ssl_ciph.c 51 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845
  1. /* ssl/ssl_ciph.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
  60. *
  61. * Redistribution and use in source and binary forms, with or without
  62. * modification, are permitted provided that the following conditions
  63. * are met:
  64. *
  65. * 1. Redistributions of source code must retain the above copyright
  66. * notice, this list of conditions and the following disclaimer.
  67. *
  68. * 2. Redistributions in binary form must reproduce the above copyright
  69. * notice, this list of conditions and the following disclaimer in
  70. * the documentation and/or other materials provided with the
  71. * distribution.
  72. *
  73. * 3. All advertising materials mentioning features or use of this
  74. * software must display the following acknowledgment:
  75. * "This product includes software developed by the OpenSSL Project
  76. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  77. *
  78. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  79. * endorse or promote products derived from this software without
  80. * prior written permission. For written permission, please contact
  81. * openssl-core@openssl.org.
  82. *
  83. * 5. Products derived from this software may not be called "OpenSSL"
  84. * nor may "OpenSSL" appear in their names without prior written
  85. * permission of the OpenSSL Project.
  86. *
  87. * 6. Redistributions of any form whatsoever must retain the following
  88. * acknowledgment:
  89. * "This product includes software developed by the OpenSSL Project
  90. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  91. *
  92. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  93. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  94. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  95. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  96. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  97. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  98. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  99. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103. * OF THE POSSIBILITY OF SUCH DAMAGE.
  104. * ====================================================================
  105. *
  106. * This product includes cryptographic software written by Eric Young
  107. * (eay@cryptsoft.com). This product includes software written by Tim
  108. * Hudson (tjh@cryptsoft.com).
  109. *
  110. */
  111. /* ====================================================================
  112. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113. * ECC cipher suite support in OpenSSL originally developed by
  114. * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115. */
  116. /* ====================================================================
  117. * Copyright 2005 Nokia. All rights reserved.
  118. *
  119. * The portions of the attached software ("Contribution") is developed by
  120. * Nokia Corporation and is licensed pursuant to the OpenSSL open source
  121. * license.
  122. *
  123. * The Contribution, originally written by Mika Kousa and Pasi Eronen of
  124. * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
  125. * support (see RFC 4279) to OpenSSL.
  126. *
  127. * No patent licenses or other rights except those expressly stated in
  128. * the OpenSSL open source license shall be deemed granted or received
  129. * expressly, by implication, estoppel, or otherwise.
  130. *
  131. * No assurances are provided by Nokia that the Contribution does not
  132. * infringe the patent or other intellectual property rights of any third
  133. * party or that the license provides you with all the necessary rights
  134. * to make use of the Contribution.
  135. *
  136. * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
  137. * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
  138. * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
  139. * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  140. * OTHERWISE.
  141. */
  142. #include <stdio.h>
  143. #include <openssl/objects.h>
  144. #ifndef OPENSSL_NO_COMP
  145. #include <openssl/comp.h>
  146. #endif
  147. #ifndef OPENSSL_NO_ENGINE
  148. #include <openssl/engine.h>
  149. #endif
  150. #include "ssl_locl.h"
  151. #define SSL_ENC_DES_IDX 0
  152. #define SSL_ENC_3DES_IDX 1
  153. #define SSL_ENC_RC4_IDX 2
  154. #define SSL_ENC_RC2_IDX 3
  155. #define SSL_ENC_IDEA_IDX 4
  156. #define SSL_ENC_NULL_IDX 5
  157. #define SSL_ENC_AES128_IDX 6
  158. #define SSL_ENC_AES256_IDX 7
  159. #define SSL_ENC_CAMELLIA128_IDX 8
  160. #define SSL_ENC_CAMELLIA256_IDX 9
  161. #define SSL_ENC_GOST89_IDX 10
  162. #define SSL_ENC_SEED_IDX 11
  163. #define SSL_ENC_AES128GCM_IDX 12
  164. #define SSL_ENC_AES256GCM_IDX 13
  165. #define SSL_ENC_NUM_IDX 14
  166. static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
  167. NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
  168. };
  169. #define SSL_COMP_NULL_IDX 0
  170. #define SSL_COMP_ZLIB_IDX 1
  171. #define SSL_COMP_NUM_IDX 2
  172. static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
  173. #define SSL_MD_MD5_IDX 0
  174. #define SSL_MD_SHA1_IDX 1
  175. #define SSL_MD_GOST94_IDX 2
  176. #define SSL_MD_GOST89MAC_IDX 3
  177. #define SSL_MD_SHA256_IDX 4
  178. #define SSL_MD_SHA384_IDX 5
  179. /*Constant SSL_MAX_DIGEST equal to size of digests array should be
  180. * defined in the
  181. * ssl_locl.h */
  182. #define SSL_MD_NUM_IDX SSL_MAX_DIGEST
  183. static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
  184. NULL,NULL,NULL,NULL,NULL,NULL
  185. };
  186. /* PKEY_TYPE for GOST89MAC is known in advance, but, because
  187. * implementation is engine-provided, we'll fill it only if
  188. * corresponding EVP_PKEY_METHOD is found
  189. */
  190. static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
  191. EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
  192. EVP_PKEY_HMAC,EVP_PKEY_HMAC
  193. };
  194. static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
  195. 0,0,0,0,0,0
  196. };
  197. static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
  198. SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
  199. SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
  200. SSL_HANDSHAKE_MAC_SHA384
  201. };
  202. #define CIPHER_ADD 1
  203. #define CIPHER_KILL 2
  204. #define CIPHER_DEL 3
  205. #define CIPHER_ORD 4
  206. #define CIPHER_SPECIAL 5
  207. typedef struct cipher_order_st
  208. {
  209. const SSL_CIPHER *cipher;
  210. int active;
  211. int dead;
  212. struct cipher_order_st *next,*prev;
  213. } CIPHER_ORDER;
  214. static const SSL_CIPHER cipher_aliases[]={
  215. /* "ALL" doesn't include eNULL (must be specifically enabled) */
  216. {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
  217. /* "COMPLEMENTOFALL" */
  218. {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
  219. /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
