",
2865         0x0300ff02,
2866         SSL_kRSA,
2867         SSL_aRSA,
2868         SSL_eGOST2814789CNT,
2869         SSL_GOST89MAC,
2870         SSL_TLSV1,
2871         SSL_NOT_EXP|SSL_HIGH,
2872         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873         256,
2874         256
2875         },
2876         {
2877         1,
2878         "GOST-GOST89STREAM",
2879         0x0300ff03,
2880         SSL_kRSA,
2881         SSL_aRSA,
2882         SSL_eGOST2814789CNT,
2883         SSL_GOST89MAC,
2884         SSL_TLSV1,
2885         SSL_NOT_EXP|SSL_HIGH,
2886         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887         256,
2888         256
2889         },
2890 #endif
2891 
2892 /* end of list */
2893         };
2894 
2895 SSL3_ENC_METHOD SSLv3_enc_data={
2896         ssl3_enc,
2897         n_ssl3_mac,
2898         ssl3_setup_key_block,
2899         ssl3_generate_master_secret,
2900         ssl3_change_cipher_state,
2901         ssl3_final_finish_mac,
2902         MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2903         ssl3_cert_verify_mac,
2904         SSL3_MD_CLIENT_FINISHED_CONST,4,
2905         SSL3_MD_SERVER_FINISHED_CONST,4,
2906         ssl3_alert_code,
2907         (int (*)(SSL *, unsigned char *, size_t, const char *,
2908                  size_t, const unsigned char *, size_t,
2909                  int use_context))ssl_undefined_function,
2910         };
2911 
2912 long ssl3_default_timeout(void)
2913         {
2914         /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915          * is way too long for http, the cache would over fill */
2916         return(60*60*2);
2917         }
2918 
2919 int ssl3_num_ciphers(void)
2920         {
2921         return(SSL3_NUM_CIPHERS);
2922         }
2923 
2924 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2925         {
2926         if (u < SSL3_NUM_CIPHERS)
2927                 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2928         else
2929                 return(NULL);
2930         }
2931 
2932 int ssl3_pending(const SSL *s)
2933         {
2934         if (s->rstate == SSL_ST_READ_BODY)
2935                 return 0;
2936 
2937         return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938         }
2939 
2940 int ssl3_new(SSL *s)
2941         {
2942         SSL3_STATE *s3;
2943 
2944         if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945         memset(s3,0,sizeof *s3);
2946         memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2947         memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2948 
2949         s->s3=s3;
2950 
2951 #ifndef OPENSSL_NO_SRP
2952         SSL_SRP_CTX_init(s);
2953 #endif
2954         s->method->ssl_clear(s);
2955         return(1);
2956 err:
2957         return(0);
2958         }
2959 
2960 void ssl3_free(SSL *s)
2961         {
2962         if(s == NULL)
2963             return;
2964 
2965 #ifdef TLSEXT_TYPE_opaque_prf_input
2966         if (s->s3->client_opaque_prf_input != NULL)
2967                 OPENSSL_free(s->s3->client_opaque_prf_input);
2968         if (s->s3->server_opaque_prf_input != NULL)
2969                 OPENSSL_free(s->s3->server_opaque_prf_input);
2970 #endif
2971 
2972         ssl3_cleanup_key_block(s);
2973         if (s->s3->rbuf.buf != NULL)
2974                 ssl3_release_read_buffer(s);
2975         if (s->s3->wbuf.buf != NULL)
2976                 ssl3_release_write_buffer(s);
2977         if (s->s3->rrec.comp != NULL)
2978                 OPENSSL_free(s->s3->rrec.comp);
2979 #ifndef OPENSSL_NO_DH
2980         if (s->s3->tmp.dh != NULL)
2981                 DH_free(s->s3->tmp.dh);
2982 #endif
2983 #ifndef OPENSSL_NO_ECDH
2984         if (s->s3->tmp.ecdh != NULL)
2985                 EC_KEY_free(s->s3->tmp.ecdh);
2986 #endif
2987 
2988         if (s->s3->tmp.ca_names != NULL)
2989                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2990         if (s->s3->handshake_buffer) {
2991                 BIO_free(s->s3->handshake_buffer);
2992         }
2993         if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2994 #ifndef OPENSSL_NO_SRP
2995         SSL_SRP_CTX_free(s);
2996 #endif
2997         OPENSSL_cleanse(s->s3,sizeof *s->s3);
2998         OPENSSL_free(s->s3);
2999         s->s3=NULL;
3000         }
3001 
3002 void ssl3_clear(SSL *s)
3003         {
3004         unsigned char *rp,*wp;
3005         size_t rlen, wlen;
3006         int init_extra;
3007 
3008 #ifdef TLSEXT_TYPE_opaque_prf_input
3009         if (s->s3->client_opaque_prf_input != NULL)
3010                 OPENSSL_free(s->s3->client_opaque_prf_input);
3011         s->s3->client_opaque_prf_input = NULL;
3012         if (s->s3->server_opaque_prf_input != NULL)
3013                 OPENSSL_free(s->s3->server_opaque_prf_input);
3014         s->s3->server_opaque_prf_input = NULL;
3015 #endif
3016 
3017         ssl3_cleanup_key_block(s);
3018         if (s->s3->tmp.ca_names != NULL)
3019                 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
3020 
3021         if (s->s3->rrec.comp != NULL)
3022                 {
3023                 OPENSSL_free(s->s3->rrec.comp);
3024                 s->s3->rrec.comp=NULL;
3025                 }
3026 #ifndef OPENSSL_NO_DH
3027         if (s->s3->tmp.dh != NULL)
3028                 {
3029                 DH_free(s->s3->tmp.dh);
3030                 s->s3->tmp.dh = NULL;
3031                 }
3032 #endif
3033 #ifndef OPENSSL_NO_ECDH
3034         if (s->s3->tmp.ecdh != NULL)
3035                 {
3036                 EC_KEY_free(s->s3->tmp.ecdh);
3037                 s->s3->tmp.ecdh = NULL;
3038                 }
3039 #endif
3040 #ifndef OPENSSL_NO_TLSEXT
3041 #ifndef OPENSSL_NO_EC
3042         s->s3->is_probably_safari = 0;
3043 #endif /* !OPENSSL_NO_EC */
3044 #endif /* !OPENSSL_NO_TLSEXT */
3045 
3046         rp = s->s3->rbuf.buf;
3047         wp = s->s3->wbuf.buf;
3048         rlen = s->s3->rbuf.len;
3049         wlen = s->s3->wbuf.len;
3050         init_extra = s->s3->init_extra;
3051         if (s->s3->handshake_buffer) {
3052                 BIO_free(s->s3->handshake_buffer);
3053                 s->s3->handshake_buffer = NULL;
3054         }
3055         if (s->s3->handshake_dgst) {
3056                 ssl3_free_digest_list(s);
3057         }
3058         memset(s->s3,0,sizeof *s->s3);
3059         s->s3->rbuf.buf = rp;
3060         s->s3->wbuf.buf = wp;
3061         s->s3->rbuf.len = rlen;
3062         s->s3->wbuf.len = wlen;
3063         s->s3->init_extra = init_extra;
3064 
3065         ssl_free_wbio_buffer(s);
3066 
3067         s->packet_length=0;
3068         s->s3->renegotiate=0;
3069         s->s3->total_renegotiations=0;
3070         s->s3->num_renegotiations=0;
3071         s->s3->in_read_app_data=0;
3072         s->version=SSL3_VERSION;
3073 
3074 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3075         if (s->next_proto_negotiated)
3076                 {
3077                 OPENSSL_free(s->next_proto_negotiated);
