ssl_ciph.c 51 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843
  1. /* ssl/ssl_ciph.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113. * ECC cipher suite support in OpenSSL originally developed by
  114. * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115. */
  116. /* ====================================================================
  117. * Copyright 2005 Nokia. All rights reserved.
  118. *
  119. * The portions of the attached software ("Contribution") is developed by
  120. * Nokia Corporation and is licensed pursuant to the OpenSSL open source
  121. * license.
  122. *
  123. * The Contribution, originally written by Mika Kousa and Pasi Eronen of
  124. * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
  125. * support (see RFC 4279) to OpenSSL.
  126. *
  127. * No patent licenses or other rights except those expressly stated in
  128. * the OpenSSL open source license shall be deemed granted or received
  129. * expressly, by implication, estoppel, or otherwise.
  130. *
  131. * No assurances are provided by Nokia that the Contribution does not
  132. * infringe the patent or other intellectual property rights of any third
  133. * party or that the license provides you with all the necessary rights
  134. * to make use of the Contribution.
  135. *
  136. * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
  137. * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
  138. * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
  139. * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  140. * OTHERWISE.
  141. */
  142. #include <stdio.h>
  143. #include <openssl/objects.h>
  144. #ifndef OPENSSL_NO_COMP
  145. #include <openssl/comp.h>
  146. #endif
  147. #ifndef OPENSSL_NO_ENGINE
  148. #include <openssl/engine.h>
  149. #endif
  150. #include "ssl_locl.h"
  151. #define SSL_ENC_DES_IDX 0
  152. #define SSL_ENC_3DES_IDX 1
  153. #define SSL_ENC_RC4_IDX 2
  154. #define SSL_ENC_RC2_IDX 3
  155. #define SSL_ENC_IDEA_IDX 4
  156. #define SSL_ENC_NULL_IDX 5
  157. #define SSL_ENC_AES128_IDX 6
  158. #define SSL_ENC_AES256_IDX 7
  159. #define SSL_ENC_CAMELLIA128_IDX 8
  160. #define SSL_ENC_CAMELLIA256_IDX 9
  161. #define SSL_ENC_GOST89_IDX 10
  162. #define SSL_ENC_SEED_IDX 11
  163. #define SSL_ENC_AES128GCM_IDX 12
  164. #define SSL_ENC_AES256GCM_IDX 13
  165. #define SSL_ENC_NUM_IDX 14
  166. static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
  167. NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
  168. };
  169. #define SSL_COMP_NULL_IDX 0
  170. #define SSL_COMP_ZLIB_IDX 1
  171. #define SSL_COMP_NUM_IDX 2
  172. static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
  173. #define SSL_MD_MD5_IDX 0
  174. #define SSL_MD_SHA1_IDX 1
  175. #define SSL_MD_GOST94_IDX 2
  176. #define SSL_MD_GOST89MAC_IDX 3
  177. #define SSL_MD_SHA256_IDX 4
  178. #define SSL_MD_SHA384_IDX 5
  179. /*Constant SSL_MAX_DIGEST equal to size of digests array should be
  180. * defined in the
  181. * ssl_locl.h */
  182. #define SSL_MD_NUM_IDX SSL_MAX_DIGEST
  183. static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
  184. NULL,NULL,NULL,NULL,NULL,NULL
  185. };
  186. /* PKEY_TYPE for GOST89MAC is known in advance, but, because
  187. * implementation is engine-provided, we'll fill it only if
  188. * corresponding EVP_PKEY_METHOD is found
  189. */
  190. static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
  191. EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
  192. EVP_PKEY_HMAC,EVP_PKEY_HMAC
  193. };
  194. static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
  195. 0,0,0,0,0,0
  196. };
  197. static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
  198. SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
  199. SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
  200. SSL_HANDSHAKE_MAC_SHA384
  201. };
  202. #define CIPHER_ADD 1
  203. #define CIPHER_KILL 2
  204. #define CIPHER_DEL 3
  205. #define CIPHER_ORD 4
  206. #define CIPHER_SPECIAL 5
  207. typedef struct cipher_order_st
  208. {
  209. const SSL_CIPHER *cipher;
  210. int active;
  211. int dead;
  212. struct cipher_order_st *next,*prev;
  213. } CIPHER_ORDER;
  214. static const SSL_CIPHER cipher_aliases[]={
  215. /* "ALL" doesn't include eNULL (must be specifically enabled) */
  216. {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
  217. /* "COMPLEMENTOFALL" */
  218. {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
  219. /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
  220. {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
  221. /* key exchange aliases
  222. * (some of those using only a single bit here combine
  223. * multiple key exchange algs according to the RFCs,
  224. * e.g. kEDH combines DHE_DSS and DHE_RSA) */
  225. {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
  226. {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  227. {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  228. {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  229. {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
  230. {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
  231. {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
  232. {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
  233. {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
  234. {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
  235. {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
  236. {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
  237. {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
  238. {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
  239. {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
  240. /* server authentication aliases */
  241. {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
  242. {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
  243. {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
  244. {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
  245. {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
  246. {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  247. {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
  248. {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
  249. {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
  250. {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
  251. {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
  252. {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
  253. {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
  254. /* aliases combining key exchange and server authentication */
  255. {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
  256. {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
  257. {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
  258. {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
  259. {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
  260. {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
  261. {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
  262. {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
  263. {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
  264. /* symmetric encryption aliases */
  265. {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
  266. {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
  267. {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
  268. {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
  269. {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
  270. {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
  271. {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