  220. {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
  221. /* key exchange aliases
  222. * (some of those using only a single bit here combine
  223. * multiple key exchange algs according to the RFCs,
  224. * e.g. kEDH combines DHE_DSS and DHE_RSA) */
  225. {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
  226. {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  227. {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  228. {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  229. {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
  230. {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
  231. {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
  232. {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
  233. {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
  234. {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
  235. {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
  236. {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
  237. {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
  238. {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
  239. {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
  240. /* server authentication aliases */
  241. {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
  242. {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
  243. {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
  244. {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
  245. {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
  246. {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
  247. {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
  248. {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
  249. {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
  250. {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
  251. {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
  252. {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
  253. {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
  254. /* aliases combining key exchange and server authentication */
  255. {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
  256. {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
  257. {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
  258. {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
  259. {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
  260. {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
  261. {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
  262. {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
  263. {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
  264. /* symmetric encryption aliases */
  265. {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
  266. {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
  267. {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
  268. {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
  269. {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
  270. {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
  271. {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
  272. {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
  273. {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
  274. {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
  275. {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
  276. {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
  277. {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
  278. {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
  279. /* MAC aliases */
  280. {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
  281. {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
  282. {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
  283. {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
  284. {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
  285. {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
  286. {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
  287. /* protocol version aliases */
  288. {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
  289. {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
  290. {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
  291. /* export flag */
  292. {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
  293. {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
  294. /* strength classes */
  295. {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
  296. {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
  297. {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
  298. {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
  299. {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
  300. /* FIPS 140-2 approved ciphersuite */
  301. {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
  302. };
  303. /* Search for public key algorithm with given name and
  304. * return its pkey_id if it is available. Otherwise return 0
  305. */
  306. #ifdef OPENSSL_NO_ENGINE
  307. static int get_optional_pkey_id(const char *pkey_name)
  308. {
  309. const EVP_PKEY_ASN1_METHOD *ameth;
  310. int pkey_id=0;
  311. ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
  312. if (ameth)
  313. {
  314. EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
  315. }
  316. return pkey_id;
  317. }
  318. #else
  319. static int get_optional_pkey_id(const char *pkey_name)
  320. {
  321. const EVP_PKEY_ASN1_METHOD *ameth;
  322. ENGINE *tmpeng = NULL;
  323. int pkey_id=0;
  324. ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
  325. if (ameth)
  326. {
  327. EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
  328. }
  329. if (tmpeng) ENGINE_finish(tmpeng);
  330. return pkey_id;
  331. }
  332. #endif
  333. void ssl_load_ciphers(void)
  334. {
  335. ssl_cipher_methods[SSL_ENC_DES_IDX]=
  336. EVP_get_cipherbyname(SN_des_cbc);
  337. ssl_cipher_methods[SSL_ENC_3DES_IDX]=
  338. EVP_get_cipherbyname(SN_des_ede3_cbc);
  339. ssl_cipher_methods[SSL_ENC_RC4_IDX]=
  340. EVP_get_cipherbyname(SN_rc4);
  341. ssl_cipher_methods[SSL_ENC_RC2_IDX]=
  342. EVP_get_cipherbyname(SN_rc2_cbc);
  343. #ifndef OPENSSL_NO_IDEA
  344. ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
  345. EVP_get_cipherbyname(SN_idea_cbc);
  346. #else
  347. ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
  348. #endif
  349. ssl_cipher_methods[SSL_ENC_AES128_IDX]=
  350. EVP_get_cipherbyname(SN_aes_128_cbc);
  351. ssl_cipher_methods[SSL_ENC_AES256_IDX]=
  352. EVP_get_cipherbyname(SN_aes_256_cbc);
  353. ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
  354. EVP_get_cipherbyname(SN_camellia_128_cbc);
  355. ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
  356. EVP_get_cipherbyname(SN_camellia_256_cbc);
  357. ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
  358. EVP_get_cipherbyname(SN_gost89_cnt);
  359. ssl_cipher_methods[SSL_ENC_SEED_IDX]=
  360. EVP_get_cipherbyname(SN_seed_cbc);
  361. ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
