Symaptic: os/ossrv/ssl/libssl/src/s3_lib.c@bde4ae8d615e (annotated)

sl@0	1	/* ssl/s3_lib.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58	/* ====================================================================
sl@0	59	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
sl@0	60	*
sl@0	61	* Redistribution and use in source and binary forms, with or without
sl@0	62	* modification, are permitted provided that the following conditions
sl@0	63	* are met:
sl@0	64	*
sl@0	65	* 1. Redistributions of source code must retain the above copyright
sl@0	66	* notice, this list of conditions and the following disclaimer.
sl@0	67	*
sl@0	68	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	69	* notice, this list of conditions and the following disclaimer in
sl@0	70	* the documentation and/or other materials provided with the
sl@0	71	* distribution.
sl@0	72	*
sl@0	73	* 3. All advertising materials mentioning features or use of this
sl@0	74	* software must display the following acknowledgment:
sl@0	75	* "This product includes software developed by the OpenSSL Project
sl@0	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
sl@0	77	*
sl@0	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	79	* endorse or promote products derived from this software without
sl@0	80	* prior written permission. For written permission, please contact
sl@0	81	* openssl-core@openssl.org.
sl@0	82	*
sl@0	83	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	84	* nor may "OpenSSL" appear in their names without prior written
sl@0	85	* permission of the OpenSSL Project.
sl@0	86	*
sl@0	87	* 6. Redistributions of any form whatsoever must retain the following
sl@0	88	* acknowledgment:
sl@0	89	* "This product includes software developed by the OpenSSL Project
sl@0	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
sl@0	91	*
sl@0	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	104	* ====================================================================
sl@0	105	*
sl@0	106	* This product includes cryptographic software written by Eric Young
sl@0	107	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	108	* Hudson (tjh@cryptsoft.com).
sl@0	109	*
sl@0	110	*/
sl@0	111	/* ====================================================================
sl@0	112	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
sl@0	113	*
sl@0	114	* Portions of the attached software ("Contribution") are developed by
sl@0	115	* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
sl@0	116	*
sl@0	117	* The Contribution is licensed pursuant to the OpenSSL open source
sl@0	118	* license provided above.
sl@0	119	*
sl@0	120	* ECC cipher suite support in OpenSSL originally written by
sl@0	121	* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
sl@0	122	*
sl@0	123	*/
sl@0	124	/*
sl@0	125	© Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
sl@0	126	*/
sl@0	127
sl@0	128	#include <stdio.h>
sl@0	129	#include <openssl/objects.h>
sl@0	130	#include "ssl_locl.h"
sl@0	131	#include "kssl_lcl.h"
sl@0	132	#include <openssl/md5.h>
sl@0	133	#ifndef OPENSSL_NO_DH
sl@0	134	#include <openssl/dh.h>
sl@0	135	#endif
sl@0	136	#include <openssl/pq_compat.h>
sl@0	137
sl@0	138	#if (defined(SYMBIAN) && (defined(__WINSCW__) \|\| defined(__WINS__)))
sl@0	139	#include "libssl_wsd.h"
sl@0	140	#endif
sl@0	141
sl@0	142
sl@0	143	#ifdef EMULATOR
sl@0	144
sl@0	145	GET_STATIC_VAR_FROM_TLS(sslv3_base_method_data,s3_lib,SSL_METHOD)
sl@0	146
sl@0	147	#define sslv3_base_method_data (*GET_WSD_VAR_NAME(sslv3_base_method_data,s3_lib,s)())
sl@0	148
sl@0	149	#endif
sl@0	150
sl@0	151	const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
sl@0	152
sl@0	153	#ifndef EMULATOR
sl@0	154	#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
sl@0	155	/* #else */
sl@0	156	/* #define SSL3_NUM_CIPHERS 87 /* Defined in libssl_wsd.h */
sl@0	157	#endif
sl@0	158
sl@0	159
sl@0	160	/* list of available SSLv3 ciphers (sorted by id) */
sl@0	161
sl@0	162	#ifdef EMULATOR
sl@0	163
sl@0	164	GET_GLOBAL_ARRAY_FROM_TLS(ssl3_ciphers,s3_lib,SSL_CIPHER)
sl@0	165
sl@0	166	#define ssl3_ciphers (GET_WSD_VAR_NAME(ssl3_ciphers,s3_lib,g)())
sl@0	167
sl@0	168	#endif
sl@0	169
sl@0	170
sl@0	171	#ifndef EMULATOR
sl@0	172	OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
sl@0	173	#else
sl@0	174	OPENSSL_GLOBAL const SSL_CIPHER temp_ssl3_ciphers[]={
sl@0	175	#endif
sl@0	176	/* The RSA ciphers */
sl@0	177	/* Cipher 01 */
sl@0	178	{
sl@0	179	1,
sl@0	180	SSL3_TXT_RSA_NULL_MD5,
sl@0	181	SSL3_CK_RSA_NULL_MD5,
sl@0	182	SSL_kRSA\|SSL_aRSA\|SSL_eNULL \|SSL_MD5\|SSL_SSLV3,
sl@0	183	SSL_NOT_EXP\|SSL_STRONG_NONE,
sl@0	184	0,
sl@0	185	0,
sl@0	186	0,
sl@0	187	SSL_ALL_CIPHERS,
sl@0	188	SSL_ALL_STRENGTHS,
sl@0	189	},
sl@0	190	/* Cipher 02 */
sl@0	191	{
sl@0	192	1,
sl@0	193	SSL3_TXT_RSA_NULL_SHA,
sl@0	194	SSL3_CK_RSA_NULL_SHA,
sl@0	195	SSL_kRSA\|SSL_aRSA\|SSL_eNULL \|SSL_SHA1\|SSL_SSLV3,
sl@0	196	SSL_NOT_EXP\|SSL_STRONG_NONE,
sl@0	197	0,
sl@0	198	0,
sl@0	199	0,
sl@0	200	SSL_ALL_CIPHERS,
sl@0	201	SSL_ALL_STRENGTHS,
sl@0	202	},
sl@0	203	/* Cipher 03 */
sl@0	204	{
sl@0	205	1,
sl@0	206	SSL3_TXT_RSA_RC4_40_MD5,
sl@0	207	SSL3_CK_RSA_RC4_40_MD5,
sl@0	208	SSL_kRSA\|SSL_aRSA\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
sl@0	209	SSL_EXPORT\|SSL_EXP40,
sl@0	210	0,
sl@0	211	40,
sl@0	212	128,
sl@0	213	SSL_ALL_CIPHERS,
sl@0	214	SSL_ALL_STRENGTHS,
sl@0	215	},
sl@0	216	/* Cipher 04 */
sl@0	217	{
sl@0	218	1,
sl@0	219	SSL3_TXT_RSA_RC4_128_MD5,
sl@0	220	SSL3_CK_RSA_RC4_128_MD5,
sl@0	221	SSL_kRSA\|SSL_aRSA\|SSL_RC4 \|SSL_MD5\|SSL_SSLV3,
sl@0	222	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	223	0,
sl@0	224	128,
sl@0	225	128,
sl@0	226	SSL_ALL_CIPHERS,
sl@0	227	SSL_ALL_STRENGTHS,
sl@0	228	},
sl@0	229	/* Cipher 05 */
sl@0	230	{
sl@0	231	1,
sl@0	232	SSL3_TXT_RSA_RC4_128_SHA,
sl@0	233	SSL3_CK_RSA_RC4_128_SHA,
sl@0	234	SSL_kRSA\|SSL_aRSA\|SSL_RC4 \|SSL_SHA1\|SSL_SSLV3,
sl@0	235	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	236	0,
sl@0	237	128,
sl@0	238	128,
sl@0	239	SSL_ALL_CIPHERS,
sl@0	240	SSL_ALL_STRENGTHS,
sl@0	241	},
sl@0	242	/* Cipher 06 */
sl@0	243	{
sl@0	244	1,
sl@0	245	SSL3_TXT_RSA_RC2_40_MD5,
sl@0	246	SSL3_CK_RSA_RC2_40_MD5,
sl@0	247	SSL_kRSA\|SSL_aRSA\|SSL_RC2 \|SSL_MD5 \|SSL_SSLV3,
sl@0	248	SSL_EXPORT\|SSL_EXP40,
sl@0	249	0,
sl@0	250	40,
sl@0	251	128,
sl@0	252	SSL_ALL_CIPHERS,
sl@0	253	SSL_ALL_STRENGTHS,
sl@0	254	},
sl@0	255	/* Cipher 07 */
sl@0	256	#ifndef OPENSSL_NO_IDEA
sl@0	257	{
sl@0	258	1,
sl@0	259	SSL3_TXT_RSA_IDEA_128_SHA,
sl@0	260	SSL3_CK_RSA_IDEA_128_SHA,
sl@0	261	SSL_kRSA\|SSL_aRSA\|SSL_IDEA \|SSL_SHA1\|SSL_SSLV3,
sl@0	262	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	263	0,
sl@0	264	128,
sl@0	265	128,
sl@0	266	SSL_ALL_CIPHERS,
sl@0	267	SSL_ALL_STRENGTHS,
sl@0	268	},
sl@0	269	#endif
sl@0	270	/* Cipher 08 */
sl@0	271	{
sl@0	272	1,
sl@0	273	SSL3_TXT_RSA_DES_40_CBC_SHA,
sl@0	274	SSL3_CK_RSA_DES_40_CBC_SHA,
sl@0	275	SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
sl@0	276	SSL_EXPORT\|SSL_EXP40,
sl@0	277	0,
sl@0	278	40,
sl@0	279	56,
sl@0	280	SSL_ALL_CIPHERS,
sl@0	281	SSL_ALL_STRENGTHS,
sl@0	282	},
sl@0	283	/* Cipher 09 */
sl@0	284	{
sl@0	285	1,
sl@0	286	SSL3_TXT_RSA_DES_64_CBC_SHA,
sl@0	287	SSL3_CK_RSA_DES_64_CBC_SHA,
sl@0	288	SSL_kRSA\|SSL_aRSA\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	289	SSL_NOT_EXP\|SSL_LOW,
sl@0	290	0,
sl@0	291	56,
sl@0	292	56,
sl@0	293	SSL_ALL_CIPHERS,
sl@0	294	SSL_ALL_STRENGTHS,
sl@0	295	},
sl@0	296	/* Cipher 0A */
sl@0	297	{
sl@0	298	1,
sl@0	299	SSL3_TXT_RSA_DES_192_CBC3_SHA,
sl@0	300	SSL3_CK_RSA_DES_192_CBC3_SHA,
sl@0	301	SSL_kRSA\|SSL_aRSA\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	302	SSL_NOT_EXP\|SSL_HIGH,
sl@0	303	0,
sl@0	304	168,
sl@0	305	168,
sl@0	306	SSL_ALL_CIPHERS,
sl@0	307	SSL_ALL_STRENGTHS,
sl@0	308	},
sl@0	309	/* The DH ciphers */
sl@0	310	/* Cipher 0B */
sl@0	311	{
sl@0	312	0,
sl@0	313	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
sl@0	314	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
