• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* ssl/s3_lib.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  *
114  * Portions of the attached software ("Contribution") are developed by
115  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116  *
117  * The Contribution is licensed pursuant to the OpenSSL open source
118  * license provided above.
119  *
120  * ECC cipher suite support in OpenSSL originally written by
121  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122  *
123  */
124 /* ====================================================================
125  * Copyright 2005 Nokia. All rights reserved.
126  *
127  * The portions of the attached software ("Contribution") is developed by
128  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129  * license.
130  *
131  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133  * support (see RFC 4279) to OpenSSL.
134  *
135  * No patent licenses or other rights except those expressly stated in
136  * the OpenSSL open source license shall be deemed granted or received
137  * expressly, by implication, estoppel, or otherwise.
138  *
139  * No assurances are provided by Nokia that the Contribution does not
140  * infringe the patent or other intellectual property rights of any third
141  * party or that the license provides you with all the necessary rights
142  * to make use of the Contribution.
143  *
144  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148  * OTHERWISE.
149  */
150 
151 #include <stdio.h>
152 #include <openssl/objects.h>
153 #include "ssl_locl.h"
154 #include "kssl_lcl.h"
155 #ifndef OPENSSL_NO_TLSEXT
156 #ifndef OPENSSL_NO_EC
157 #include "../crypto/ec/ec_lcl.h"
158 #endif /* OPENSSL_NO_EC */
159 #endif /* OPENSSL_NO_TLSEXT */
160 #include <openssl/md5.h>
161 #ifndef OPENSSL_NO_DH
162 #include <openssl/dh.h>
163 #endif
164 
165 const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166 
167 #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168 
169 /* list of available SSLv3 ciphers (sorted by id) */
170 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171 
172 /* The RSA ciphers */
173 /* Cipher 01 */
174 	{
175 	1,
176 	SSL3_TXT_RSA_NULL_MD5,
177 	SSL3_CK_RSA_NULL_MD5,
178 	SSL_kRSA,
179 	SSL_aRSA,
180 	SSL_eNULL,
181 	SSL_MD5,
182 	SSL_SSLV3,
183 	SSL_NOT_EXP|SSL_STRONG_NONE,
184 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 	0,
186 	0,
187 	},
188 
189 /* Cipher 02 */
190 	{
191 	1,
192 	SSL3_TXT_RSA_NULL_SHA,
193 	SSL3_CK_RSA_NULL_SHA,
194 	SSL_kRSA,
195 	SSL_aRSA,
196 	SSL_eNULL,
197 	SSL_SHA1,
198 	SSL_SSLV3,
199 	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 	0,
202 	0,
203 	},
204 
205 /* Cipher 03 */
206 	{
207 	1,
208 	SSL3_TXT_RSA_RC4_40_MD5,
209 	SSL3_CK_RSA_RC4_40_MD5,
210 	SSL_kRSA,
211 	SSL_aRSA,
212 	SSL_RC4,
213 	SSL_MD5,
214 	SSL_SSLV3,
215 	SSL_EXPORT|SSL_EXP40,
216 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 	40,
218 	128,
219 	},
220 
221 /* Cipher 04 */
222 	{
223 	1,
224 	SSL3_TXT_RSA_RC4_128_MD5,
225 	SSL3_CK_RSA_RC4_128_MD5,
226 	SSL_kRSA,
227 	SSL_aRSA,
228 	SSL_RC4,
229 	SSL_MD5,
230 	SSL_SSLV3,
231 	SSL_NOT_EXP|SSL_MEDIUM,
232 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 	128,
234 	128,
235 	},
236 
237 /* Cipher 05 */
238 	{
239 	1,
240 	SSL3_TXT_RSA_RC4_128_SHA,
241 	SSL3_CK_RSA_RC4_128_SHA,
242 	SSL_kRSA,
243 	SSL_aRSA,
244 	SSL_RC4,
245 	SSL_SHA1,
246 	SSL_SSLV3,
247 	SSL_NOT_EXP|SSL_MEDIUM,
248 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 	128,
250 	128,
251 	},
252 
253 /* Cipher 06 */
254 	{
255 	1,
256 	SSL3_TXT_RSA_RC2_40_MD5,
257 	SSL3_CK_RSA_RC2_40_MD5,
258 	SSL_kRSA,
259 	SSL_aRSA,
260 	SSL_RC2,
261 	SSL_MD5,
262 	SSL_SSLV3,
263 	SSL_EXPORT|SSL_EXP40,
264 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 	40,
266 	128,
267 	},
268 
269 /* Cipher 07 */
270 #ifndef OPENSSL_NO_IDEA
271 	{
272 	1,
273 	SSL3_TXT_RSA_IDEA_128_SHA,
274 	SSL3_CK_RSA_IDEA_128_SHA,
275 	SSL_kRSA,
276 	SSL_aRSA,
277 	SSL_IDEA,
278 	SSL_SHA1,
279 	SSL_SSLV3,
280 	SSL_NOT_EXP|SSL_MEDIUM,
281 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 	128,
283 	128,
284 	},
285 #endif
286 
287 /* Cipher 08 */
288 	{
289 	1,
290 	SSL3_TXT_RSA_DES_40_CBC_SHA,
291 	SSL3_CK_RSA_DES_40_CBC_SHA,
292 	SSL_kRSA,
293 	SSL_aRSA,
294 	SSL_DES,
295 	SSL_SHA1,
296 	SSL_SSLV3,
297 	SSL_EXPORT|SSL_EXP40,
298 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 	40,
300 	56,
301 	},
302 
303 /* Cipher 09 */
304 	{
305 	1,
306 	SSL3_TXT_RSA_DES_64_CBC_SHA,
307 	SSL3_CK_RSA_DES_64_CBC_SHA,
308 	SSL_kRSA,
309 	SSL_aRSA,
310 	SSL_DES,
311 	SSL_SHA1,
312 	SSL_SSLV3,
313 	SSL_NOT_EXP|SSL_LOW,
314 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 	56,
316 	56,
317 	},
318 
319 /* Cipher 0A */
320 	{
321 	1,
322 	SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 	SSL3_CK_RSA_DES_192_CBC3_SHA,
324 	SSL_kRSA,
325 	SSL_aRSA,
326 	SSL_3DES,
327 	SSL_SHA1,
328 	SSL_SSLV3,
329 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 	168,
332 	168,
333 	},
334 
335 /* The DH ciphers */
336 /* Cipher 0B */
337 	{
338 	0,
339 	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 	SSL_kDHd,
342 	SSL_aDH,
343 	SSL_DES,
344 	SSL_SHA1,
345 	SSL_SSLV3,
346 	SSL_EXPORT|SSL_EXP40,
347 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 	40,
349 	56,
350 	},
351 
352 /* Cipher 0C */
353 	{
354 	0, /* not implemented (non-ephemeral DH) */
355 	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 	SSL_kDHd,
358 	SSL_aDH,
359 	SSL_DES,
360 	SSL_SHA1,
361 	SSL_SSLV3,
362 	SSL_NOT_EXP|SSL_LOW,
363 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 	56,
365 	56,
366 	},
367 
368 /* Cipher 0D */
369 	{
370 	0, /* not implemented (non-ephemeral DH) */
371 	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 	SSL_kDHd,
374 	SSL_aDH,
375 	SSL_3DES,
376 	SSL_SHA1,
377 	SSL_SSLV3,
378 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 	168,
381 	168,
382 	},
383 
384 /* Cipher 0E */
385 	{
386 	0, /* not implemented (non-ephemeral DH) */
387 	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 	SSL_kDHr,
390 	SSL_aDH,
391 	SSL_DES,
392 	SSL_SHA1,
393 	SSL_SSLV3,
394 	SSL_EXPORT|SSL_EXP40,
395 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 	40,
397 	56,
398 	},
399 
400 /* Cipher 0F */
401 	{
402 	0, /* not implemented (non-ephemeral DH) */
403 	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 	SSL_kDHr,
406 	SSL_aDH,
407 	SSL_DES,
408 	SSL_SHA1,
409 	SSL_SSLV3,
410 	SSL_NOT_EXP|SSL_LOW,
411 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 	56,
413 	56,
414 	},
415 
416 /* Cipher 10 */
417 	{
418 	0, /* not implemented (non-ephemeral DH) */
419 	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 	SSL_kDHr,
422 	SSL_aDH,
423 	SSL_3DES,
424 	SSL_SHA1,
425 	SSL_SSLV3,
426 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 	168,
429 	168,
430 	},
431 
432 /* The Ephemeral DH ciphers */
433 /* Cipher 11 */
434 	{
435 	1,
436 	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 	SSL_kEDH,
439 	SSL_aDSS,
440 	SSL_DES,
441 	SSL_SHA1,
442 	SSL_SSLV3,
443 	SSL_EXPORT|SSL_EXP40,
444 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 	40,
446 	56,
447 	},
448 
449 /* Cipher 12 */
450 	{
451 	1,
452 	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 	SSL_kEDH,
455 	SSL_aDSS,
456 	SSL_DES,
457 	SSL_SHA1,
458 	SSL_SSLV3,
459 	SSL_NOT_EXP|SSL_LOW,
460 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 	56,
462 	56,
463 	},
464 
465 /* Cipher 13 */
466 	{
467 	1,
468 	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 	SSL_kEDH,
471 	SSL_aDSS,
472 	SSL_3DES,
473 	SSL_SHA1,
474 	SSL_SSLV3,
475 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 	168,
478 	168,
479 	},
480 
481 /* Cipher 14 */
482 	{
483 	1,
484 	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 	SSL_kEDH,
487 	SSL_aRSA,
488 	SSL_DES,
489 	SSL_SHA1,
490 	SSL_SSLV3,
491 	SSL_EXPORT|SSL_EXP40,
492 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 	40,
494 	56,
495 	},
496 
497 /* Cipher 15 */
498 	{
499 	1,
500 	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 	SSL_kEDH,
503 	SSL_aRSA,
504 	SSL_DES,
505 	SSL_SHA1,
506 	SSL_SSLV3,
507 	SSL_NOT_EXP|SSL_LOW,
508 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 	56,
510 	56,
511 	},
512 
513 /* Cipher 16 */
514 	{
515 	1,
516 	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 	SSL_kEDH,
519 	SSL_aRSA,
520 	SSL_3DES,
521 	SSL_SHA1,
522 	SSL_SSLV3,
523 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 	168,
526 	168,
527 	},
528 
529 /* Cipher 17 */
530 	{
531 	1,
532 	SSL3_TXT_ADH_RC4_40_MD5,
533 	SSL3_CK_ADH_RC4_40_MD5,
534 	SSL_kEDH,
535 	SSL_aNULL,
536 	SSL_RC4,
537 	SSL_MD5,
538 	SSL_SSLV3,
539 	SSL_EXPORT|SSL_EXP40,
540 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 	40,
542 	128,
543 	},
544 
545 /* Cipher 18 */
546 	{
547 	1,
548 	SSL3_TXT_ADH_RC4_128_MD5,
549 	SSL3_CK_ADH_RC4_128_MD5,
550 	SSL_kEDH,
551 	SSL_aNULL,
552 	SSL_RC4,
553 	SSL_MD5,
554 	SSL_SSLV3,
555 	SSL_NOT_EXP|SSL_MEDIUM,
556 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 	128,
558 	128,
559 	},
560 
561 /* Cipher 19 */
562 	{
563 	1,
564 	SSL3_TXT_ADH_DES_40_CBC_SHA,
565 	SSL3_CK_ADH_DES_40_CBC_SHA,
566 	SSL_kEDH,
567 	SSL_aNULL,
568 	SSL_DES,
569 	SSL_SHA1,
570 	SSL_SSLV3,
571 	SSL_EXPORT|SSL_EXP40,
572 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 	40,
574 	128,
575 	},
576 
577 /* Cipher 1A */
578 	{
579 	1,
580 	SSL3_TXT_ADH_DES_64_CBC_SHA,
581 	SSL3_CK_ADH_DES_64_CBC_SHA,
582 	SSL_kEDH,
583 	SSL_aNULL,
584 	SSL_DES,
585 	SSL_SHA1,
586 	SSL_SSLV3,
587 	SSL_NOT_EXP|SSL_LOW,
588 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 	56,
590 	56,
591 	},
592 
593 /* Cipher 1B */
594 	{
595 	1,