  272. {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
  273. {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
  274. {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
  275. {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
  276. {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
  277. {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
  278. {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
  279. /* MAC aliases */
  280. {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
  281. {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
  282. {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
  283. {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
  284. {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
  285. {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
  286. {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
  287. /* protocol version aliases */
  288. {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
  289. {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
  290. {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
  291. /* export flag */
  292. {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
  293. {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
  294. /* strength classes */
  295. {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
  296. {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
  297. {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
  298. {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
  299. {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
  300. /* FIPS 140-2 approved ciphersuite */
  301. {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
  302. };
  303. /* Search for public key algorithm with given name and
  304. * return its pkey_id if it is available. Otherwise return 0
  305. */
  306. #ifdef OPENSSL_NO_ENGINE
  307. static int get_optional_pkey_id(const char *pkey_name)
  308. {
  309. const EVP_PKEY_ASN1_METHOD *ameth;
  310. int pkey_id=0;
  311. ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
  312. if (ameth)
  313. {
  314. EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
  315. }
  316. return pkey_id;
  317. }
  318. #else
  319. static int get_optional_pkey_id(const char *pkey_name)
  320. {
  321. const EVP_PKEY_ASN1_METHOD *ameth;
  322. ENGINE *tmpeng = NULL;
  323. int pkey_id=0;
  324. ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
  325. if (ameth)
  326. {
  327. EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
  328. }
  329. if (tmpeng) ENGINE_finish(tmpeng);
  330. return pkey_id;
  331. }
  332. #endif
  333. void ssl_load_ciphers(void)
  334. {
  335. ssl_cipher_methods[SSL_ENC_DES_IDX]=
  336. EVP_get_cipherbyname(SN_des_cbc);
  337. ssl_cipher_methods[SSL_ENC_3DES_IDX]=
  338. EVP_get_cipherbyname(SN_des_ede3_cbc);
  339. ssl_cipher_methods[SSL_ENC_RC4_IDX]=
  340. EVP_get_cipherbyname(SN_rc4);
  341. ssl_cipher_methods[SSL_ENC_RC2_IDX]=
  342. EVP_get_cipherbyname(SN_rc2_cbc);
  343. #ifndef OPENSSL_NO_IDEA
  344. ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
  345. EVP_get_cipherbyname(SN_idea_cbc);
  346. #else
  347. ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
  348. #endif
  349. ssl_cipher_methods[SSL_ENC_AES128_IDX]=
  350. EVP_get_cipherbyname(SN_aes_128_cbc);
  351. ssl_cipher_methods[SSL_ENC_AES256_IDX]=
  352. EVP_get_cipherbyname(SN_aes_256_cbc);
  353. ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
  354. EVP_get_cipherbyname(SN_camellia_128_cbc);
  355. ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
  356. EVP_get_cipherbyname(SN_camellia_256_cbc);
  357. ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
  358. EVP_get_cipherbyname(SN_gost89_cnt);
  359. ssl_cipher_methods[SSL_ENC_SEED_IDX]=
  360. EVP_get_cipherbyname(SN_seed_cbc);
  361. ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
  362. EVP_get_cipherbyname(SN_aes_128_gcm);
  363. ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
  364. EVP_get_cipherbyname(SN_aes_256_gcm);
  365. ssl_digest_methods[SSL_MD_MD5_IDX]=
  366. EVP_get_digestbyname(SN_md5);
  367. ssl_mac_secret_size[SSL_MD_MD5_IDX]=
  368. EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
  369. OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
  370. ssl_digest_methods[SSL_MD_SHA1_IDX]=
  371. EVP_get_digestbyname(SN_sha1);
  372. ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
  373. EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
  374. OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
  375. ssl_digest_methods[SSL_MD_GOST94_IDX]=
  376. EVP_get_digestbyname(SN_id_GostR3411_94);
  377. if (ssl_digest_methods[SSL_MD_GOST94_IDX])
  378. {
  379. ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
  380. EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
  381. OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
  382. }
  383. ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
  384. EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
  385. ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
  386. if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
  387. ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
  388. }
  389. ssl_digest_methods[SSL_MD_SHA256_IDX]=
  390. EVP_get_digestbyname(SN_sha256);
  391. ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
  392. EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
  393. ssl_digest_methods[SSL_MD_SHA384_IDX]=
  394. EVP_get_digestbyname(SN_sha384);
  395. ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
  396. EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
  397. }
  398. #ifndef OPENSSL_NO_COMP
  399. static int sk_comp_cmp(const SSL_COMP * const *a,
  400. const SSL_COMP * const *b)
  401. {
  402. return((*a)->id-(*b)->id);
  403. }
  404. static void load_builtin_compressions(void)
  405. {
  406. int got_write_lock = 0;
  407. CRYPTO_r_lock(CRYPTO_LOCK_SSL);
  408. if (ssl_comp_methods == NULL)
  409. {
  410. CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
  411. CRYPTO_w_lock(CRYPTO_LOCK_SSL);
  412. got_write_lock = 1;
  413. if (ssl_comp_methods == NULL)
  414. {
  415. SSL_COMP *comp = NULL;
  416. MemCheck_off();
  417. ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
  418. if (ssl_comp_methods != NULL)
  419. {
  420. comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
  421. if (comp != NULL)
  422. {
  423. comp->method=COMP_zlib();
  424. if (comp->method
  425. && comp->method->type == NID_undef)
  426. OPENSSL_free(comp);
  427. else
  428. {
  429. comp->id=SSL_COMP_ZLIB_IDX;
  430. comp->name=comp->method->name;
  431. sk_SSL_COMP_push(ssl_comp_methods,comp);
  432. }
  433. }
  434. }
  435. MemCheck_on();
  436. }
  437. }
  438. if (got_write_lock)
  439. CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
  440. else
  441. CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
  442. }
  443. #endif
  444. int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
  445. const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
  446. {
  447. int i;
  448. const SSL_CIPHER *c;
  449. c=s->cipher;
  450. if (c == NULL) return(0);
  451. if (comp != NULL)
  452. {
  453. SSL_COMP ctmp;
  454. #ifndef OPENSSL_NO_COMP
  455. load_builtin_compressions();
  456. #endif
  457. *comp=NULL;
  458. ctmp.id=s->compress_meth;
  459. if (ssl_comp_methods != NULL)
  460. {
  461. i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
  462. if (i >= 0)
  463. *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
  464. else
  465. *comp=NULL;
  466. }
  467. }