3078                 s->next_proto_negotiated = NULL;
3079                 s->next_proto_negotiated_len = 0;
3080                 }
3081 #endif
3082         }
3083 
3084 #ifndef OPENSSL_NO_SRP
3085 static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3086         {
3087         return BUF_strdup(s->srp_ctx.info) ;
3088         }
3089 #endif
3090 
3091 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3092         {
3093         int ret=0;
3094 
3095 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3096         if (
3097 #ifndef OPENSSL_NO_RSA
3098             cmd == SSL_CTRL_SET_TMP_RSA ||
3099             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3100 #endif
3101 #ifndef OPENSSL_NO_DSA
3102             cmd == SSL_CTRL_SET_TMP_DH ||
3103             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3104 #endif
3105                 0)
3106                 {
3107                 if (!ssl_cert_inst(&s->cert))
3108                         {
3109                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3110                         return(0);
3111                         }
3112                 }
3113 #endif
3114 
3115         switch (cmd)
3116                 {
3117         case SSL_CTRL_GET_SESSION_REUSED:
3118                 ret=s->hit;
3119                 break;
3120         case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3121                 break;
3122         case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3123                 ret=s->s3->num_renegotiations;
3124                 break;
3125         case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3126                 ret=s->s3->num_renegotiations;
3127                 s->s3->num_renegotiations=0;
3128                 break;
3129         case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3130                 ret=s->s3->total_renegotiations;
3131                 break;
3132         case SSL_CTRL_GET_FLAGS:
3133                 ret=(int)(s->s3->flags);
3134                 break;
3135 #ifndef OPENSSL_NO_RSA
3136         case SSL_CTRL_NEED_TMP_RSA:
3137                 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3138                     ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3139                      (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
3140                         ret = 1;
3141                 break;
3142         case SSL_CTRL_SET_TMP_RSA:
3143                 {
3144                         RSA *rsa = (RSA *)parg;
3145                         if (rsa == NULL)
3146                                 {
3147                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3148                                 return(ret);
3149                                 }
3150                         if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3151                                 {
3152                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3153                                 return(ret);
3154                                 }
3155                         if (s->cert->rsa_tmp != NULL)
3156                                 RSA_free(s->cert->rsa_tmp);
3157                         s->cert->rsa_tmp = rsa;
3158                         ret = 1;
3159                 }
3160                 break;
3161         case SSL_CTRL_SET_TMP_RSA_CB:
3162                 {
3163                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3164                 return(ret);
3165                 }
3166                 break;
3167 #endif
3168 #ifndef OPENSSL_NO_DH
3169         case SSL_CTRL_SET_TMP_DH:
3170                 {
3171                         DH *dh = (DH *)parg;
3172                         if (dh == NULL)
3173                                 {
3174                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3175                                 return(ret);
3176                                 }
3177                         if ((dh = DHparams_dup(dh)) == NULL)
3178                                 {
3179                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3180                                 return(ret);
3181                                 }
3182                         if (!(s->options & SSL_OP_SINGLE_DH_USE))
3183                                 {
3184                                 if (!DH_generate_key(dh))
3185                                         {
3186                                         DH_free(dh);
3187                                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3188                                         return(ret);
3189                                         }
3190                                 }
3191                         if (s->cert->dh_tmp != NULL)
3192                                 DH_free(s->cert->dh_tmp);
3193                         s->cert->dh_tmp = dh;
3194                         ret = 1;
3195                 }
3196                 break;
3197         case SSL_CTRL_SET_TMP_DH_CB:
3198                 {
3199                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3200                 return(ret);
3201                 }
3202                 break;
3203 #endif
3204 #ifndef OPENSSL_NO_ECDH
3205         case SSL_CTRL_SET_TMP_ECDH:
3206                 {
3207                 EC_KEY *ecdh = NULL;
3208 
3209                 if (parg == NULL)
3210                         {
3211                         SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3212                         return(ret);
3213                         }
3214                 if (!EC_KEY_up_ref((EC_KEY *)parg))
3215                         {
3216                         SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3217                         return(ret);
3218                         }
3219                 ecdh = (EC_KEY *)parg;
3220                 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
3221                         {
3222                         if (!EC_KEY_generate_key(ecdh))
3223                                 {
3224                                 EC_KEY_free(ecdh);
3225                                 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3226                                 return(ret);
3227                                 }
3228                         }
3229                 if (s->cert->ecdh_tmp != NULL)
3230                         EC_KEY_free(s->cert->ecdh_tmp);
3231                 s->cert->ecdh_tmp = ecdh;
3232                 ret = 1;
3233                 }
3234                 break;
3235         case SSL_CTRL_SET_TMP_ECDH_CB:
3236                 {
3237                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3238                 return(ret);
3239                 }
3240                 break;
3241 #endif /* !OPENSSL_NO_ECDH */
3242 #ifndef OPENSSL_NO_TLSEXT
3243         case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3244                 if (larg == TLSEXT_NAMETYPE_host_name)
3245                         {
