Ciphersuite string bugfixes, and ECC-related (re-)definitions.

 Changes between 0.9.8b and 0.9.9  [xx XXX xxxx]

  *) Various modifications and fixes to SSL/TLS cipher string

     handling.  For ECC, the code now distinguishes between fixed ECDH

     with RSA certificates on the one hand and with ECDSA certificates

     on the other hand, since these are separate ciphersuites.  The

     unused code for Fortezza ciphersuites has been removed.

     For consistency with EDH, ephemeral ECDH is now called "EECDH"

     (not "ECDHE").  For consistency with the code for DH

     certificates, use of ECDH certificates is now considered ECDH

     authentication, not RSA or ECDSA authentication (the latter is

     merely the CA's signing algorithm and not actively used in the

     protocol).

     The temporary ciphersuite alias "ECCdraft" is no longer

     available, and ECC ciphersuites are no longer excluded from "ALL"

     and "DEFAULT".  The following aliases now exist for RFC 4492

     ciphersuites, most of these by analogy with the DH case:

         kECDHr   - ECDH cert, signed with RSA

         kECDHe   - ECDH cert, signed with ECDSA

         kECDH    - ECDH cert (signed with either RSA or ECDSA)

         kEECDH   - ephemeral ECDH

         ECDH     - ECDH cert or ephemeral ECDH

         aECDH    - ECDH cert

         aECDSA   - ECDSA cert

         ECDSA    - ECDSA cert

         AECDH    - anonymous ECDH

         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")

     [Bodo Moeller]

  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.

     Use correct micalg parameters depending on digest(s) in signed message.

     [Steve Henson]

			else

				s->s3->tmp.use_rsa_tmp=0;

			/* only send if a DH key exchange, fortezza or

			/* only send if a DH key exchange or

			 * RSA but we have a sign only certificate */

			if (s->s3->tmp.use_rsa_tmp

			    || (l & (SSL_DH|SSL_kFZA))

			    || (l & SSL_DH)

			    || ((l & SSL_kRSA)

				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)

#endif /* !OPENSSL_NO_DH */

#ifndef OPENSSL_NO_ECDH

	else if (alg & SSL_kECDHE)

	else if (alg & SSL_kEECDH)

		{

		EC_GROUP *ngroup;

		const EC_GROUP *group;

		EC_POINT_free(srvr_ecpoint);

		srvr_ecpoint = NULL;

		}

	else if (alg & SSL_kECDH)

	else if (alg)

		{

		al=SSL_AD_UNEXPECTED_MESSAGE;

		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);

		goto f_err;

		}

#endif /* !OPENSSL_NO_ECDH */

	if (alg & SSL_aFZA)

		{

		al=SSL_AD_HANDSHAKE_FAILURE;

		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);

		goto f_err;

		}

	/* p points to the next byte, there are 'n' bytes left */

#endif

#ifndef OPENSSL_NO_ECDH 

		else if ((l & SSL_kECDH) || (l & SSL_kECDHE))

		else if ((l & SSL_kECDH) || (l & SSL_kEECDH))

			{

			const EC_GROUP *srvr_group = NULL;

			EC_KEY *tkey;

	},

/* Cipher 0C */

	{

	0,

	0, /* not implemented (non-ephemeral DH) */

	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,

	SSL3_CK_DH_DSS_DES_64_CBC_SHA,

	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,

	},

/* Cipher 0D */

	{

	0,

	0, /* not implemented (non-ephemeral DH) */

	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,

	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,

	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,

	},

/* Cipher 0E */

	{

	0,

	0, /* not implemented (non-ephemeral DH) */

	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,

	SSL3_CK_DH_RSA_DES_40_CBC_SHA,

	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,

	},

/* Cipher 0F */

	{

	0,

	0, /* not implemented (non-ephemeral DH) */

	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,

	SSL3_CK_DH_RSA_DES_64_CBC_SHA,

	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,

	},

/* Cipher 10 */

	{

	0,

	0, /* not implemented (non-ephemeral DH) */

	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,

	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,

	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,

	SSL_ALL_STRENGTHS,

	},

/* Fortezza */

/* Fortezza ciphersuite from SSL 3.0 spec */

#if 0

/* Cipher 1C */

	{

	0,

	SSL_ALL_STRENGTHS,

	},

#if 0

/* Cipher 1E */

	{

	0,

** 20000107 VRS: And the first shall be last,

** in hopes of avoiding the lynx ssl renegotiation problem.

*/

/* Cipher 1E VRS */

/* Cipher 1E */

	{

	1,

	SSL3_TXT_KRB5_DES_64_CBC_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 1F VRS */

/* Cipher 1F */

	{

	1,

	SSL3_TXT_KRB5_DES_192_CBC3_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 20 VRS */

/* Cipher 20 */

	{

	1,

	SSL3_TXT_KRB5_RC4_128_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 21 VRS */

/* Cipher 21 */

	{

	1,

	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 22 VRS */

/* Cipher 22 */

	{

	1,

	SSL3_TXT_KRB5_DES_64_CBC_MD5,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 23 VRS */

/* Cipher 23 */

	{

	1,

	SSL3_TXT_KRB5_DES_192_CBC3_MD5,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 24 VRS */

/* Cipher 24 */

	{

	1,

	SSL3_TXT_KRB5_RC4_128_MD5,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 25 VRS */