  468. if ((enc == NULL) || (md == NULL)) return(0);
  469. switch (c->algorithm_enc)
  470. {
  471. case SSL_DES:
  472. i=SSL_ENC_DES_IDX;
  473. break;
  474. case SSL_3DES:
  475. i=SSL_ENC_3DES_IDX;
  476. break;
  477. case SSL_RC4:
  478. i=SSL_ENC_RC4_IDX;
  479. break;
  480. case SSL_RC2:
  481. i=SSL_ENC_RC2_IDX;
  482. break;
  483. case SSL_IDEA:
  484. i=SSL_ENC_IDEA_IDX;
  485. break;
  486. case SSL_eNULL:
  487. i=SSL_ENC_NULL_IDX;
  488. break;
  489. case SSL_AES128:
  490. i=SSL_ENC_AES128_IDX;
  491. break;
  492. case SSL_AES256:
  493. i=SSL_ENC_AES256_IDX;
  494. break;
  495. case SSL_CAMELLIA128:
  496. i=SSL_ENC_CAMELLIA128_IDX;
  497. break;
  498. case SSL_CAMELLIA256:
  499. i=SSL_ENC_CAMELLIA256_IDX;
  500. break;
  501. case SSL_eGOST2814789CNT:
  502. i=SSL_ENC_GOST89_IDX;
  503. break;
  504. case SSL_SEED:
  505. i=SSL_ENC_SEED_IDX;
  506. break;
  507. case SSL_AES128GCM:
  508. i=SSL_ENC_AES128GCM_IDX;
  509. break;
  510. case SSL_AES256GCM:
  511. i=SSL_ENC_AES256GCM_IDX;
  512. break;
  513. default:
  514. i= -1;
  515. break;
  516. }
  517. if ((i < 0) || (i > SSL_ENC_NUM_IDX))
  518. *enc=NULL;
  519. else
  520. {
  521. if (i == SSL_ENC_NULL_IDX)
  522. *enc=EVP_enc_null();
  523. else
  524. *enc=ssl_cipher_methods[i];
  525. }
  526. switch (c->algorithm_mac)
  527. {
  528. case SSL_MD5:
  529. i=SSL_MD_MD5_IDX;
  530. break;
  531. case SSL_SHA1:
  532. i=SSL_MD_SHA1_IDX;
  533. break;
  534. case SSL_SHA256:
  535. i=SSL_MD_SHA256_IDX;
  536. break;
  537. case SSL_SHA384:
  538. i=SSL_MD_SHA384_IDX;
  539. break;
  540. case SSL_GOST94:
  541. i = SSL_MD_GOST94_IDX;
  542. break;
  543. case SSL_GOST89MAC:
  544. i = SSL_MD_GOST89MAC_IDX;
  545. break;
  546. default:
  547. i= -1;
  548. break;
  549. }
  550. if ((i < 0) || (i > SSL_MD_NUM_IDX))
  551. {
  552. *md=NULL;
  553. if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
  554. if (mac_secret_size!=NULL) *mac_secret_size = 0;
  555. if (c->algorithm_mac == SSL_AEAD)
  556. mac_pkey_type = NULL;
  557. }
  558. else
  559. {
  560. *md=ssl_digest_methods[i];
  561. if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
  562. if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
  563. }
  564. if ((*enc != NULL) &&
  565. (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
  566. (!mac_pkey_type||*mac_pkey_type != NID_undef))
  567. {
  568. const EVP_CIPHER *evp;
  569. if (s->ssl_version >= TLS1_VERSION &&
  570. c->algorithm_enc == SSL_RC4 &&
  571. c->algorithm_mac == SSL_MD5 &&
  572. (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
  573. *enc = evp, *md = NULL;
  574. else if (s->ssl_version >= TLS1_VERSION &&
  575. c->algorithm_enc == SSL_AES128 &&
  576. c->algorithm_mac == SSL_SHA1 &&
  577. (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
  578. *enc = evp, *md = NULL;
  579. else if (s->ssl_version >= TLS1_VERSION &&
  580. c->algorithm_enc == SSL_AES256 &&
  581. c->algorithm_mac == SSL_SHA1 &&
  582. (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
  583. *enc = evp, *md = NULL;
  584. return(1);
  585. }
  586. else
  587. return(0);
  588. }
  589. int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
  590. {
  591. if (idx <0||idx>=SSL_MD_NUM_IDX)
  592. {
  593. return 0;
  594. }
  595. *mask = ssl_handshake_digest_flag[idx];
  596. if (*mask)
  597. *md = ssl_digest_methods[idx];
  598. else
  599. *md = NULL;
  600. return 1;
  601. }
  602. #define ITEM_SEP(a) \
  603. (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
  604. static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
  605. CIPHER_ORDER **tail)
  606. {
  607. if (curr == *tail) return;
  608. if (curr == *head)
  609. *head=curr->next;
  610. if (curr->prev != NULL)
  611. curr->prev->next=curr->next;
  612. if (curr->next != NULL)
  613. curr->next->prev=curr->prev;
  614. (*tail)->next=curr;
  615. curr->prev= *tail;
  616. curr->next=NULL;
  617. *tail=curr;
  618. }
  619. static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
  620. CIPHER_ORDER **tail)
  621. {
  622. if (curr == *head) return;
  623. if (curr == *tail)
  624. *tail=curr->prev;
  625. if (curr->next != NULL)
  626. curr->next->prev=curr->prev;
  627. if (curr->prev != NULL)
  628. curr->prev->next=curr->next;
  629. (*head)->prev=curr;
  630. curr->next= *head;
  631. curr->prev=NULL;
  632. *head=curr;
  633. }
  634. static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
  635. {
  636. *mkey = 0;
  637. *auth = 0;
  638. *enc = 0;
  639. *mac = 0;
  640. *ssl = 0;
  641. #ifdef OPENSSL_NO_RSA
  642. *mkey |= SSL_kRSA;
  643. *auth |= SSL_aRSA;
  644. #endif
  645. #ifdef OPENSSL_NO_DSA
  646. *auth |= SSL_aDSS;
  647. #endif
  648. *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
  649. *auth |= SSL_aDH;
  650. #ifdef OPENSSL_NO_DH
  651. *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
  652. *auth |= SSL_aDH;
  653. #endif
  654. #ifdef OPENSSL_NO_KRB5
  655. *mkey |= SSL_kKRB5;
  656. *auth |= SSL_aKRB5;
  657. #endif
  658. #ifdef OPENSSL_NO_ECDSA
  659. *auth |= SSL_aECDSA;
  660. #endif
  661. #ifdef OPENSSL_NO_ECDH
  662. *mkey |= SSL_kECDHe|SSL_kECDHr;
  663. *auth |= SSL_aECDH;
  664. #endif
  665. #ifdef OPENSSL_NO_PSK
  666. *mkey |= SSL_kPSK;
  667. *auth |= SSL_aPSK;
  668. #endif
  669. #ifdef OPENSSL_NO_SRP
  670. *mkey |= SSL_kSRP;
  671. #endif
  672. /* Check for presence of GOST 34.10 algorithms, and if they
  673. * do not present, disable appropriate auth and key exchange */
  674. if (!get_optional_pkey_id("gost94")) {
  675. *auth |= SSL_aGOST94;
  676. }
  677. if (!get_optional_pkey_id("gost2001")) {
  678. *auth |= SSL_aGOST01;
  679. }
  680. /* Disable GOST key exchange if no GOST signature algs are available * */
  681. if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
  682. *mkey |= SSL_kGOST;
  683. }
  684. #ifdef SSL_FORBID_ENULL
  685. *enc |= SSL_eNULL;
  686. #endif
  687. *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
  688. *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
  689. *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
  690. *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
  691. *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
  692. *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
  693. *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
  694. *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
  695. *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
  696. *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
  697. *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
  698. *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
  699. *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
  700. *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
  701. *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
  702. *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
  703. *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
  704. }
  705. static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
  706. int num_of_ciphers,
  707. unsigned long disabled_mkey, unsigned long disabled_auth,
  708. unsigned long disabled_enc, unsigned long disabled_mac,
  709. unsigned long disabled_ssl,
  710. CIPHER_ORDER *co_list,
  711. CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
  712. {
  713. int i, co_list_num;
  714. const SSL_CIPHER *c;
  715. /*
  716. * We have num_of_ciphers descriptions compiled in, depending on the
  717. * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
  718. * These will later be sorted in a linked list with at most num
  719. * entries.