3246                         if (s->tlsext_hostname != NULL)
3247                                 OPENSSL_free(s->tlsext_hostname);
3248                         s->tlsext_hostname = NULL;
3249 
3250                         ret = 1;
3251                         if (parg == NULL)
3252                                 break;
3253                         if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
3254                                 {
3255                                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3256                                 return 0;
3257                                 }
3258                         if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
3259                                 {
3260                                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3261                                 return 0;
3262                                 }
3263                         }
3264                 else
3265                         {
3266                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3267                         return 0;
3268                         }
3269                 break;
3270         case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3271                 s->tlsext_debug_arg=parg;
3272                 ret = 1;
3273                 break;
3274 
3275 #ifdef TLSEXT_TYPE_opaque_prf_input
3276         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3277                 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3278                                    * (including the cert chain and everything) */
3279                         {
3280                         SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3281                         break;
3282                         }
3283                 if (s->tlsext_opaque_prf_input != NULL)
3284                         OPENSSL_free(s->tlsext_opaque_prf_input);
3285                 if ((size_t)larg == 0)
3286                         s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3287                 else
3288                         s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3289                 if (s->tlsext_opaque_prf_input != NULL)
3290                         {
3291                         s->tlsext_opaque_prf_input_len = (size_t)larg;
3292                         ret = 1;
3293                         }
3294                 else
3295                         s->tlsext_opaque_prf_input_len = 0;
3296                 break;
3297 #endif
3298 
3299         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3300                 s->tlsext_status_type=larg;
3301                 ret = 1;
3302                 break;
3303 
3304         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3305                 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3306                 ret = 1;
3307                 break;
3308 
3309         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3310                 s->tlsext_ocsp_exts = parg;
3311                 ret = 1;
3312                 break;
3313 
3314         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3315                 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3316                 ret = 1;
3317                 break;
3318 
3319         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3320                 s->tlsext_ocsp_ids = parg;
3321                 ret = 1;
3322                 break;
3323 
3324         case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3325                 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3326                 return s->tlsext_ocsp_resplen;
3327 
3328         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3329                 if (s->tlsext_ocsp_resp)
3330                         OPENSSL_free(s->tlsext_ocsp_resp);
3331                 s->tlsext_ocsp_resp = parg;
3332                 s->tlsext_ocsp_resplen = larg;
3333                 ret = 1;
3334                 break;
3335 
3336 #ifndef OPENSSL_NO_HEARTBEATS
3337         case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3338                 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3339                         ret = dtls1_heartbeat(s);
3340                 else
3341                         ret = tls1_heartbeat(s);
3342                 break;
3343 
3344         case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3345                 ret = s->tlsext_hb_pending;
3346                 break;
3347 
3348         case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3349                 if (larg)
3350                         s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3351                 else
3352                         s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3353                 ret = 1;
3354                 break;
3355 #endif
3356 
3357 #endif /* !OPENSSL_NO_TLSEXT */
3358         default:
3359                 break;
3360                 }
3361         return(ret);
3362         }
3363 
3364 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3365         {
3366         int ret=0;
3367 
3368 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3369         if (
3370 #ifndef OPENSSL_NO_RSA
3371             cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3372 #endif
3373 #ifndef OPENSSL_NO_DSA
3374             cmd == SSL_CTRL_SET_TMP_DH_CB ||
3375 #endif
3376                 0)
3377                 {
3378                 if (!ssl_cert_inst(&s->cert))
3379                         {
3380                         SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3381                         return(0);
3382                         }
3383                 }
3384 #endif
3385 
3386         switch (cmd)
3387                 {
3388 #ifndef OPENSSL_NO_RSA
3389         case SSL_CTRL_SET_TMP_RSA_CB:
3390                 {
3391                 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3392                 }
3393                 break;
3394 #endif
3395 #ifndef OPENSSL_NO_DH
3396         case SSL_CTRL_SET_TMP_DH_CB:
3397                 {
3398                 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3399                 }
3400                 break;
3401 #endif
3402 #ifndef OPENSSL_NO_ECDH
3403         case SSL_CTRL_SET_TMP_ECDH_CB:
3404                 {
3405                 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3406                 }
3407                 break;
3408 #endif
3409 #ifndef OPENSSL_NO_TLSEXT
3410         case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3411                 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3412                                         unsigned char *, int, void *))fp;
3413                 break;
3414 #endif
3415         default:
3416                 break;
3417                 }
3418         return(ret);
3419         }
3420 
3421 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3422         {