  362. EVP_get_cipherbyname(SN_aes_128_gcm);
  363. ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
  364. EVP_get_cipherbyname(SN_aes_256_gcm);
  365. ssl_digest_methods[SSL_MD_MD5_IDX]=
  366. EVP_get_digestbyname(SN_md5);
  367. ssl_mac_secret_size[SSL_MD_MD5_IDX]=
  368. EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
  369. OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
  370. ssl_digest_methods[SSL_MD_SHA1_IDX]=
  371. EVP_get_digestbyname(SN_sha1);
  372. ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
  373. EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
  374. OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
  375. ssl_digest_methods[SSL_MD_GOST94_IDX]=
  376. EVP_get_digestbyname(SN_id_GostR3411_94);
  377. if (ssl_digest_methods[SSL_MD_GOST94_IDX])
  378. {
  379. ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
  380. EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
  381. OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
  382. }
  383. ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
  384. EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
  385. ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
  386. if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
  387. ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
  388. }
  389. ssl_digest_methods[SSL_MD_SHA256_IDX]=
  390. EVP_get_digestbyname(SN_sha256);
  391. ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
  392. EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
  393. ssl_digest_methods[SSL_MD_SHA384_IDX]=
  394. EVP_get_digestbyname(SN_sha384);
  395. ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
  396. EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
  397. }
  398. #ifndef OPENSSL_NO_COMP
  399. static int sk_comp_cmp(const SSL_COMP * const *a,
  400. const SSL_COMP * const *b)
  401. {
  402. return((*a)->id-(*b)->id);
  403. }
  404. static void load_builtin_compressions(void)
  405. {
  406. int got_write_lock = 0;
  407. CRYPTO_r_lock(CRYPTO_LOCK_SSL);
  408. if (ssl_comp_methods == NULL)
  409. {
  410. CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
  411. CRYPTO_w_lock(CRYPTO_LOCK_SSL);
  412. got_write_lock = 1;
  413. if (ssl_comp_methods == NULL)
  414. {
  415. SSL_COMP *comp = NULL;
  416. MemCheck_off();
  417. ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
  418. if (ssl_comp_methods != NULL)
  419. {
  420. comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
  421. if (comp != NULL)
  422. {
  423. comp->method=COMP_zlib();
  424. if (comp->method
  425. && comp->method->type == NID_undef)
  426. OPENSSL_free(comp);
  427. else
  428. {
  429. comp->id=SSL_COMP_ZLIB_IDX;
  430. comp->name=comp->method->name;
  431. sk_SSL_COMP_push(ssl_comp_methods,comp);
  432. }
  433. }
  434. }
  435. MemCheck_on();
  436. }
  437. }
  438. if (got_write_lock)
  439. CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
  440. else
  441. CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
  442. }
  443. #endif
  444. int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
  445. const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
  446. {
  447. int i;
  448. const SSL_CIPHER *c;
  449. c=s->cipher;
  450. if (c == NULL) return(0);
  451. if (comp != NULL)
  452. {
  453. SSL_COMP ctmp;
  454. #ifndef OPENSSL_NO_COMP
  455. load_builtin_compressions();
  456. #endif
  457. *comp=NULL;
  458. ctmp.id=s->compress_meth;
  459. if (ssl_comp_methods != NULL)
  460. {
  461. i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
  462. if (i >= 0)
  463. *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
  464. else
  465. *comp=NULL;
  466. }
  467. }
  468. if ((enc == NULL) || (md == NULL)) return(0);
  469. switch (c->algorithm_enc)
  470. {
  471. case SSL_DES:
  472. i=SSL_ENC_DES_IDX;
  473. break;
  474. case SSL_3DES:
  475. i=SSL_ENC_3DES_IDX;
  476. break;
  477. case SSL_RC4:
  478. i=SSL_ENC_RC4_IDX;
  479. break;
  480. case SSL_RC2:
  481. i=SSL_ENC_RC2_IDX;
  482. break;
  483. case SSL_IDEA:
  484. i=SSL_ENC_IDEA_IDX;
  485. break;
  486. case SSL_eNULL:
  487. i=SSL_ENC_NULL_IDX;
  488. break;
  489. case SSL_AES128:
  490. i=SSL_ENC_AES128_IDX;
  491. break;
  492. case SSL_AES256:
  493. i=SSL_ENC_AES256_IDX;
  494. break;
  495. case SSL_CAMELLIA128:
  496. i=SSL_ENC_CAMELLIA128_IDX;
  497. break;
  498. case SSL_CAMELLIA256:
  499. i=SSL_ENC_CAMELLIA256_IDX;
  500. break;
  501. case SSL_eGOST2814789CNT:
  502. i=SSL_ENC_GOST89_IDX;
  503. break;
  504. case SSL_SEED:
  505. i=SSL_ENC_SEED_IDX;
  506. break;
  507. case SSL_AES128GCM:
  508. i=SSL_ENC_AES128GCM_IDX;
  509. break;
  510. case SSL_AES256GCM:
  511. i=SSL_ENC_AES256GCM_IDX;
  512. break;
  513. default:
  514. i= -1;
  515. break;
  516. }
  517. if ((i < 0) || (i > SSL_ENC_NUM_IDX))
  518. *enc=NULL;
  519. else
  520. {
  521. if (i == SSL_ENC_NULL_IDX)
  522. *enc=EVP_enc_null();
  523. else
  524. *enc=ssl_cipher_methods[i];
  525. }
  526. switch (c->algorithm_mac)
  527. {
  528. case SSL_MD5:
  529. i=SSL_MD_MD5_IDX;
  530. break;
  531. case SSL_SHA1:
  532. i=SSL_MD_SHA1_IDX;
  533. break;
  534. case SSL_SHA256:
  535. i=SSL_MD_SHA256_IDX;
  536. break;
  537. case SSL_SHA384:
  538. i=SSL_MD_SHA384_IDX;
  539. break;
  540. case SSL_GOST94:
  541. i = SSL_MD_GOST94_IDX;
  542. break;
  543. case SSL_GOST89MAC:
  544. i = SSL_MD_GOST89MAC_IDX;
  545. break;
  546. default:
  547. i= -1;
  548. break;
  549. }
  550. if ((i < 0) || (i > SSL_MD_NUM_IDX))
  551. {
  552. *md=NULL;
  553. if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
  554. if (mac_secret_size!=NULL) *mac_secret_size = 0;
  555. if (c->algorithm_mac == SSL_AEAD)
  556. mac_pkey_type = NULL;
  557. }
  558. else
  559. {
  560. *md=ssl_digest_methods[i];
  561. if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
  562. if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
  563. }
  564. if ((*enc != NULL) &&
  565. (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
  566. (!mac_pkey_type||*mac_pkey_type != NID_undef))
  567. {
  568. const EVP_CIPHER *evp;
  569. if (s->ssl_version >= TLS1_VERSION &&
  570. c->algorithm_enc == SSL_RC4 &&
  571. c->algorithm_mac == SSL_MD5 &&
  572. (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
  573. *enc = evp, *md = NULL;
  574. else if (s->ssl_version >= TLS1_VERSION &&
  575. c->algorithm_enc == SSL_AES128 &&
  576. c->algorithm_mac == SSL_SHA1 &&
  577. (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
  578. *enc = evp, *md = NULL;
  579. else if (s->ssl_version >= TLS1_VERSION &&
  580. c->algorithm_enc == SSL_AES256 &&
  581. c->algorithm_mac == SSL_SHA1 &&
  582. (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
  583. *enc = evp, *md = NULL;
  584. return(1);
  585. }
  586. else
  587. return(0);
  588. }
  589. int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
  590. {
  591. if (idx <0||idx>=SSL_MD_NUM_IDX)
  592. {
  593. return 0;
  594. }