  720. */
  721. /* Get the initial list of ciphers */
  722. co_list_num = 0; /* actual count of ciphers */
  723. for (i = 0; i < num_of_ciphers; i++)
  724. {
  725. c = ssl_method->get_cipher(i);
  726. /* drop those that use any of that is not available */
  727. if ((c != NULL) && c->valid &&
  728. #ifdef OPENSSL_FIPS
  729. (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
  730. #endif
  731. !(c->algorithm_mkey & disabled_mkey) &&
  732. !(c->algorithm_auth & disabled_auth) &&
  733. !(c->algorithm_enc & disabled_enc) &&
  734. !(c->algorithm_mac & disabled_mac) &&
  735. !(c->algorithm_ssl & disabled_ssl))
  736. {
  737. co_list[co_list_num].cipher = c;
  738. co_list[co_list_num].next = NULL;
  739. co_list[co_list_num].prev = NULL;
  740. co_list[co_list_num].active = 0;
  741. co_list_num++;
  742. #ifdef KSSL_DEBUG
  743. printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
  744. #endif /* KSSL_DEBUG */
  745. /*
  746. if (!sk_push(ca_list,(char *)c)) goto err;
  747. */
  748. }
  749. }
  750. /*
  751. * Prepare linked list from list entries
  752. */
  753. if (co_list_num > 0)
  754. {
  755. co_list[0].prev = NULL;
  756. if (co_list_num > 1)
  757. {
  758. co_list[0].next = &co_list[1];
  759. for (i = 1; i < co_list_num - 1; i++)
  760. {
  761. co_list[i].prev = &co_list[i - 1];
  762. co_list[i].next = &co_list[i + 1];
  763. }
  764. co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
  765. }
  766. co_list[co_list_num - 1].next = NULL;
  767. *head_p = &co_list[0];
  768. *tail_p = &co_list[co_list_num - 1];
  769. }
  770. }
  771. static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
  772. int num_of_group_aliases,
  773. unsigned long disabled_mkey, unsigned long disabled_auth,
  774. unsigned long disabled_enc, unsigned long disabled_mac,
  775. unsigned long disabled_ssl,
  776. CIPHER_ORDER *head)
  777. {
  778. CIPHER_ORDER *ciph_curr;
  779. const SSL_CIPHER **ca_curr;
  780. int i;
  781. unsigned long mask_mkey = ~disabled_mkey;
  782. unsigned long mask_auth = ~disabled_auth;
  783. unsigned long mask_enc = ~disabled_enc;
  784. unsigned long mask_mac = ~disabled_mac;
  785. unsigned long mask_ssl = ~disabled_ssl;
  786. /*
  787. * First, add the real ciphers as already collected
  788. */
  789. ciph_curr = head;
  790. ca_curr = ca_list;
  791. while (ciph_curr != NULL)
  792. {
  793. *ca_curr = ciph_curr->cipher;
  794. ca_curr++;
  795. ciph_curr = ciph_curr->next;
  796. }
  797. /*
  798. * Now we add the available ones from the cipher_aliases[] table.
  799. * They represent either one or more algorithms, some of which
  800. * in any affected category must be supported (set in enabled_mask),
  801. * or represent a cipher strength value (will be added in any case because algorithms=0).
  802. */
  803. for (i = 0; i < num_of_group_aliases; i++)
  804. {
  805. unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
  806. unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
  807. unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
  808. unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
  809. unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
  810. if (algorithm_mkey)
  811. if ((algorithm_mkey & mask_mkey) == 0)
  812. continue;
  813. if (algorithm_auth)
  814. if ((algorithm_auth & mask_auth) == 0)
  815. continue;
  816. if (algorithm_enc)
  817. if ((algorithm_enc & mask_enc) == 0)
  818. continue;
  819. if (algorithm_mac)
  820. if ((algorithm_mac & mask_mac) == 0)
  821. continue;
  822. if (algorithm_ssl)
  823. if ((algorithm_ssl & mask_ssl) == 0)
  824. continue;
  825. *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
  826. ca_curr++;
  827. }
  828. *ca_curr = NULL; /* end of list */
  829. }
  830. static void ssl_cipher_apply_rule(unsigned long cipher_id,
  831. unsigned long alg_mkey, unsigned long alg_auth,
  832. unsigned long alg_enc, unsigned long alg_mac,
  833. unsigned long alg_ssl,
  834. unsigned long algo_strength,
  835. int rule, int strength_bits,
  836. CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
  837. {
  838. CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
  839. const SSL_CIPHER *cp;
  840. int reverse = 0;
  841. #ifdef CIPHER_DEBUG
  842. printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
  843. rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
  844. #endif
  845. if (rule == CIPHER_DEL)
  846. reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
  847. head = *head_p;
  848. tail = *tail_p;
  849. if (reverse)
  850. {
  851. curr = tail;
  852. last = head;
  853. }
  854. else
  855. {
  856. curr = head;
  857. last = tail;
  858. }
  859. curr2 = curr;
  860. for (;;)
  861. {
  862. if ((curr == NULL) || (curr == last)) break;
  863. curr = curr2;
  864. curr2 = reverse ? curr->prev : curr->next;
  865. cp = curr->cipher;
  866. /*
  867. * Selection criteria is either the value of strength_bits
  868. * or the algorithms used.