sl@0	315	SSL_kDHd \|SSL_aDH\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
sl@0	316	SSL_EXPORT\|SSL_EXP40,
sl@0	317	0,
sl@0	318	40,
sl@0	319	56,
sl@0	320	SSL_ALL_CIPHERS,
sl@0	321	SSL_ALL_STRENGTHS,
sl@0	322	},
sl@0	323	/* Cipher 0C */
sl@0	324	{
sl@0	325	0,
sl@0	326	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
sl@0	327	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
sl@0	328	SSL_kDHd \|SSL_aDH\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	329	SSL_NOT_EXP\|SSL_LOW,
sl@0	330	0,
sl@0	331	56,
sl@0	332	56,
sl@0	333	SSL_ALL_CIPHERS,
sl@0	334	SSL_ALL_STRENGTHS,
sl@0	335	},
sl@0	336	/* Cipher 0D */
sl@0	337	{
sl@0	338	0,
sl@0	339	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
sl@0	340	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
sl@0	341	SSL_kDHd \|SSL_aDH\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	342	SSL_NOT_EXP\|SSL_HIGH,
sl@0	343	0,
sl@0	344	168,
sl@0	345	168,
sl@0	346	SSL_ALL_CIPHERS,
sl@0	347	SSL_ALL_STRENGTHS,
sl@0	348	},
sl@0	349	/* Cipher 0E */
sl@0	350	{
sl@0	351	0,
sl@0	352	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
sl@0	353	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
sl@0	354	SSL_kDHr \|SSL_aDH\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
sl@0	355	SSL_EXPORT\|SSL_EXP40,
sl@0	356	0,
sl@0	357	40,
sl@0	358	56,
sl@0	359	SSL_ALL_CIPHERS,
sl@0	360	SSL_ALL_STRENGTHS,
sl@0	361	},
sl@0	362	/* Cipher 0F */
sl@0	363	{
sl@0	364	0,
sl@0	365	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
sl@0	366	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
sl@0	367	SSL_kDHr \|SSL_aDH\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	368	SSL_NOT_EXP\|SSL_LOW,
sl@0	369	0,
sl@0	370	56,
sl@0	371	56,
sl@0	372	SSL_ALL_CIPHERS,
sl@0	373	SSL_ALL_STRENGTHS,
sl@0	374	},
sl@0	375	/* Cipher 10 */
sl@0	376	{
sl@0	377	0,
sl@0	378	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
sl@0	379	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
sl@0	380	SSL_kDHr \|SSL_aDH\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	381	SSL_NOT_EXP\|SSL_HIGH,
sl@0	382	0,
sl@0	383	168,
sl@0	384	168,
sl@0	385	SSL_ALL_CIPHERS,
sl@0	386	SSL_ALL_STRENGTHS,
sl@0	387	},
sl@0	388
sl@0	389	/* The Ephemeral DH ciphers */
sl@0	390	/* Cipher 11 */
sl@0	391	{
sl@0	392	1,
sl@0	393	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
sl@0	394	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
sl@0	395	SSL_kEDH\|SSL_aDSS\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
sl@0	396	SSL_EXPORT\|SSL_EXP40,
sl@0	397	0,
sl@0	398	40,
sl@0	399	56,
sl@0	400	SSL_ALL_CIPHERS,
sl@0	401	SSL_ALL_STRENGTHS,
sl@0	402	},
sl@0	403	/* Cipher 12 */
sl@0	404	{
sl@0	405	1,
sl@0	406	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
sl@0	407	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
sl@0	408	SSL_kEDH\|SSL_aDSS\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	409	SSL_NOT_EXP\|SSL_LOW,
sl@0	410	0,
sl@0	411	56,
sl@0	412	56,
sl@0	413	SSL_ALL_CIPHERS,
sl@0	414	SSL_ALL_STRENGTHS,
sl@0	415	},
sl@0	416	/* Cipher 13 */
sl@0	417	{
sl@0	418	1,
sl@0	419	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
sl@0	420	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
sl@0	421	SSL_kEDH\|SSL_aDSS\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	422	SSL_NOT_EXP\|SSL_HIGH,
sl@0	423	0,
sl@0	424	168,
sl@0	425	168,
sl@0	426	SSL_ALL_CIPHERS,
sl@0	427	SSL_ALL_STRENGTHS,
sl@0	428	},
sl@0	429	/* Cipher 14 */
sl@0	430	{
sl@0	431	1,
sl@0	432	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
sl@0	433	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
sl@0	434	SSL_kEDH\|SSL_aRSA\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
sl@0	435	SSL_EXPORT\|SSL_EXP40,
sl@0	436	0,
sl@0	437	40,
sl@0	438	56,
sl@0	439	SSL_ALL_CIPHERS,
sl@0	440	SSL_ALL_STRENGTHS,
sl@0	441	},
sl@0	442	/* Cipher 15 */
sl@0	443	{
sl@0	444	1,
sl@0	445	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
sl@0	446	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
sl@0	447	SSL_kEDH\|SSL_aRSA\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	448	SSL_NOT_EXP\|SSL_LOW,
sl@0	449	0,
sl@0	450	56,
sl@0	451	56,
sl@0	452	SSL_ALL_CIPHERS,
sl@0	453	SSL_ALL_STRENGTHS,
sl@0	454	},
sl@0	455	/* Cipher 16 */
sl@0	456	{
sl@0	457	1,
sl@0	458	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
sl@0	459	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
sl@0	460	SSL_kEDH\|SSL_aRSA\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	461	SSL_NOT_EXP\|SSL_HIGH,
sl@0	462	0,
sl@0	463	168,
sl@0	464	168,
sl@0	465	SSL_ALL_CIPHERS,
sl@0	466	SSL_ALL_STRENGTHS,
sl@0	467	},
sl@0	468	/* Cipher 17 */
sl@0	469	{
sl@0	470	1,
sl@0	471	SSL3_TXT_ADH_RC4_40_MD5,
sl@0	472	SSL3_CK_ADH_RC4_40_MD5,
sl@0	473	SSL_kEDH \|SSL_aNULL\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
sl@0	474	SSL_EXPORT\|SSL_EXP40,
sl@0	475	0,
sl@0	476	40,
sl@0	477	128,
sl@0	478	SSL_ALL_CIPHERS,
sl@0	479	SSL_ALL_STRENGTHS,
sl@0	480	},
sl@0	481	/* Cipher 18 */
sl@0	482	{
sl@0	483	1,
sl@0	484	SSL3_TXT_ADH_RC4_128_MD5,
sl@0	485	SSL3_CK_ADH_RC4_128_MD5,
sl@0	486	SSL_kEDH \|SSL_aNULL\|SSL_RC4 \|SSL_MD5 \|SSL_SSLV3,
sl@0	487	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	488	0,
sl@0	489	128,
sl@0	490	128,
sl@0	491	SSL_ALL_CIPHERS,
sl@0	492	SSL_ALL_STRENGTHS,
sl@0	493	},
sl@0	494	/* Cipher 19 */
sl@0	495	{
sl@0	496	1,
sl@0	497	SSL3_TXT_ADH_DES_40_CBC_SHA,
sl@0	498	SSL3_CK_ADH_DES_40_CBC_SHA,
sl@0	499	SSL_kEDH \|SSL_aNULL\|SSL_DES\|SSL_SHA1\|SSL_SSLV3,
sl@0	500	SSL_EXPORT\|SSL_EXP40,
sl@0	501	0,
sl@0	502	40,
sl@0	503	128,
sl@0	504	SSL_ALL_CIPHERS,
sl@0	505	SSL_ALL_STRENGTHS,
sl@0	506	},
sl@0	507	/* Cipher 1A */
sl@0	508	{
sl@0	509	1,
sl@0	510	SSL3_TXT_ADH_DES_64_CBC_SHA,
sl@0	511	SSL3_CK_ADH_DES_64_CBC_SHA,
sl@0	512	SSL_kEDH \|SSL_aNULL\|SSL_DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	513	SSL_NOT_EXP\|SSL_LOW,
sl@0	514	0,
sl@0	515	56,
sl@0	516	56,
sl@0	517	SSL_ALL_CIPHERS,
sl@0	518	SSL_ALL_STRENGTHS,
sl@0	519	},
sl@0	520	/* Cipher 1B */
sl@0	521	{
sl@0	522	1,
sl@0	523	SSL3_TXT_ADH_DES_192_CBC_SHA,
sl@0	524	SSL3_CK_ADH_DES_192_CBC_SHA,
sl@0	525	SSL_kEDH \|SSL_aNULL\|SSL_3DES \|SSL_SHA1\|SSL_SSLV3,
sl@0	526	SSL_NOT_EXP\|SSL_HIGH,
sl@0	527	0,
sl@0	528	168,
sl@0	529	168,
sl@0	530	SSL_ALL_CIPHERS,
sl@0	531	SSL_ALL_STRENGTHS,
sl@0	532	},
sl@0	533
sl@0	534	/* Fortezza */
sl@0	535	/* Cipher 1C */
sl@0	536	{
sl@0	537	0,
sl@0	538	SSL3_TXT_FZA_DMS_NULL_SHA,
sl@0	539	SSL3_CK_FZA_DMS_NULL_SHA,
sl@0	540	SSL_kFZA\|SSL_aFZA \|SSL_eNULL \|SSL_SHA1\|SSL_SSLV3,
sl@0	541	SSL_NOT_EXP\|SSL_STRONG_NONE,
sl@0	542	0,
sl@0	543	0,
sl@0	544	0,
sl@0	545	SSL_ALL_CIPHERS,
sl@0	546	SSL_ALL_STRENGTHS,
sl@0	547	},
sl@0	548
sl@0	549	/* Cipher 1D */
sl@0	550	{
sl@0	551	0,
sl@0	552	SSL3_TXT_FZA_DMS_FZA_SHA,
sl@0	553	SSL3_CK_FZA_DMS_FZA_SHA,
sl@0	554	SSL_kFZA\|SSL_aFZA \|SSL_eFZA \|SSL_SHA1\|SSL_SSLV3,
sl@0	555	SSL_NOT_EXP\|SSL_STRONG_NONE,
sl@0	556	0,
sl@0	557	0,
sl@0	558	0,
sl@0	559	SSL_ALL_CIPHERS,
sl@0	560	SSL_ALL_STRENGTHS,
sl@0	561	},
sl@0	562
sl@0	563	#if 0
sl@0	564	/* Cipher 1E */
sl@0	565	{
sl@0	566	0,
sl@0	567	SSL3_TXT_FZA_DMS_RC4_SHA,
sl@0	568	SSL3_CK_FZA_DMS_RC4_SHA,
sl@0	569	SSL_kFZA\|SSL_aFZA \|SSL_RC4 \|SSL_SHA1\|SSL_SSLV3,
sl@0	570	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	571	0,
sl@0	572	128,
sl@0	573	128,
sl@0	574	SSL_ALL_CIPHERS,
sl@0	575	SSL_ALL_STRENGTHS,
sl@0	576	},
sl@0	577	#endif
sl@0	578
sl@0	579	#ifndef OPENSSL_NO_KRB5
sl@0	580	/* The Kerberos ciphers */
sl@0	581	/* Cipher 1E */
sl@0	582	{
sl@0	583	1,
sl@0	584	SSL3_TXT_KRB5_DES_64_CBC_SHA,
sl@0	585	SSL3_CK_KRB5_DES_64_CBC_SHA,
sl@0	586	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,
sl@0	587	SSL_NOT_EXP\|SSL_LOW,
sl@0	588	0,
sl@0	589	56,
sl@0	590	56,
sl@0	591	SSL_ALL_CIPHERS,
sl@0	592	SSL_ALL_STRENGTHS,
sl@0	593	},
sl@0	594
sl@0	595	/* Cipher 1F */
sl@0	596	{
sl@0	597	1,
sl@0	598	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
sl@0	599	SSL3_CK_KRB5_DES_192_CBC3_SHA,
sl@0	600	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_SHA1 \|SSL_SSLV3,
