28 files changed, 176 insertions, 30 deletions

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 3687f5917c..c344c1bcdc 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.42 2015/02/06 08:30:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -146,6 +146,8 @@ const SSL_METHOD DTLSv1_client_method_data = {
         .ssl_dispatch_alert = dtls1_dispatch_alert,
         .ssl_ctrl = dtls1_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 527b47e98a..7f279a4f50 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_meth.c,v 1.8 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: d1_meth.c,v 1.9 2015/02/06 08:30:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -84,6 +84,8 @@ const SSL_METHOD DTLSv1_method_data = {
         .ssl_dispatch_alert = dtls1_dispatch_alert,
         .ssl_ctrl = dtls1_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 057d92109c..82f846d236 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.46 2014/12/15 00:46:53 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -147,6 +147,8 @@ const SSL_METHOD DTLSv1_server_method_data = {
         .ssl_dispatch_alert = dtls1_dispatch_alert,
         .ssl_ctrl = dtls1_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 28ea24c173..4159ae0580 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.35 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.36 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -140,6 +140,8 @@ const SSL_METHOD SSLv23_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl_undefined_const_function,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index a7686c3f40..9e0ee453db 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.37 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.38 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -139,6 +139,8 @@ const SSL_METHOD SSLv23_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl_undefined_const_function,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index b1c8ffb200..1a64a7e5f2 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.104 2015/01/23 14:40:59 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.105 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -188,6 +188,8 @@ const SSL_METHOD SSLv3_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 98eff97131..c7731b3cf4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.91 2014/12/16 05:47:28 miod Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.92 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2519,7 +2519,42 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
         return (1);
 }
 
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+/*
+ * This function needs to check if the ciphers required are actually available.
+ */
+const SSL_CIPHER *
+ssl3_get_cipher_by_char(const unsigned char *p)
+{
+        const SSL_CIPHER *cp;
+        unsigned long id;
+        SSL_CIPHER c;
+
+        id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+        c.id = id;
+        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+        if (cp == NULL || cp->valid == 0)
+                return NULL;
+        else
+                return cp;
+}
+
+int
+ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+        long l;
+
+        if (p != NULL) {
+                l = c->id;
+                if ((l & 0xff000000) != 0x03000000)
+                        return (0);
+                p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+                p[1] = ((unsigned char)(l)) & 0xFF;
+        }
+        return (2);
+}
+
+SSL_CIPHER *
+ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     STACK_OF(SSL_CIPHER) *srvr)
 {
         unsigned long alg_k, alg_a, mask_k, mask_a;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index fd8f9aabab..e16eb6f5d0 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.96 2014/12/29 16:12:59 tedu Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.97 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -188,6 +188,8 @@ const SSL_METHOD SSLv3_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 3687f5917c..c344c1bcdc 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.41 2014/12/14 16:19:38 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.42 2015/02/06 08:30:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -146,6 +146,8 @@ const SSL_METHOD DTLSv1_client_method_data = {
         .ssl_dispatch_alert = dtls1_dispatch_alert,
         .ssl_ctrl = dtls1_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/src/ssl/d1_meth.c b/src/lib/libssl/src/ssl/d1_meth.c
index 527b47e98a..7f279a4f50 100644
--- a/src/lib/libssl/src/ssl/d1_meth.c
+++ b/src/lib/libssl/src/ssl/d1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_meth.c,v 1.8 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: d1_meth.c,v 1.9 2015/02/06 08:30:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -84,6 +84,8 @@ const SSL_METHOD DTLSv1_method_data = {
         .ssl_dispatch_alert = dtls1_dispatch_alert,
         .ssl_ctrl = dtls1_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 057d92109c..82f846d236 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.46 2014/12/15 00:46:53 doug Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.47 2015/02/06 08:30:23 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -147,6 +147,8 @@ const SSL_METHOD DTLSv1_server_method_data = {
         .ssl_dispatch_alert = dtls1_dispatch_alert,
         .ssl_ctrl = dtls1_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = dtls1_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 28ea24c173..4159ae0580 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.35 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.36 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -140,6 +140,8 @@ const SSL_METHOD SSLv23_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl_undefined_const_function,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s23_meth.c b/src/lib/libssl/src/ssl/s23_meth.c
index e5382ff38d..164604001e 100644
--- a/src/lib/libssl/src/ssl/s23_meth.c
+++ b/src/lib/libssl/src/ssl/s23_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_meth.c,v 1.16 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: s23_meth.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,6 +83,8 @@ const SSL_METHOD SSLv23_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl_undefined_const_function,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index a7686c3f40..9e0ee453db 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.37 2014/12/10 15:43:31 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.38 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -139,6 +139,8 @@ const SSL_METHOD SSLv23_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl_undefined_const_function,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index b1c8ffb200..1a64a7e5f2 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.104 2015/01/23 14:40:59 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.105 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -188,6 +188,8 @@ const SSL_METHOD SSLv3_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 98eff97131..c7731b3cf4 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.91 2014/12/16 05:47:28 miod Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.92 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2519,7 +2519,42 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
         return (1);
 }
 