  869. */
  870. if (strength_bits >= 0)
  871. {
  872. if (strength_bits != cp->strength_bits)
  873. continue;
  874. }
  875. else
  876. {
  877. #ifdef CIPHER_DEBUG
  878. printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
  879. #endif
  880. if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
  881. continue;
  882. if (alg_auth && !(alg_auth & cp->algorithm_auth))
  883. continue;
  884. if (alg_enc && !(alg_enc & cp->algorithm_enc))
  885. continue;
  886. if (alg_mac && !(alg_mac & cp->algorithm_mac))
  887. continue;
  888. if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
  889. continue;
  890. if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
  891. continue;
  892. if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
  893. continue;
  894. }
  895. #ifdef CIPHER_DEBUG
  896. printf("Action = %d\n", rule);
  897. #endif
  898. /* add the cipher if it has not been added yet. */
  899. if (rule == CIPHER_ADD)
  900. {
  901. /* reverse == 0 */
  902. if (!curr->active)
  903. {
  904. ll_append_tail(&head, curr, &tail);
  905. curr->active = 1;
  906. }
  907. }
  908. /* Move the added cipher to this location */
  909. else if (rule == CIPHER_ORD)
  910. {
  911. /* reverse == 0 */
  912. if (curr->active)
  913. {
  914. ll_append_tail(&head, curr, &tail);
  915. }
  916. }
  917. else if (rule == CIPHER_DEL)
  918. {
  919. /* reverse == 1 */
  920. if (curr->active)
  921. {
  922. /* most recently deleted ciphersuites get best positions
  923. * for any future CIPHER_ADD (note that the CIPHER_DEL loop
  924. * works in reverse to maintain the order) */
  925. ll_append_head(&head, curr, &tail);
  926. curr->active = 0;
  927. }
  928. }
  929. else if (rule == CIPHER_KILL)
  930. {
  931. /* reverse == 0 */
  932. if (head == curr)
  933. head = curr->next;
  934. else
  935. curr->prev->next = curr->next;
  936. if (tail == curr)
  937. tail = curr->prev;
  938. curr->active = 0;
  939. if (curr->next != NULL)
  940. curr->next->prev = curr->prev;
  941. if (curr->prev != NULL)
  942. curr->prev->next = curr->next;
  943. curr->next = NULL;
  944. curr->prev = NULL;
  945. }
  946. }
  947. *head_p = head;
  948. *tail_p = tail;
  949. }
  950. static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
  951. CIPHER_ORDER **tail_p)
  952. {
  953. int max_strength_bits, i, *number_uses;
  954. CIPHER_ORDER *curr;
  955. /*
  956. * This routine sorts the ciphers with descending strength. The sorting
  957. * must keep the pre-sorted sequence, so we apply the normal sorting
  958. * routine as '+' movement to the end of the list.
  959. */
  960. max_strength_bits = 0;
  961. curr = *head_p;
  962. while (curr != NULL)
  963. {
  964. if (curr->active &&
  965. (curr->cipher->strength_bits > max_strength_bits))
  966. max_strength_bits = curr->cipher->strength_bits;
  967. curr = curr->next;
  968. }
  969. number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
  970. if (!number_uses)
  971. {
  972. SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
  973. return(0);
  974. }
  975. memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
  976. /*
  977. * Now find the strength_bits values actually used
  978. */
  979. curr = *head_p;
  980. while (curr != NULL)
  981. {
  982. if (curr->active)
  983. number_uses[curr->cipher->strength_bits]++;
  984. curr = curr->next;
  985. }
  986. /*
  987. * Go through the list of used strength_bits values in descending
  988. * order.
  989. */
  990. for (i = max_strength_bits; i >= 0; i--)
  991. if (number_uses[i] > 0)
  992. ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
  993. OPENSSL_free(number_uses);
  994. return(1);
  995. }
  996. static int ssl_cipher_process_rulestr(const char *rule_str,
  997. CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
  998. const SSL_CIPHER **ca_list)
  999. {
  1000. unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
  1001. const char *l, *buf;
  1002. int j, multi, found, rule, retval, ok, buflen;
  1003. unsigned long cipher_id = 0;
  1004. char ch;
  1005. retval = 1;
  1006. l = rule_str;
  1007. for (;;)
  1008. {
  1009. ch = *l;
  1010. if (ch == '\0')
  1011. break; /* done */
  1012. if (ch == '-')
  1013. { rule = CIPHER_DEL; l++; }
  1014. else if (ch == '+')
  1015. { rule = CIPHER_ORD; l++; }
  1016. else if (ch == '!')
  1017. { rule = CIPHER_KILL; l++; }
  1018. else if (ch == '@')
  1019. { rule = CIPHER_SPECIAL; l++; }
  1020. else
  1021. { rule = CIPHER_ADD; }
  1022. if (ITEM_SEP(ch))
  1023. {
  1024. l++;
  1025. continue;
  1026. }
  1027. alg_mkey = 0;
  1028. alg_auth = 0;
  1029. alg_enc = 0;
  1030. alg_mac = 0;
  1031. alg_ssl = 0;
  1032. algo_strength = 0;
  1033. for (;;)
  1034. {
  1035. ch = *l;
  1036. buf = l;
  1037. buflen = 0;
  1038. #ifndef CHARSET_EBCDIC
  1039. while ( ((ch >= 'A') && (ch <= 'Z')) ||
  1040. ((ch >= '0') && (ch <= '9')) ||
  1041. ((ch >= 'a') && (ch <= 'z')) ||
  1042. (ch == '-'))
  1043. #else
  1044. while ( isalnum(ch) || (ch == '-'))
  1045. #endif
  1046. {
  1047. ch = *(++l);
  1048. buflen++;
  1049. }
  1050. if (buflen == 0)
  1051. {
  1052. /*
  1053. * We hit something we cannot deal with,
  1054. * it is no command or separator nor
  1055. * alphanumeric, so we call this an error.
  1056. */
  1057. SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
  1058. SSL_R_INVALID_COMMAND);
  1059. retval = found = 0;
  1060. l++;
  1061. break;
  1062. }
  1063. if (rule == CIPHER_SPECIAL)
  1064. {
  1065. found = 0; /* unused -- avoid compiler warning */
  1066. break; /* special treatment */
  1067. }
  1068. /* check for multi-part specification */
  1069. if (ch == '+')
  1070. {
  1071. multi=1;
  1072. l++;
  1073. }
  1074. else
  1075. multi=0;
  1076. /*
  1077. * Now search for the cipher alias in the ca_list. Be careful
  1078. * with the strncmp, because the "buflen" limitation
  1079. * will make the rule "ADH:SOME" and the cipher
  1080. * "ADH-MY-CIPHER" look like a match for buflen=3.