sl@0	601	SSL_NOT_EXP\|SSL_HIGH,
sl@0	602	0,
sl@0	603	168,
sl@0	604	168,
sl@0	605	SSL_ALL_CIPHERS,
sl@0	606	SSL_ALL_STRENGTHS,
sl@0	607	},
sl@0	608
sl@0	609	/* Cipher 20 */
sl@0	610	{
sl@0	611	1,
sl@0	612	SSL3_TXT_KRB5_RC4_128_SHA,
sl@0	613	SSL3_CK_KRB5_RC4_128_SHA,
sl@0	614	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_SHA1 \|SSL_SSLV3,
sl@0	615	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	616	0,
sl@0	617	128,
sl@0	618	128,
sl@0	619	SSL_ALL_CIPHERS,
sl@0	620	SSL_ALL_STRENGTHS,
sl@0	621	},
sl@0	622
sl@0	623	/* Cipher 21 */
sl@0	624	{
sl@0	625	1,
sl@0	626	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
sl@0	627	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
sl@0	628	SSL_kKRB5\|SSL_aKRB5\| SSL_IDEA\|SSL_SHA1 \|SSL_SSLV3,
sl@0	629	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	630	0,
sl@0	631	128,
sl@0	632	128,
sl@0	633	SSL_ALL_CIPHERS,
sl@0	634	SSL_ALL_STRENGTHS,
sl@0	635	},
sl@0	636
sl@0	637	/* Cipher 22 */
sl@0	638	{
sl@0	639	1,
sl@0	640	SSL3_TXT_KRB5_DES_64_CBC_MD5,
sl@0	641	SSL3_CK_KRB5_DES_64_CBC_MD5,
sl@0	642	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_MD5 \|SSL_SSLV3,
sl@0	643	SSL_NOT_EXP\|SSL_LOW,
sl@0	644	0,
sl@0	645	56,
sl@0	646	56,
sl@0	647	SSL_ALL_CIPHERS,
sl@0	648	SSL_ALL_STRENGTHS,
sl@0	649	},
sl@0	650
sl@0	651	/* Cipher 23 */
sl@0	652	{
sl@0	653	1,
sl@0	654	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
sl@0	655	SSL3_CK_KRB5_DES_192_CBC3_MD5,
sl@0	656	SSL_kKRB5\|SSL_aKRB5\| SSL_3DES\|SSL_MD5 \|SSL_SSLV3,
sl@0	657	SSL_NOT_EXP\|SSL_HIGH,
sl@0	658	0,
sl@0	659	168,
sl@0	660	168,
sl@0	661	SSL_ALL_CIPHERS,
sl@0	662	SSL_ALL_STRENGTHS,
sl@0	663	},
sl@0	664
sl@0	665	/* Cipher 24 */
sl@0	666	{
sl@0	667	1,
sl@0	668	SSL3_TXT_KRB5_RC4_128_MD5,
sl@0	669	SSL3_CK_KRB5_RC4_128_MD5,
sl@0	670	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_MD5 \|SSL_SSLV3,
sl@0	671	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	672	0,
sl@0	673	128,
sl@0	674	128,
sl@0	675	SSL_ALL_CIPHERS,
sl@0	676	SSL_ALL_STRENGTHS,
sl@0	677	},
sl@0	678
sl@0	679	/* Cipher 25 */
sl@0	680	{
sl@0	681	1,
sl@0	682	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
sl@0	683	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
sl@0	684	SSL_kKRB5\|SSL_aKRB5\| SSL_IDEA\|SSL_MD5 \|SSL_SSLV3,
sl@0	685	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	686	0,
sl@0	687	128,
sl@0	688	128,
sl@0	689	SSL_ALL_CIPHERS,
sl@0	690	SSL_ALL_STRENGTHS,
sl@0	691	},
sl@0	692
sl@0	693	/* Cipher 26 */
sl@0	694	{
sl@0	695	1,
sl@0	696	SSL3_TXT_KRB5_DES_40_CBC_SHA,
sl@0	697	SSL3_CK_KRB5_DES_40_CBC_SHA,
sl@0	698	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_SHA1 \|SSL_SSLV3,
sl@0	699	SSL_EXPORT\|SSL_EXP40,
sl@0	700	0,
sl@0	701	40,
sl@0	702	56,
sl@0	703	SSL_ALL_CIPHERS,
sl@0	704	SSL_ALL_STRENGTHS,
sl@0	705	},
sl@0	706
sl@0	707	/* Cipher 27 */
sl@0	708	{
sl@0	709	1,
sl@0	710	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
sl@0	711	SSL3_CK_KRB5_RC2_40_CBC_SHA,
sl@0	712	SSL_kKRB5\|SSL_aKRB5\| SSL_RC2\|SSL_SHA1 \|SSL_SSLV3,
sl@0	713	SSL_EXPORT\|SSL_EXP40,
sl@0	714	0,
sl@0	715	40,
sl@0	716	128,
sl@0	717	SSL_ALL_CIPHERS,
sl@0	718	SSL_ALL_STRENGTHS,
sl@0	719	},
sl@0	720
sl@0	721	/* Cipher 28 */
sl@0	722	{
sl@0	723	1,
sl@0	724	SSL3_TXT_KRB5_RC4_40_SHA,
sl@0	725	SSL3_CK_KRB5_RC4_40_SHA,
sl@0	726	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_SHA1 \|SSL_SSLV3,
sl@0	727	SSL_EXPORT\|SSL_EXP40,
sl@0	728	0,
sl@0	729	40,
sl@0	730	128,
sl@0	731	SSL_ALL_CIPHERS,
sl@0	732	SSL_ALL_STRENGTHS,
sl@0	733	},
sl@0	734
sl@0	735	/* Cipher 29 */
sl@0	736	{
sl@0	737	1,
sl@0	738	SSL3_TXT_KRB5_DES_40_CBC_MD5,
sl@0	739	SSL3_CK_KRB5_DES_40_CBC_MD5,
sl@0	740	SSL_kKRB5\|SSL_aKRB5\| SSL_DES\|SSL_MD5 \|SSL_SSLV3,
sl@0	741	SSL_EXPORT\|SSL_EXP40,
sl@0	742	0,
sl@0	743	40,
sl@0	744	56,
sl@0	745	SSL_ALL_CIPHERS,
sl@0	746	SSL_ALL_STRENGTHS,
sl@0	747	},
sl@0	748
sl@0	749	/* Cipher 2A */
sl@0	750	{
sl@0	751	1,
sl@0	752	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
sl@0	753	SSL3_CK_KRB5_RC2_40_CBC_MD5,
sl@0	754	SSL_kKRB5\|SSL_aKRB5\| SSL_RC2\|SSL_MD5 \|SSL_SSLV3,
sl@0	755	SSL_EXPORT\|SSL_EXP40,
sl@0	756	0,
sl@0	757	40,
sl@0	758	128,
sl@0	759	SSL_ALL_CIPHERS,
sl@0	760	SSL_ALL_STRENGTHS,
sl@0	761	},
sl@0	762
sl@0	763	/* Cipher 2B */
sl@0	764	{
sl@0	765	1,
sl@0	766	SSL3_TXT_KRB5_RC4_40_MD5,
sl@0	767	SSL3_CK_KRB5_RC4_40_MD5,
sl@0	768	SSL_kKRB5\|SSL_aKRB5\| SSL_RC4\|SSL_MD5 \|SSL_SSLV3,
sl@0	769	SSL_EXPORT\|SSL_EXP40,
sl@0	770	0,
sl@0	771	40,
sl@0	772	128,
sl@0	773	SSL_ALL_CIPHERS,
sl@0	774	SSL_ALL_STRENGTHS,
sl@0	775	},
sl@0	776	#endif /* OPENSSL_NO_KRB5 */
sl@0	777
sl@0	778	/* New AES ciphersuites */
sl@0	779	/* Cipher 2F */
sl@0	780	{
sl@0	781	1,
sl@0	782	TLS1_TXT_RSA_WITH_AES_128_SHA,
sl@0	783	TLS1_CK_RSA_WITH_AES_128_SHA,
sl@0	784	SSL_kRSA\|SSL_aRSA\|SSL_AES\|SSL_SHA \|SSL_TLSV1,
sl@0	785	SSL_NOT_EXP\|SSL_HIGH,
sl@0	786	0,
sl@0	787	128,
sl@0	788	128,
sl@0	789	SSL_ALL_CIPHERS,
sl@0	790	SSL_ALL_STRENGTHS,
sl@0	791	},
sl@0	792	/* Cipher 30 */
sl@0	793	{
sl@0	794	0,
sl@0	795	TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
sl@0	796	TLS1_CK_DH_DSS_WITH_AES_128_SHA,
sl@0	797	SSL_kDHd\|SSL_aDH\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	798	SSL_NOT_EXP\|SSL_HIGH,
sl@0	799	0,
sl@0	800	128,
sl@0	801	128,
sl@0	802	SSL_ALL_CIPHERS,
sl@0	803	SSL_ALL_STRENGTHS,
sl@0	804	},
sl@0	805	/* Cipher 31 */
sl@0	806	{
sl@0	807	0,
sl@0	808	TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
sl@0	809	TLS1_CK_DH_RSA_WITH_AES_128_SHA,
sl@0	810	SSL_kDHr\|SSL_aDH\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	811	SSL_NOT_EXP\|SSL_HIGH,
sl@0	812	0,
sl@0	813	128,
sl@0	814	128,
sl@0	815	SSL_ALL_CIPHERS,
sl@0	816	SSL_ALL_STRENGTHS,
sl@0	817	},
sl@0	818	/* Cipher 32 */
sl@0	819	{
sl@0	820	1,
sl@0	821	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
sl@0	822	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
sl@0	823	SSL_kEDH\|SSL_aDSS\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	824	SSL_NOT_EXP\|SSL_HIGH,
sl@0	825	0,
sl@0	826	128,
sl@0	827	128,
sl@0	828	SSL_ALL_CIPHERS,
sl@0	829	SSL_ALL_STRENGTHS,
sl@0	830	},
sl@0	831	/* Cipher 33 */
sl@0	832	{
sl@0	833	1,
sl@0	834	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
sl@0	835	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
sl@0	836	SSL_kEDH\|SSL_aRSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	837	SSL_NOT_EXP\|SSL_HIGH,
sl@0	838	0,
sl@0	839	128,
sl@0	840	128,
sl@0	841	SSL_ALL_CIPHERS,
sl@0	842	SSL_ALL_STRENGTHS,
sl@0	843	},
sl@0	844	/* Cipher 34 */
sl@0	845	{
sl@0	846	1,
sl@0	847	TLS1_TXT_ADH_WITH_AES_128_SHA,
sl@0	848	TLS1_CK_ADH_WITH_AES_128_SHA,
sl@0	849	SSL_kEDH\|SSL_aNULL\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	850	SSL_NOT_EXP\|SSL_HIGH,
sl@0	851	0,
sl@0	852	128,
sl@0	853	128,
sl@0	854	SSL_ALL_CIPHERS,
sl@0	855	SSL_ALL_STRENGTHS,
sl@0	856	},
sl@0	857
sl@0	858	/* Cipher 35 */
sl@0	859	{
sl@0	860	1,
sl@0	861	TLS1_TXT_RSA_WITH_AES_256_SHA,
sl@0	862	TLS1_CK_RSA_WITH_AES_256_SHA,
sl@0	863	SSL_kRSA\|SSL_aRSA\|SSL_AES\|SSL_SHA \|SSL_TLSV1,
sl@0	864	SSL_NOT_EXP\|SSL_HIGH,
sl@0	865	0,
sl@0	866	256,
sl@0	867	256,
sl@0	868	SSL_ALL_CIPHERS,
sl@0	869	SSL_ALL_STRENGTHS,
sl@0	870	},
sl@0	871	/* Cipher 36 */
sl@0	872	{
sl@0	873	0,
sl@0	874	TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
sl@0	875	TLS1_CK_DH_DSS_WITH_AES_256_SHA,
sl@0	876	SSL_kDHd\|SSL_aDH\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	877	SSL_NOT_EXP\|SSL_HIGH,
sl@0	878	0,
sl@0	879	256,
sl@0	880	256,
sl@0	881	SSL_ALL_CIPHERS,
sl@0	882	SSL_ALL_STRENGTHS,
sl@0	883	},
sl@0	884	/* Cipher 37 */
sl@0	885	{
sl@0	886	0,
sl@0	887	TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
sl@0	888	TLS1_CK_DH_RSA_WITH_AES_256_SHA,
sl@0	889	SSL_kDHr\|SSL_aDH\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	890	SSL_NOT_EXP\|SSL_HIGH,
sl@0	891	0,
sl@0	892	256,
sl@0	893	256,
sl@0	894	SSL_ALL_CIPHERS,
sl@0	895	SSL_ALL_STRENGTHS,
sl@0	896	},
sl@0	897	/* Cipher 38 */
sl@0	898	{
sl@0	899	1,
sl@0	900	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