3423         CERT *cert;
3424 
3425         cert=ctx->cert;
3426 
3427         switch (cmd)
3428                 {
3429 #ifndef OPENSSL_NO_RSA
3430         case SSL_CTRL_NEED_TMP_RSA:
3431                 if (    (cert->rsa_tmp == NULL) &&
3432                         ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3433                          (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3434                         )
3435                         return(1);
3436                 else
3437                         return(0);
3438                 /* break; */
3439         case SSL_CTRL_SET_TMP_RSA:
3440                 {
3441                 RSA *rsa;
3442                 int i;
3443 
3444                 rsa=(RSA *)parg;
3445                 i=1;
3446                 if (rsa == NULL)
3447                         i=0;
3448                 else
3449                         {
3450                         if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3451                                 i=0;
3452                         }
3453                 if (!i)
3454                         {
3455                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
3456                         return(0);
3457                         }
3458                 else
3459                         {
3460                         if (cert->rsa_tmp != NULL)
3461                                 RSA_free(cert->rsa_tmp);
3462                         cert->rsa_tmp=rsa;
3463                         return(1);
3464                         }
3465                 }
3466                 /* break; */
3467         case SSL_CTRL_SET_TMP_RSA_CB:
3468                 {
3469                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3470                 return(0);
3471                 }
3472                 break;
3473 #endif
3474 #ifndef OPENSSL_NO_DH
3475         case SSL_CTRL_SET_TMP_DH:
3476                 {
3477                 DH *new=NULL,*dh;
3478 
3479                 dh=(DH *)parg;
3480                 if ((new=DHparams_dup(dh)) == NULL)
3481                         {
3482                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3483                         return 0;
3484                         }
3485                 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3486                         {
3487                         if (!DH_generate_key(new))
3488                                 {
3489                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3490                                 DH_free(new);
3491                                 return 0;
3492                                 }
3493                         }
3494                 if (cert->dh_tmp != NULL)
3495                         DH_free(cert->dh_tmp);
3496                 cert->dh_tmp=new;
3497                 return 1;
3498                 }
3499                 /*break; */
3500         case SSL_CTRL_SET_TMP_DH_CB:
3501                 {
3502                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3503                 return(0);
3504                 }
3505                 break;
3506 #endif
3507 #ifndef OPENSSL_NO_ECDH
3508         case SSL_CTRL_SET_TMP_ECDH:
3509                 {
3510                 EC_KEY *ecdh = NULL;
3511 
3512                 if (parg == NULL)
3513                         {
3514                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3515                         return 0;
3516                         }
3517                 ecdh = EC_KEY_dup((EC_KEY *)parg);
3518                 if (ecdh == NULL)
3519                         {
3520                         SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3521                         return 0;
3522                         }
3523                 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3524                         {
3525                         if (!EC_KEY_generate_key(ecdh))
3526                                 {
3527                                 EC_KEY_free(ecdh);
3528                                 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3529                                 return 0;
3530                                 }
3531                         }
3532 
3533                 if (cert->ecdh_tmp != NULL)
3534                         {
3535                         EC_KEY_free(cert->ecdh_tmp);
3536                         }
3537                 cert->ecdh_tmp = ecdh;
3538                 return 1;
3539                 }
3540                 /* break; */
3541         case SSL_CTRL_SET_TMP_ECDH_CB:
3542                 {
3543                 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3544                 return(0);
3545                 }
3546                 break;
3547 #endif /* !OPENSSL_NO_ECDH */
3548 #ifndef OPENSSL_NO_TLSEXT
3549         case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3550                 ctx->tlsext_servername_arg=parg;
3551                 break;
3552         case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3553         case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3554                 {
3555                 unsigned char *keys = parg;
3556                 if (!keys)
3557                         return 48;
3558                 if (larg != 48)
3559                         {
3560                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3561                         return 0;
3562                         }
3563                 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3564                         {
3565                         memcpy(ctx->tlsext_tick_key_name, keys, 16);
3566                         memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3567                         memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3568                         }
3569                 else
3570                         {
3571                         memcpy(keys, ctx->tlsext_tick_key_name, 16);
3572                         memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3573                         memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3574                         }
3575                 return 1;
3576                 }
3577 
3578 #ifdef TLSEXT_TYPE_opaque_prf_input
3579         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3580                 ctx->tlsext_opaque_prf_input_callback_arg = parg;
3581                 return 1;
3582 #endif
3583 
3584         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3585                 ctx->tlsext_status_arg=parg;
3586                 return 1;
3587                 break;
3588 
3589 #ifndef OPENSSL_NO_SRP
3590         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3591                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3592                 if (ctx->srp_ctx.login != NULL)
3593                         OPENSSL_free(ctx->srp_ctx.login);
3594                 ctx->srp_ctx.login = NULL;