596 	SSL3_TXT_ADH_DES_192_CBC_SHA,
597 	SSL3_CK_ADH_DES_192_CBC_SHA,
598 	SSL_kEDH,
599 	SSL_aNULL,
600 	SSL_3DES,
601 	SSL_SHA1,
602 	SSL_SSLV3,
603 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 	168,
606 	168,
607 	},
608 
609 /* Fortezza ciphersuite from SSL 3.0 spec */
610 #if 0
611 /* Cipher 1C */
612 	{
613 	0,
614 	SSL3_TXT_FZA_DMS_NULL_SHA,
615 	SSL3_CK_FZA_DMS_NULL_SHA,
616 	SSL_kFZA,
617 	SSL_aFZA,
618 	SSL_eNULL,
619 	SSL_SHA1,
620 	SSL_SSLV3,
621 	SSL_NOT_EXP|SSL_STRONG_NONE,
622 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 	0,
624 	0,
625 	},
626 
627 /* Cipher 1D */
628 	{
629 	0,
630 	SSL3_TXT_FZA_DMS_FZA_SHA,
631 	SSL3_CK_FZA_DMS_FZA_SHA,
632 	SSL_kFZA,
633 	SSL_aFZA,
634 	SSL_eFZA,
635 	SSL_SHA1,
636 	SSL_SSLV3,
637 	SSL_NOT_EXP|SSL_STRONG_NONE,
638 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 	0,
640 	0,
641 	},
642 
643 /* Cipher 1E */
644 	{
645 	0,
646 	SSL3_TXT_FZA_DMS_RC4_SHA,
647 	SSL3_CK_FZA_DMS_RC4_SHA,
648 	SSL_kFZA,
649 	SSL_aFZA,
650 	SSL_RC4,
651 	SSL_SHA1,
652 	SSL_SSLV3,
653 	SSL_NOT_EXP|SSL_MEDIUM,
654 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 	128,
656 	128,
657 	},
658 #endif
659 
660 #ifndef OPENSSL_NO_KRB5
661 /* The Kerberos ciphers*/
662 /* Cipher 1E */
663 	{
664 	1,
665 	SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 	SSL3_CK_KRB5_DES_64_CBC_SHA,
667 	SSL_kKRB5,
668 	SSL_aKRB5,
669 	SSL_DES,
670 	SSL_SHA1,
671 	SSL_SSLV3,
672 	SSL_NOT_EXP|SSL_LOW,
673 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 	56,
675 	56,
676 	},
677 
678 /* Cipher 1F */
679 	{
680 	1,
681 	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 	SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 	SSL_kKRB5,
684 	SSL_aKRB5,
685 	SSL_3DES,
686 	SSL_SHA1,
687 	SSL_SSLV3,
688 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 	168,
691 	168,
692 	},
693 
694 /* Cipher 20 */
695 	{
696 	1,
697 	SSL3_TXT_KRB5_RC4_128_SHA,
698 	SSL3_CK_KRB5_RC4_128_SHA,
699 	SSL_kKRB5,
700 	SSL_aKRB5,
701 	SSL_RC4,
702 	SSL_SHA1,
703 	SSL_SSLV3,
704 	SSL_NOT_EXP|SSL_MEDIUM,
705 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 	128,
707 	128,
708 	},
709 
710 /* Cipher 21 */
711 	{
712 	1,
713 	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 	SSL_kKRB5,
716 	SSL_aKRB5,
717 	SSL_IDEA,
718 	SSL_SHA1,
719 	SSL_SSLV3,
720 	SSL_NOT_EXP|SSL_MEDIUM,
721 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 	128,
723 	128,
724 	},
725 
726 /* Cipher 22 */
727 	{
728 	1,
729 	SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 	SSL3_CK_KRB5_DES_64_CBC_MD5,
731 	SSL_kKRB5,
732 	SSL_aKRB5,
733 	SSL_DES,
734 	SSL_MD5,
735 	SSL_SSLV3,
736 	SSL_NOT_EXP|SSL_LOW,
737 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 	56,
739 	56,
740 	},
741 
742 /* Cipher 23 */
743 	{
744 	1,
745 	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 	SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 	SSL_kKRB5,
748 	SSL_aKRB5,
749 	SSL_3DES,
750 	SSL_MD5,
751 	SSL_SSLV3,
752 	SSL_NOT_EXP|SSL_HIGH,
753 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 	168,
755 	168,
756 	},
757 
758 /* Cipher 24 */
759 	{
760 	1,
761 	SSL3_TXT_KRB5_RC4_128_MD5,
762 	SSL3_CK_KRB5_RC4_128_MD5,
763 	SSL_kKRB5,
764 	SSL_aKRB5,
765 	SSL_RC4,
766 	SSL_MD5,
767 	SSL_SSLV3,
768 	SSL_NOT_EXP|SSL_MEDIUM,
769 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 	128,
771 	128,
772 	},
773 
774 /* Cipher 25 */
775 	{
776 	1,
777 	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 	SSL_kKRB5,
780 	SSL_aKRB5,
781 	SSL_IDEA,
782 	SSL_MD5,
783 	SSL_SSLV3,
784 	SSL_NOT_EXP|SSL_MEDIUM,
785 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 	128,
787 	128,
788 	},
789 
790 /* Cipher 26 */
791 	{
792 	1,
793 	SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 	SSL3_CK_KRB5_DES_40_CBC_SHA,
795 	SSL_kKRB5,
796 	SSL_aKRB5,
797 	SSL_DES,
798 	SSL_SHA1,
799 	SSL_SSLV3,
800 	SSL_EXPORT|SSL_EXP40,
801 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 	40,
803 	56,
804 	},
805 
806 /* Cipher 27 */
807 	{
808 	1,
809 	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 	SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 	SSL_kKRB5,
812 	SSL_aKRB5,
813 	SSL_RC2,
814 	SSL_SHA1,
815 	SSL_SSLV3,
816 	SSL_EXPORT|SSL_EXP40,
817 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 	40,
819 	128,
820 	},
821 
822 /* Cipher 28 */
823 	{
824 	1,
825 	SSL3_TXT_KRB5_RC4_40_SHA,
826 	SSL3_CK_KRB5_RC4_40_SHA,
827 	SSL_kKRB5,
828 	SSL_aKRB5,
829 	SSL_RC4,
830 	SSL_SHA1,
831 	SSL_SSLV3,
832 	SSL_EXPORT|SSL_EXP40,
833 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 	40,
835 	128,
836 	},
837 
838 /* Cipher 29 */
839 	{
840 	1,
841 	SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 	SSL3_CK_KRB5_DES_40_CBC_MD5,
843 	SSL_kKRB5,
844 	SSL_aKRB5,
845 	SSL_DES,
846 	SSL_MD5,
847 	SSL_SSLV3,
848 	SSL_EXPORT|SSL_EXP40,
849 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 	40,
851 	56,
852 	},
853 
854 /* Cipher 2A */
855 	{
856 	1,
857 	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 	SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 	SSL_kKRB5,
860 	SSL_aKRB5,
861 	SSL_RC2,
862 	SSL_MD5,
863 	SSL_SSLV3,
864 	SSL_EXPORT|SSL_EXP40,
865 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 	40,
867 	128,
868 	},
869 
870 /* Cipher 2B */
871 	{
872 	1,
873 	SSL3_TXT_KRB5_RC4_40_MD5,
874 	SSL3_CK_KRB5_RC4_40_MD5,
875 	SSL_kKRB5,
876 	SSL_aKRB5,
877 	SSL_RC4,
878 	SSL_MD5,
879 	SSL_SSLV3,
880 	SSL_EXPORT|SSL_EXP40,
881 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 	40,
883 	128,
884 	},
885 #endif	/* OPENSSL_NO_KRB5 */
886 
887 /* New AES ciphersuites */
888 /* Cipher 2F */
889 	{
890 	1,
891 	TLS1_TXT_RSA_WITH_AES_128_SHA,
892 	TLS1_CK_RSA_WITH_AES_128_SHA,
893 	SSL_kRSA,
894 	SSL_aRSA,
895 	SSL_AES128,
896 	SSL_SHA1,
897 	SSL_TLSV1,
898 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 	128,
901 	128,
902 	},
903 /* Cipher 30 */
904 	{
905 	0,
906 	TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 	TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 	SSL_kDHd,
909 	SSL_aDH,
910 	SSL_AES128,
911 	SSL_SHA1,
912 	SSL_TLSV1,
913 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 	128,
916 	128,
917 	},
918 /* Cipher 31 */
919 	{
920 	0,
921 	TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 	TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 	SSL_kDHr,
924 	SSL_aDH,
925 	SSL_AES128,
926 	SSL_SHA1,
927 	SSL_TLSV1,
928 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 	128,
931 	128,
932 	},
933 /* Cipher 32 */
934 	{
935 	1,
936 	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 	SSL_kEDH,
939 	SSL_aDSS,
940 	SSL_AES128,
941 	SSL_SHA1,
942 	SSL_TLSV1,
943 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 	128,
946 	128,
947 	},
948 /* Cipher 33 */
949 	{
950 	1,
951 	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 	SSL_kEDH,
954 	SSL_aRSA,
955 	SSL_AES128,
956 	SSL_SHA1,
957 	SSL_TLSV1,
958 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 	128,
961 	128,
962 	},
963 /* Cipher 34 */
964 	{
965 	1,
966 	TLS1_TXT_ADH_WITH_AES_128_SHA,
967 	TLS1_CK_ADH_WITH_AES_128_SHA,
968 	SSL_kEDH,
969 	SSL_aNULL,
970 	SSL_AES128,
971 	SSL_SHA1,
972 	SSL_TLSV1,
973 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 	128,
976 	128,
977 	},
978 
979 /* Cipher 35 */
980 	{
981 	1,
982 	TLS1_TXT_RSA_WITH_AES_256_SHA,
983 	TLS1_CK_RSA_WITH_AES_256_SHA,
984 	SSL_kRSA,
985 	SSL_aRSA,
986 	SSL_AES256,
987 	SSL_SHA1,
988 	SSL_TLSV1,
989 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 	256,
992 	256,
993 	},
994 /* Cipher 36 */
995 	{
996 	0,
997 	TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 	TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 	SSL_kDHd,
1000 	SSL_aDH,
1001 	SSL_AES256,
1002 	SSL_SHA1,
1003 	SSL_TLSV1,
1004 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 	256,
1007 	256,
1008 	},
1009 
1010 /* Cipher 37 */
1011 	{
1012 	0, /* not implemented (non-ephemeral DH) */
1013 	TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 	TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 	SSL_kDHr,
1016 	SSL_aDH,
1017 	SSL_AES256,
1018 	SSL_SHA1,
1019 	SSL_TLSV1,
1020 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 	256,
1023 	256,
1024 	},
1025 
1026 /* Cipher 38 */
1027 	{
1028 	1,
1029 	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 	SSL_kEDH,
1032 	SSL_aDSS,
1033 	SSL_AES256,
1034 	SSL_SHA1,
1035 	SSL_TLSV1,
1036 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 	256,
1039 	256,
1040 	},
1041 
1042 /* Cipher 39 */
1043 	{
1044 	1,
1045 	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 	SSL_kEDH,
1048 	SSL_aRSA,
1049 	SSL_AES256,
1050 	SSL_SHA1,
1051 	SSL_TLSV1,
1052 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 	256,
1055 	256,
1056 	},
1057 
1058 	/* Cipher 3A */
1059 	{
1060 	1,
1061 	TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 	TLS1_CK_ADH_WITH_AES_256_SHA,
1063 	SSL_kEDH,
1064 	SSL_aNULL,
1065 	SSL_AES256,
1066 	SSL_SHA1,
1067 	SSL_TLSV1,
1068 	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 	256,
1071 	256,
1072 	},
1073 
1074 #ifndef OPENSSL_NO_CAMELLIA
1075 	/* Camellia ciphersuites from RFC4132 (128-bit portion) */
1076 
1077 	/* Cipher 41 */
1078 	{
1079 	1,
1080 	TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1081 	TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1082 	SSL_kRSA,
1083 	SSL_aRSA,
1084 	SSL_CAMELLIA128,
1085 	SSL_SHA1,
1086 	SSL_TLSV1,
1087 	SSL_NOT_EXP|SSL_HIGH,
1088 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1089 	128,
1090 	128,
1091 	},
1092 
1093 	/* Cipher 42 */
1094 	{
1095 	0, /* not implemented (non-ephemeral DH) */
1096 	TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1097 	TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1098 	SSL_kDHd,