  595. *mask = ssl_handshake_digest_flag[idx];
  596. if (*mask)
  597. *md = ssl_digest_methods[idx];
  598. else
  599. *md = NULL;
  600. return 1;
  601. }
  602. #define ITEM_SEP(a) \
  603. (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
  604. static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
  605. CIPHER_ORDER **tail)
  606. {
  607. if (curr == *tail) return;
  608. if (curr == *head)
  609. *head=curr->next;
  610. if (curr->prev != NULL)
  611. curr->prev->next=curr->next;
  612. if (curr->next != NULL)
  613. curr->next->prev=curr->prev;
  614. (*tail)->next=curr;
  615. curr->prev= *tail;
  616. curr->next=NULL;
  617. *tail=curr;
  618. }
  619. static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
  620. CIPHER_ORDER **tail)
  621. {
  622. if (curr == *head) return;
  623. if (curr == *tail)
  624. *tail=curr->prev;
  625. if (curr->next != NULL)
  626. curr->next->prev=curr->prev;
  627. if (curr->prev != NULL)
  628. curr->prev->next=curr->next;
  629. (*head)->prev=curr;
  630. curr->next= *head;
  631. curr->prev=NULL;
  632. *head=curr;
  633. }
  634. static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
  635. {
  636. *mkey = 0;
  637. *auth = 0;
  638. *enc = 0;
  639. *mac = 0;
  640. *ssl = 0;
  641. #ifdef OPENSSL_NO_RSA
  642. *mkey |= SSL_kRSA;
  643. *auth |= SSL_aRSA;
  644. #endif
  645. #ifdef OPENSSL_NO_DSA
  646. *auth |= SSL_aDSS;
  647. #endif
  648. *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
  649. *auth |= SSL_aDH;
  650. #ifdef OPENSSL_NO_DH
  651. *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
  652. *auth |= SSL_aDH;
  653. #endif
  654. #ifdef OPENSSL_NO_KRB5
  655. *mkey |= SSL_kKRB5;
  656. *auth |= SSL_aKRB5;
  657. #endif
  658. #ifdef OPENSSL_NO_ECDSA
  659. *auth |= SSL_aECDSA;
  660. #endif
  661. #ifdef OPENSSL_NO_ECDH
  662. *mkey |= SSL_kECDHe|SSL_kECDHr;
  663. *auth |= SSL_aECDH;
  664. #endif
  665. #ifdef OPENSSL_NO_PSK
  666. *mkey |= SSL_kPSK;
  667. *auth |= SSL_aPSK;
  668. #endif
  669. #ifdef OPENSSL_NO_SRP
  670. *mkey |= SSL_kSRP;
  671. #endif
  672. /* Check for presence of GOST 34.10 algorithms, and if they
  673. * do not present, disable appropriate auth and key exchange */
  674. if (!get_optional_pkey_id("gost94")) {
  675. *auth |= SSL_aGOST94;
  676. }
  677. if (!get_optional_pkey_id("gost2001")) {
  678. *auth |= SSL_aGOST01;
  679. }
  680. /* Disable GOST key exchange if no GOST signature algs are available * */
  681. if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
  682. *mkey |= SSL_kGOST;
  683. }
  684. #ifdef SSL_FORBID_ENULL
  685. *enc |= SSL_eNULL;
  686. #endif
  687. *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
  688. *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
  689. *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
  690. *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
  691. *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
  692. *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
  693. *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
  694. *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
  695. *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
  696. *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
  697. *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
  698. *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
  699. *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
  700. *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
  701. *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
  702. *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
  703. *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
  704. *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
  705. *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
  706. }
  707. static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
  708. int num_of_ciphers,
  709. unsigned long disabled_mkey, unsigned long disabled_auth,
  710. unsigned long disabled_enc, unsigned long disabled_mac,
  711. unsigned long disabled_ssl,
  712. CIPHER_ORDER *co_list,
  713. CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
  714. {
  715. int i, co_list_num;
  716. const SSL_CIPHER *c;
  717. /*
  718. * We have num_of_ciphers descriptions compiled in, depending on the
  719. * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
  720. * These will later be sorted in a linked list with at most num
  721. * entries.
  722. */
  723. /* Get the initial list of ciphers */
  724. co_list_num = 0; /* actual count of ciphers */
  725. for (i = 0; i < num_of_ciphers; i++)
  726. {
  727. c = ssl_method->get_cipher(i);
  728. /* drop those that use any of that is not available */
  729. if ((c != NULL) && c->valid &&
  730. #ifdef OPENSSL_FIPS
  731. (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
  732. #endif
  733. !(c->algorithm_mkey & disabled_mkey) &&
  734. !(c->algorithm_auth & disabled_auth) &&
  735. !(c->algorithm_enc & disabled_enc) &&
  736. !(c->algorithm_mac & disabled_mac) &&
  737. !(c->algorithm_ssl & disabled_ssl))
  738. {
  739. co_list[co_list_num].cipher = c;
  740. co_list[co_list_num].next = NULL;
  741. co_list[co_list_num].prev = NULL;
  742. co_list[co_list_num].active = 0;
  743. co_list_num++;
  744. #ifdef KSSL_DEBUG
  745. printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
  746. #endif /* KSSL_DEBUG */
  747. /*
  748. if (!sk_push(ca_list,(char *)c)) goto err;
  749. */
  750. }
  751. }
  752. /*
  753. * Prepare linked list from list entries
  754. */
  755. if (co_list_num > 0)
  756. {
  757. co_list[0].prev = NULL;
  758. if (co_list_num > 1)
  759. {
  760. co_list[0].next = &co_list[1];
  761. for (i = 1; i < co_list_num - 1; i++)
  762. {
  763. co_list[i].prev = &co_list[i - 1];
  764. co_list[i].next = &co_list[i + 1];
  765. }
  766. co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
  767. }
  768. co_list[co_list_num - 1].next = NULL;
  769. *head_p = &co_list[0];
  770. *tail_p = &co_list[co_list_num - 1];
  771. }
  772. }
  773. static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
  774. int num_of_group_aliases,
  775. unsigned long disabled_mkey, unsigned long disabled_auth,
  776. unsigned long disabled_enc, unsigned long disabled_mac,
  777. unsigned long disabled_ssl,
  778. CIPHER_ORDER *head)
  779. {
  780. CIPHER_ORDER *ciph_curr;
  781. const SSL_CIPHER **ca_curr;
  782. int i;
  783. unsigned long mask_mkey = ~disabled_mkey;
  784. unsigned long mask_auth = ~disabled_auth;
  785. unsigned long mask_enc = ~disabled_enc;
  786. unsigned long mask_mac = ~disabled_mac;
  787. unsigned long mask_ssl = ~disabled_ssl;
  788. /*
  789. * First, add the real ciphers as already collected
  790. */
  791. ciph_curr = head;
  792. ca_curr = ca_list;
  793. while (ciph_curr != NULL)
  794. {
  795. *ca_curr = ciph_curr->cipher;
  796. ca_curr++;
  797. ciph_curr = ciph_curr->next;
  798. }
  799. /*
  800. * Now we add the available ones from the cipher_aliases[] table.