3595                 if (parg == NULL)
3596                         break;
3597                 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
3598                         {
3599                         SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3600                         return 0;
3601                         }
3602                 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3603                         {
3604                         SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3605                         return 0;
3606                         }
3607                 break;
3608         case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3609                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3610                 ctx->srp_ctx.info=parg;
3611                 break;
3612         case SSL_CTRL_SET_SRP_ARG:
3613                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3614                 ctx->srp_ctx.SRP_cb_arg=parg;
3615                 break;
3616 
3617         case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3618                 ctx->srp_ctx.strength=larg;
3619                 break;
3620 #endif
3621 #endif /* !OPENSSL_NO_TLSEXT */
3622 
3623         /* A Thawte special :-) */
3624         case SSL_CTRL_EXTRA_CHAIN_CERT:
3625                 if (ctx->extra_certs == NULL)
3626                         {
3627                         if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3628                                 return(0);
3629                         }
3630                 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3631                 break;
3632 
3633         case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3634                 *(STACK_OF(X509) **)parg =  ctx->extra_certs;
3635                 break;
3636 
3637         case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3638                 if (ctx->extra_certs)
3639                         {
3640                         sk_X509_pop_free(ctx->extra_certs, X509_free);
3641                         ctx->extra_certs = NULL;
3642                         }
3643                 break;
3644 
3645         default:
3646                 return(0);
3647                 }
3648         return(1);
3649         }
3650 
3651 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3652         {
3653         CERT *cert;
3654 
3655         cert=ctx->cert;
3656 
3657         switch (cmd)
3658                 {
3659 #ifndef OPENSSL_NO_RSA
3660         case SSL_CTRL_SET_TMP_RSA_CB:
3661                 {
3662                 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3663                 }
3664                 break;
3665 #endif
3666 #ifndef OPENSSL_NO_DH
3667         case SSL_CTRL_SET_TMP_DH_CB:
3668                 {
3669                 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3670                 }
3671                 break;
3672 #endif
3673 #ifndef OPENSSL_NO_ECDH
3674         case SSL_CTRL_SET_TMP_ECDH_CB:
3675                 {
3676                 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3677                 }
3678                 break;
3679 #endif
3680 #ifndef OPENSSL_NO_TLSEXT
3681         case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3682                 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3683                 break;
3684 
3685 #ifdef TLSEXT_TYPE_opaque_prf_input
3686         case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3687                 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
3688                 break;
3689 #endif
3690 
3691         case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3692                 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3693                 break;
3694 
3695         case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3696                 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
3697                                                 unsigned char *,
3698                                                 EVP_CIPHER_CTX *,
3699                                                 HMAC_CTX *, int))fp;
3700                 break;
3701 
3702 #ifndef OPENSSL_NO_SRP
3703         case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3704                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3705                 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3706                 break;
3707         case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3708                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3709                 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3710                 break;
3711         case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3712                 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3713                 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3714                 break;
3715 #endif
3716 #endif
3717         default:
3718                 return(0);
3719                 }
3720         return(1);
3721         }
3722 
3723 /* This function needs to check if the ciphers required are actually
3724  * available */
3725 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3726         {
3727         SSL_CIPHER c;
3728         const SSL_CIPHER *cp;
3729         unsigned long id;
3730 
3731         id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3732         c.id=id;
3733         cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3734 #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3735 if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3736 #endif
3737         if (cp == NULL || cp->valid == 0)
3738                 return NULL;
3739         else
3740                 return cp;
3741         }
3742 
3743 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3744         {
3745         long l;
3746 
3747         if (p != NULL)
3748                 {
3749                 l=c->id;
3750                 if ((l & 0xff000000) != 0x03000000) return(0);
3751                 p[0]=((unsigned char)(l>> 8L))&0xFF;
3752                 p[1]=((unsigned char)(l     ))&0xFF;
3753                 }
3754         return(2);
3755         }
3756 
3757 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3758              STACK_OF(SSL_CIPHER) *srvr)
3759         {
3760         SSL_CIPHER *c,*ret=NULL;
3761         STACK_OF(SSL_CIPHER) *prio, *allow;
3762         int i,ii,ok;
3763 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3764         unsigned int j;
3765         int ec_ok, ec_nid;
3766         unsigned char ec_search1 = 0, ec_search2 = 0;
3767 #endif
3768         CERT *cert;
3769         unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
3770 
3771         /* Let's see which ciphers we can support */
3772         cert=s->cert;
3773 
3774 #if 0
3775         /* Do not set the compare functions, because this may lead to a
3776          * reordering by "id". We want to keep the original ordering.