1099 	SSL_aDH,
1100 	SSL_CAMELLIA128,
1101 	SSL_SHA1,
1102 	SSL_TLSV1,
1103 	SSL_NOT_EXP|SSL_HIGH,
1104 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1105 	128,
1106 	128,
1107 	},
1108 
1109 	/* Cipher 43 */
1110 	{
1111 	0, /* not implemented (non-ephemeral DH) */
1112 	TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1113 	TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1114 	SSL_kDHr,
1115 	SSL_aDH,
1116 	SSL_CAMELLIA128,
1117 	SSL_SHA1,
1118 	SSL_TLSV1,
1119 	SSL_NOT_EXP|SSL_HIGH,
1120 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1121 	128,
1122 	128,
1123 	},
1124 
1125 	/* Cipher 44 */
1126 	{
1127 	1,
1128 	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1129 	TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1130 	SSL_kEDH,
1131 	SSL_aDSS,
1132 	SSL_CAMELLIA128,
1133 	SSL_SHA1,
1134 	SSL_TLSV1,
1135 	SSL_NOT_EXP|SSL_HIGH,
1136 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1137 	128,
1138 	128,
1139 	},
1140 
1141 	/* Cipher 45 */
1142 	{
1143 	1,
1144 	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1145 	TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1146 	SSL_kEDH,
1147 	SSL_aRSA,
1148 	SSL_CAMELLIA128,
1149 	SSL_SHA1,
1150 	SSL_TLSV1,
1151 	SSL_NOT_EXP|SSL_HIGH,
1152 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1153 	128,
1154 	128,
1155 	},
1156 
1157 	/* Cipher 46 */
1158 	{
1159 	1,
1160 	TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1161 	TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1162 	SSL_kEDH,
1163 	SSL_aNULL,
1164 	SSL_CAMELLIA128,
1165 	SSL_SHA1,
1166 	SSL_TLSV1,
1167 	SSL_NOT_EXP|SSL_HIGH,
1168 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1169 	128,
1170 	128,
1171 	},
1172 #endif /* OPENSSL_NO_CAMELLIA */
1173 
1174 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1175 	/* New TLS Export CipherSuites from expired ID */
1176 #if 0
1177 	/* Cipher 60 */
1178 	{
1179 	1,
1180 	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1181 	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1182 	SSL_kRSA,
1183 	SSL_aRSA,
1184 	SSL_RC4,
1185 	SSL_MD5,
1186 	SSL_TLSV1,
1187 	SSL_EXPORT|SSL_EXP56,
1188 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1189 	56,
1190 	128,
1191 	},
1192 
1193 	/* Cipher 61 */
1194 	{
1195 	1,
1196 	TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1197 	TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1198 	SSL_kRSA,
1199 	SSL_aRSA,
1200 	SSL_RC2,
1201 	SSL_MD5,
1202 	SSL_TLSV1,
1203 	SSL_EXPORT|SSL_EXP56,
1204 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1205 	56,
1206 	128,
1207 	},
1208 #endif
1209 
1210 	/* Cipher 62 */
1211 	{
1212 	1,
1213 	TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1214 	TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1215 	SSL_kRSA,
1216 	SSL_aRSA,
1217 	SSL_DES,
1218 	SSL_SHA1,
1219 	SSL_TLSV1,
1220 	SSL_EXPORT|SSL_EXP56,
1221 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1222 	56,
1223 	56,
1224 	},
1225 
1226 	/* Cipher 63 */
1227 	{
1228 	1,
1229 	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1230 	TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1231 	SSL_kEDH,
1232 	SSL_aDSS,
1233 	SSL_DES,
1234 	SSL_SHA1,
1235 	SSL_TLSV1,
1236 	SSL_EXPORT|SSL_EXP56,
1237 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1238 	56,
1239 	56,
1240 	},
1241 
1242 	/* Cipher 64 */
1243 	{
1244 	1,
1245 	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1246 	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1247 	SSL_kRSA,
1248 	SSL_aRSA,
1249 	SSL_RC4,
1250 	SSL_SHA1,
1251 	SSL_TLSV1,
1252 	SSL_EXPORT|SSL_EXP56,
1253 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1254 	56,
1255 	128,
1256 	},
1257 
1258 	/* Cipher 65 */
1259 	{
1260 	1,
1261 	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1262 	TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1263 	SSL_kEDH,
1264 	SSL_aDSS,
1265 	SSL_RC4,
1266 	SSL_SHA1,
1267 	SSL_TLSV1,
1268 	SSL_EXPORT|SSL_EXP56,
1269 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1270 	56,
1271 	128,
1272 	},
1273 
1274 	/* Cipher 66 */
1275 	{
1276 	1,
1277 	TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1278 	TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1279 	SSL_kEDH,
1280 	SSL_aDSS,
1281 	SSL_RC4,
1282 	SSL_SHA1,
1283 	SSL_TLSV1,
1284 	SSL_NOT_EXP|SSL_MEDIUM,
1285 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 	128,
1287 	128,
1288 	},
1289 #endif
1290 	{
1291 	1,
1292 	"GOST94-GOST89-GOST89",
1293 	0x3000080,
1294 	SSL_kGOST,
1295 	SSL_aGOST94,
1296 	SSL_eGOST2814789CNT,
1297 	SSL_GOST89MAC,
1298 	SSL_TLSV1,
1299 	SSL_NOT_EXP|SSL_HIGH,
1300 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 	256,
1302 	256
1303 	},
1304 	{
1305 	1,
1306 	"GOST2001-GOST89-GOST89",
1307 	0x3000081,
1308 	SSL_kGOST,
1309 	SSL_aGOST01,
1310 	SSL_eGOST2814789CNT,
1311 	SSL_GOST89MAC,
1312 	SSL_TLSV1,
1313 	SSL_NOT_EXP|SSL_HIGH,
1314 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 	256,
1316 	256
1317 	},
1318 	{
1319 	1,
1320 	"GOST94-NULL-GOST94",
1321 	0x3000082,
1322 	SSL_kGOST,
1323 	SSL_aGOST94,
1324 	SSL_eNULL,
1325 	SSL_GOST94,
1326 	SSL_TLSV1,
1327 	SSL_NOT_EXP|SSL_STRONG_NONE,
1328 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 	0,
1330 	0
1331 	},
1332 	{
1333 	1,
1334 	"GOST2001-NULL-GOST94",
1335 	0x3000083,
1336 	SSL_kGOST,
1337 	SSL_aGOST01,
1338 	SSL_eNULL,
1339 	SSL_GOST94,
1340 	SSL_TLSV1,
1341 	SSL_NOT_EXP|SSL_STRONG_NONE,
1342 	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 	0,
1344 	0
1345 	},
1346 
1347 #ifndef OPENSSL_NO_CAMELLIA
1348 	/* Camellia ciphersuites from RFC4132 (256-bit portion) */
1349 
1350 	/* Cipher 84 */
1351 	{
1352 	1,
1353 	TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1354 	TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1355 	SSL_kRSA,
1356 	SSL_aRSA,
1357 	SSL_CAMELLIA256,
1358 	SSL_SHA1,
1359 	SSL_TLSV1,
1360 	SSL_NOT_EXP|SSL_HIGH,
1361 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1362 	256,
1363 	256,
1364 	},
1365 	/* Cipher 85 */
1366 	{
1367 	0, /* not implemented (non-ephemeral DH) */
1368 	TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1369 	TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1370 	SSL_kDHd,
1371 	SSL_aDH,
1372 	SSL_CAMELLIA256,
1373 	SSL_SHA1,
1374 	SSL_TLSV1,
1375 	SSL_NOT_EXP|SSL_HIGH,
1376 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1377 	256,
1378 	256,
1379 	},
1380 
1381 	/* Cipher 86 */
1382 	{
1383 	0, /* not implemented (non-ephemeral DH) */
1384 	TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1385 	TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1386 	SSL_kDHr,
1387 	SSL_aDH,
1388 	SSL_CAMELLIA256,
1389 	SSL_SHA1,
1390 	SSL_TLSV1,
1391 	SSL_NOT_EXP|SSL_HIGH,
1392 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 	256,
1394 	256,
1395 	},
1396 
1397 	/* Cipher 87 */
1398 	{
1399 	1,
1400 	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1401 	TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1402 	SSL_kEDH,
1403 	SSL_aDSS,
1404 	SSL_CAMELLIA256,
1405 	SSL_SHA1,
1406 	SSL_TLSV1,
1407 	SSL_NOT_EXP|SSL_HIGH,
1408 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1409 	256,
1410 	256,
1411 	},
1412 
1413 	/* Cipher 88 */
1414 	{
1415 	1,
1416 	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1417 	TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1418 	SSL_kEDH,
1419 	SSL_aRSA,
1420 	SSL_CAMELLIA256,
1421 	SSL_SHA1,
1422 	SSL_TLSV1,
1423 	SSL_NOT_EXP|SSL_HIGH,
1424 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1425 	256,
1426 	256,
1427 	},
1428 
1429 	/* Cipher 89 */
1430 	{
1431 	1,
1432 	TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1433 	TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1434 	SSL_kEDH,
1435 	SSL_aNULL,
1436 	SSL_CAMELLIA256,
1437 	SSL_SHA1,
1438 	SSL_TLSV1,
1439 	SSL_NOT_EXP|SSL_HIGH,
1440 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1441 	256,
1442 	256,
1443 	},
1444 #endif /* OPENSSL_NO_CAMELLIA */
1445 
1446 #ifndef OPENSSL_NO_PSK
1447 	/* Cipher 8A */
1448 	{
1449 	1,
1450 	TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 	TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 	SSL_kPSK,
1453 	SSL_aPSK,
1454 	SSL_RC4,
1455 	SSL_SHA1,
1456 	SSL_TLSV1,
1457 	SSL_NOT_EXP|SSL_MEDIUM,
1458 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 	128,
1460 	128,
1461 	},
1462 
1463 	/* Cipher 8B */
1464 	{
1465 	1,
1466 	TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 	TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 	SSL_kPSK,
1469 	SSL_aPSK,
1470 	SSL_3DES,
1471 	SSL_SHA1,
1472 	SSL_TLSV1,
1473 	SSL_NOT_EXP|SSL_HIGH,
1474 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 	168,
1476 	168,
1477 	},
1478 
1479 	/* Cipher 8C */
1480 	{
1481 	1,
1482 	TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 	TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 	SSL_kPSK,
1485 	SSL_aPSK,
1486 	SSL_AES128,
1487 	SSL_SHA1,
1488 	SSL_TLSV1,
1489 	SSL_NOT_EXP|SSL_HIGH,
1490 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 	128,
1492 	128,
1493 	},
1494 
1495 	/* Cipher 8D */
1496 	{
1497 	1,
1498 	TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 	TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 	SSL_kPSK,
1501 	SSL_aPSK,
1502 	SSL_AES256,
1503 	SSL_SHA1,
1504 	SSL_TLSV1,
1505 	SSL_NOT_EXP|SSL_HIGH,
1506 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 	256,
1508 	256,
1509 	},
1510 #endif  /* OPENSSL_NO_PSK */
1511 
1512 #ifndef OPENSSL_NO_SEED
1513 	/* SEED ciphersuites from RFC4162 */
1514 
1515 	/* Cipher 96 */
1516 	{
1517 	1,
1518 	TLS1_TXT_RSA_WITH_SEED_SHA,
1519 	TLS1_CK_RSA_WITH_SEED_SHA,
1520 	SSL_kRSA,
1521 	SSL_aRSA,
1522 	SSL_SEED,