  801. * They represent either one or more algorithms, some of which
  802. * in any affected category must be supported (set in enabled_mask),
  803. * or represent a cipher strength value (will be added in any case because algorithms=0).
  804. */
  805. for (i = 0; i < num_of_group_aliases; i++)
  806. {
  807. unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
  808. unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
  809. unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
  810. unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
  811. unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
  812. if (algorithm_mkey)
  813. if ((algorithm_mkey & mask_mkey) == 0)
  814. continue;
  815. if (algorithm_auth)
  816. if ((algorithm_auth & mask_auth) == 0)
  817. continue;
  818. if (algorithm_enc)
  819. if ((algorithm_enc & mask_enc) == 0)
  820. continue;
  821. if (algorithm_mac)
  822. if ((algorithm_mac & mask_mac) == 0)
  823. continue;
  824. if (algorithm_ssl)
  825. if ((algorithm_ssl & mask_ssl) == 0)
  826. continue;
  827. *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
  828. ca_curr++;
  829. }
  830. *ca_curr = NULL; /* end of list */
  831. }
  832. static void ssl_cipher_apply_rule(unsigned long cipher_id,
  833. unsigned long alg_mkey, unsigned long alg_auth,
  834. unsigned long alg_enc, unsigned long alg_mac,
  835. unsigned long alg_ssl,
  836. unsigned long algo_strength,
  837. int rule, int strength_bits,
  838. CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
  839. {
  840. CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
  841. const SSL_CIPHER *cp;
  842. int reverse = 0;
  843. #ifdef CIPHER_DEBUG
  844. printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
  845. rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
  846. #endif
  847. if (rule == CIPHER_DEL)
  848. reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
  849. head = *head_p;
  850. tail = *tail_p;
  851. if (reverse)
  852. {
  853. curr = tail;
  854. last = head;
  855. }
  856. else
  857. {
  858. curr = head;
  859. last = tail;
  860. }
  861. curr2 = curr;
  862. for (;;)
  863. {
  864. if ((curr == NULL) || (curr == last)) break;
  865. curr = curr2;
  866. curr2 = reverse ? curr->prev : curr->next;
  867. cp = curr->cipher;
  868. /*
  869. * Selection criteria is either the value of strength_bits
  870. * or the algorithms used.
  871. */
  872. if (strength_bits >= 0)
  873. {
  874. if (strength_bits != cp->strength_bits)
  875. continue;
  876. }
  877. else
  878. {
  879. #ifdef CIPHER_DEBUG
  880. printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
  881. #endif
  882. if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
  883. continue;
  884. if (alg_auth && !(alg_auth & cp->algorithm_auth))
  885. continue;
  886. if (alg_enc && !(alg_enc & cp->algorithm_enc))
  887. continue;
  888. if (alg_mac && !(alg_mac & cp->algorithm_mac))
  889. continue;
  890. if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
  891. continue;
  892. if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
  893. continue;
  894. if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
  895. continue;
  896. }
  897. #ifdef CIPHER_DEBUG
  898. printf("Action = %d\n", rule);
  899. #endif
  900. /* add the cipher if it has not been added yet. */
  901. if (rule == CIPHER_ADD)
  902. {
  903. /* reverse == 0 */
  904. if (!curr->active)
  905. {
  906. ll_append_tail(&head, curr, &tail);
  907. curr->active = 1;
  908. }
  909. }
  910. /* Move the added cipher to this location */
  911. else if (rule == CIPHER_ORD)
  912. {
  913. /* reverse == 0 */
  914. if (curr->active)
  915. {
  916. ll_append_tail(&head, curr, &tail);
  917. }
  918. }
  919. else if (rule == CIPHER_DEL)
  920. {
  921. /* reverse == 1 */
  922. if (curr->active)
  923. {
  924. /* most recently deleted ciphersuites get best positions
  925. * for any future CIPHER_ADD (note that the CIPHER_DEL loop
  926. * works in reverse to maintain the order) */
  927. ll_append_head(&head, curr, &tail);
  928. curr->active = 0;
  929. }
  930. }
  931. else if (rule == CIPHER_KILL)
  932. {
  933. /* reverse == 0 */
  934. if (head == curr)
  935. head = curr->next;
  936. else
  937. curr->prev->next = curr->next;
  938. if (tail == curr)
  939. tail = curr->prev;
  940. curr->active = 0;
  941. if (curr->next != NULL)
  942. curr->next->prev = curr->prev;
  943. if (curr->prev != NULL)
  944. curr->prev->next = curr->next;
  945. curr->next = NULL;
  946. curr->prev = NULL;
  947. }
  948. }
  949. *head_p = head;
  950. *tail_p = tail;
  951. }
  952. static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
  953. CIPHER_ORDER **tail_p)
  954. {
  955. int max_strength_bits, i, *number_uses;
  956. CIPHER_ORDER *curr;
  957. /*
  958. * This routine sorts the ciphers with descending strength. The sorting
  959. * must keep the pre-sorted sequence, so we apply the normal sorting
  960. * routine as '+' movement to the end of the list.
  961. */
  962. max_strength_bits = 0;
  963. curr = *head_p;
  964. while (curr != NULL)
  965. {
  966. if (curr->active &&
  967. (curr->cipher->strength_bits > max_strength_bits))
  968. max_strength_bits = curr->cipher->strength_bits;
  969. curr = curr->next;
  970. }
  971. number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
  972. if (!number_uses)
  973. {
  974. SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
  975. return(0);
  976. }
  977. memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
  978. /*
  979. * Now find the strength_bits values actually used
  980. */
  981. curr = *head_p;
  982. while (curr != NULL)
  983. {
  984. if (curr->active)
  985. number_uses[curr->cipher->strength_bits]++;
  986. curr = curr->next;
  987. }
  988. /*
  989. * Go through the list of used strength_bits values in descending
  990. * order.