3777          * We may pay a price in performance during sk_SSL_CIPHER_find(),
3778          * but would have to pay with the price of sk_SSL_CIPHER_dup().
3779          */
3780         sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3781         sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3782 #endif
3783 
3784 #ifdef CIPHER_DEBUG
3785         printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3786         for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3787                 {
3788                 c=sk_SSL_CIPHER_value(srvr,i);
3789                 printf("%p:%s\n",(void *)c,c->name);
3790                 }
3791         printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3792         for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3793             {
3794             c=sk_SSL_CIPHER_value(clnt,i);
3795             printf("%p:%s\n",(void *)c,c->name);
3796             }
3797 #endif
3798 
3799         if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
3800                 {
3801                 prio = srvr;
3802                 allow = clnt;
3803                 }
3804         else
3805                 {
3806                 prio = clnt;
3807                 allow = srvr;
3808                 }
3809 
3810         for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3811                 {
3812                 c=sk_SSL_CIPHER_value(prio,i);
3813 
3814                 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3815                 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3816                         (TLS1_get_version(s) < TLS1_2_VERSION))
3817                         continue;
3818 
3819                 ssl_set_cert_masks(cert,c);
3820                 mask_k = cert->mask_k;
3821                 mask_a = cert->mask_a;
3822                 emask_k = cert->export_mask_k;
3823                 emask_a = cert->export_mask_a;
3824 #ifndef OPENSSL_NO_SRP
3825                 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3826                 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3827 #endif
3828 
3829 #ifdef KSSL_DEBUG
3830 /*              printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3831 #endif    /* KSSL_DEBUG */
3832 
3833                 alg_k=c->algorithm_mkey;
3834                 alg_a=c->algorithm_auth;
3835 
3836 #ifndef OPENSSL_NO_KRB5
3837                 if (alg_k & SSL_kKRB5)
3838                         {
3839                         if ( !kssl_keytab_is_available(s->kssl_ctx) )
3840                             continue;
3841                         }
3842 #endif /* OPENSSL_NO_KRB5 */
3843 #ifndef OPENSSL_NO_PSK
3844                 /* with PSK there must be server callback set */
3845                 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3846                         continue;
3847 #endif /* OPENSSL_NO_PSK */
3848 
3849                 if (SSL_C_IS_EXPORT(c))
3850                         {
3851                         ok = (alg_k & emask_k) && (alg_a & emask_a);
3852 #ifdef CIPHER_DEBUG
3853                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3854                                (void *)c,c->name);
3855 #endif
3856                         }
3857                 else
3858                         {
3859                         ok = (alg_k & mask_k) && (alg_a & mask_a);
3860 #ifdef CIPHER_DEBUG
3861                         printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3862                                c->name);
3863 #endif
3864                         }
3865 
3866 #ifndef OPENSSL_NO_TLSEXT
3867 #ifndef OPENSSL_NO_EC
3868                 if (
3869                         /* if we are considering an ECC cipher suite that uses our certificate */
3870                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3871                         /* and we have an ECC certificate */
3872                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3873                         /* and the client specified a Supported Point Formats extension */
3874                         && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3875                         /* and our certificate's point is compressed */
3876                         && (
3877                                 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3878                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3879                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3880                                 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3881                                 && (
3882                                         (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3883                                         || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3884                                         )
3885                                 )
3886                 )
3887                         {
3888                         ec_ok = 0;
3889                         /* if our certificate's curve is over a field type that the client does not support
3890                          * then do not allow this cipher suite to be negotiated */
3891                         if (
3892                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3893                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3894                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3895                                 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3896                         )
3897                                 {
3898                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3899                                         {
3900                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3901                                                 {
3902                                                 ec_ok = 1;
3903                                                 break;
3904                                                 }
3905                                         }
3906                                 }
3907                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3908                                 {
3909                                 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3910                                         {
3911                                         if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3912                                                 {
3913                                                 ec_ok = 1;
3914                                                 break;
3915                                                 }
3916                                         }
3917                                 }
3918                         ok = ok && ec_ok;
3919                         }
3920                 if (
3921                         /* if we are considering an ECC cipher suite that uses our certificate */
3922                         (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3923                         /* and we have an ECC certificate */
3924                         && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3925                         /* and the client specified an EllipticCurves extension */
3926                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3927                 )
3928                         {
3929                         ec_ok = 0;
3930                         if (
3931                                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3932                                 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3933                         )