1523 	SSL_SHA1,
1524 	SSL_TLSV1,
1525 	SSL_NOT_EXP|SSL_MEDIUM,
1526 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1527 	128,
1528 	128,
1529 	},
1530 
1531 	/* Cipher 97 */
1532 	{
1533 	0, /* not implemented (non-ephemeral DH) */
1534 	TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1535 	TLS1_CK_DH_DSS_WITH_SEED_SHA,
1536 	SSL_kDHd,
1537 	SSL_aDH,
1538 	SSL_SEED,
1539 	SSL_SHA1,
1540 	SSL_TLSV1,
1541 	SSL_NOT_EXP|SSL_MEDIUM,
1542 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1543 	128,
1544 	128,
1545 	},
1546 
1547 	/* Cipher 98 */
1548 	{
1549 	0, /* not implemented (non-ephemeral DH) */
1550 	TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1551 	TLS1_CK_DH_RSA_WITH_SEED_SHA,
1552 	SSL_kDHr,
1553 	SSL_aDH,
1554 	SSL_SEED,
1555 	SSL_SHA1,
1556 	SSL_TLSV1,
1557 	SSL_NOT_EXP|SSL_MEDIUM,
1558 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1559 	128,
1560 	128,
1561 	},
1562 
1563 	/* Cipher 99 */
1564 	{
1565 	1,
1566 	TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1567 	TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1568 	SSL_kEDH,
1569 	SSL_aDSS,
1570 	SSL_SEED,
1571 	SSL_SHA1,
1572 	SSL_TLSV1,
1573 	SSL_NOT_EXP|SSL_MEDIUM,
1574 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 	128,
1576 	128,
1577 	},
1578 
1579 	/* Cipher 9A */
1580 	{
1581 	1,
1582 	TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1583 	TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1584 	SSL_kEDH,
1585 	SSL_aRSA,
1586 	SSL_SEED,
1587 	SSL_SHA1,
1588 	SSL_TLSV1,
1589 	SSL_NOT_EXP|SSL_MEDIUM,
1590 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1591 	128,
1592 	128,
1593 	},
1594 
1595 	/* Cipher 9B */
1596 	{
1597 	1,
1598 	TLS1_TXT_ADH_WITH_SEED_SHA,
1599 	TLS1_CK_ADH_WITH_SEED_SHA,
1600 	SSL_kEDH,
1601 	SSL_aNULL,
1602 	SSL_SEED,
1603 	SSL_SHA1,
1604 	SSL_TLSV1,
1605 	SSL_NOT_EXP|SSL_MEDIUM,
1606 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1607 	128,
1608 	128,
1609 	},
1610 
1611 #endif /* OPENSSL_NO_SEED */
1612 
1613 #ifndef OPENSSL_NO_ECDH
1614 	/* Cipher C001 */
1615 	{
1616 	1,
1617 	TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1618 	TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1619 	SSL_kECDHe,
1620 	SSL_aECDH,
1621 	SSL_eNULL,
1622 	SSL_SHA1,
1623 	SSL_TLSV1,
1624 	SSL_NOT_EXP|SSL_STRONG_NONE,
1625 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1626 	0,
1627 	0,
1628 	},
1629 
1630 	/* Cipher C002 */
1631 	{
1632 	1,
1633 	TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1634 	TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1635 	SSL_kECDHe,
1636 	SSL_aECDH,
1637 	SSL_RC4,
1638 	SSL_SHA1,
1639 	SSL_TLSV1,
1640 	SSL_NOT_EXP|SSL_MEDIUM,
1641 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1642 	128,
1643 	128,
1644 	},
1645 
1646 	/* Cipher C003 */
1647 	{
1648 	1,
1649 	TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1650 	TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1651 	SSL_kECDHe,
1652 	SSL_aECDH,
1653 	SSL_3DES,
1654 	SSL_SHA1,
1655 	SSL_TLSV1,
1656 	SSL_NOT_EXP|SSL_HIGH,
1657 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1658 	168,
1659 	168,
1660 	},
1661 
1662 	/* Cipher C004 */
1663 	{
1664 	1,
1665 	TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1666 	TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1667 	SSL_kECDHe,
1668 	SSL_aECDH,
1669 	SSL_AES128,
1670 	SSL_SHA1,
1671 	SSL_TLSV1,
1672 	SSL_NOT_EXP|SSL_HIGH,
1673 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1674 	128,
1675 	128,
1676 	},
1677 
1678 	/* Cipher C005 */
1679 	{
1680 	1,
1681 	TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1682 	TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1683 	SSL_kECDHe,
1684 	SSL_aECDH,
1685 	SSL_AES256,
1686 	SSL_SHA1,
1687 	SSL_TLSV1,
1688 	SSL_NOT_EXP|SSL_HIGH,
1689 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1690 	256,
1691 	256,
1692 	},
1693 
1694 	/* Cipher C006 */
1695 	{
1696 	1,
1697 	TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1698 	TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1699 	SSL_kEECDH,
1700 	SSL_aECDSA,
1701 	SSL_eNULL,
1702 	SSL_SHA1,
1703 	SSL_TLSV1,
1704 	SSL_NOT_EXP|SSL_STRONG_NONE,
1705 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1706 	0,
1707 	0,
1708 	},
1709 
1710 	/* Cipher C007 */
1711 	{
1712 	1,
1713 	TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1714 	TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1715 	SSL_kEECDH,
1716 	SSL_aECDSA,
1717 	SSL_RC4,
1718 	SSL_SHA1,
1719 	SSL_TLSV1,
1720 	SSL_NOT_EXP|SSL_MEDIUM,
1721 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1722 	128,
1723 	128,
1724 	},
1725 
1726 	/* Cipher C008 */
1727 	{
1728 	1,
1729 	TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1730 	TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1731 	SSL_kEECDH,
1732 	SSL_aECDSA,
1733 	SSL_3DES,
1734 	SSL_SHA1,
1735 	SSL_TLSV1,
1736 	SSL_NOT_EXP|SSL_HIGH,
1737 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1738 	168,
1739 	168,
1740 	},
1741 
1742 	/* Cipher C009 */
1743 	{
1744 	1,
1745 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1746 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1747 	SSL_kEECDH,
1748 	SSL_aECDSA,
1749 	SSL_AES128,
1750 	SSL_SHA1,
1751 	SSL_TLSV1,
1752 	SSL_NOT_EXP|SSL_HIGH,
1753 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1754 	128,
1755 	128,
1756 	},
1757 
1758 	/* Cipher C00A */
1759 	{
1760 	1,
1761 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1762 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1763 	SSL_kEECDH,
1764 	SSL_aECDSA,
1765 	SSL_AES256,
1766 	SSL_SHA1,
1767 	SSL_TLSV1,
1768 	SSL_NOT_EXP|SSL_HIGH,
1769 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1770 	256,
1771 	256,
1772 	},
1773 
1774 	/* Cipher C00B */
1775 	{
1776 	1,
1777 	TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1778 	TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1779 	SSL_kECDHr,
1780 	SSL_aECDH,
1781 	SSL_eNULL,
1782 	SSL_SHA1,
1783 	SSL_TLSV1,
1784 	SSL_NOT_EXP|SSL_STRONG_NONE,
1785 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1786 	0,
1787 	0,
1788 	},
1789 
1790 	/* Cipher C00C */
1791 	{
1792 	1,
1793 	TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1794 	TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1795 	SSL_kECDHr,
1796 	SSL_aECDH,
1797 	SSL_RC4,
1798 	SSL_SHA1,
1799 	SSL_TLSV1,
1800 	SSL_NOT_EXP|SSL_MEDIUM,
1801 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1802 	128,
1803 	128,
1804 	},
1805 
1806 	/* Cipher C00D */
1807 	{
1808 	1,
1809 	TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1810 	TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1811 	SSL_kECDHr,
1812 	SSL_aECDH,
1813 	SSL_3DES,
1814 	SSL_SHA1,
1815 	SSL_TLSV1,
1816 	SSL_NOT_EXP|SSL_HIGH,
1817 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1818 	168,
1819 	168,
1820 	},
1821 
1822 	/* Cipher C00E */
1823 	{
1824 	1,
1825 	TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1826 	TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1827 	SSL_kECDHr,
1828 	SSL_aECDH,
1829 	SSL_AES128,
1830 	SSL_SHA1,
1831 	SSL_TLSV1,
1832 	SSL_NOT_EXP|SSL_HIGH,
1833 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1834 	128,
1835 	128,
1836 	},
1837 
1838 	/* Cipher C00F */
1839 	{
1840 	1,
1841 	TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1842 	TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1843 	SSL_kECDHr,
1844 	SSL_aECDH,
1845 	SSL_AES256,
1846 	SSL_SHA1,
1847 	SSL_TLSV1,
1848 	SSL_NOT_EXP|SSL_HIGH,
1849 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1850 	256,
1851 	256,
1852 	},
1853 
1854 	/* Cipher C010 */
1855 	{
1856 	1,
1857 	TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1858 	TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1859 	SSL_kEECDH,
1860 	SSL_aRSA,
1861 	SSL_eNULL,
1862 	SSL_SHA1,
1863 	SSL_TLSV1,
1864 	SSL_NOT_EXP|SSL_STRONG_NONE,
1865 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1866 	0,
1867 	0,
1868 	},
1869 
1870 	/* Cipher C011 */
1871 	{
1872 	1,
1873 	TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1874 	TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1875 	SSL_kEECDH,
1876 	SSL_aRSA,
1877 	SSL_RC4,
1878 	SSL_SHA1,
1879 	SSL_TLSV1,
1880 	SSL_NOT_EXP|SSL_MEDIUM,
1881 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1882 	128,
1883 	128,
1884 	},
1885 
1886 	/* Cipher C012 */
1887 	{
1888 	1,
1889 	TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1890 	TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1891 	SSL_kEECDH,
1892 	SSL_aRSA,
1893 	SSL_3DES,
1894 	SSL_SHA1,
1895 	SSL_TLSV1,
1896 	SSL_NOT_EXP|SSL_HIGH,
1897 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1898 	168,
1899 	168,
1900 	},
1901 
1902 	/* Cipher C013 */
1903 	{
1904 	1,
1905 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1906 	TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1907 	SSL_kEECDH,
1908 	SSL_aRSA,
1909 	SSL_AES128,
1910 	SSL_SHA1,
1911 	SSL_TLSV1,
1912 	SSL_NOT_EXP|SSL_HIGH,
1913 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1914 	128,
1915 	128,
1916 	},
1917 
1918 	/* Cipher C014 */
1919 	{
1920 	1,
1921 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1922 	TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1923 	SSL_kEECDH,
1924 	SSL_aRSA,
1925 	SSL_AES256,
1926 	SSL_SHA1,
1927 	SSL_TLSV1,
1928 	SSL_NOT_EXP|SSL_HIGH,
1929 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1930 	256,
1931 	256,
1932 	},
1933 
1934 	/* Cipher C015 */
1935 	{
1936 	1,
1937 	TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1938 	TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1939 	SSL_kEECDH,
1940 	SSL_aNULL,
1941 	SSL_eNULL,
1942 	SSL_SHA1,
1943 	SSL_TLSV1,