  991. */
  992. for (i = max_strength_bits; i >= 0; i--)
  993. if (number_uses[i] > 0)
  994. ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
  995. OPENSSL_free(number_uses);
  996. return(1);
  997. }
  998. static int ssl_cipher_process_rulestr(const char *rule_str,
  999. CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
  1000. const SSL_CIPHER **ca_list)
  1001. {
  1002. unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
  1003. const char *l, *buf;
  1004. int j, multi, found, rule, retval, ok, buflen;
  1005. unsigned long cipher_id = 0;
  1006. char ch;
  1007. retval = 1;
  1008. l = rule_str;
  1009. for (;;)
  1010. {
  1011. ch = *l;
  1012. if (ch == '\0')
  1013. break; /* done */
  1014. if (ch == '-')
  1015. { rule = CIPHER_DEL; l++; }
  1016. else if (ch == '+')
  1017. { rule = CIPHER_ORD; l++; }
  1018. else if (ch == '!')
  1019. { rule = CIPHER_KILL; l++; }
  1020. else if (ch == '@')
  1021. { rule = CIPHER_SPECIAL; l++; }
  1022. else
  1023. { rule = CIPHER_ADD; }
  1024. if (ITEM_SEP(ch))
  1025. {
  1026. l++;
  1027. continue;
  1028. }
  1029. alg_mkey = 0;
  1030. alg_auth = 0;
  1031. alg_enc = 0;
  1032. alg_mac = 0;
  1033. alg_ssl = 0;
  1034. algo_strength = 0;
  1035. for (;;)
  1036. {
  1037. ch = *l;
  1038. buf = l;
  1039. buflen = 0;
  1040. #ifndef CHARSET_EBCDIC
  1041. while ( ((ch >= 'A') && (ch <= 'Z')) ||
  1042. ((ch >= '0') && (ch <= '9')) ||
  1043. ((ch >= 'a') && (ch <= 'z')) ||
  1044. (ch == '-'))
  1045. #else
  1046. while ( isalnum(ch) || (ch == '-'))
  1047. #endif
  1048. {
  1049. ch = *(++l);
  1050. buflen++;
  1051. }
  1052. if (buflen == 0)
  1053. {
  1054. /*
  1055. * We hit something we cannot deal with,
  1056. * it is no command or separator nor
  1057. * alphanumeric, so we call this an error.
  1058. */
  1059. SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
  1060. SSL_R_INVALID_COMMAND);
  1061. retval = found = 0;
  1062. l++;
  1063. break;
  1064. }
  1065. if (rule == CIPHER_SPECIAL)
  1066. {
  1067. found = 0; /* unused -- avoid compiler warning */
  1068. break; /* special treatment */
  1069. }
  1070. /* check for multi-part specification */
  1071. if (ch == '+')
  1072. {
  1073. multi=1;
  1074. l++;
  1075. }
  1076. else
  1077. multi=0;
  1078. /*
  1079. * Now search for the cipher alias in the ca_list. Be careful
  1080. * with the strncmp, because the "buflen" limitation
  1081. * will make the rule "ADH:SOME" and the cipher
  1082. * "ADH-MY-CIPHER" look like a match for buflen=3.
  1083. * So additionally check whether the cipher name found
  1084. * has the correct length. We can save a strlen() call:
  1085. * just checking for the '\0' at the right place is
  1086. * sufficient, we have to strncmp() anyway. (We cannot
  1087. * use strcmp(), because buf is not '\0' terminated.)
  1088. */
  1089. j = found = 0;
  1090. cipher_id = 0;
  1091. while (ca_list[j])
  1092. {
  1093. if (!strncmp(buf, ca_list[j]->name, buflen) &&
  1094. (ca_list[j]->name[buflen] == '\0'))
  1095. {
  1096. found = 1;
  1097. break;
  1098. }
  1099. else
  1100. j++;
  1101. }
  1102. if (!found)
  1103. break; /* ignore this entry */
  1104. if (ca_list[j]->algorithm_mkey)
  1105. {
  1106. if (alg_mkey)
  1107. {
  1108. alg_mkey &= ca_list[j]->algorithm_mkey;
  1109. if (!alg_mkey) { found = 0; break; }
  1110. }
  1111. else
  1112. alg_mkey = ca_list[j]->algorithm_mkey;
  1113. }
  1114. if (ca_list[j]->algorithm_auth)
  1115. {
  1116. if (alg_auth)
  1117. {
  1118. alg_auth &= ca_list[j]->algorithm_auth;
  1119. if (!alg_auth) { found = 0; break; }
  1120. }
  1121. else
  1122. alg_auth = ca_list[j]->algorithm_auth;
  1123. }
  1124. if (ca_list[j]->algorithm_enc)
  1125. {
  1126. if (alg_enc)
  1127. {
  1128. alg_enc &= ca_list[j]->algorithm_enc;
  1129. if (!alg_enc) { found = 0; break; }
  1130. }
  1131. else
  1132. alg_enc = ca_list[j]->algorithm_enc;
  1133. }
  1134. if (ca_list[j]->algorithm_mac)
  1135. {
  1136. if (alg_mac)
  1137. {
  1138. alg_mac &= ca_list[j]->algorithm_mac;
  1139. if (!alg_mac) { found = 0; break; }
  1140. }
  1141. else
  1142. alg_mac = ca_list[j]->algorithm_mac;
  1143. }
  1144. if (ca_list[j]->algo_strength & SSL_EXP_MASK)
  1145. {
  1146. if (algo_strength & SSL_EXP_MASK)
  1147. {
  1148. algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
  1149. if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
  1150. }
  1151. else
  1152. algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
  1153. }
  1154. if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
  1155. {
  1156. if (algo_strength & SSL_STRONG_MASK)
  1157. {
  1158. algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
  1159. if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
  1160. }
  1161. else
  1162. algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
  1163. }
  1164. if (ca_list[j]->valid)
  1165. {
  1166. /* explicit ciphersuite found; its protocol version
  1167. * does not become part of the search pattern!*/
  1168. cipher_id = ca_list[j]->id;
  1169. }
  1170. else
  1171. {
  1172. /* not an explicit ciphersuite; only in this case, the
  1173. * protocol version is considered part of the search pattern */
  1174. if (ca_list[j]->algorithm_ssl)
  1175. {
  1176. if (alg_ssl)
  1177. {
  1178. alg_ssl &= ca_list[j]->algorithm_ssl;
  1179. if (!alg_ssl) { found = 0; break; }
  1180. }
  1181. else
  1182. alg_ssl = ca_list[j]->algorithm_ssl;
  1183. }
  1184. }
  1185. if (!multi) break;
  1186. }
  1187. /*
  1188. * Ok, we have the rule, now apply it
  1189. */
  1190. if (rule == CIPHER_SPECIAL)
  1191. { /* special command */
  1192. ok = 0;
  1193. if ((buflen == 8) &&
  1194. !strncmp(buf, "STRENGTH", 8))
  1195. ok = ssl_cipher_strength_sort(head_p, tail_p);
  1196. else
  1197. SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
  1198. SSL_R_INVALID_COMMAND);
  1199. if (ok == 0)
  1200. retval = 0;
  1201. /*
  1202. * We do not support any "multi" options
  1203. * together with "@", so throw away the
  1204. * rest of the command, if any left, until
  1205. * end or ':' is found.