sl@0	901	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
sl@0	902	SSL_kEDH\|SSL_aDSS\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	903	SSL_NOT_EXP\|SSL_HIGH,
sl@0	904	0,
sl@0	905	256,
sl@0	906	256,
sl@0	907	SSL_ALL_CIPHERS,
sl@0	908	SSL_ALL_STRENGTHS,
sl@0	909	},
sl@0	910	/* Cipher 39 */
sl@0	911	{
sl@0	912	1,
sl@0	913	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
sl@0	914	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
sl@0	915	SSL_kEDH\|SSL_aRSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	916	SSL_NOT_EXP\|SSL_HIGH,
sl@0	917	0,
sl@0	918	256,
sl@0	919	256,
sl@0	920	SSL_ALL_CIPHERS,
sl@0	921	SSL_ALL_STRENGTHS,
sl@0	922	},
sl@0	923	/* Cipher 3A */
sl@0	924	{
sl@0	925	1,
sl@0	926	TLS1_TXT_ADH_WITH_AES_256_SHA,
sl@0	927	TLS1_CK_ADH_WITH_AES_256_SHA,
sl@0	928	SSL_kEDH\|SSL_aNULL\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	929	SSL_NOT_EXP\|SSL_HIGH,
sl@0	930	0,
sl@0	931	256,
sl@0	932	256,
sl@0	933	SSL_ALL_CIPHERS,
sl@0	934	SSL_ALL_STRENGTHS,
sl@0	935	},
sl@0	936	#ifndef OPENSSL_NO_ECDH
sl@0	937	/* Cipher 47 */
sl@0	938	{
sl@0	939	1,
sl@0	940	TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
sl@0	941	TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
sl@0	942	SSL_kECDH\|SSL_aECDSA\|SSL_eNULL\|SSL_SHA\|SSL_TLSV1,
sl@0	943	SSL_NOT_EXP,
sl@0	944	0,
sl@0	945	0,
sl@0	946	0,
sl@0	947	SSL_ALL_CIPHERS,
sl@0	948	SSL_ALL_STRENGTHS,
sl@0	949	},
sl@0	950
sl@0	951	/* Cipher 48 */
sl@0	952	{
sl@0	953	1,
sl@0	954	TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
sl@0	955	TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
sl@0	956	SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	957	SSL_NOT_EXP,
sl@0	958	0,
sl@0	959	128,
sl@0	960	128,
sl@0	961	SSL_ALL_CIPHERS,
sl@0	962	SSL_ALL_STRENGTHS,
sl@0	963	},
sl@0	964
sl@0	965	/* Cipher 49 */
sl@0	966	{
sl@0	967	1,
sl@0	968	TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
sl@0	969	TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
sl@0	970	SSL_kECDH\|SSL_aECDSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
sl@0	971	SSL_NOT_EXP\|SSL_LOW,
sl@0	972	0,
sl@0	973	56,
sl@0	974	56,
sl@0	975	SSL_ALL_CIPHERS,
sl@0	976	SSL_ALL_STRENGTHS,
sl@0	977	},
sl@0	978
sl@0	979	/* Cipher 4A */
sl@0	980	{
sl@0	981	1,
sl@0	982	TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
sl@0	983	TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
sl@0	984	SSL_kECDH\|SSL_aECDSA\|SSL_3DES\|SSL_SHA\|SSL_TLSV1,
sl@0	985	SSL_NOT_EXP\|SSL_HIGH,
sl@0	986	0,
sl@0	987	168,
sl@0	988	168,
sl@0	989	SSL_ALL_CIPHERS,
sl@0	990	SSL_ALL_STRENGTHS,
sl@0	991	},
sl@0	992
sl@0	993	/* Cipher 4B */
sl@0	994	{
sl@0	995	1,
sl@0	996	TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
sl@0	997	TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
sl@0	998	SSL_kECDH\|SSL_aECDSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	999	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1000	0,
sl@0	1001	128,
sl@0	1002	128,
sl@0	1003	SSL_ALL_CIPHERS,
sl@0	1004	SSL_ALL_STRENGTHS,
sl@0	1005	},
sl@0	1006
sl@0	1007	/* Cipher 4C */
sl@0	1008	{
sl@0	1009	1,
sl@0	1010	TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
sl@0	1011	TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
sl@0	1012	SSL_kECDH\|SSL_aECDSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	1013	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1014	0,
sl@0	1015	256,
sl@0	1016	256,
sl@0	1017	SSL_ALL_CIPHERS,
sl@0	1018	SSL_ALL_STRENGTHS,
sl@0	1019	},
sl@0	1020
sl@0	1021	/* Cipher 4D */
sl@0	1022	{
sl@0	1023	1,
sl@0	1024	TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
sl@0	1025	TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
sl@0	1026	SSL_kECDH\|SSL_aRSA\|SSL_eNULL\|SSL_SHA\|SSL_TLSV1,
sl@0	1027	SSL_NOT_EXP,
sl@0	1028	0,
sl@0	1029	0,
sl@0	1030	0,
sl@0	1031	SSL_ALL_CIPHERS,
sl@0	1032	SSL_ALL_STRENGTHS,
sl@0	1033	},
sl@0	1034
sl@0	1035	/* Cipher 4E */
sl@0	1036	{
sl@0	1037	1,
sl@0	1038	TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
sl@0	1039	TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
sl@0	1040	SSL_kECDH\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1041	SSL_NOT_EXP,
sl@0	1042	0,
sl@0	1043	128,
sl@0	1044	128,
sl@0	1045	SSL_ALL_CIPHERS,
sl@0	1046	SSL_ALL_STRENGTHS,
sl@0	1047	},
sl@0	1048
sl@0	1049	/* Cipher 4F */
sl@0	1050	{
sl@0	1051	1,
sl@0	1052	TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA,
sl@0	1053	TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA,
sl@0	1054	SSL_kECDH\|SSL_aRSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1055	SSL_NOT_EXP\|SSL_LOW,
sl@0	1056	0,
sl@0	1057	56,
sl@0	1058	56,
sl@0	1059	SSL_ALL_CIPHERS,
sl@0	1060	SSL_ALL_STRENGTHS,
sl@0	1061	},
sl@0	1062
sl@0	1063	/* Cipher 50 */
sl@0	1064	{
sl@0	1065	1,
sl@0	1066	TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
sl@0	1067	TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
sl@0	1068	SSL_kECDH\|SSL_aRSA\|SSL_3DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1069	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1070	0,
sl@0	1071	168,
sl@0	1072	168,
sl@0	1073	SSL_ALL_CIPHERS,
sl@0	1074	SSL_ALL_STRENGTHS,
sl@0	1075	},
sl@0	1076
sl@0	1077	/* Cipher 51 */
sl@0	1078	{
sl@0	1079	1,
sl@0	1080	TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
sl@0	1081	TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
sl@0	1082	SSL_kECDH\|SSL_aRSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	1083	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1084	0,
sl@0	1085	128,
sl@0	1086	128,
sl@0	1087	SSL_ALL_CIPHERS,
sl@0	1088	SSL_ALL_STRENGTHS,
sl@0	1089	},
sl@0	1090
sl@0	1091	/* Cipher 52 */
sl@0	1092	{
sl@0	1093	1,
sl@0	1094	TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
sl@0	1095	TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
sl@0	1096	SSL_kECDH\|SSL_aRSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	1097	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1098	0,
sl@0	1099	256,
sl@0	1100	256,
sl@0	1101	SSL_ALL_CIPHERS,
sl@0	1102	SSL_ALL_STRENGTHS,
sl@0	1103	},
sl@0	1104
sl@0	1105	/* Cipher 53 */
sl@0	1106	{
sl@0	1107	1,
sl@0	1108	TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
sl@0	1109	TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
sl@0	1110	SSL_kECDH\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1111	SSL_EXPORT\|SSL_EXP40,
sl@0	1112	0,
sl@0	1113	40,
sl@0	1114	128,
sl@0	1115	SSL_ALL_CIPHERS,
sl@0	1116	SSL_ALL_STRENGTHS,
sl@0	1117	},
sl@0	1118
sl@0	1119	/* Cipher 54 */
sl@0	1120	{
sl@0	1121	1,
sl@0	1122	TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
sl@0	1123	TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
sl@0	1124	SSL_kECDH\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1125	SSL_EXPORT\|SSL_EXP56,
sl@0	1126	0,
sl@0	1127	56,
sl@0	1128	128,
sl@0	1129	SSL_ALL_CIPHERS,
sl@0	1130	SSL_ALL_STRENGTHS,
sl@0	1131	},
sl@0	1132
sl@0	1133	/* Cipher 55 */
sl@0	1134	{
sl@0	1135	1,
sl@0	1136	TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
sl@0	1137	TLS1_CK_ECDH_anon_WITH_NULL_SHA,
sl@0	1138	SSL_kECDHE\|SSL_aNULL\|SSL_eNULL\|SSL_SHA\|SSL_TLSV1,
sl@0	1139	SSL_NOT_EXP,
sl@0	1140	0,
sl@0	1141	0,
sl@0	1142	0,
sl@0	1143	SSL_ALL_CIPHERS,
sl@0	1144	SSL_ALL_STRENGTHS,
sl@0	1145	},
sl@0	1146
sl@0	1147	/* Cipher 56 */
sl@0	1148	{
sl@0	1149	1,
sl@0	1150	TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
sl@0	1151	TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
sl@0	1152	SSL_kECDHE\|SSL_aNULL\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1153	SSL_NOT_EXP,
sl@0	1154	0,
sl@0	1155	128,
sl@0	1156	128,
sl@0	1157	SSL_ALL_CIPHERS,
sl@0	1158	SSL_ALL_STRENGTHS,
sl@0	1159	},
sl@0	1160
sl@0	1161	/* Cipher 57 */
sl@0	1162	{
sl@0	1163	1,
sl@0	1164	TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
sl@0	1165	TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
sl@0	1166	SSL_kECDHE\|SSL_aNULL\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1167	SSL_NOT_EXP\|SSL_LOW,
sl@0	1168	0,
sl@0	1169	56,
sl@0	1170	56,
sl@0	1171	SSL_ALL_CIPHERS,
