Some fixes for ciphersuite string processing:

 Changes between 0.9.8d and 0.9.8e  [XX xxx XXXX]

  *) Since AES128 and AES256 (and similarly Camellia128 and

     Camellia256) share a single mask bit in the logic of

     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

     kludge to work properly if AES128 is available and AES256 isn't

     (or if Camellia128 is available and Camellia256 isn't).

     [Victor Duchovni]

  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c

     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):

     When a point or a seed is encoded in a BIT STRING, we need to

 Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]

  *) Since AES128 and AES256 share a single mask bit in the logic of

     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

     kludge to work properly if AES128 is available and AES256 isn't.

     [Victor Duchovni]

  *) Have SSL/TLS server implementation tolerate "mismatched" record

     protocol version while receiving ClientHello even if the

     ClientHello is fragmented.  (The server can't insist on the

  ---------------

/* ====================================================================

 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 OpenSSL 0.9.8e-dev XX xxx XXXX

 Copyright (c) 1998-2006 The OpenSSL Project

 Copyright (c) 1998-2007 The OpenSSL Project

 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

 All rights reserved.

	*tail=curr;

	}

static unsigned long ssl_cipher_get_disabled(void)

struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,

                         * where 128-bit and 256-bit algorithms simply will get

                         * separate bits. */

  unsigned long mask; /* everything except m256 */

  unsigned long m256; /* applies to 256-bit algorithms only */

};

struct disabled_masks ssl_cipher_get_disabled(void)

	{

	unsigned long mask;

	unsigned long m256;

	struct disabled_masks ret;

	mask = SSL_kFZA;

#ifdef OPENSSL_NO_RSA

	mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;

	mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;

	mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;

	mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;

	mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;

	mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;

	mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;

	return(mask);

	/* finally consider algorithms where mask and m256 differ */

	m256 = mask;

	mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;

	mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;

	m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;

	m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;

	ret.mask = mask;

	ret.m256 = m256;

	return ret;

	}

static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,

		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,

		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)

		int num_of_ciphers, unsigned long mask, unsigned long m256,

		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,

		CIPHER_ORDER **tail_p)

	{

	int i, co_list_num;

	SSL_CIPHER *c;

	for (i = 0; i < num_of_ciphers; i++)

		{

		c = ssl_method->get_cipher(i);

#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))

		/* drop those that use any of that is not available */

		if ((c != NULL) && c->valid && !(c->algorithms & mask))

		if ((c != NULL) && c->valid && !IS_MASKED(c))

			{

			co_list[co_list_num].cipher = c;

			co_list[co_list_num].next = NULL;

			 * rest of the command, if any left, until

			 * end or ':' is found.

			 */

			while ((*l != '\0') && ITEM_SEP(*l))

			while ((*l != '\0') && !ITEM_SEP(*l))

				l++;

			}

		else if (found)

			}

		else

			{

			while ((*l != '\0') && ITEM_SEP(*l))

			while ((*l != '\0') && !ITEM_SEP(*l))

				l++;

			}

		if (*l == '\0') break; /* done */

	{

	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;

	unsigned long disabled_mask;

	unsigned long disabled_m256;

	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;

	const char *rule_p;

	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;

	 * To reduce the work to do we only want to process the compiled

	 * in algorithms, so we first get the mask of disabled ciphers.

	 */

	disabled_mask = ssl_cipher_get_disabled();

	{

		struct disabled_masks d;

		d = ssl_cipher_get_disabled();

		disabled_mask = d.mask;

		disabled_m256 = d.m256;

	}

	/*

	 * Now we have to collect the available ciphers from the compiled

		}

	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,

				   co_list, &head, &tail);

				   disabled_m256, co_list, &head, &tail);

	/*

	 * We also need cipher aliases for selecting based on the rule_str.

		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);

		return(NULL);	/* Failure */

		}

	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,

				   head);

	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,

				   (disabled_mask & disabled_m256), head);

	/*

	 * If the rule_string begins with DEFAULT, apply the default rule