  1206. */
  1207. while ((*l != '\0') && !ITEM_SEP(*l))
  1208. l++;
  1209. }
  1210. else if (found)
  1211. {
  1212. ssl_cipher_apply_rule(cipher_id,
  1213. alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
  1214. rule, -1, head_p, tail_p);
  1215. }
  1216. else
  1217. {
  1218. while ((*l != '\0') && !ITEM_SEP(*l))
  1219. l++;
  1220. }
  1221. if (*l == '\0') break; /* done */
  1222. }
  1223. return(retval);
  1224. }
  1225. STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
  1226. STACK_OF(SSL_CIPHER) **cipher_list,
  1227. STACK_OF(SSL_CIPHER) **cipher_list_by_id,
  1228. const char *rule_str)
  1229. {
  1230. int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
  1231. unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
  1232. STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
  1233. const char *rule_p;
  1234. CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
  1235. const SSL_CIPHER **ca_list = NULL;
  1236. /*
  1237. * Return with error if nothing to do.
  1238. */
  1239. if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
  1240. return NULL;
  1241. /*
  1242. * To reduce the work to do we only want to process the compiled
  1243. * in algorithms, so we first get the mask of disabled ciphers.
  1244. */
  1245. ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
  1246. /*
  1247. * Now we have to collect the available ciphers from the compiled
  1248. * in ciphers. We cannot get more than the number compiled in, so
  1249. * it is used for allocation.
  1250. */
  1251. num_of_ciphers = ssl_method->num_ciphers();
  1252. #ifdef KSSL_DEBUG
  1253. printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
  1254. #endif /* KSSL_DEBUG */
  1255. co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
  1256. if (co_list == NULL)
  1257. {
  1258. SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
  1259. return(NULL); /* Failure */
  1260. }
  1261. ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
  1262. disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
  1263. co_list, &head, &tail);
  1264. /* Now arrange all ciphers by preference: */
  1265. /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
  1266. ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
  1267. ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
  1268. /* AES is our preferred symmetric cipher */
  1269. ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
  1270. /* Temporarily enable everything else for sorting */
  1271. ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
  1272. /* Low priority for MD5 */
  1273. ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1274. /* Move anonymous ciphers to the end. Usually, these will remain disabled.
  1275. * (For applications that allow them, they aren't too bad, but we prefer
  1276. * authenticated ciphers.) */
  1277. ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1278. /* Move ciphers without forward secrecy to the end */
  1279. ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1280. /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
  1281. ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1282. ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1283. ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1284. /* RC4 is sort-of broken -- move the the end */
  1285. ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
  1286. /* Now sort by symmetric encryption strength. The above ordering remains
  1287. * in force within each class */
  1288. if (!ssl_cipher_strength_sort(&head, &tail))
  1289. {
  1290. OPENSSL_free(co_list);
  1291. return NULL;
  1292. }
  1293. /* Now disable everything (maintaining the ordering!) */
  1294. ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
  1295. /*
  1296. * We also need cipher aliases for selecting based on the rule_str.
  1297. * There might be two types of entries in the rule_str: 1) names
  1298. * of ciphers themselves 2) aliases for groups of ciphers.
  1299. * For 1) we need the available ciphers and for 2) the cipher
  1300. * groups of cipher_aliases added together in one list (otherwise
  1301. * we would be happy with just the cipher_aliases table).
  1302. */
  1303. num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
  1304. num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
  1305. ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
  1306. if (ca_list == NULL)
  1307. {
  1308. OPENSSL_free(co_list);
  1309. SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
  1310. return(NULL); /* Failure */
  1311. }
  1312. ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
  1313. disabled_mkey, disabled_auth, disabled_enc,
  1314. disabled_mac, disabled_ssl, head);
  1315. /*
  1316. * If the rule_string begins with DEFAULT, apply the default rule
  1317. * before using the (possibly available) additional rules.
  1318. */
  1319. ok = 1;
  1320. rule_p = rule_str;
  1321. if (strncmp(rule_str,"DEFAULT",7) == 0)
  1322. {
  1323. ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
  1324. &head, &tail, ca_list);
  1325. rule_p += 7;
  1326. if (*rule_p == ':')
  1327. rule_p++;
  1328. }
  1329. if (ok && (strlen(rule_p) > 0))
  1330. ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
  1331. OPENSSL_free((void *)ca_list); /* Not needed anymore */
  1332. if (!ok)
  1333. { /* Rule processing failure */
  1334. OPENSSL_free(co_list);
  1335. return(NULL);
  1336. }
  1337. /*
  1338. * Allocate new "cipherstack" for the result, return with error
  1339. * if we cannot get one.
  1340. */
  1341. if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
  1342. {
  1343. OPENSSL_free(co_list);
  1344. return(NULL);
  1345. }
  1346. /*
  1347. * The cipher selection for the list is done. The ciphers are added
  1348. * to the resulting precedence to the STACK_OF(SSL_CIPHER).