1944 	SSL_NOT_EXP|SSL_STRONG_NONE,
1945 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1946 	0,
1947 	0,
1948 	},
1949 
1950 	/* Cipher C016 */
1951 	{
1952 	1,
1953 	TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1954 	TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1955 	SSL_kEECDH,
1956 	SSL_aNULL,
1957 	SSL_RC4,
1958 	SSL_SHA1,
1959 	SSL_TLSV1,
1960 	SSL_NOT_EXP|SSL_MEDIUM,
1961 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1962 	128,
1963 	128,
1964 	},
1965 
1966 	/* Cipher C017 */
1967 	{
1968 	1,
1969 	TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1970 	TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1971 	SSL_kEECDH,
1972 	SSL_aNULL,
1973 	SSL_3DES,
1974 	SSL_SHA1,
1975 	SSL_TLSV1,
1976 	SSL_NOT_EXP|SSL_HIGH,
1977 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1978 	168,
1979 	168,
1980 	},
1981 
1982 	/* Cipher C018 */
1983 	{
1984 	1,
1985 	TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1986 	TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1987 	SSL_kEECDH,
1988 	SSL_aNULL,
1989 	SSL_AES128,
1990 	SSL_SHA1,
1991 	SSL_TLSV1,
1992 	SSL_NOT_EXP|SSL_HIGH,
1993 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1994 	128,
1995 	128,
1996 	},
1997 
1998 	/* Cipher C019 */
1999 	{
2000 	1,
2001 	TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2002 	TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2003 	SSL_kEECDH,
2004 	SSL_aNULL,
2005 	SSL_AES256,
2006 	SSL_SHA1,
2007 	SSL_TLSV1,
2008 	SSL_NOT_EXP|SSL_HIGH,
2009 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2010 	256,
2011 	256,
2012 	},
2013 #endif	/* OPENSSL_NO_ECDH */
2014 
2015 #ifdef TEMP_GOST_TLS
2016 /* Cipher FF00 */
2017 	{
2018 	1,
2019 	"GOST-MD5",
2020 	0x0300ff00,
2021 	SSL_kRSA,
2022 	SSL_aRSA,
2023 	SSL_eGOST2814789CNT,
2024 	SSL_MD5,
2025 	SSL_TLSV1,
2026 	SSL_NOT_EXP|SSL_HIGH,
2027 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 	256,
2029 	256,
2030 	},
2031 	{
2032 	1,
2033 	"GOST-GOST94",
2034 	0x0300ff01,
2035 	SSL_kRSA,
2036 	SSL_aRSA,
2037 	SSL_eGOST2814789CNT,
2038 	SSL_GOST94,
2039 	SSL_TLSV1,
2040 	SSL_NOT_EXP|SSL_HIGH,
2041 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 	256,
2043 	256
2044 	},
2045 	{
2046 	1,
2047 	"GOST-GOST89MAC",
2048 	0x0300ff02,
2049 	SSL_kRSA,
2050 	SSL_aRSA,
2051 	SSL_eGOST2814789CNT,
2052 	SSL_GOST89MAC,
2053 	SSL_TLSV1,
2054 	SSL_NOT_EXP|SSL_HIGH,
2055 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 	256,
2057 	256
2058 	},
2059 	{
2060 	1,
2061 	"GOST-GOST89STREAM",
2062 	0x0300ff03,
2063 	SSL_kRSA,
2064 	SSL_aRSA,
2065 	SSL_eGOST2814789CNT,
2066 	SSL_GOST89MAC,
2067 	SSL_TLSV1,
2068 	SSL_NOT_EXP|SSL_HIGH,
2069 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 	256,
2071 	256
2072 	},
2073 #endif
2074 
2075 /* end of list */
2076 	};
2077 
2078 SSL3_ENC_METHOD SSLv3_enc_data={
2079 	ssl3_enc,
2080 	n_ssl3_mac,
2081 	ssl3_setup_key_block,
2082 	ssl3_generate_master_secret,
2083 	ssl3_change_cipher_state,
2084 	ssl3_final_finish_mac,
2085 	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2086 	ssl3_cert_verify_mac,
2087 	SSL3_MD_CLIENT_FINISHED_CONST,4,
2088 	SSL3_MD_SERVER_FINISHED_CONST,4,
2089 	ssl3_alert_code,
2090 	};
2091 
ssl3_default_timeout(void)2092 long ssl3_default_timeout(void)
2093 	{
2094 	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
2095 	 * is way too long for http, the cache would over fill */
2096 	return(60*60*2);
2097 	}
2098 
ssl3_num_ciphers(void)2099 int ssl3_num_ciphers(void)
2100 	{
2101 	return(SSL3_NUM_CIPHERS);
2102 	}
2103 
ssl3_get_cipher(unsigned int u)2104 const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2105 	{
2106 	if (u < SSL3_NUM_CIPHERS)
2107 		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2108 	else
2109 		return(NULL);
2110 	}
2111 
ssl3_pending(const SSL * s)2112 int ssl3_pending(const SSL *s)
2113 	{
2114 	if (s->rstate == SSL_ST_READ_BODY)
2115 		return 0;
2116 
2117 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2118 	}
2119 
ssl3_new(SSL * s)2120 int ssl3_new(SSL *s)
2121 	{
2122 	SSL3_STATE *s3;
2123 
2124 	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2125 	memset(s3,0,sizeof *s3);
2126 	memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2127 	memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2128 
2129 	s->s3=s3;
2130 
2131 	s->method->ssl_clear(s);
2132 	return(1);
2133 err:
2134 	return(0);
2135 	}
2136 
ssl3_free(SSL * s)2137 void ssl3_free(SSL *s)
2138 	{
2139 	if(s == NULL)
2140 	    return;
2141 
2142 #ifdef TLSEXT_TYPE_opaque_prf_input
2143 	if (s->s3->client_opaque_prf_input != NULL)
2144 		OPENSSL_free(s->s3->client_opaque_prf_input);
2145 	if (s->s3->server_opaque_prf_input != NULL)
2146 		OPENSSL_free(s->s3->server_opaque_prf_input);
2147 #endif
2148 
2149 	ssl3_cleanup_key_block(s);
2150 	if (s->s3->rbuf.buf != NULL)
2151 		ssl3_release_read_buffer(s);
2152 	if (s->s3->wbuf.buf != NULL)
2153 		ssl3_release_write_buffer(s);
2154 	if (s->s3->rrec.comp != NULL)
2155 		OPENSSL_free(s->s3->rrec.comp);
2156 #ifndef OPENSSL_NO_DH
2157 	if (s->s3->tmp.dh != NULL)
2158 		DH_free(s->s3->tmp.dh);
2159 #endif
2160 #ifndef OPENSSL_NO_ECDH
2161 	if (s->s3->tmp.ecdh != NULL)
2162 		EC_KEY_free(s->s3->tmp.ecdh);
2163 #endif
2164 
2165 	if (s->s3->tmp.ca_names != NULL)
2166 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2167 	if (s->s3->handshake_buffer) {
2168 		BIO_free(s->s3->handshake_buffer);
2169 	}
2170 	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2171 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
2172 	OPENSSL_free(s->s3);
2173 	s->s3=NULL;
2174 	}
2175 
ssl3_clear(SSL * s)2176 void ssl3_clear(SSL *s)
2177 	{
2178 	unsigned char *rp,*wp;
2179 	size_t rlen, wlen;
2180 
2181 #ifdef TLSEXT_TYPE_opaque_prf_input
2182 	if (s->s3->client_opaque_prf_input != NULL)
2183 		OPENSSL_free(s->s3->client_opaque_prf_input);
2184 	s->s3->client_opaque_prf_input = NULL;
2185 	if (s->s3->server_opaque_prf_input != NULL)
2186 		OPENSSL_free(s->s3->server_opaque_prf_input);
2187 	s->s3->server_opaque_prf_input = NULL;
2188 #endif
2189 
2190 	ssl3_cleanup_key_block(s);
2191 	if (s->s3->tmp.ca_names != NULL)
2192 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2193 
2194 	if (s->s3->rrec.comp != NULL)
2195 		{
2196 		OPENSSL_free(s->s3->rrec.comp);
2197 		s->s3->rrec.comp=NULL;
2198 		}
2199 #ifndef OPENSSL_NO_DH
2200 	if (s->s3->tmp.dh != NULL)
2201 		DH_free(s->s3->tmp.dh);
2202 #endif
2203 #ifndef OPENSSL_NO_ECDH
2204 	if (s->s3->tmp.ecdh != NULL)
2205 		EC_KEY_free(s->s3->tmp.ecdh);
2206 #endif
2207 
2208 	rp = s->s3->rbuf.buf;
2209 	wp = s->s3->wbuf.buf;
2210 	rlen = s->s3->rbuf.len;
2211  	wlen = s->s3->wbuf.len;
2212 	if (s->s3->handshake_buffer) {
2213 		BIO_free(s->s3->handshake_buffer);
2214 		s->s3->handshake_buffer = NULL;
2215 	}
2216 	if (s->s3->handshake_dgst) {
2217 		ssl3_free_digest_list(s);
2218 	}
2219 	memset(s->s3,0,sizeof *s->s3);
2220 	s->s3->rbuf.buf = rp;
2221 	s->s3->wbuf.buf = wp;
2222 	s->s3->rbuf.len = rlen;
2223  	s->s3->wbuf.len = wlen;
2224 
2225 	ssl_free_wbio_buffer(s);
2226 
2227 	s->packet_length=0;
2228 	s->s3->renegotiate=0;
2229 	s->s3->total_renegotiations=0;
2230 	s->s3->num_renegotiations=0;
2231 	s->s3->in_read_app_data=0;
2232 	s->version=SSL3_VERSION;
2233 	}
2234 
ssl3_ctrl(SSL * s,int cmd,long larg,void * parg)2235 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2236 	{
2237 	int ret=0;
2238 
2239 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2240 	if (
2241 #ifndef OPENSSL_NO_RSA
2242 	    cmd == SSL_CTRL_SET_TMP_RSA ||
2243 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2244 #endif
2245 #ifndef OPENSSL_NO_DSA
2246 	    cmd == SSL_CTRL_SET_TMP_DH ||
2247 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
2248 #endif
2249 		0)
2250 		{
2251 		if (!ssl_cert_inst(&s->cert))
2252 		    	{
2253 			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
2254 			return(0);
2255 			}
2256 		}
2257 #endif
2258 
2259 	switch (cmd)
2260 		{
2261 	case SSL_CTRL_GET_SESSION_REUSED:
2262 		ret=s->hit;
2263 		break;
2264 	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2265 		break;
2266 	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2267 		ret=s->s3->num_renegotiations;
2268 		break;
2269 	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2270 		ret=s->s3->num_renegotiations;
2271 		s->s3->num_renegotiations=0;
2272 		break;
2273 	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2274 		ret=s->s3->total_renegotiations;
2275 		break;
2276 	case SSL_CTRL_GET_FLAGS:
2277 		ret=(int)(s->s3->flags);
2278 		break;
2279 #ifndef OPENSSL_NO_RSA
2280 	case SSL_CTRL_NEED_TMP_RSA:
2281 		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
2282 		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2283 		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
2284 			ret = 1;
2285 		break;
2286 	case SSL_CTRL_SET_TMP_RSA:
2287 		{
2288 			RSA *rsa = (RSA *)parg;
2289 			if (rsa == NULL)
2290 				{
2291 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2292 				return(ret);
2293 				}
2294 			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
2295 				{
2296 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
2297 				return(ret);
2298 				}
2299 			if (s->cert->rsa_tmp != NULL)
2300 				RSA_free(s->cert->rsa_tmp);
2301 			s->cert->rsa_tmp = rsa;
2302 			ret = 1;
2303 		}
2304 		break;
2305 	case SSL_CTRL_SET_TMP_RSA_CB:
2306 		{
2307 		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2308 		return(ret);
2309 		}
2310 		break;
2311 #endif
2312 #ifndef OPENSSL_NO_DH
2313 	case SSL_CTRL_SET_TMP_DH:
2314 		{
2315 			DH *dh = (DH *)parg;
2316 			if (dh == NULL)
2317 				{
2318 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2319 				return(ret);