/* Cipher 25 */

	{

	1,

	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 26 VRS */

/* Cipher 26 */

	{

	1,

	SSL3_TXT_KRB5_DES_40_CBC_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 27 VRS */

/* Cipher 27 */

	{

	1,

	SSL3_TXT_KRB5_RC2_40_CBC_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 28 VRS */

/* Cipher 28 */

	{

	1,

	SSL3_TXT_KRB5_RC4_40_SHA,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 29 VRS */

/* Cipher 29 */

	{

	1,

	SSL3_TXT_KRB5_DES_40_CBC_MD5,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 2A VRS */

/* Cipher 2A */

	{

	1,

	SSL3_TXT_KRB5_RC2_40_CBC_MD5,

	SSL_ALL_STRENGTHS,

	},

/* Cipher 2B VRS */

/* Cipher 2B */

	{

	1,

	SSL3_TXT_KRB5_RC4_40_MD5,

	SSL_ALL_STRENGTHS,

	},

#endif	/* OPENSSL_NO_KRB5 */

/* New AES ciphersuites */

/* New AES ciphersuites */

/* Cipher 2F */

	{

	1,

	},

/* Cipher 37 */

	{

	0,

	0, /* not implemented (non-ephemeral DH) */

	TLS1_TXT_DH_RSA_WITH_AES_256_SHA,

	TLS1_CK_DH_RSA_WITH_AES_256_SHA,

	SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,

	SSL_ALL_STRENGTHS,

	},

#endif  /* OPENSSL_NO_PSK */

#ifndef OPENSSL_NO_ECDH

	/* Cipher C001 */

	    {

            1,

            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,

            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,

            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_kECDHe|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            0,

            1,

            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,

            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,

            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_kECDHe|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            128,

            1,

            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,

            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,

            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_kECDHe|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            168,

            1,

            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,

            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,

            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            128,

            1,

            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,

            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,

            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kECDHe|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            256,

            1,

            TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,

            TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,

            SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            0,

            1,

            TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,

            TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,

            SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            128,

            1,

            TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

            TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

            SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            168,

            1,

            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            128,

            1,

            TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

            TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            256,

            1,

            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,

            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,

            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_kECDHr|SSL_aECDH|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            0,

            1,

            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,

            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,

            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_kECDHr|SSL_aECDH|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            128,

            1,

            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,

            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,

            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_kECDHr|SSL_aECDH|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            168,

            1,

            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,

            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,

            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            128,

            1,

            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,

            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,

            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kECDHr|SSL_aECDH|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            256,

            1,

            TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,

            TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,

            SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            0,

            1,

            TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,

            TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,

            SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            128,

            1,

            TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

            TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

            SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            168,

            1,

            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,

            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,

            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            128,

            1,

            TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,

            TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,

            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            256,

            1,

            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,

            TLS1_CK_ECDH_anon_WITH_NULL_SHA,

            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            0,

            1,

            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,

            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,

            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP,

            0,

            128,

            1,

            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,

            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,

            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            168,

            1,

            TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,

            TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,

            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            128,

            1,

            TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,

            TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,

            SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_kEECDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,

            SSL_NOT_EXP|SSL_HIGH,

            0,

            256,

			}

		if (

			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */

			((alg & SSL_kECDH) || (alg & SSL_kECDHE))

			((alg & SSL_kECDH) || (alg & SSL_kEECDH))

			/* and we have an ephemeral EC key */

			&& (s->cert->ecdh_tmp != NULL)

			/* and the client specified an EllipticCurves extension */

#endif

#ifndef OPENSSL_NO_ECDH

	/* We should ask for fixed ECDH certificates only

	 * for SSL_kECDH (and not SSL_kECDHE)

	 * for SSL_kECDH (and not SSL_kEECDH)

	 */

	if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))

		{

#ifndef OPENSSL_NO_ECDSA

	/* ECDSA certs can be used with RSA cipher suites as well 

	 * so we don't need to check for SSL_kECDH or SSL_kECDHE

	 * so we don't need to check for SSL_kECDH or SSL_kEECDH

	 */

	if (s->version >= TLS1_VERSION)

		{

#ifndef OPENSSL_NO_PSK

			    || ((l & SSL_kPSK) && s->ctx->psk_identity_hint)

#endif

			    || (l & SSL_kECDHE)

			    || (l & (SSL_DH|SSL_kFZA))

			    || (l & SSL_kEECDH)

			    || ((l & SSL_kRSA)

				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)

		else 

#endif

#ifndef OPENSSL_NO_ECDH

			if (type & SSL_kECDHE)

			if (type & SSL_kEECDH)

			{

			const EC_GROUP *group;

			}

#ifndef OPENSSL_NO_ECDH

		if (type & SSL_kECDHE) 

		if (type & SSL_kEECDH) 

			{

			/* XXX: For now, we only support named (not generic) curves.

			 * In this situation, the serverKeyExchange message has:

#endif	/* OPENSSL_NO_KRB5 */

#ifndef OPENSSL_NO_ECDH

		if ((l & SSL_kECDH) || (l & SSL_kECDHE))

		if ((l & SSL_kECDH) || (l & SSL_kEECDH))

		{

		int ret = 1;

		int field_size = 0;

                        {

			/* Client Publickey was in Client Certificate */

			 if (l & SSL_kECDHE) 

			 if (l & SSL_kEECDH)

				 {

				 al=SSL_AD_HANDSHAKE_FAILURE;

				 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);