  1081. * So additionally check whether the cipher name found
  1082. * has the correct length. We can save a strlen() call:
  1083. * just checking for the '\0' at the right place is
  1084. * sufficient, we have to strncmp() anyway. (We cannot
  1085. * use strcmp(), because buf is not '\0' terminated.)
  1086. */
  1087. j = found = 0;
  1088. cipher_id = 0;
  1089. while (ca_list[j])
  1090. {
  1091. if (!strncmp(buf, ca_list[j]->name, buflen) &&
  1092. (ca_list[j]->name[buflen] == '\0'))
  1093. {
  1094. found = 1;
  1095. break;
  1096. }
  1097. else
  1098. j++;
  1099. }
  1100. if (!found)
  1101. break; /* ignore this entry */
  1102. if (ca_list[j]->algorithm_mkey)
  1103. {
  1104. if (alg_mkey)
  1105. {
  1106. alg_mkey &= ca_list[j]->algorithm_mkey;
  1107. if (!alg_mkey) { found = 0; break; }
  1108. }
  1109. else
  1110. alg_mkey = ca_list[j]->algorithm_mkey;
  1111. }
  1112. if (ca_list[j]->algorithm_auth)
  1113. {
  1114. if (alg_auth)
  1115. {
  1116. alg_auth &= ca_list[j]->algorithm_auth;
  1117. if (!alg_auth) { found = 0; break; }
  1118. }
  1119. else
  1120. alg_auth = ca_list[j]->algorithm_auth;
  1121. }
  1122. if (ca_list[j]->algorithm_enc)
  1123. {
  1124. if (alg_enc)
  1125. {
  1126. alg_enc &= ca_list[j]->algorithm_enc;
  1127. if (!alg_enc) { found = 0; break; }
  1128. }
  1129. else
  1130. alg_enc = ca_list[j]->algorithm_enc;
  1131. }
  1132. if (ca_list[j]->algorithm_mac)
  1133. {
  1134. if (alg_mac)
  1135. {
  1136. alg_mac &= ca_list[j]->algorithm_mac;
  1137. if (!alg_mac) { found = 0; break; }
  1138. }
  1139. else
  1140. alg_mac = ca_list[j]->algorithm_mac;
  1141. }
  1142. if (ca_list[j]->algo_strength & SSL_EXP_MASK)
  1143. {
  1144. if (algo_strength & SSL_EXP_MASK)
  1145. {
  1146. algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
  1147. if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
  1148. }
  1149. else
  1150. algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
  1151. }
  1152. if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
  1153. {
  1154. if (algo_strength & SSL_STRONG_MASK)
  1155. {
  1156. algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
  1157. if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
  1158. }
  1159. else
  1160. algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
  1161. }
  1162. if (ca_list[j]->valid)
  1163. {
  1164. /* explicit ciphersuite found; its protocol version
  1165. * does not become part of the search pattern!*/
  1166. cipher_id = ca_list[j]->id;
  1167. }
  1168. else
  1169. {
  1170. /* not an explicit ciphersuite; only in this case, the
  1171. * protocol version is considered part of the search pattern */
  1172. if (ca_list[j]->algorithm_ssl)
  1173. {
  1174. if (alg_ssl)
  1175. {
  1176. alg_ssl &= ca_list[j]->algorithm_ssl;
  1177. if (!alg_ssl) { found = 0; break; }
  1178. }
  1179. else
  1180. alg_ssl = ca_list[j]->algorithm_ssl;
  1181. }
  1182. }
  1183. if (!multi) break;
  1184. }
  1185. /*
  1186. * Ok, we have the rule, now apply it
  1187. */
  1188. if (rule == CIPHER_SPECIAL)
  1189. { /* special command */
  1190. ok = 0;
  1191. if ((buflen == 8) &&
  1192. !strncmp(buf, "STRENGTH", 8))
  1193. ok = ssl_cipher_strength_sort(head_p, tail_p);
  1194. else
  1195. SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
  1196. SSL_R_INVALID_COMMAND);
  1197. if (ok == 0)
  1198. retval = 0;
  1199. /*
  1200. * We do not support any "multi" options
  1201. * together with "@", so throw away the
  1202. * rest of the command, if any left, until
  1203. * end or ':' is found.
  1204. */
  1205. while ((*l != '\0') && !ITEM_SEP(*l))
  1206. l++;
  1207. }
  1208. else if (found)
  1209. {
  1210. ssl_cipher_apply_rule(cipher_id,
  1211. alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
  1212. rule, -1, head_p, tail_p);
  1213. }
  1214. else
  1215. {
  1216. while ((*l != '\0') && !ITEM_SEP(*l))
  1217. l++;
  1218. }
  1219. if (*l == '\0') break; /* done */
  1220. }
  1221. return(retval);
  1222. }
  1223. STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
  1224. STACK_OF(SSL_CIPHER) **cipher_list,
  1225. STACK_OF(SSL_CIPHER) **cipher_list_by_id,
  1226. const char *rule_str)
  1227. {
  1228. int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
  1229. unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
  1230. STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
  1231. const char *rule_p;
  1232. CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
  1233. const SSL_CIPHER **ca_list = NULL;
  1234. /*
  1235. * Return with error if nothing to do.
  1236. */
  1237. if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
  1238. return NULL;
  1239. /*
  1240. * To reduce the work to do we only want to process the compiled
  1241. * in algorithms, so we first get the mask of disabled ciphers.
  1242. */
  1243. ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
  1244. /*
  1245. * Now we have to collect the available ciphers from the compiled
  1246. * in ciphers. We cannot get more than the number compiled in, so
  1247. * it is used for allocation.
  1248. */
  1249. num_of_ciphers = ssl_method->num_ciphers();
  1250. #ifdef KSSL_DEBUG
  1251. printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
  1252. #endif /* KSSL_DEBUG */
  1253. co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
  1254. if (co_list == NULL)
  1255. {
  1256. SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
  1257. return(NULL); /* Failure */
  1258. }
  1259. ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
  1260. disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
  1261. co_list, &head, &tail);
  1262. /* Now arrange all ciphers by preference: */
  1263. /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
  1264. ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
  1265. ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
  1266. /* AES is our preferred symmetric cipher */
  1267. ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
  1268. /* Temporarily enable everything else for sorting */
  1269. ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
  1270. /* Low priority for MD5 */
  1271. ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1272. /* Move anonymous ciphers to the end. Usually, these will remain disabled.