3934                                 {
3935                                 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3936                                 if ((ec_nid == 0)
3937                                         && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3938                                 )
3939                                         {
3940                                         if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3941                                                 {
3942                                                 ec_search1 = 0xFF;
3943                                                 ec_search2 = 0x01;
3944                                                 }
3945                                         else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3946                                                 {
3947                                                 ec_search1 = 0xFF;
3948                                                 ec_search2 = 0x02;
3949                                                 }
3950                                         }
3951                                 else
3952                                         {
3953                                         ec_search1 = 0x00;
3954                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3955                                         }
3956                                 if ((ec_search1 != 0) || (ec_search2 != 0))
3957                                         {
3958                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3959                                                 {
3960                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3961                                                         {
3962                                                         ec_ok = 1;
3963                                                         break;
3964                                                         }
3965                                                 }
3966                                         }
3967                                 }
3968                         ok = ok && ec_ok;
3969                         }
3970                 if (
3971                         /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3972                         (alg_k & SSL_kEECDH)
3973                         /* and we have an ephemeral EC key */
3974                         && (s->cert->ecdh_tmp != NULL)
3975                         /* and the client specified an EllipticCurves extension */
3976                         && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3977                 )
3978                         {
3979                         ec_ok = 0;
3980                         if (s->cert->ecdh_tmp->group != NULL)
3981                                 {
3982                                 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3983                                 if ((ec_nid == 0)
3984                                         && (s->cert->ecdh_tmp->group->meth != NULL)
3985                                 )
3986                                         {
3987                                         if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3988                                                 {
3989                                                 ec_search1 = 0xFF;
3990                                                 ec_search2 = 0x01;
3991                                                 }
3992                                         else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3993                                                 {
3994                                                 ec_search1 = 0xFF;
3995                                                 ec_search2 = 0x02;
3996                                                 }
3997                                         }
3998                                 else
3999                                         {
4000                                         ec_search1 = 0x00;
4001                                         ec_search2 = tls1_ec_nid2curve_id(ec_nid);
4002                                         }
4003                                 if ((ec_search1 != 0) || (ec_search2 != 0))
4004                                         {
4005                                         for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
4006                                                 {
4007                                                 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
4008                                                         {
4009                                                         ec_ok = 1;
4010                                                         break;
4011                                                         }
4012                                                 }
4013                                         }
4014                                 }
4015                         ok = ok && ec_ok;
4016                         }
4017 #endif /* OPENSSL_NO_EC */
4018 #endif /* OPENSSL_NO_TLSEXT */
4019 
4020                 if (!ok) continue;
4021                 ii=sk_SSL_CIPHER_find(allow,c);
4022                 if (ii >= 0)
4023                         {
4024 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
4025                         if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
4026                                 {
4027                                 if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
4028                                 continue;
4029                                 }
4030 #endif
4031                         ret=sk_SSL_CIPHER_value(allow,ii);
4032                         break;
4033                         }
4034                 }
4035         return(ret);
4036         }
4037 
4038 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4039         {
4040         int ret=0;
4041         unsigned long alg_k;
4042 
4043         alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4044 
4045 #ifndef OPENSSL_NO_GOST
4046         if (s->version >= TLS1_VERSION)
4047                 {
4048                 if (alg_k & SSL_kGOST)
4049                         {
4050                         p[ret++]=TLS_CT_GOST94_SIGN;
4051                         p[ret++]=TLS_CT_GOST01_SIGN;
4052                         return(ret);
4053                         }
4054                 }
4055 #endif
4056 
4057 #ifndef OPENSSL_NO_DH
4058         if (alg_k & (SSL_kDHr|SSL_kEDH))
4059                 {
4060 #  ifndef OPENSSL_NO_RSA
4061                 p[ret++]=SSL3_CT_RSA_FIXED_DH;
4062 #  endif
4063 #  ifndef OPENSSL_NO_DSA
4064                 p[ret++]=SSL3_CT_DSS_FIXED_DH;
4065 #  endif
4066                 }
4067         if ((s->version == SSL3_VERSION) &&
4068                 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
4069                 {
4070 #  ifndef OPENSSL_NO_RSA
4071                 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
4072 #  endif
4073 #  ifndef OPENSSL_NO_DSA
4074                 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
4075 #  endif
4076                 }
4077 #endif /* !OPENSSL_NO_DH */
4078 #ifndef OPENSSL_NO_RSA
4079         p[ret++]=SSL3_CT_RSA_SIGN;
4080 #endif
4081 #ifndef OPENSSL_NO_DSA
4082         p[ret++]=SSL3_CT_DSS_SIGN;
4083 #endif
4084 #ifndef OPENSSL_NO_ECDH
4085         if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
4086                 {
4087                 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
4088                 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
4089                 }
4090 #endif