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+/*
+ * This function needs to check if the ciphers required are actually available.
+ */
+const SSL_CIPHER *
+ssl3_get_cipher_by_char(const unsigned char *p)
+{
+        const SSL_CIPHER *cp;
+        unsigned long id;
+        SSL_CIPHER c;
+
+        id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+        c.id = id;
+        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+        if (cp == NULL || cp->valid == 0)
+                return NULL;
+        else
+                return cp;
+}
+
+int
+ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+        long l;
+
+        if (p != NULL) {
+                l = c->id;
+                if ((l & 0xff000000) != 0x03000000)
+                        return (0);
+                p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+                p[1] = ((unsigned char)(l)) & 0xFF;
+        }
+        return (2);
+}
+
+SSL_CIPHER *
+ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     STACK_OF(SSL_CIPHER) *srvr)
 {
         unsigned long alg_k, alg_a, mask_k, mask_a;
diff --git a/src/lib/libssl/src/ssl/s3_meth.c b/src/lib/libssl/src/ssl/s3_meth.c
index 3435e529d9..8ad4efa7a8 100644
--- a/src/lib/libssl/src/ssl/s3_meth.c
+++ b/src/lib/libssl/src/ssl/s3_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_meth.c,v 1.12 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: s3_meth.c,v 1.13 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,6 +83,8 @@ const SSL_METHOD SSLv3_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index fd8f9aabab..e16eb6f5d0 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.96 2014/12/29 16:12:59 tedu Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.97 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -188,6 +188,8 @@ const SSL_METHOD SSLv3_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 275743a6a0..571786dcf6 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.79 2015/02/06 01:37:11 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.80 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -418,6 +418,8 @@ struct ssl_method_st {
         int (*ssl_dispatch_alert)(SSL *s);
         long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
         long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
+        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
         int (*ssl_pending)(const SSL *s);
         int (*num_ciphers)(void);
         const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 3312aebaad..94c0d4a83d 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.84 2014/12/15 00:46:53 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.85 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -595,6 +595,8 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
 
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c
index b2adbaee73..0dc41af5b3 100644
--- a/src/lib/libssl/src/ssl/t1_clnt.c
+++ b/src/lib/libssl/src/ssl/t1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_clnt.c,v 1.16 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: t1_clnt.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -85,6 +85,8 @@ const SSL_METHOD TLSv1_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -115,6 +117,8 @@ const SSL_METHOD TLSv1_1_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -145,6 +149,8 @@ const SSL_METHOD TLSv1_2_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/t1_meth.c b/src/lib/libssl/src/ssl/t1_meth.c
index 71d957fca9..48341525d8 100644
--- a/src/lib/libssl/src/ssl/t1_meth.c
+++ b/src/lib/libssl/src/ssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.15 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.16 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,6 +83,8 @@ const SSL_METHOD TLSv1_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -113,6 +115,8 @@ const SSL_METHOD TLSv1_1_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -143,6 +147,8 @@ const SSL_METHOD TLSv1_2_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c
index 4dedc727e2..3c6ac541f8 100644
--- a/src/lib/libssl/src/ssl/t1_srvr.c
+++ b/src/lib/libssl/src/ssl/t1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_srvr.c,v 1.17 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: t1_srvr.c,v 1.18 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,6 +86,8 @@ const SSL_METHOD TLSv1_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -116,6 +118,8 @@ const SSL_METHOD TLSv1_1_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -146,6 +150,8 @@ const SSL_METHOD TLSv1_2_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 275743a6a0..571786dcf6 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.79 2015/02/06 01:37:11 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.80 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -418,6 +418,8 @@ struct ssl_method_st {
         int (*ssl_dispatch_alert)(SSL *s);
         long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
         long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
+        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
         int (*ssl_pending)(const SSL *s);
         int (*num_ciphers)(void);
         const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 3312aebaad..94c0d4a83d 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.84 2014/12/15 00:46:53 doug Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.85 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -595,6 +595,8 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
 
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
index b2adbaee73..0dc41af5b3 100644
--- a/src/lib/libssl/t1_clnt.c
+++ b/src/lib/libssl/t1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_clnt.c,v 1.16 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: t1_clnt.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -85,6 +85,8 @@ const SSL_METHOD TLSv1_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -115,6 +117,8 @@ const SSL_METHOD TLSv1_1_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -145,6 +149,8 @@ const SSL_METHOD TLSv1_2_client_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index 71d957fca9..48341525d8 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_meth.c,v 1.15 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: t1_meth.c,v 1.16 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -83,6 +83,8 @@ const SSL_METHOD TLSv1_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -113,6 +115,8 @@ const SSL_METHOD TLSv1_1_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -143,6 +147,8 @@ const SSL_METHOD TLSv1_2_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
index 4dedc727e2..3c6ac541f8 100644
--- a/src/lib/libssl/t1_srvr.c
+++ b/src/lib/libssl/t1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_srvr.c,v 1.17 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: t1_srvr.c,v 1.18 2015/02/06 08:30:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,6 +86,8 @@ const SSL_METHOD TLSv1_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -116,6 +118,8 @@ const SSL_METHOD TLSv1_1_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,
@@ -146,6 +150,8 @@ const SSL_METHOD TLSv1_2_server_method_data = {
         .ssl_dispatch_alert = ssl3_dispatch_alert,
         .ssl_ctrl = ssl3_ctrl,
         .ssl_ctx_ctrl = ssl3_ctx_ctrl,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
         .ssl_pending = ssl3_pending,
         .num_ciphers = ssl3_num_ciphers,
         .get_cipher = ssl3_get_cipher,