sl@0	1172	SSL_ALL_STRENGTHS,
sl@0	1173	},
sl@0	1174
sl@0	1175	/* Cipher 58 */
sl@0	1176	{
sl@0	1177	1,
sl@0	1178	TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
sl@0	1179	TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
sl@0	1180	SSL_kECDHE\|SSL_aNULL\|SSL_3DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1181	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1182	0,
sl@0	1183	168,
sl@0	1184	168,
sl@0	1185	SSL_ALL_CIPHERS,
sl@0	1186	SSL_ALL_STRENGTHS,
sl@0	1187	},
sl@0	1188
sl@0	1189	/* Cipher 59 */
sl@0	1190	{
sl@0	1191	1,
sl@0	1192	TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
sl@0	1193	TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
sl@0	1194	SSL_kECDHE\|SSL_aNULL\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1195	SSL_EXPORT\|SSL_EXP40,
sl@0	1196	0,
sl@0	1197	40,
sl@0	1198	56,
sl@0	1199	SSL_ALL_CIPHERS,
sl@0	1200	SSL_ALL_STRENGTHS,
sl@0	1201	},
sl@0	1202
sl@0	1203	/* Cipher 5A */
sl@0	1204	{
sl@0	1205	1,
sl@0	1206	TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
sl@0	1207	TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
sl@0	1208	SSL_kECDHE\|SSL_aNULL\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1209	SSL_EXPORT\|SSL_EXP40,
sl@0	1210	0,
sl@0	1211	40,
sl@0	1212	128,
sl@0	1213	SSL_ALL_CIPHERS,
sl@0	1214	SSL_ALL_STRENGTHS,
sl@0	1215	},
sl@0	1216	/* Cipher 5B */
sl@0	1217	/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
sl@0	1218	{
sl@0	1219	1,
sl@0	1220	TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
sl@0	1221	TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
sl@0	1222	SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1223	SSL_EXPORT\|SSL_EXP40,
sl@0	1224	0,
sl@0	1225	40,
sl@0	1226	128,
sl@0	1227	SSL_ALL_CIPHERS,
sl@0	1228	SSL_ALL_STRENGTHS,
sl@0	1229	},
sl@0	1230
sl@0	1231	/* Cipher 5C */
sl@0	1232	/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
sl@0	1233	{
sl@0	1234	1,
sl@0	1235	TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
sl@0	1236	TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
sl@0	1237	SSL_kECDH\|SSL_aECDSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1238	SSL_EXPORT\|SSL_EXP56,
sl@0	1239	0,
sl@0	1240	56,
sl@0	1241	128,
sl@0	1242	SSL_ALL_CIPHERS,
sl@0	1243	SSL_ALL_STRENGTHS,
sl@0	1244	},
sl@0	1245
sl@0	1246	#endif /* OPENSSL_NO_ECDH */
sl@0	1247
sl@0	1248	#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
sl@0	1249	/* New TLS Export CipherSuites from Expired ID */
sl@0	1250	#if 0
sl@0	1251	/* Cipher 60 */
sl@0	1252	{
sl@0	1253	1,
sl@0	1254	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
sl@0	1255	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
sl@0	1256	SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_MD5\|SSL_TLSV1,
sl@0	1257	SSL_EXPORT\|SSL_EXP56,
sl@0	1258	0,
sl@0	1259	56,
sl@0	1260	128,
sl@0	1261	SSL_ALL_CIPHERS,
sl@0	1262	SSL_ALL_STRENGTHS,
sl@0	1263	},
sl@0	1264	/* Cipher 61 */
sl@0	1265	{
sl@0	1266	1,
sl@0	1267	TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
sl@0	1268	TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
sl@0	1269	SSL_kRSA\|SSL_aRSA\|SSL_RC2\|SSL_MD5\|SSL_TLSV1,
sl@0	1270	SSL_EXPORT\|SSL_EXP56,
sl@0	1271	0,
sl@0	1272	56,
sl@0	1273	128,
sl@0	1274	SSL_ALL_CIPHERS,
sl@0	1275	SSL_ALL_STRENGTHS,
sl@0	1276	},
sl@0	1277	#endif
sl@0	1278	/* Cipher 62 */
sl@0	1279	{
sl@0	1280	1,
sl@0	1281	TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
sl@0	1282	TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
sl@0	1283	SSL_kRSA\|SSL_aRSA\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1284	SSL_EXPORT\|SSL_EXP56,
sl@0	1285	0,
sl@0	1286	56,
sl@0	1287	56,
sl@0	1288	SSL_ALL_CIPHERS,
sl@0	1289	SSL_ALL_STRENGTHS,
sl@0	1290	},
sl@0	1291	/* Cipher 63 */
sl@0	1292	{
sl@0	1293	1,
sl@0	1294	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
sl@0	1295	TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
sl@0	1296	SSL_kEDH\|SSL_aDSS\|SSL_DES\|SSL_SHA\|SSL_TLSV1,
sl@0	1297	SSL_EXPORT\|SSL_EXP56,
sl@0	1298	0,
sl@0	1299	56,
sl@0	1300	56,
sl@0	1301	SSL_ALL_CIPHERS,
sl@0	1302	SSL_ALL_STRENGTHS,
sl@0	1303	},
sl@0	1304	/* Cipher 64 */
sl@0	1305	{
sl@0	1306	1,
sl@0	1307	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
sl@0	1308	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
sl@0	1309	SSL_kRSA\|SSL_aRSA\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1310	SSL_EXPORT\|SSL_EXP56,
sl@0	1311	0,
sl@0	1312	56,
sl@0	1313	128,
sl@0	1314	SSL_ALL_CIPHERS,
sl@0	1315	SSL_ALL_STRENGTHS,
sl@0	1316	},
sl@0	1317	/* Cipher 65 */
sl@0	1318	{
sl@0	1319	1,
sl@0	1320	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
sl@0	1321	TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
sl@0	1322	SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1323	SSL_EXPORT\|SSL_EXP56,
sl@0	1324	0,
sl@0	1325	56,
sl@0	1326	128,
sl@0	1327	SSL_ALL_CIPHERS,
sl@0	1328	SSL_ALL_STRENGTHS,
sl@0	1329	},
sl@0	1330	/* Cipher 66 */
sl@0	1331	{
sl@0	1332	1,
sl@0	1333	TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
sl@0	1334	TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
sl@0	1335	SSL_kEDH\|SSL_aDSS\|SSL_RC4\|SSL_SHA\|SSL_TLSV1,
sl@0	1336	SSL_NOT_EXP\|SSL_MEDIUM,
sl@0	1337	0,
sl@0	1338	128,
sl@0	1339	128,
sl@0	1340	SSL_ALL_CIPHERS,
sl@0	1341	SSL_ALL_STRENGTHS
sl@0	1342	},
sl@0	1343	#endif
sl@0	1344
sl@0	1345
sl@0	1346	#ifndef OPENSSL_NO_ECDH
sl@0	1347	/* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
sl@0	1348	* are not yet specified in the ECC/TLS draft but our code
sl@0	1349	* allows them to be implemented very easily. To add such
sl@0	1350	* a cipher suite, one needs to add two constant definitions
sl@0	1351	* to tls1.h and a new structure in this file as shown below. We
sl@0	1352	* illustrate the process for the made-up cipher
sl@0	1353	* ECDHE-ECDSA-AES128-SHA.
sl@0	1354	*/
sl@0	1355	{
sl@0	1356	1,
sl@0	1357	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
sl@0	1358	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
sl@0	1359	SSL_kECDHE\|SSL_aECDSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	1360	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1361	0,
sl@0	1362	128,
sl@0	1363	128,
sl@0	1364	SSL_ALL_CIPHERS,
sl@0	1365	SSL_ALL_STRENGTHS,
sl@0	1366	},
sl@0	1367
sl@0	1368	/* Cipher 78 XXX: Another made-up ECC cipher suite that
sl@0	1369	* offers forward secrecy (ECDHE-RSA-AES128-SHA).
sl@0	1370	*/
sl@0	1371	{
sl@0	1372	1,
sl@0	1373	TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
sl@0	1374	TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
sl@0	1375	SSL_kECDHE\|SSL_aRSA\|SSL_AES\|SSL_SHA\|SSL_TLSV1,
sl@0	1376	SSL_NOT_EXP\|SSL_HIGH,
sl@0	1377	0,
sl@0	1378	128,
sl@0	1379	128,
sl@0	1380	SSL_ALL_CIPHERS,
sl@0	1381	SSL_ALL_STRENGTHS,
sl@0	1382	},
sl@0	1383	#endif /* !OPENSSL_NO_ECDH */
sl@0	1384
sl@0	1385	/* end of list */
sl@0	1386	};
sl@0	1387	#ifdef EMULATOR
sl@0	1388	GET_GLOBAL_VAR_FROM_TLS(SSLv3_enc_data,s3_lib,SSL3_ENC_METHOD)
sl@0	1389
sl@0	1390	#define SSLv3_enc_data (GET_WSD_VAR_NAME(SSLv3_enc_data,s3_lib,g)())
sl@0	1391	#endif
sl@0	1392	#ifndef EMULATOR
sl@0	1393	SSL3_ENC_METHOD SSLv3_enc_data={
sl@0	1394	#else
sl@0	1395	const SSL3_ENC_METHOD temp_SSLv3_enc_data={
sl@0	1396	#endif
sl@0	1397	ssl3_enc,
sl@0	1398	ssl3_mac,
sl@0	1399	ssl3_setup_key_block,
sl@0	1400	ssl3_generate_master_secret,
sl@0	1401	ssl3_change_cipher_state,
sl@0	1402	ssl3_final_finish_mac,
sl@0	1403	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
sl@0	1404	ssl3_cert_verify_mac,
sl@0	1405	SSL3_MD_CLIENT_FINISHED_CONST,4,
sl@0	1406	SSL3_MD_SERVER_FINISHED_CONST,4,
sl@0	1407	ssl3_alert_code,
sl@0	1408	};
sl@0	1409
sl@0	1410	long ssl3_default_timeout(void)
sl@0	1411	{
sl@0	1412	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
sl@0	1413	* is way too long for http, the cache would over fill */
sl@0	1414	return(60602);
sl@0	1415	}
sl@0	1416
sl@0	1417	IMPLEMENT_ssl3_meth_func(sslv3_base_method,
sl@0	1418	ssl_undefined_function,
sl@0	1419	ssl_undefined_function,
sl@0	1420	ssl_bad_method)
sl@0	1421
sl@0	1422	int ssl3_num_ciphers(void)