2320 				}
2321 			if ((dh = DHparams_dup(dh)) == NULL)
2322 				{
2323 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2324 				return(ret);
2325 				}
2326 			if (!(s->options & SSL_OP_SINGLE_DH_USE))
2327 				{
2328 				if (!DH_generate_key(dh))
2329 					{
2330 					DH_free(dh);
2331 					SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
2332 					return(ret);
2333 					}
2334 				}
2335 			if (s->cert->dh_tmp != NULL)
2336 				DH_free(s->cert->dh_tmp);
2337 			s->cert->dh_tmp = dh;
2338 			ret = 1;
2339 		}
2340 		break;
2341 	case SSL_CTRL_SET_TMP_DH_CB:
2342 		{
2343 		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2344 		return(ret);
2345 		}
2346 		break;
2347 #endif
2348 #ifndef OPENSSL_NO_ECDH
2349 	case SSL_CTRL_SET_TMP_ECDH:
2350 		{
2351 		EC_KEY *ecdh = NULL;
2352 
2353 		if (parg == NULL)
2354 			{
2355 			SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
2356 			return(ret);
2357 			}
2358 		if (!EC_KEY_up_ref((EC_KEY *)parg))
2359 			{
2360 			SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2361 			return(ret);
2362 			}
2363 		ecdh = (EC_KEY *)parg;
2364 		if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
2365 			{
2366 			if (!EC_KEY_generate_key(ecdh))
2367 				{
2368 				EC_KEY_free(ecdh);
2369 				SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
2370 				return(ret);
2371 				}
2372 			}
2373 		if (s->cert->ecdh_tmp != NULL)
2374 			EC_KEY_free(s->cert->ecdh_tmp);
2375 		s->cert->ecdh_tmp = ecdh;
2376 		ret = 1;
2377 		}
2378 		break;
2379 	case SSL_CTRL_SET_TMP_ECDH_CB:
2380 		{
2381 		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2382 		return(ret);
2383 		}
2384 		break;
2385 #endif /* !OPENSSL_NO_ECDH */
2386 #ifndef OPENSSL_NO_TLSEXT
2387 	case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2388  		if (larg == TLSEXT_NAMETYPE_host_name)
2389 			{
2390 			if (s->tlsext_hostname != NULL)
2391 				OPENSSL_free(s->tlsext_hostname);
2392 			s->tlsext_hostname = NULL;
2393 
2394 			ret = 1;
2395 			if (parg == NULL)
2396 				break;
2397 			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
2398 				{
2399 				SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2400 				return 0;
2401 				}
2402 			if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
2403 				{
2404 				SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
2405 				return 0;
2406 				}
2407 			}
2408 		else
2409 			{
2410 			SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2411 			return 0;
2412 			}
2413  		break;
2414 	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2415 		s->tlsext_debug_arg=parg;
2416 		ret = 1;
2417 		break;
2418 
2419 #ifdef TLSEXT_TYPE_opaque_prf_input
2420 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2421 		if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2422 		                   * (including the cert chain and everything) */
2423 			{
2424 			SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2425 			break;
2426 			}
2427 		if (s->tlsext_opaque_prf_input != NULL)
2428 			OPENSSL_free(s->tlsext_opaque_prf_input);
2429 		if ((size_t)larg == 0)
2430 			s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2431 		else
2432 			s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2433 		if (s->tlsext_opaque_prf_input != NULL)
2434 			{
2435 			s->tlsext_opaque_prf_input_len = (size_t)larg;
2436 			ret = 1;
2437 			}
2438 		else
2439 			s->tlsext_opaque_prf_input_len = 0;
2440 		break;
2441 #endif
2442 
2443 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2444 		s->tlsext_status_type=larg;
2445 		ret = 1;
2446 		break;
2447 
2448 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2449 		*(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2450 		ret = 1;
2451 		break;
2452 
2453 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2454 		s->tlsext_ocsp_exts = parg;
2455 		ret = 1;
2456 		break;
2457 
2458 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2459 		*(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2460 		ret = 1;
2461 		break;
2462 
2463 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2464 		s->tlsext_ocsp_ids = parg;
2465 		ret = 1;
2466 		break;
2467 
2468 	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2469 		*(unsigned char **)parg = s->tlsext_ocsp_resp;
2470 		return s->tlsext_ocsp_resplen;
2471 
2472 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2473 		if (s->tlsext_ocsp_resp)
2474 			OPENSSL_free(s->tlsext_ocsp_resp);
2475 		s->tlsext_ocsp_resp = parg;
2476 		s->tlsext_ocsp_resplen = larg;
2477 		ret = 1;
2478 		break;
2479 
2480 #endif /* !OPENSSL_NO_TLSEXT */
2481 	default:
2482 		break;
2483 		}
2484 	return(ret);
2485 	}
2486 
ssl3_callback_ctrl(SSL * s,int cmd,void (* fp)(void))2487 long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2488 	{
2489 	int ret=0;
2490 
2491 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
2492 	if (
2493 #ifndef OPENSSL_NO_RSA
2494 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
2495 #endif
2496 #ifndef OPENSSL_NO_DSA
2497 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
2498 #endif
2499 		0)
2500 		{
2501 		if (!ssl_cert_inst(&s->cert))
2502 			{
2503 			SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
2504 			return(0);
2505 			}
2506 		}
2507 #endif
2508 
2509 	switch (cmd)
2510 		{
2511 #ifndef OPENSSL_NO_RSA
2512 	case SSL_CTRL_SET_TMP_RSA_CB:
2513 		{
2514 		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2515 		}
2516 		break;
2517 #endif
2518 #ifndef OPENSSL_NO_DH
2519 	case SSL_CTRL_SET_TMP_DH_CB:
2520 		{
2521 		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2522 		}
2523 		break;
2524 #endif
2525 #ifndef OPENSSL_NO_ECDH
2526 	case SSL_CTRL_SET_TMP_ECDH_CB:
2527 		{
2528 		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2529 		}
2530 		break;
2531 #endif
2532 #ifndef OPENSSL_NO_TLSEXT
2533 	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2534 		s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
2535 					unsigned char *, int, void *))fp;
2536 		break;
2537 #endif
2538 	default:
2539 		break;
2540 		}
2541 	return(ret);
2542 	}
2543 
ssl3_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)2544 long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2545 	{
2546 	CERT *cert;
2547 
2548 	cert=ctx->cert;
2549 
2550 	switch (cmd)
2551 		{
2552 #ifndef OPENSSL_NO_RSA
2553 	case SSL_CTRL_NEED_TMP_RSA:
2554 		if (	(cert->rsa_tmp == NULL) &&
2555 			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
2556 			 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
2557 			)
2558 			return(1);
2559 		else
2560 			return(0);
2561 		/* break; */
2562 	case SSL_CTRL_SET_TMP_RSA:
2563 		{
2564 		RSA *rsa;
2565 		int i;
2566 
2567 		rsa=(RSA *)parg;
2568 		i=1;
2569 		if (rsa == NULL)
2570 			i=0;
2571 		else
2572 			{
2573 			if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
2574 				i=0;
2575 			}
2576 		if (!i)
2577 			{
2578 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
2579 			return(0);
2580 			}
2581 		else
2582 			{
2583 			if (cert->rsa_tmp != NULL)
2584 				RSA_free(cert->rsa_tmp);
2585 			cert->rsa_tmp=rsa;
2586 			return(1);
2587 			}
2588 		}
2589 		/* break; */
2590 	case SSL_CTRL_SET_TMP_RSA_CB:
2591 		{
2592 		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2593 		return(0);
2594 		}
2595 		break;
2596 #endif
2597 #ifndef OPENSSL_NO_DH
2598 	case SSL_CTRL_SET_TMP_DH:
2599 		{
2600 		DH *new=NULL,*dh;
2601 
2602 		dh=(DH *)parg;
2603 		if ((new=DHparams_dup(dh)) == NULL)
2604 			{
2605 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2606 			return 0;
2607 			}
2608 		if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
2609 			{
2610 			if (!DH_generate_key(new))
2611 				{
2612 				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
2613 				DH_free(new);
2614 				return 0;
2615 				}
2616 			}
2617 		if (cert->dh_tmp != NULL)
2618 			DH_free(cert->dh_tmp);
2619 		cert->dh_tmp=new;
2620 		return 1;
2621 		}
2622 		/*break; */
2623 	case SSL_CTRL_SET_TMP_DH_CB:
2624 		{
2625 		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2626 		return(0);
2627 		}
2628 		break;
2629 #endif
2630 #ifndef OPENSSL_NO_ECDH
2631 	case SSL_CTRL_SET_TMP_ECDH:
2632 		{
2633 		EC_KEY *ecdh = NULL;
2634 
2635 		if (parg == NULL)
2636 			{
2637 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2638 			return 0;
2639 			}
2640 		ecdh = EC_KEY_dup((EC_KEY *)parg);
2641 		if (ecdh == NULL)
2642 			{
2643 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
2644 			return 0;
2645 			}
2646 		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
2647 			{
2648 			if (!EC_KEY_generate_key(ecdh))
2649 				{
2650 				EC_KEY_free(ecdh);
2651 				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
2652 				return 0;
2653 				}
2654 			}
2655 
2656 		if (cert->ecdh_tmp != NULL)
2657 			{
2658 			EC_KEY_free(cert->ecdh_tmp);
2659 			}
2660 		cert->ecdh_tmp = ecdh;
2661 		return 1;
2662 		}
2663 		/* break; */
2664 	case SSL_CTRL_SET_TMP_ECDH_CB:
2665 		{
2666 		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2667 		return(0);
2668 		}
2669 		break;
2670 #endif /* !OPENSSL_NO_ECDH */
2671 #ifndef OPENSSL_NO_TLSEXT
2672 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2673 		ctx->tlsext_servername_arg=parg;
2674 		break;
2675 	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2676 	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2677 		{
2678 		unsigned char *keys = parg;
2679 		if (!keys)
2680 			return 48;
2681 		if (larg != 48)
2682 			{
2683 			SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
2684 			return 0;
2685 			}
2686 		if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