  1273. * (For applications that allow them, they aren't too bad, but we prefer
  1274. * authenticated ciphers.) */
  1275. ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1276. /* Move ciphers without forward secrecy to the end */
  1277. ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1278. /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
  1279. ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1280. ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1281. ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1282. /* RC4 is sort-of broken -- move the the end */
  1283. ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1284. /* Now sort by symmetric encryption strength. The above ordering remains
  1285. * in force within each class */
  1286. if (!ssl_cipher_strength_sort(&head, &tail))
  1287. {
  1288. OPENSSL_free(co_list);
  1289. return NULL;
  1290. }
  1291. /* Now disable everything (maintaining the ordering!) */
  1292. ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
  1293. /*
  1294. * We also need cipher aliases for selecting based on the rule_str.
  1295. * There might be two types of entries in the rule_str: 1) names
  1296. * of ciphers themselves 2) aliases for groups of ciphers.
  1297. * For 1) we need the available ciphers and for 2) the cipher
  1298. * groups of cipher_aliases added together in one list (otherwise
  1299. * we would be happy with just the cipher_aliases table).
  1300. */
  1301. num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
  1302. num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
  1303. ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
  1304. if (ca_list == NULL)
  1305. {
  1306. OPENSSL_free(co_list);
  1307. SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
  1308. return(NULL); /* Failure */
  1309. }
  1310. ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
  1311. disabled_mkey, disabled_auth, disabled_enc,
  1312. disabled_mac, disabled_ssl, head);
  1313. /*
  1314. * If the rule_string begins with DEFAULT, apply the default rule
  1315. * before using the (possibly available) additional rules.
  1316. */
  1317. ok = 1;
  1318. rule_p = rule_str;
  1319. if (strncmp(rule_str,"DEFAULT",7) == 0)
  1320. {
  1321. ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
  1322. &head, &tail, ca_list);
  1323. rule_p += 7;
  1324. if (*rule_p == ':')
  1325. rule_p++;
  1326. }
  1327. if (ok && (strlen(rule_p) > 0))
  1328. ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
  1329. OPENSSL_free((void *)ca_list); /* Not needed anymore */
  1330. if (!ok)
  1331. { /* Rule processing failure */
  1332. OPENSSL_free(co_list);
  1333. return(NULL);
  1334. }
  1335. /*
  1336. * Allocate new "cipherstack" for the result, return with error
  1337. * if we cannot get one.
  1338. */
  1339. if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
  1340. {
  1341. OPENSSL_free(co_list);
  1342. return(NULL);
  1343. }
  1344. /*
  1345. * The cipher selection for the list is done. The ciphers are added
  1346. * to the resulting precedence to the STACK_OF(SSL_CIPHER).
  1347. */
  1348. for (curr = head; curr != NULL; curr = curr->next)
  1349. {
  1350. #ifdef OPENSSL_FIPS
  1351. if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
  1352. #else
  1353. if (curr->active)
  1354. #endif
  1355. {
  1356. sk_SSL_CIPHER_push(cipherstack, curr->cipher);
  1357. #ifdef CIPHER_DEBUG
  1358. printf("<%s>\n",curr->cipher->name);
  1359. #endif
  1360. }
  1361. }
  1362. OPENSSL_free(co_list); /* Not needed any longer */
  1363. tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
  1364. if (tmp_cipher_list == NULL)
  1365. {
  1366. sk_SSL_CIPHER_free(cipherstack);
  1367. return NULL;
  1368. }
  1369. if (*cipher_list != NULL)
  1370. sk_SSL_CIPHER_free(*cipher_list);
  1371. *cipher_list = cipherstack;
  1372. if (*cipher_list_by_id != NULL)
  1373. sk_SSL_CIPHER_free(*cipher_list_by_id);
  1374. *cipher_list_by_id = tmp_cipher_list;
  1375. (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
  1376. sk_SSL_CIPHER_sort(*cipher_list_by_id);
  1377. return(cipherstack);
  1378. }
  1379. char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
  1380. {
  1381. int is_export,pkl,kl;
  1382. const char *ver,*exp_str;
  1383. const char *kx,*au,*enc,*mac;
  1384. unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
  1385. #ifdef KSSL_DEBUG
  1386. static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
  1387. #else
  1388. static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
  1389. #endif /* KSSL_DEBUG */
  1390. alg_mkey = cipher->algorithm_mkey;
  1391. alg_auth = cipher->algorithm_auth;
  1392. alg_enc = cipher->algorithm_enc;
  1393. alg_mac = cipher->algorithm_mac;
  1394. alg_ssl = cipher->algorithm_ssl;
  1395. alg2=cipher->algorithm2;
  1396. is_export=SSL_C_IS_EXPORT(cipher);
  1397. pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
  1398. kl=SSL_C_EXPORT_KEYLENGTH(cipher);
  1399. exp_str=is_export?" export":"";
  1400. if (alg_ssl & SSL_SSLV2)
  1401. ver="SSLv2";
  1402. else if (alg_ssl & SSL_SSLV3)
  1403. ver="SSLv3";
  1404. else if (alg_ssl & SSL_TLSV1_2)
  1405. ver="TLSv1.2";
  1406. else
  1407. ver="unknown";
  1408. switch (alg_mkey)
  1409. {
  1410. case SSL_kRSA:
  1411. kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
  1412. break;
  1413. case SSL_kDHr:
  1414. kx="DH/RSA";
  1415. break;
  1416. case SSL_kDHd:
  1417. kx="DH/DSS";
  1418. break;
  1419. case SSL_kKRB5:
  1420. kx="KRB5";
  1421. break;
  1422. case SSL_kEDH:
  1423. kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
  1424. break;
  1425. case SSL_kECDHr:
  1426. kx="ECDH/RSA";
  1427. break;
  1428. case SSL_kECDHe:
  1429. kx="ECDH/ECDSA";
  1430. break;
  1431. case SSL_kEECDH:
  1432. kx="ECDH";
  1433. break;
  1434. case SSL_kPSK:
  1435. kx="PSK";
  1436. break;