sl@0	1423	{
sl@0	1424	return(SSL3_NUM_CIPHERS);
sl@0	1425	}
sl@0	1426
sl@0	1427	SSL_CIPHER *ssl3_get_cipher(unsigned int u)
sl@0	1428	{
sl@0	1429	if (u < SSL3_NUM_CIPHERS)
sl@0	1430	return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
sl@0	1431	else
sl@0	1432	return(NULL);
sl@0	1433	}
sl@0	1434
sl@0	1435	int ssl3_pending(const SSL *s)
sl@0	1436	{
sl@0	1437	if (s->rstate == SSL_ST_READ_BODY)
sl@0	1438	return 0;
sl@0	1439
sl@0	1440	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
sl@0	1441	}
sl@0	1442
sl@0	1443	int ssl3_new(SSL *s)
sl@0	1444	{
sl@0	1445	SSL3_STATE *s3;
sl@0	1446
sl@0	1447	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
sl@0	1448	memset(s3,0,sizeof *s3);
sl@0	1449	EVP_MD_CTX_init(&s3->finish_dgst1);
sl@0	1450	EVP_MD_CTX_init(&s3->finish_dgst2);
sl@0	1451	pq_64bit_init(&(s3->rrec.seq_num));
sl@0	1452	pq_64bit_init(&(s3->wrec.seq_num));
sl@0	1453
sl@0	1454	s->s3=s3;
sl@0	1455
sl@0	1456	s->method->ssl_clear(s);
sl@0	1457	return(1);
sl@0	1458	err:
sl@0	1459	return(0);
sl@0	1460	}
sl@0	1461
sl@0	1462	void ssl3_free(SSL *s)
sl@0	1463	{
sl@0	1464	if(s == NULL)
sl@0	1465	return;
sl@0	1466
sl@0	1467	ssl3_cleanup_key_block(s);
sl@0	1468	if (s->s3->rbuf.buf != NULL)
sl@0	1469	OPENSSL_free(s->s3->rbuf.buf);
sl@0	1470	if (s->s3->wbuf.buf != NULL)
sl@0	1471	OPENSSL_free(s->s3->wbuf.buf);
sl@0	1472	if (s->s3->rrec.comp != NULL)
sl@0	1473	OPENSSL_free(s->s3->rrec.comp);
sl@0	1474	#ifndef OPENSSL_NO_DH
sl@0	1475	if (s->s3->tmp.dh != NULL)
sl@0	1476	DH_free(s->s3->tmp.dh);
sl@0	1477	#endif
sl@0	1478	#ifndef OPENSSL_NO_ECDH
sl@0	1479	if (s->s3->tmp.ecdh != NULL)
sl@0	1480	EC_KEY_free(s->s3->tmp.ecdh);
sl@0	1481	#endif
sl@0	1482
sl@0	1483	if (s->s3->tmp.ca_names != NULL)
sl@0	1484	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
sl@0	1485	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
sl@0	1486	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
sl@0	1487	pq_64bit_free(&(s->s3->rrec.seq_num));
sl@0	1488	pq_64bit_free(&(s->s3->wrec.seq_num));
sl@0	1489
sl@0	1490	OPENSSL_cleanse(s->s3,sizeof *s->s3);
sl@0	1491	OPENSSL_free(s->s3);
sl@0	1492	s->s3=NULL;
sl@0	1493	}
sl@0	1494
sl@0	1495	void ssl3_clear(SSL *s)
sl@0	1496	{
sl@0	1497	unsigned char rp,wp;
sl@0	1498	size_t rlen, wlen;
sl@0	1499
sl@0	1500	ssl3_cleanup_key_block(s);
sl@0	1501	if (s->s3->tmp.ca_names != NULL)
sl@0	1502	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
sl@0	1503
sl@0	1504	if (s->s3->rrec.comp != NULL)
sl@0	1505	{
sl@0	1506	OPENSSL_free(s->s3->rrec.comp);
sl@0	1507	s->s3->rrec.comp=NULL;
sl@0	1508	}
sl@0	1509	#ifndef OPENSSL_NO_DH
sl@0	1510	if (s->s3->tmp.dh != NULL)
sl@0	1511	DH_free(s->s3->tmp.dh);
sl@0	1512	#endif
sl@0	1513	#ifndef OPENSSL_NO_ECDH
sl@0	1514	if (s->s3->tmp.ecdh != NULL)
sl@0	1515	EC_KEY_free(s->s3->tmp.ecdh);
sl@0	1516	#endif
sl@0	1517
sl@0	1518	rp = s->s3->rbuf.buf;
sl@0	1519	wp = s->s3->wbuf.buf;
sl@0	1520	rlen = s->s3->rbuf.len;
sl@0	1521	wlen = s->s3->wbuf.len;
sl@0	1522
sl@0	1523	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
sl@0	1524	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
sl@0	1525
sl@0	1526	memset(s->s3,0,sizeof *s->s3);
sl@0	1527	s->s3->rbuf.buf = rp;
sl@0	1528	s->s3->wbuf.buf = wp;
sl@0	1529	s->s3->rbuf.len = rlen;
sl@0	1530	s->s3->wbuf.len = wlen;
sl@0	1531
sl@0	1532	ssl_free_wbio_buffer(s);
sl@0	1533
sl@0	1534	s->packet_length=0;
sl@0	1535	s->s3->renegotiate=0;
sl@0	1536	s->s3->total_renegotiations=0;
sl@0	1537	s->s3->num_renegotiations=0;
sl@0	1538	s->s3->in_read_app_data=0;
sl@0	1539	s->version=SSL3_VERSION;
sl@0	1540	}
sl@0	1541
sl@0	1542	long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
sl@0	1543	{
sl@0	1544	int ret=0;
sl@0	1545
sl@0	1546	#if !defined(OPENSSL_NO_DSA) \|\| !defined(OPENSSL_NO_RSA)
sl@0	1547	if (
sl@0	1548	#ifndef OPENSSL_NO_RSA
sl@0	1549	cmd == SSL_CTRL_SET_TMP_RSA \|\|
sl@0	1550	cmd == SSL_CTRL_SET_TMP_RSA_CB \|\|
sl@0	1551	#endif
sl@0	1552	#ifndef OPENSSL_NO_DSA
sl@0	1553	cmd == SSL_CTRL_SET_TMP_DH \|\|
sl@0	1554	cmd == SSL_CTRL_SET_TMP_DH_CB \|\|
sl@0	1555	#endif
sl@0	1556	0)
sl@0	1557	{
sl@0	1558	if (!ssl_cert_inst(&s->cert))
sl@0	1559	{
sl@0	1560	SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
sl@0	1561	return(0);
sl@0	1562	}
sl@0	1563	}
sl@0	1564	#endif
sl@0	1565
sl@0	1566	switch (cmd)
sl@0	1567	{
sl@0	1568	case SSL_CTRL_GET_SESSION_REUSED:
sl@0	1569	ret=s->hit;
sl@0	1570	break;
sl@0	1571	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
sl@0	1572	break;
sl@0	1573	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
sl@0	1574	ret=s->s3->num_renegotiations;
sl@0	1575	break;
sl@0	1576	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
sl@0	1577	ret=s->s3->num_renegotiations;
sl@0	1578	s->s3->num_renegotiations=0;
sl@0	1579	break;
sl@0	1580	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
sl@0	1581	ret=s->s3->total_renegotiations;
sl@0	1582	break;
sl@0	1583	case SSL_CTRL_GET_FLAGS:
sl@0	1584	ret=(int)(s->s3->flags);
sl@0	1585	break;
sl@0	1586	#ifndef OPENSSL_NO_RSA
sl@0	1587	case SSL_CTRL_NEED_TMP_RSA:
sl@0	1588	if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
sl@0	1589	((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) \|\|
sl@0	1590	(EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
sl@0	1591	ret = 1;
sl@0	1592	break;
sl@0	1593	case SSL_CTRL_SET_TMP_RSA:
sl@0	1594	{
sl@0	1595	RSA rsa = (RSA )parg;
sl@0	1596	if (rsa == NULL)
sl@0	1597	{
sl@0	1598	SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
sl@0	1599	return(ret);
sl@0	1600	}
sl@0	1601	if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
sl@0	1602	{
sl@0	1603	SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
sl@0	1604	return(ret);
sl@0	1605	}
sl@0	1606	if (s->cert->rsa_tmp != NULL)
sl@0	1607	RSA_free(s->cert->rsa_tmp);
sl@0	1608	s->cert->rsa_tmp = rsa;
sl@0	1609	ret = 1;
sl@0	1610	}
sl@0	1611	break;
sl@0	1612	case SSL_CTRL_SET_TMP_RSA_CB:
sl@0	1613	{
sl@0	1614	SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
sl@0	1615	return(ret);
sl@0	1616	}
sl@0	1617	break;
sl@0	1618	#endif
sl@0	1619	#ifndef OPENSSL_NO_DH
sl@0	1620	case SSL_CTRL_SET_TMP_DH:
sl@0	1621	{
sl@0	1622	DH dh = (DH )parg;
sl@0	1623	if (dh == NULL)
sl@0	1624	{
sl@0	1625	SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
sl@0	1626	return(ret);
sl@0	1627	}
sl@0	1628	if ((dh = DHparams_dup(dh)) == NULL)
sl@0	1629	{
sl@0	1630	SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
sl@0	1631	return(ret);
sl@0	1632	}
sl@0	1633	if (!(s->options & SSL_OP_SINGLE_DH_USE))
sl@0	1634	{
sl@0	1635	if (!DH_generate_key(dh))
sl@0	1636	{
sl@0	1637	DH_free(dh);
sl@0	1638	SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
sl@0	1639	return(ret);
sl@0	1640	}
sl@0	1641	}
sl@0	1642	if (s->cert->dh_tmp != NULL)
sl@0	1643	DH_free(s->cert->dh_tmp);
sl@0	1644	s->cert->dh_tmp = dh;
sl@0	1645	ret = 1;
sl@0	1646	}
sl@0	1647	break;
sl@0	1648	case SSL_CTRL_SET_TMP_DH_CB:
sl@0	1649	{
sl@0	1650	SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
sl@0	1651	return(ret);
sl@0	1652	}
sl@0	1653	break;
sl@0	1654	#endif
sl@0	1655	#ifndef OPENSSL_NO_ECDH
sl@0	1656	case SSL_CTRL_SET_TMP_ECDH:
sl@0	1657	{
sl@0	1658	EC_KEY *ecdh = NULL;
sl@0	1659
sl@0	1660	if (parg == NULL)
sl@0	1661	{
sl@0	1662	SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
sl@0	1663	return(ret);
sl@0	1664	}
sl@0	1665	if (!EC_KEY_up_ref((EC_KEY *)parg))
sl@0	1666	{
sl@0	1667	SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
sl@0	1668	return(ret);
sl@0	1669	}
sl@0	1670	ecdh = (EC_KEY *)parg;
sl@0	1671	if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
sl@0	1672	{
sl@0	1673	if (!EC_KEY_generate_key(ecdh))
sl@0	1674	{
sl@0	1675	EC_KEY_free(ecdh);
sl@0	1676	SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
sl@0	1677	return(ret);
sl@0	1678	}
sl@0	1679	}
sl@0	1680	if (s->cert->ecdh_tmp != NULL)
sl@0	1681	EC_KEY_free(s->cert->ecdh_tmp);
sl@0	1682	s->cert->ecdh_tmp = ecdh;
sl@0	1683	ret = 1;
sl@0	1684	}
sl@0	1685	break;
sl@0	1686	case SSL_CTRL_SET_TMP_ECDH_CB:
sl@0	1687	{
sl@0	1688	SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
sl@0	1689	return(ret);
sl@0	1690	}
sl@0	1691	break;
sl@0	1692	#endif /* !OPENSSL_NO_ECDH */
sl@0	1693	default:
sl@0	1694	break;
sl@0	1695	}
sl@0	1696	return(ret);
sl@0	1697	}
sl@0	1698
sl@0	1699	long ssl3_callback_ctrl(SSL s, int cmd, void (fp)(void))
sl@0	1700	{
sl@0	1701	int ret=0;
sl@0	1702
sl@0	1703	#if !defined(OPENSSL_NO_DSA) \|\| !defined(OPENSSL_NO_RSA)
sl@0	1704	if (
sl@0	1705	#ifndef OPENSSL_NO_RSA
sl@0	1706	cmd == SSL_CTRL_SET_TMP_RSA_CB \|\|
sl@0	1707	#endif
sl@0	1708	#ifndef OPENSSL_NO_DSA
sl@0	1709	cmd == SSL_CTRL_SET_TMP_DH_CB \|\|
sl@0	1710	#endif
sl@0	1711	0)
sl@0	1712	{
sl@0	1713	if (!ssl_cert_inst(&s->cert))
sl@0	1714	{
sl@0	1715	SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
sl@0	1716	return(0);
sl@0	1717	}
sl@0	1718	}
sl@0	1719	#endif
sl@0	1720
sl@0	1721	switch (cmd)
sl@0	1722	{
sl@0	1723	#ifndef OPENSSL_NO_RSA
sl@0	1724	case SSL_CTRL_SET_TMP_RSA_CB:
sl@0	1725	{
sl@0	1726	s->cert->rsa_tmp_cb = (RSA ()(SSL *, int, int))fp;
sl@0	1727	}
sl@0	1728	break;
sl@0	1729	#endif
sl@0	1730	#ifndef OPENSSL_NO_DH
sl@0	1731	case SSL_CTRL_SET_TMP_DH_CB:
sl@0	1732	{
sl@0	1733	s->cert->dh_tmp_cb = (DH ()(SSL *, int, int))fp;
sl@0	1734	}
sl@0	1735	break;
sl@0	1736	#endif
sl@0	1737	#ifndef OPENSSL_NO_ECDH
sl@0	1738	case SSL_CTRL_SET_TMP_ECDH_CB:
sl@0	1739	{
sl@0	1740	s->cert->ecdh_tmp_cb = (EC_KEY ()(SSL *, int, int))fp;
sl@0	1741	}
sl@0	1742	break;
sl@0	1743	#endif
sl@0	1744	default:
sl@0	1745	break;
sl@0	1746	}
sl@0	1747	return(ret);
sl@0	1748	}
sl@0	1749
sl@0	1750	long ssl3_ctx_ctrl(SSL_CTX ctx, int cmd, long larg, void parg)
sl@0	1751	{
sl@0	1752	CERT *cert;
sl@0	1753
sl@0	1754	cert=ctx->cert;
sl@0	1755
sl@0	1756	switch (cmd)
sl@0	1757	{
sl@0	1758	#ifndef OPENSSL_NO_RSA
sl@0	1759	case SSL_CTRL_NEED_TMP_RSA:
sl@0	1760	if ( (cert->rsa_tmp == NULL) &&
sl@0	1761	((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) \|\|
sl@0	1762	(EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
sl@0	1763	)
sl@0	1764	return(1);
sl@0	1765	else
sl@0	1766	return(0);
sl@0	1767	/* break; */
sl@0	1768	case SSL_CTRL_SET_TMP_RSA:
sl@0	1769	{
sl@0	1770	RSA *rsa;
sl@0	1771	int i;
sl@0	1772
sl@0	1773	rsa=(RSA *)parg;
sl@0	1774	i=1;
sl@0	1775	if (rsa == NULL)
sl@0	1776	i=0;
sl@0	1777	else
sl@0	1778	{
sl@0	1779	if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
sl@0	1780	i=0;
sl@0	1781	}
sl@0	1782	if (!i)
sl@0	1783	{
sl@0	1784	SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
sl@0	1785	return(0);
sl@0	1786	}
sl@0	1787	else
sl@0	1788	{
sl@0	1789	if (cert->rsa_tmp != NULL)
sl@0	1790	RSA_free(cert->rsa_tmp);
sl@0	1791	cert->rsa_tmp=rsa;
sl@0	1792	return(1);
sl@0	1793	}
sl@0	1794	}
sl@0	1795	/* break; */
sl@0	1796	case SSL_CTRL_SET_TMP_RSA_CB:
sl@0	1797	{
sl@0	1798	SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
sl@0	1799	return(0);
sl@0	1800	}
sl@0	1801	break;
sl@0	1802	#endif
sl@0	1803	#ifndef OPENSSL_NO_DH
sl@0	1804	case SSL_CTRL_SET_TMP_DH:
sl@0	1805	{
sl@0	1806	DH new=NULL,dh;
sl@0	1807
sl@0	1808	dh=(DH *)parg;
sl@0	1809	if ((new=DHparams_dup(dh)) == NULL)
sl@0	1810	{
sl@0	1811	SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
sl@0	1812	return 0;
sl@0	1813	}
sl@0	1814	if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
sl@0	1815	{
sl@0	1816	if (!DH_generate_key(new))
sl@0	1817	{
sl@0	1818	SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
sl@0	1819	DH_free(new);
sl@0	1820	return 0;
sl@0	1821	}
sl@0	1822	}
sl@0	1823	if (cert->dh_tmp != NULL)
sl@0	1824	DH_free(cert->dh_tmp);
sl@0	1825	cert->dh_tmp=new;
sl@0	1826	return 1;
sl@0	1827	}
sl@0	1828	/break; /
sl@0	1829	case SSL_CTRL_SET_TMP_DH_CB:
sl@0	1830	{
sl@0	1831	SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
sl@0	1832	return(0);
sl@0	1833	}
sl@0	1834	break;
sl@0	1835	#endif
sl@0	1836	#ifndef OPENSSL_NO_ECDH
sl@0	1837	case SSL_CTRL_SET_TMP_ECDH:
sl@0	1838	{
sl@0	1839	EC_KEY *ecdh = NULL;
sl@0	1840
sl@0	1841	if (parg == NULL)
sl@0	1842	{
sl@0	1843	SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
sl@0	1844	return 0;
sl@0	1845	}
sl@0	1846	ecdh = EC_KEY_dup((EC_KEY *)parg);
sl@0	1847	if (ecdh == NULL)
sl@0	1848	{
sl@0	1849	SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
sl@0	1850	return 0;
sl@0	1851	}
sl@0	1852	if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
sl@0	1853	{
sl@0	1854	if (!EC_KEY_generate_key(ecdh))
sl@0	1855	{
sl@0	1856	EC_KEY_free(ecdh);
sl@0	1857	SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
sl@0	1858	return 0;
sl@0	1859	}
sl@0	1860	}
sl@0	1861
sl@0	1862	if (cert->ecdh_tmp != NULL)
sl@0	1863	{
sl@0	1864	EC_KEY_free(cert->ecdh_tmp);
sl@0	1865	}
sl@0	1866	cert->ecdh_tmp = ecdh;
sl@0	1867	return 1;
sl@0	1868	}
sl@0	1869	/* break; */
sl@0	1870	case SSL_CTRL_SET_TMP_ECDH_CB:
sl@0	1871	{
sl@0	1872	SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
sl@0	1873	return(0);
sl@0	1874	}
sl@0	1875	break;
sl@0	1876	#endif /* !OPENSSL_NO_ECDH */
sl@0	1877	/* A Thawte special :-) */
sl@0	1878	case SSL_CTRL_EXTRA_CHAIN_CERT:
sl@0	1879	if (ctx->extra_certs == NULL)
sl@0	1880	{
sl@0	1881	if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
sl@0	1882	return(0);
sl@0	1883	}
sl@0	1884	sk_X509_push(ctx->extra_certs,(X509 *)parg);
sl@0	1885	break;
sl@0	1886
sl@0	1887	default:
sl@0	1888	return(0);
sl@0	1889	}
sl@0	1890	return(1);
sl@0	1891	}
sl@0	1892
sl@0	1893	long ssl3_ctx_callback_ctrl(SSL_CTX ctx, int cmd, void (fp)(void))
sl@0	1894	{
sl@0	1895	CERT *cert;
sl@0	1896
sl@0	1897	cert=ctx->cert;
sl@0	1898
sl@0	1899	switch (cmd)
sl@0	1900	{
sl@0	1901	#ifndef OPENSSL_NO_RSA
sl@0	1902	case SSL_CTRL_SET_TMP_RSA_CB:
sl@0	1903	{
sl@0	1904	cert->rsa_tmp_cb = (RSA ()(SSL *, int, int))fp;
sl@0	1905	}
sl@0	1906	break;
sl@0	1907	#endif
sl@0	1908	#ifndef OPENSSL_NO_DH
sl@0	1909	case SSL_CTRL_SET_TMP_DH_CB:
sl@0	1910	{
sl@0	1911	cert->dh_tmp_cb = (DH ()(SSL *, int, int))fp;
sl@0	1912	}
sl@0	1913	break;
sl@0	1914	#endif
sl@0	1915	#ifndef OPENSSL_NO_ECDH
sl@0	1916	case SSL_CTRL_SET_TMP_ECDH_CB:
sl@0	1917	{
sl@0	1918	cert->ecdh_tmp_cb = (EC_KEY ()(SSL *, int, int))fp;
sl@0	1919	}
sl@0	1920	break;
sl@0	1921	#endif
sl@0	1922	default:
sl@0	1923	return(0);
sl@0	1924	}
sl@0	1925	return(1);
sl@0	1926	}
sl@0	1927
sl@0	1928	/* This function needs to check if the ciphers required are actually
sl@0	1929	* available */
sl@0	1930	SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p)
sl@0	1931	{
sl@0	1932	SSL_CIPHER c,*cp;
sl@0	1933	unsigned long id;
sl@0	1934
sl@0	1935	id=0x03000000L\|((unsigned long)p[0]<<8L)\|(unsigned long)p[1];
sl@0	1936	c.id=id;
sl@0	1937	cp = (SSL_CIPHER )OBJ_bsearch((char )&c,
sl@0	1938	(char *)ssl3_ciphers,
sl@0	1939	SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
sl@0	1940	FP_ICC ssl_cipher_id_cmp);
sl@0	1941	if (cp == NULL \|\| cp->valid == 0)
sl@0	1942	return NULL;
sl@0	1943	else
sl@0	1944	return cp;
sl@0	1945	}
sl@0	1946
sl@0	1947	int ssl3_put_cipher_by_char(const SSL_CIPHER c, unsigned char p)
sl@0	1948	{
sl@0	1949	long l;
sl@0	1950
sl@0	1951	if (p != NULL)
sl@0	1952	{
sl@0	1953	l=c->id;
sl@0	1954	if ((l & 0xff000000) != 0x03000000) return(0);
sl@0	1955	p[0]=((unsigned char)(l>> 8L))&0xFF;
sl@0	1956	p[1]=((unsigned char)(l ))&0xFF;
sl@0	1957	}
sl@0	1958	return(2);
sl@0	1959	}
sl@0	1960
sl@0	1961	SSL_CIPHER ssl3_choose_cipher(SSL s, STACK_OF(SSL_CIPHER) *clnt,
sl@0	1962	STACK_OF(SSL_CIPHER) *srvr)
sl@0	1963	{
sl@0	1964	SSL_CIPHER c,ret=NULL;
sl@0	1965	STACK_OF(SSL_CIPHER) prio, allow;
sl@0	1966	int i,j,ok;
sl@0	1967
sl@0	1968	CERT *cert;
sl@0	1969	unsigned long alg,mask,emask;
sl@0	1970
sl@0	1971	/* Let's see which ciphers we can support */
sl@0	1972	cert=s->cert;
sl@0	1973
sl@0	1974	#if 0
sl@0	1975	/* Do not set the compare functions, because this may lead to a
sl@0	1976	* reordering by "id". We want to keep the original ordering.
sl@0	1977	* We may pay a price in performance during sk_SSL_CIPHER_find(),
sl@0	1978	* but would have to pay with the price of sk_SSL_CIPHER_dup().