2687 			{
2688 			memcpy(ctx->tlsext_tick_key_name, keys, 16);
2689 			memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
2690 			memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2691 			}
2692 		else
2693 			{
2694 			memcpy(keys, ctx->tlsext_tick_key_name, 16);
2695 			memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
2696 			memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
2697 			}
2698 		return 1;
2699 		}
2700 
2701 #ifdef TLSEXT_TYPE_opaque_prf_input
2702 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2703 		ctx->tlsext_opaque_prf_input_callback_arg = parg;
2704 		return 1;
2705 #endif
2706 
2707 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2708 		ctx->tlsext_status_arg=parg;
2709 		return 1;
2710 		break;
2711 
2712 #endif /* !OPENSSL_NO_TLSEXT */
2713 
2714 	/* A Thawte special :-) */
2715 	case SSL_CTRL_EXTRA_CHAIN_CERT:
2716 		if (ctx->extra_certs == NULL)
2717 			{
2718 			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
2719 				return(0);
2720 			}
2721 		sk_X509_push(ctx->extra_certs,(X509 *)parg);
2722 		break;
2723 
2724 	default:
2725 		return(0);
2726 		}
2727 	return(1);
2728 	}
2729 
ssl3_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))2730 long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2731 	{
2732 	CERT *cert;
2733 
2734 	cert=ctx->cert;
2735 
2736 	switch (cmd)
2737 		{
2738 #ifndef OPENSSL_NO_RSA
2739 	case SSL_CTRL_SET_TMP_RSA_CB:
2740 		{
2741 		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
2742 		}
2743 		break;
2744 #endif
2745 #ifndef OPENSSL_NO_DH
2746 	case SSL_CTRL_SET_TMP_DH_CB:
2747 		{
2748 		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2749 		}
2750 		break;
2751 #endif
2752 #ifndef OPENSSL_NO_ECDH
2753 	case SSL_CTRL_SET_TMP_ECDH_CB:
2754 		{
2755 		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2756 		}
2757 		break;
2758 #endif
2759 #ifndef OPENSSL_NO_TLSEXT
2760 	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2761 		ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2762 		break;
2763 
2764 #ifdef TLSEXT_TYPE_opaque_prf_input
2765 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2766 		ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2767 		break;
2768 #endif
2769 
2770 	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2771 		ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2772 		break;
2773 
2774 	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2775 		ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
2776 						unsigned char *,
2777 						EVP_CIPHER_CTX *,
2778 						HMAC_CTX *, int))fp;
2779 		break;
2780 
2781 #endif
2782 	default:
2783 		return(0);
2784 		}
2785 	return(1);
2786 	}
2787 
2788 /* This function needs to check if the ciphers required are actually
2789  * available */
ssl3_get_cipher_by_char(const unsigned char * p)2790 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2791 	{
2792 	SSL_CIPHER c;
2793 	const SSL_CIPHER *cp;
2794 	unsigned long id;
2795 
2796 	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2797 	c.id=id;
2798 	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2799 	if (cp == NULL || cp->valid == 0)
2800 		return NULL;
2801 	else
2802 		return cp;
2803 	}
2804 
ssl3_put_cipher_by_char(const SSL_CIPHER * c,unsigned char * p)2805 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2806 	{
2807 	long l;
2808 
2809 	if (p != NULL)
2810 		{
2811 		l=c->id;
2812 		if ((l & 0xff000000) != 0x03000000) return(0);
2813 		p[0]=((unsigned char)(l>> 8L))&0xFF;
2814 		p[1]=((unsigned char)(l     ))&0xFF;
2815 		}
2816 	return(2);
2817 	}
2818 
ssl3_choose_cipher(SSL * s,STACK_OF (SSL_CIPHER)* clnt,STACK_OF (SSL_CIPHER)* srvr)2819 SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2820 	     STACK_OF(SSL_CIPHER) *srvr)
2821 	{
2822 	SSL_CIPHER *c,*ret=NULL;
2823 	STACK_OF(SSL_CIPHER) *prio, *allow;
2824 	int i,ii,ok;
2825 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2826 	unsigned int j;
2827 	int ec_ok, ec_nid;
2828 	unsigned char ec_search1 = 0, ec_search2 = 0;
2829 #endif
2830 	CERT *cert;
2831 	unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2832 
2833 	/* Let's see which ciphers we can support */
2834 	cert=s->cert;
2835 
2836 #if 0
2837 	/* Do not set the compare functions, because this may lead to a
2838 	 * reordering by "id". We want to keep the original ordering.
2839 	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2840 	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2841 	 */
2842 	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
2843 	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
2844 #endif
2845 
2846 #ifdef CIPHER_DEBUG
2847 	printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2848 	for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2849 		{
2850 		c=sk_SSL_CIPHER_value(srvr,i);
2851 		printf("%p:%s\n",(void *)c,c->name);
2852 		}
2853 	printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2854 	for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2855 	    {
2856 	    c=sk_SSL_CIPHER_value(clnt,i);
2857 	    printf("%p:%s\n",(void *)c,c->name);
2858 	    }
2859 #endif
2860 
2861 	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2862 		{
2863 		prio = srvr;
2864 		allow = clnt;
2865 		}
2866 	else
2867 		{
2868 		prio = clnt;
2869 		allow = srvr;
2870 		}
2871 
2872 	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2873 		{
2874 		c=sk_SSL_CIPHER_value(prio,i);
2875 
2876 		ssl_set_cert_masks(cert,c);
2877 		mask_k = cert->mask_k;
2878 		mask_a = cert->mask_a;
2879 		emask_k = cert->export_mask_k;
2880 		emask_a = cert->export_mask_a;
2881 
2882 #ifdef KSSL_DEBUG
2883 /*		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2884 #endif    /* KSSL_DEBUG */
2885 
2886 		alg_k=c->algorithm_mkey;
2887 		alg_a=c->algorithm_auth;
2888 
2889 #ifndef OPENSSL_NO_KRB5
2890 		if (alg_k & SSL_kKRB5)
2891 			{
2892 			if ( !kssl_keytab_is_available(s->kssl_ctx) )
2893 			    continue;
2894 			}
2895 #endif /* OPENSSL_NO_KRB5 */
2896 #ifndef OPENSSL_NO_PSK
2897 		/* with PSK there must be server callback set */
2898 		if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2899 			continue;
2900 #endif /* OPENSSL_NO_PSK */
2901 
2902 		if (SSL_C_IS_EXPORT(c))
2903 			{
2904 			ok = (alg_k & emask_k) && (alg_a & emask_a);
2905 #ifdef CIPHER_DEBUG
2906 			printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2907 			       (void *)c,c->name);
2908 #endif
2909 			}
2910 		else
2911 			{
2912 			ok = (alg_k & mask_k) && (alg_a & mask_a);
2913 #ifdef CIPHER_DEBUG
2914 			printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2915 			       c->name);
2916 #endif
2917 			}
2918 
2919 #ifndef OPENSSL_NO_TLSEXT
2920 #ifndef OPENSSL_NO_EC
2921 		if (
2922 			/* if we are considering an ECC cipher suite that uses our certificate */
2923 			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2924 			/* and we have an ECC certificate */
2925 			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2926 			/* and the client specified a Supported Point Formats extension */
2927 			&& ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2928 			/* and our certificate's point is compressed */
2929 			&& (
2930 				(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2931 				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2932 				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2933 				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2934 				&& (
2935 					(*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2936 					|| (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2937 					)
2938 				)
2939 		)
2940 			{
2941 			ec_ok = 0;
2942 			/* if our certificate's curve is over a field type that the client does not support
2943 			 * then do not allow this cipher suite to be negotiated */
2944 			if (
2945 				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2946 				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2947 				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2948 				&& (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2949 			)
2950 				{
2951 				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2952 					{
2953 					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2954 						{
2955 						ec_ok = 1;
2956 						break;
2957 						}
2958 					}
2959 				}
2960 			else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2961 				{
2962 				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2963 					{
2964 					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2965 						{
2966 						ec_ok = 1;
2967 						break;
2968 						}
2969 					}
2970 				}
2971 			ok = ok && ec_ok;
2972 			}
2973 		if (
2974 			/* if we are considering an ECC cipher suite that uses our certificate */
2975 			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2976 			/* and we have an ECC certificate */
2977 			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2978 			/* and the client specified an EllipticCurves extension */
2979 			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2980 		)
2981 			{
2982 			ec_ok = 0;
2983 			if (
2984 				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2985 				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2986 			)
2987 				{
2988 				ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2989 				if ((ec_nid == 0)
2990 					&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2991 				)
2992 					{
2993 					if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2994 						{
2995 						ec_search1 = 0xFF;
2996 						ec_search2 = 0x01;
2997 						}
2998 					else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2999 						{
3000 						ec_search1 = 0xFF;