  1437. case SSL_kSRP:
  1438. kx="SRP";
  1439. break;
  1440. default:
  1441. kx="unknown";
  1442. }
  1443. switch (alg_auth)
  1444. {
  1445. case SSL_aRSA:
  1446. au="RSA";
  1447. break;
  1448. case SSL_aDSS:
  1449. au="DSS";
  1450. break;
  1451. case SSL_aDH:
  1452. au="DH";
  1453. break;
  1454. case SSL_aKRB5:
  1455. au="KRB5";
  1456. break;
  1457. case SSL_aECDH:
  1458. au="ECDH";
  1459. break;
  1460. case SSL_aNULL:
  1461. au="None";
  1462. break;
  1463. case SSL_aECDSA:
  1464. au="ECDSA";
  1465. break;
  1466. case SSL_aPSK:
  1467. au="PSK";
  1468. break;
  1469. default:
  1470. au="unknown";
  1471. break;
  1472. }
  1473. switch (alg_enc)
  1474. {
  1475. case SSL_DES:
  1476. enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
  1477. break;
  1478. case SSL_3DES:
  1479. enc="3DES(168)";
  1480. break;
  1481. case SSL_RC4:
  1482. enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
  1483. :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
  1484. break;
  1485. case SSL_RC2:
  1486. enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
  1487. break;
  1488. case SSL_IDEA:
  1489. enc="IDEA(128)";
  1490. break;
  1491. case SSL_eNULL:
  1492. enc="None";
  1493. break;
  1494. case SSL_AES128:
  1495. enc="AES(128)";
  1496. break;
  1497. case SSL_AES256:
  1498. enc="AES(256)";
  1499. break;
  1500. case SSL_AES128GCM:
  1501. enc="AESGCM(128)";
  1502. break;
  1503. case SSL_AES256GCM:
  1504. enc="AESGCM(256)";
  1505. break;
  1506. case SSL_CAMELLIA128:
  1507. enc="Camellia(128)";
  1508. break;
  1509. case SSL_CAMELLIA256:
  1510. enc="Camellia(256)";
  1511. break;
  1512. case SSL_SEED:
  1513. enc="SEED(128)";
  1514. break;
  1515. default:
  1516. enc="unknown";
  1517. break;
  1518. }
  1519. switch (alg_mac)
  1520. {
  1521. case SSL_MD5:
  1522. mac="MD5";
  1523. break;
  1524. case SSL_SHA1:
  1525. mac="SHA1";
  1526. break;
  1527. case SSL_SHA256:
  1528. mac="SHA256";
  1529. break;
  1530. case SSL_SHA384:
  1531. mac="SHA384";
  1532. break;
  1533. case SSL_AEAD:
  1534. mac="AEAD";
  1535. break;
  1536. default:
  1537. mac="unknown";
  1538. break;
  1539. }
  1540. if (buf == NULL)
  1541. {
  1542. len=128;
  1543. buf=OPENSSL_malloc(len);
  1544. if (buf == NULL) return("OPENSSL_malloc Error");
  1545. }
  1546. else if (len < 128)
  1547. return("Buffer too small");
  1548. #ifdef KSSL_DEBUG
  1549. BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
  1550. #else
  1551. BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
  1552. #endif /* KSSL_DEBUG */
  1553. return(buf);
  1554. }
  1555. char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
  1556. {
  1557. int i;
  1558. if (c == NULL) return("(NONE)");
  1559. i=(int)(c->id>>24L);
  1560. if (i == 3)
  1561. return("TLSv1/SSLv3");
  1562. else if (i == 2)
  1563. return("SSLv2");
  1564. else
  1565. return("unknown");
  1566. }
  1567. /* return the actual cipher being used */
  1568. const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
  1569. {
  1570. if (c != NULL)
  1571. return(c->name);
  1572. return("(NONE)");
  1573. }
  1574. /* number of bits for symmetric cipher */
  1575. int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
  1576. {
  1577. int ret=0;
  1578. if (c != NULL)
  1579. {
  1580. if (alg_bits != NULL) *alg_bits = c->alg_bits;
  1581. ret = c->strength_bits;
  1582. }
  1583. return(ret);
  1584. }
  1585. unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
  1586. {
  1587. return c->id;
  1588. }
  1589. SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
  1590. {
  1591. SSL_COMP *ctmp;
  1592. int i,nn;
  1593. if ((n == 0) || (sk == NULL)) return(NULL);
  1594. nn=sk_SSL_COMP_num(sk);
  1595. for (i=0; i<nn; i++)
  1596. {
  1597. ctmp=sk_SSL_COMP_value(sk,i);
  1598. if (ctmp->id == n)
  1599. return(ctmp);
  1600. }
  1601. return(NULL);
  1602. }
  1603. #ifdef OPENSSL_NO_COMP
  1604. void *SSL_COMP_get_compression_methods(void)
  1605. {
  1606. return NULL;
  1607. }
  1608. int SSL_COMP_add_compression_method(int id, void *cm)
  1609. {
  1610. return 1;
  1611. }
  1612. const char *SSL_COMP_get_name(const void *comp)
  1613. {
  1614. return NULL;
  1615. }
  1616. #else
  1617. STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
  1618. {
  1619. load_builtin_compressions();
  1620. return(ssl_comp_methods);
  1621. }
  1622. int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
  1623. {
  1624. SSL_COMP *comp;
  1625. if (cm == NULL || cm->type == NID_undef)
  1626. return 1;
  1627. /* According to draft-ietf-tls-compression-04.txt, the
  1628. compression number ranges should be the following:
  1629. 0 to 63: methods defined by the IETF
  1630. 64 to 192: external party methods assigned by IANA
  1631. 193 to 255: reserved for private use */
  1632. if (id < 193 || id > 255)
  1633. {
  1634. SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
  1635. return 0;
  1636. }
  1637. MemCheck_off();
  1638. comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
  1639. comp->id=id;
  1640. comp->method=cm;
  1641. load_builtin_compressions();
  1642. if (ssl_comp_methods
  1643. && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
  1644. {
  1645. OPENSSL_free(comp);
  1646. MemCheck_on();
  1647. SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
  1648. return(1);
  1649. }
  1650. else if ((ssl_comp_methods == NULL)
  1651. || !sk_SSL_COMP_push(ssl_comp_methods,comp))
  1652. {
  1653. OPENSSL_free(comp);
  1654. MemCheck_on();
  1655. SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
  1656. return(1);
  1657. }
  1658. else
  1659. {
  1660. MemCheck_on();
  1661. return(0);
  1662. }
  1663. }
  1664. const char *SSL_COMP_get_name(const COMP_METHOD *comp)
  1665. {
  1666. if (comp)
  1667. return comp->name;
  1668. return NULL;
  1669. }
  1670. #endif