sl@0	1979	*/
sl@0	1980	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
sl@0	1981	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
sl@0	1982	#endif
sl@0	1983
sl@0	1984	#ifdef CIPHER_DEBUG
sl@0	1985	printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
sl@0	1986	for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
sl@0	1987	{
sl@0	1988	c=sk_SSL_CIPHER_value(srvr,i);
sl@0	1989	printf("%p:%s\n",c,c->name);
sl@0	1990	}
sl@0	1991	printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
sl@0	1992	for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
sl@0	1993	{
sl@0	1994	c=sk_SSL_CIPHER_value(clnt,i);
sl@0	1995	printf("%p:%s\n",c,c->name);
sl@0	1996	}
sl@0	1997	#endif
sl@0	1998
sl@0	1999	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
sl@0	2000	{
sl@0	2001	prio = srvr;
sl@0	2002	allow = clnt;
sl@0	2003	}
sl@0	2004	else
sl@0	2005	{
sl@0	2006	prio = clnt;
sl@0	2007	allow = srvr;
sl@0	2008	}
sl@0	2009
sl@0	2010	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
sl@0	2011	{
sl@0	2012	c=sk_SSL_CIPHER_value(prio,i);
sl@0	2013
sl@0	2014	ssl_set_cert_masks(cert,c);
sl@0	2015	mask=cert->mask;
sl@0	2016	emask=cert->export_mask;
sl@0	2017
sl@0	2018	#ifdef KSSL_DEBUG
sl@0	2019	printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
sl@0	2020	#endif /* KSSL_DEBUG */
sl@0	2021
sl@0	2022	alg=c->algorithms&(SSL_MKEY_MASK\|SSL_AUTH_MASK);
sl@0	2023	#ifndef OPENSSL_NO_KRB5
sl@0	2024	if (alg & SSL_KRB5)
sl@0	2025	{
sl@0	2026	if ( !kssl_keytab_is_available(s->kssl_ctx) )
sl@0	2027	continue;
sl@0	2028	}
sl@0	2029	#endif /* OPENSSL_NO_KRB5 */
sl@0	2030	if (SSL_C_IS_EXPORT(c))
sl@0	2031	{
sl@0	2032	ok=((alg & emask) == alg)?1:0;
sl@0	2033	#ifdef CIPHER_DEBUG
sl@0	2034	printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
sl@0	2035	c,c->name);
sl@0	2036	#endif
sl@0	2037	}
sl@0	2038	else
sl@0	2039	{
sl@0	2040	ok=((alg & mask) == alg)?1:0;
sl@0	2041	#ifdef CIPHER_DEBUG
sl@0	2042	printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
sl@0	2043	c->name);
sl@0	2044	#endif
sl@0	2045	}
sl@0	2046
sl@0	2047	if (!ok) continue;
sl@0	2048	j=sk_SSL_CIPHER_find(allow,c);
sl@0	2049	if (j >= 0)
sl@0	2050	{
sl@0	2051	ret=sk_SSL_CIPHER_value(allow,j);
sl@0	2052	break;
sl@0	2053	}
sl@0	2054	}
sl@0	2055	return(ret);
sl@0	2056	}
sl@0	2057
sl@0	2058	int ssl3_get_req_cert_type(SSL s, unsigned char p)
sl@0	2059	{
sl@0	2060	int ret=0;
sl@0	2061	unsigned long alg;
sl@0	2062
sl@0	2063	alg=s->s3->tmp.new_cipher->algorithms;
sl@0	2064
sl@0	2065	#ifndef OPENSSL_NO_DH
sl@0	2066	if (alg & (SSL_kDHr\|SSL_kEDH))
sl@0	2067	{
sl@0	2068	# ifndef OPENSSL_NO_RSA
sl@0	2069	p[ret++]=SSL3_CT_RSA_FIXED_DH;
sl@0	2070	# endif
sl@0	2071	# ifndef OPENSSL_NO_DSA
sl@0	2072	p[ret++]=SSL3_CT_DSS_FIXED_DH;
sl@0	2073	# endif
sl@0	2074	}
sl@0	2075	if ((s->version == SSL3_VERSION) &&
sl@0	2076	(alg & (SSL_kEDH\|SSL_kDHd\|SSL_kDHr)))
sl@0	2077	{
sl@0	2078	# ifndef OPENSSL_NO_RSA
sl@0	2079	p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
sl@0	2080	# endif
sl@0	2081	# ifndef OPENSSL_NO_DSA
sl@0	2082	p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
sl@0	2083	# endif
sl@0	2084	}
sl@0	2085	#endif /* !OPENSSL_NO_DH */
sl@0	2086	#ifndef OPENSSL_NO_RSA
sl@0	2087	p[ret++]=SSL3_CT_RSA_SIGN;
sl@0	2088	#endif
sl@0	2089	#ifndef OPENSSL_NO_DSA
sl@0	2090	p[ret++]=SSL3_CT_DSS_SIGN;
sl@0	2091	#endif
sl@0	2092	#ifndef OPENSSL_NO_ECDH
sl@0	2093	/* We should ask for fixed ECDH certificates only
sl@0	2094	* for SSL_kECDH (and not SSL_kECDHE)
sl@0	2095	*/
sl@0	2096	if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
sl@0	2097	{
sl@0	2098	p[ret++]=TLS_CT_RSA_FIXED_ECDH;
sl@0	2099	p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
sl@0	2100	}
sl@0	2101	#endif
sl@0	2102
sl@0	2103	#ifndef OPENSSL_NO_ECDSA
sl@0	2104	/* ECDSA certs can be used with RSA cipher suites as well
sl@0	2105	* so we don't need to check for SSL_kECDH or SSL_kECDHE
sl@0	2106	*/
sl@0	2107	if (s->version >= TLS1_VERSION)
sl@0	2108	{
sl@0	2109	p[ret++]=TLS_CT_ECDSA_SIGN;
sl@0	2110	}
sl@0	2111	#endif
sl@0	2112	return(ret);
sl@0	2113	}
sl@0	2114
sl@0	2115	int ssl3_shutdown(SSL *s)
sl@0	2116	{
sl@0	2117
sl@0	2118	/* Don't do anything much if we have not done the handshake or
sl@0	2119	* we don't want to send messages :-) */
sl@0	2120	if ((s->quiet_shutdown) \|\| (s->state == SSL_ST_BEFORE))
sl@0	2121	{
sl@0	2122	s->shutdown=(SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN);
sl@0	2123	return(1);
sl@0	2124	}
sl@0	2125
sl@0	2126	if (!(s->shutdown & SSL_SENT_SHUTDOWN))
sl@0	2127	{
sl@0	2128	s->shutdown\|=SSL_SENT_SHUTDOWN;
sl@0	2129	#if 1
sl@0	2130	ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
sl@0	2131	#endif
sl@0	2132	/* our shutdown alert has been sent now, and if it still needs
sl@0	2133	* to be written, s->s3->alert_dispatch will be true */
sl@0	2134	}
sl@0	2135	else if (s->s3->alert_dispatch)
sl@0	2136	{
sl@0	2137	/* resend it if not sent */
sl@0	2138	#if 1
sl@0	2139	s->method->ssl_dispatch_alert(s);
sl@0	2140	#endif
sl@0	2141	}
sl@0	2142	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
sl@0	2143	{
sl@0	2144	/* If we are waiting for a close from our peer, we are closed */
sl@0	2145	s->method->ssl_read_bytes(s,0,NULL,0,0);
sl@0	2146	}
sl@0	2147
sl@0	2148	if ((s->shutdown == (SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN)) &&
sl@0	2149	!s->s3->alert_dispatch)
sl@0	2150	return(1);
sl@0	2151	else
sl@0	2152	return(0);
sl@0	2153	}
sl@0	2154
sl@0	2155	int ssl3_write(SSL s, const void buf, int len)
sl@0	2156	{
sl@0	2157	int ret,n;
sl@0	2158
sl@0	2159	#if 0
sl@0	2160	if (s->shutdown & SSL_SEND_SHUTDOWN)
sl@0	2161	{
sl@0	2162	s->rwstate=SSL_NOTHING;
sl@0	2163	return(0);
sl@0	2164	}
sl@0	2165	#endif
sl@0	2166	clear_sys_error();
sl@0	2167	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
sl@0	2168
sl@0	2169	/* This is an experimental flag that sends the
sl@0	2170	* last handshake message in the same packet as the first
sl@0	2171	* use data - used to see if it helps the TCP protocol during
sl@0	2172	* session-id reuse */
sl@0	2173	/* The second test is because the buffer may have been removed */
sl@0	2174	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
sl@0	2175	{
sl@0	2176	/* First time through, we write into the buffer */
sl@0	2177	if (s->s3->delay_buf_pop_ret == 0)
sl@0	2178	{
sl@0	2179	ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
sl@0	2180	buf,len);
sl@0	2181	if (ret <= 0) return(ret);
sl@0	2182
sl@0	2183	s->s3->delay_buf_pop_ret=ret;
sl@0	2184	}
sl@0	2185
sl@0	2186	s->rwstate=SSL_WRITING;
sl@0	2187	n=BIO_flush(s->wbio);
sl@0	2188	if (n <= 0) return(n);
sl@0	2189	s->rwstate=SSL_NOTHING;
sl@0	2190
sl@0	2191	/* We have flushed the buffer, so remove it */
sl@0	2192	ssl_free_wbio_buffer(s);
sl@0	2193	s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
sl@0	2194
sl@0	2195	ret=s->s3->delay_buf_pop_ret;
sl@0	2196	s->s3->delay_buf_pop_ret=0;
sl@0	2197	}
sl@0	2198	else
sl@0	2199	{
sl@0	2200	ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
sl@0	2201	buf,len);
sl@0	2202	if (ret <= 0) return(ret);
sl@0	2203	}
sl@0	2204
sl@0	2205	return(ret);
sl@0	2206	}
sl@0	2207
sl@0	2208	static int ssl3_read_internal(SSL s, void buf, int len, int peek)
sl@0	2209	{
sl@0	2210	int ret;
sl@0	2211
sl@0	2212	clear_sys_error();
sl@0	2213	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
sl@0	2214	s->s3->in_read_app_data=1;
sl@0	2215	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
sl@0	2216	if ((ret == -1) && (s->s3->in_read_app_data == 2))
sl@0	2217	{
sl@0	2218	/* ssl3_read_bytes decided to call s->handshake_func, which
sl@0	2219	* called ssl3_read_bytes to read handshake data.
sl@0	2220	* However, ssl3_read_bytes actually found application data
sl@0	2221	* and thinks that application data makes sense here; so disable
sl@0	2222	* handshake processing and try to read application data again. */
sl@0	2223	s->in_handshake++;
sl@0	2224	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
sl@0	2225	s->in_handshake--;
sl@0	2226	}
sl@0	2227	else
sl@0	2228	s->s3->in_read_app_data=0;
sl@0	2229
sl@0	2230	return(ret);
sl@0	2231	}
sl@0	2232
sl@0	2233	int ssl3_read(SSL s, void buf, int len)
sl@0	2234	{
sl@0	2235	return ssl3_read_internal(s, buf, len, 0);
sl@0	2236	}
sl@0	2237
sl@0	2238	int ssl3_peek(SSL s, void buf, int len)
sl@0	2239	{
sl@0	2240	return ssl3_read_internal(s, buf, len, 1);
sl@0	2241	}
sl@0	2242
sl@0	2243	int ssl3_renegotiate(SSL *s)
sl@0	2244	{
sl@0	2245	if (s->handshake_func == NULL)
sl@0	2246	return(1);
sl@0	2247
sl@0	2248	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
sl@0	2249	return(0);
sl@0	2250
sl@0	2251	s->s3->renegotiate=1;
sl@0	2252	return(1);
sl@0	2253	}
sl@0	2254
sl@0	2255	int ssl3_renegotiate_check(SSL *s)
sl@0	2256	{
sl@0	2257	int ret=0;
sl@0	2258
sl@0	2259	if (s->s3->renegotiate)
sl@0	2260	{
sl@0	2261	if ( (s->s3->rbuf.left == 0) &&
sl@0	2262	(s->s3->wbuf.left == 0) &&
sl@0	2263	!SSL_in_init(s))
sl@0	2264	{
sl@0	2265	/*
sl@0	2266	if we are the server, and we have sent a 'RENEGOTIATE' message, we
sl@0	2267	need to go to SSL_ST_ACCEPT.
sl@0	2268	*/
sl@0	2269	/* SSL_ST_ACCEPT */
sl@0	2270	s->state=SSL_ST_RENEGOTIATE;
sl@0	2271	s->s3->renegotiate=0;
sl@0	2272	s->s3->num_renegotiations++;
sl@0	2273	s->s3->total_renegotiations++;
sl@0	2274	ret=1;
sl@0	2275	}
sl@0	2276	}
sl@0	2277	return(ret);
sl@0	2278	}
sl@0	2279

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--