3001 						ec_search2 = 0x02;
3002 						}
3003 					}
3004 				else
3005 					{
3006 					ec_search1 = 0x00;
3007 					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3008 					}
3009 				if ((ec_search1 != 0) || (ec_search2 != 0))
3010 					{
3011 					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3012 						{
3013 						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3014 							{
3015 							ec_ok = 1;
3016 							break;
3017 							}
3018 						}
3019 					}
3020 				}
3021 			ok = ok && ec_ok;
3022 			}
3023 		if (
3024 			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3025 			(alg_k & SSL_kEECDH)
3026 			/* and we have an ephemeral EC key */
3027 			&& (s->cert->ecdh_tmp != NULL)
3028 			/* and the client specified an EllipticCurves extension */
3029 			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3030 		)
3031 			{
3032 			ec_ok = 0;
3033 			if (s->cert->ecdh_tmp->group != NULL)
3034 				{
3035 				ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3036 				if ((ec_nid == 0)
3037 					&& (s->cert->ecdh_tmp->group->meth != NULL)
3038 				)
3039 					{
3040 					if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3041 						{
3042 						ec_search1 = 0xFF;
3043 						ec_search2 = 0x01;
3044 						}
3045 					else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3046 						{
3047 						ec_search1 = 0xFF;
3048 						ec_search2 = 0x02;
3049 						}
3050 					}
3051 				else
3052 					{
3053 					ec_search1 = 0x00;
3054 					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3055 					}
3056 				if ((ec_search1 != 0) || (ec_search2 != 0))
3057 					{
3058 					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3059 						{
3060 						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3061 							{
3062 							ec_ok = 1;
3063 							break;
3064 							}
3065 						}
3066 					}
3067 				}
3068 			ok = ok && ec_ok;
3069 			}
3070 #endif /* OPENSSL_NO_EC */
3071 #endif /* OPENSSL_NO_TLSEXT */
3072 
3073 		if (!ok) continue;
3074 		ii=sk_SSL_CIPHER_find(allow,c);
3075 		if (ii >= 0)
3076 			{
3077 			ret=sk_SSL_CIPHER_value(allow,ii);
3078 			break;
3079 			}
3080 		}
3081 	return(ret);
3082 	}
3083 
ssl3_get_req_cert_type(SSL * s,unsigned char * p)3084 int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
3085 	{
3086 	int ret=0;
3087 	unsigned long alg_k;
3088 
3089 	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
3090 
3091 #ifndef OPENSSL_NO_GOST
3092 	if (s->version >= TLS1_VERSION)
3093 		{
3094 		if (alg_k & SSL_kGOST)
3095 			{
3096 			p[ret++]=TLS_CT_GOST94_SIGN;
3097 			p[ret++]=TLS_CT_GOST01_SIGN;
3098 			return(ret);
3099 			}
3100 		}
3101 #endif
3102 
3103 #ifndef OPENSSL_NO_DH
3104 	if (alg_k & (SSL_kDHr|SSL_kEDH))
3105 		{
3106 #  ifndef OPENSSL_NO_RSA
3107 		p[ret++]=SSL3_CT_RSA_FIXED_DH;
3108 #  endif
3109 #  ifndef OPENSSL_NO_DSA
3110 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
3111 #  endif
3112 		}
3113 	if ((s->version == SSL3_VERSION) &&
3114 		(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
3115 		{
3116 #  ifndef OPENSSL_NO_RSA
3117 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
3118 #  endif
3119 #  ifndef OPENSSL_NO_DSA
3120 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
3121 #  endif
3122 		}
3123 #endif /* !OPENSSL_NO_DH */
3124 #ifndef OPENSSL_NO_RSA
3125 	p[ret++]=SSL3_CT_RSA_SIGN;
3126 #endif
3127 #ifndef OPENSSL_NO_DSA
3128 	p[ret++]=SSL3_CT_DSS_SIGN;
3129 #endif
3130 #ifndef OPENSSL_NO_ECDH
3131 	if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
3132 		{
3133 		p[ret++]=TLS_CT_RSA_FIXED_ECDH;
3134 		p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
3135 		}
3136 #endif
3137 
3138 #ifndef OPENSSL_NO_ECDSA
3139 	/* ECDSA certs can be used with RSA cipher suites as well
3140 	 * so we don't need to check for SSL_kECDH or SSL_kEECDH
3141 	 */
3142 	if (s->version >= TLS1_VERSION)
3143 		{
3144 		p[ret++]=TLS_CT_ECDSA_SIGN;
3145 		}
3146 #endif
3147 	return(ret);
3148 	}
3149 
ssl3_shutdown(SSL * s)3150 int ssl3_shutdown(SSL *s)
3151 	{
3152 	int ret;
3153 
3154 	/* Don't do anything much if we have not done the handshake or
3155 	 * we don't want to send messages :-) */
3156 	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
3157 		{
3158 		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
3159 		return(1);
3160 		}
3161 
3162 	if (!(s->shutdown & SSL_SENT_SHUTDOWN))
3163 		{
3164 		s->shutdown|=SSL_SENT_SHUTDOWN;
3165 #if 1
3166 		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
3167 #endif
3168 		/* our shutdown alert has been sent now, and if it still needs
3169 	 	 * to be written, s->s3->alert_dispatch will be true */
3170 	 	if (s->s3->alert_dispatch)
3171 	 		return(-1);	/* return WANT_WRITE */
3172 		}
3173 	else if (s->s3->alert_dispatch)
3174 		{
3175 		/* resend it if not sent */
3176 #if 1
3177 		ret=s->method->ssl_dispatch_alert(s);
3178 		if(ret == -1)
3179 			{
3180 			/* we only get to return -1 here the 2nd/Nth
3181 			 * invocation, we must  have already signalled
3182 			 * return 0 upon a previous invoation,
3183 			 * return WANT_WRITE */
3184 			return(ret);
3185 			}
3186 #endif
3187 		}
3188 	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3189 		{
3190 		/* If we are waiting for a close from our peer, we are closed */
3191 		s->method->ssl_read_bytes(s,0,NULL,0,0);
3192 		if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3193 			{
3194 			return(-1);	/* return WANT_READ */
3195 			}
3196 		}
3197 
3198 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
3199 		!s->s3->alert_dispatch)
3200 		return(1);
3201 	else
3202 		return(0);
3203 	}
3204 
ssl3_write(SSL * s,const void * buf,int len)3205 int ssl3_write(SSL *s, const void *buf, int len)
3206 	{
3207 	int ret,n;
3208 
3209 #if 0
3210 	if (s->shutdown & SSL_SEND_SHUTDOWN)
3211 		{
3212 		s->rwstate=SSL_NOTHING;
3213 		return(0);
3214 		}
3215 #endif
3216 	clear_sys_error();
3217 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3218 
3219 	/* This is an experimental flag that sends the
3220 	 * last handshake message in the same packet as the first
3221 	 * use data - used to see if it helps the TCP protocol during
3222 	 * session-id reuse */
3223 	/* The second test is because the buffer may have been removed */
3224 	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3225 		{
3226 		/* First time through, we write into the buffer */
3227 		if (s->s3->delay_buf_pop_ret == 0)
3228 			{
3229 			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3230 					     buf,len);
3231 			if (ret <= 0) return(ret);
3232 
3233 			s->s3->delay_buf_pop_ret=ret;
3234 			}
3235 
3236 		s->rwstate=SSL_WRITING;
3237 		n=BIO_flush(s->wbio);
3238 		if (n <= 0) return(n);
3239 		s->rwstate=SSL_NOTHING;
3240 
3241 		/* We have flushed the buffer, so remove it */
3242 		ssl_free_wbio_buffer(s);
3243 		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
3244 
3245 		ret=s->s3->delay_buf_pop_ret;
3246 		s->s3->delay_buf_pop_ret=0;
3247 		}
3248 	else
3249 		{
3250 		ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
3251 			buf,len);
3252 		if (ret <= 0) return(ret);
3253 		}
3254 
3255 	return(ret);
3256 	}
3257 
ssl3_read_internal(SSL * s,void * buf,int len,int peek)3258 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
3259 	{
3260 	int n,ret;
3261 
3262 	clear_sys_error();
3263 	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
3264 		{
3265 		/* Deal with an application that calls SSL_read() when handshake data
3266 		 * is yet to be written.
3267 		 */
3268 		if (BIO_wpending(s->wbio) > 0)
3269 			{
3270 			s->rwstate=SSL_WRITING;
3271 			n=BIO_flush(s->wbio);
3272 			if (n <= 0) return(n);
3273 			s->rwstate=SSL_NOTHING;
3274 			}
3275 		}
3276 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
3277 	s->s3->in_read_app_data=1;
3278 	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3279 	if ((ret == -1) && (s->s3->in_read_app_data == 2))
3280 		{
3281 		/* ssl3_read_bytes decided to call s->handshake_func, which
3282 		 * called ssl3_read_bytes to read handshake data.
3283 		 * However, ssl3_read_bytes actually found application data
3284 		 * and thinks that application data makes sense here; so disable
3285 		 * handshake processing and try to read application data again. */
3286 		s->in_handshake++;
3287 		ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
3288 		s->in_handshake--;
3289 		}
3290 	else
3291 		s->s3->in_read_app_data=0;
3292 
3293 	return(ret);
3294 	}
3295 
ssl3_read(SSL * s,void * buf,int len)3296 int ssl3_read(SSL *s, void *buf, int len)
3297 	{
3298 	return ssl3_read_internal(s, buf, len, 0);
3299 	}
3300 
ssl3_peek(SSL * s,void * buf,int len)3301 int ssl3_peek(SSL *s, void *buf, int len)
3302 	{
3303 	return ssl3_read_internal(s, buf, len, 1);
3304 	}
3305 
ssl3_renegotiate(SSL * s)3306 int ssl3_renegotiate(SSL *s)
3307 	{
3308 	if (s->handshake_func == NULL)
3309 		return(1);
3310 
3311 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
3312 		return(0);
3313 
3314 	s->s3->renegotiate=1;
3315 	return(1);
3316 	}
3317 
ssl3_renegotiate_check(SSL * s)3318 int ssl3_renegotiate_check(SSL *s)
3319 	{
3320 	int ret=0;
3321 
3322 	if (s->s3->renegotiate)
3323 		{
3324 		if (	(s->s3->rbuf.left == 0) &&
3325 			(s->s3->wbuf.left == 0) &&
3326 			!SSL_in_init(s))
3327 			{
3328 /*
3329 if we are the server, and we have sent a 'RENEGOTIATE' message, we
3330 need to go to SSL_ST_ACCEPT.
3331 */
3332 			/* SSL_ST_ACCEPT */
3333 			s->state=SSL_ST_RENEGOTIATE;
3334 			s->s3->renegotiate=0;
3335 			s->s3->num_renegotiations++;
3336 			s->s3->total_renegotiations++;
3337 			ret=1;
3338 			}
3339 		}
3340 	return(ret);
3341 	}
3342 
3343