4091 
4092 #ifndef OPENSSL_NO_ECDSA
4093         /* ECDSA certs can be used with RSA cipher suites as well
4094          * so we don't need to check for SSL_kECDH or SSL_kEECDH
4095          */
4096         if (s->version >= TLS1_VERSION)
4097                 {
4098                 p[ret++]=TLS_CT_ECDSA_SIGN;
4099                 }
4100 #endif
4101         return(ret);
4102         }
4103 
4104 int ssl3_shutdown(SSL *s)
4105         {
4106         int ret;
4107 
4108         /* Don't do anything much if we have not done the handshake or
4109          * we don't want to send messages :-) */
4110         if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
4111                 {
4112                 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4113                 return(1);
4114                 }
4115 
4116         if (!(s->shutdown & SSL_SENT_SHUTDOWN))
4117                 {
4118                 s->shutdown|=SSL_SENT_SHUTDOWN;
4119 #if 1
4120                 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
4121 #endif
4122                 /* our shutdown alert has been sent now, and if it still needs
4123                  * to be written, s->s3->alert_dispatch will be true */
4124                 if (s->s3->alert_dispatch)
4125                         return(-1);     /* return WANT_WRITE */
4126                 }
4127         else if (s->s3->alert_dispatch)
4128                 {
4129                 /* resend it if not sent */
4130 #if 1
4131                 ret=s->method->ssl_dispatch_alert(s);
4132                 if(ret == -1)
4133                         {
4134                         /* we only get to return -1 here the 2nd/Nth
4135                          * invocation, we must  have already signalled
4136                          * return 0 upon a previous invoation,
4137                          * return WANT_WRITE */
4138                         return(ret);
4139                         }
4140 #endif
4141                 }
4142         else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4143                 {
4144                 /* If we are waiting for a close from our peer, we are closed */
4145                 s->method->ssl_read_bytes(s,0,NULL,0,0);
4146                 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4147                         {
4148                         return(-1);     /* return WANT_READ */
4149                         }
4150                 }
4151 
4152         if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4153                 !s->s3->alert_dispatch)
4154                 return(1);
4155         else
4156                 return(0);
4157         }
4158 
4159 int ssl3_write(SSL *s, const void *buf, int len)
4160         {
4161         int ret,n;
4162 
4163 #if 0
4164         if (s->shutdown & SSL_SEND_SHUTDOWN)
4165                 {
4166                 s->rwstate=SSL_NOTHING;
4167                 return(0);
4168                 }
4169 #endif
4170         clear_sys_error();
4171         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4172 
4173         /* This is an experimental flag that sends the
4174          * last handshake message in the same packet as the first
4175          * use data - used to see if it helps the TCP protocol during
4176          * session-id reuse */
4177         /* The second test is because the buffer may have been removed */
4178         if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
4179                 {
4180                 /* First time through, we write into the buffer */
4181                 if (s->s3->delay_buf_pop_ret == 0)
4182                         {
4183                         ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4184                                              buf,len);
4185                         if (ret <= 0) return(ret);
4186 
4187                         s->s3->delay_buf_pop_ret=ret;
4188                         }
4189 
4190                 s->rwstate=SSL_WRITING;
4191                 n=BIO_flush(s->wbio);
4192                 if (n <= 0) return(n);
4193                 s->rwstate=SSL_NOTHING;
4194 
4195                 /* We have flushed the buffer, so remove it */
4196                 ssl_free_wbio_buffer(s);
4197                 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4198 
4199                 ret=s->s3->delay_buf_pop_ret;
4200                 s->s3->delay_buf_pop_ret=0;
4201                 }
4202         else
4203                 {
4204                 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4205                         buf,len);
4206                 if (ret <= 0) return(ret);
4207                 }
4208 
4209         return(ret);
4210         }
4211 
4212 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4213         {
4214         int ret;
4215 
4216         clear_sys_error();
4217         if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4218         s->s3->in_read_app_data=1;
4219         ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4220         if ((ret == -1) && (s->s3->in_read_app_data == 2))
4221                 {
4222                 /* ssl3_read_bytes decided to call s->handshake_func, which
4223                  * called ssl3_read_bytes to read handshake data.
4224                  * However, ssl3_read_bytes actually found application data
4225                  * and thinks that application data makes sense here; so disable
4226                  * handshake processing and try to read application data again. */
4227                 s->in_handshake++;
4228                 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4229                 s->in_handshake--;
4230                 }
4231         else
4232                 s->s3->in_read_app_data=0;
4233 
4234         return(ret);
4235         }
4236 
4237 int ssl3_read(SSL *s, void *buf, int len)
4238         {
4239         return ssl3_read_internal(s, buf, len, 0);
4240         }
4241 
4242 int ssl3_peek(SSL *s, void *buf, int len)
4243         {
4244         return ssl3_read_internal(s, buf, len, 1);
4245         }
4246 
4247 int ssl3_renegotiate(SSL *s)
4248         {
4249         if (s->handshake_func == NULL)
4250                 return(1);
4251 
4252         if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4253                 return(0);
4254 
4255         s->s3->renegotiate=1;
4256         return(1);
4257         }
4258 
4259 int ssl3_renegotiate_check(SSL *s)
4260         {
4261         int ret=0;
4262 
4263         if (s->s3->renegotiate)
4264                 {
4265                 if (    (s->s3->rbuf.left == 0) &&
4266                         (s->s3->wbuf.left == 0) &&
4267                         !SSL_in_init(s))
4268                         {
4269 /*
4270 if we are the server, and we have sent a 'RENEGOTIATE' message, we
4271 need to go to SSL_ST_ACCEPT.
4272 */
4273                         /* SSL_ST_ACCEPT */
4274                         s->state=SSL_ST_RENEGOTIATE;
4275                         s->s3->renegotiate=0;
4276                         s->s3->num_renegotiations++;
4277                         s->s3->total_renegotiations++;
4278                         ret=1;
4279                         }
4280                 }
4281         return(ret);
4282         }
4283 /* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4284  * to new SHA256 PRF and handshake macs
4285  */
4286 long ssl_get_algorithm2(SSL *s)
4287         {
4288         long alg2 = s->s3->tmp.new_cipher->algorithm2;
4289         if (s->method->version == TLS1_2_VERSION &&
4290             alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4291                 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4292         return alg2;
4293         }