  1349. */
  1350. for (curr = head; curr != NULL; curr = curr->next)
  1351. {
  1352. #ifdef OPENSSL_FIPS
  1353. if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
  1354. #else
  1355. if (curr->active)
  1356. #endif
  1357. {
  1358. sk_SSL_CIPHER_push(cipherstack, curr->cipher);
  1359. #ifdef CIPHER_DEBUG
  1360. printf("<%s>\n",curr->cipher->name);
  1361. #endif
  1362. }
  1363. }
  1364. OPENSSL_free(co_list); /* Not needed any longer */
  1365. tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
  1366. if (tmp_cipher_list == NULL)
  1367. {
  1368. sk_SSL_CIPHER_free(cipherstack);
  1369. return NULL;
  1370. }
  1371. if (*cipher_list != NULL)
  1372. sk_SSL_CIPHER_free(*cipher_list);
  1373. *cipher_list = cipherstack;
  1374. if (*cipher_list_by_id != NULL)
  1375. sk_SSL_CIPHER_free(*cipher_list_by_id);
  1376. *cipher_list_by_id = tmp_cipher_list;
  1377. (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
  1378. sk_SSL_CIPHER_sort(*cipher_list_by_id);
  1379. return(cipherstack);
  1380. }
  1381. char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
  1382. {
  1383. int is_export,pkl,kl;
  1384. const char *ver,*exp_str;
  1385. const char *kx,*au,*enc,*mac;
  1386. unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
  1387. #ifdef KSSL_DEBUG
  1388. static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
  1389. #else
  1390. static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
  1391. #endif /* KSSL_DEBUG */
  1392. alg_mkey = cipher->algorithm_mkey;
  1393. alg_auth = cipher->algorithm_auth;
  1394. alg_enc = cipher->algorithm_enc;
  1395. alg_mac = cipher->algorithm_mac;
  1396. alg_ssl = cipher->algorithm_ssl;
  1397. alg2=cipher->algorithm2;
  1398. is_export=SSL_C_IS_EXPORT(cipher);
  1399. pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
  1400. kl=SSL_C_EXPORT_KEYLENGTH(cipher);
  1401. exp_str=is_export?" export":"";
  1402. if (alg_ssl & SSL_SSLV2)
  1403. ver="SSLv2";
  1404. else if (alg_ssl & SSL_SSLV3)
  1405. ver="SSLv3";
  1406. else if (alg_ssl & SSL_TLSV1_2)
  1407. ver="TLSv1.2";
  1408. else
  1409. ver="unknown";
  1410. switch (alg_mkey)
  1411. {
  1412. case SSL_kRSA:
  1413. kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
  1414. break;
  1415. case SSL_kDHr:
  1416. kx="DH/RSA";
  1417. break;
  1418. case SSL_kDHd:
  1419. kx="DH/DSS";
  1420. break;
  1421. case SSL_kKRB5:
  1422. kx="KRB5";
  1423. break;
  1424. case SSL_kEDH:
  1425. kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
  1426. break;
  1427. case SSL_kECDHr:
  1428. kx="ECDH/RSA";
  1429. break;
  1430. case SSL_kECDHe:
  1431. kx="ECDH/ECDSA";
  1432. break;
  1433. case SSL_kEECDH:
  1434. kx="ECDH";
  1435. break;
  1436. case SSL_kPSK:
  1437. kx="PSK";
  1438. break;
  1439. case SSL_kSRP:
  1440. kx="SRP";
  1441. break;
  1442. default:
  1443. kx="unknown";
  1444. }
  1445. switch (alg_auth)
  1446. {
  1447. case SSL_aRSA:
  1448. au="RSA";
  1449. break;
  1450. case SSL_aDSS:
  1451. au="DSS";
  1452. break;
  1453. case SSL_aDH:
  1454. au="DH";
  1455. break;
  1456. case SSL_aKRB5:
  1457. au="KRB5";
  1458. break;
  1459. case SSL_aECDH:
  1460. au="ECDH";
  1461. break;
  1462. case SSL_aNULL:
  1463. au="None";
  1464. break;
  1465. case SSL_aECDSA:
  1466. au="ECDSA";
  1467. break;
  1468. case SSL_aPSK:
  1469. au="PSK";
  1470. break;
  1471. default:
  1472. au="unknown";
  1473. break;
  1474. }
  1475. switch (alg_enc)
  1476. {
  1477. case SSL_DES:
  1478. enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
  1479. break;
  1480. case SSL_3DES:
  1481. enc="3DES(168)";
  1482. break;
  1483. case SSL_RC4:
  1484. enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
  1485. :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
  1486. break;
  1487. case SSL_RC2:
  1488. enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
  1489. break;
  1490. case SSL_IDEA:
  1491. enc="IDEA(128)";
  1492. break;
  1493. case SSL_eNULL:
  1494. enc="None";
  1495. break;
  1496. case SSL_AES128:
  1497. enc="AES(128)";
  1498. break;
  1499. case SSL_AES256:
  1500. enc="AES(256)";
  1501. break;
  1502. case SSL_AES128GCM:
  1503. enc="AESGCM(128)";
  1504. break;
  1505. case SSL_AES256GCM:
  1506. enc="AESGCM(256)";
  1507. break;
  1508. case SSL_CAMELLIA128:
  1509. enc="Camellia(128)";
  1510. break;
  1511. case SSL_CAMELLIA256:
  1512. enc="Camellia(256)";
  1513. break;
  1514. case SSL_SEED:
  1515. enc="SEED(128)";
  1516. break;
  1517. default:
  1518. enc="unknown";
  1519. break;
  1520. }
  1521. switch (alg_mac)
  1522. {
  1523. case SSL_MD5:
  1524. mac="MD5";
  1525. break;
  1526. case SSL_SHA1:
  1527. mac="SHA1";
  1528. break;
  1529. case SSL_SHA256:
  1530. mac="SHA256";
  1531. break;
  1532. case SSL_SHA384:
  1533. mac="SHA384";
  1534. break;
  1535. case SSL_AEAD:
  1536. mac="AEAD";
  1537. break;
  1538. default:
  1539. mac="unknown";
  1540. break;
  1541. }
  1542. if (buf == NULL)
  1543. {
  1544. len=128;
  1545. buf=OPENSSL_malloc(len);
  1546. if (buf == NULL) return("OPENSSL_malloc Error");
  1547. }
  1548. else if (len < 128)
  1549. return("Buffer too small");
  1550. #ifdef KSSL_DEBUG
  1551. BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
  1552. #else
  1553. BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
  1554. #endif /* KSSL_DEBUG */
  1555. return(buf);
  1556. }
  1557. char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
  1558. {
  1559. int i;
  1560. if (c == NULL) return("(NONE)");
  1561. i=(int)(c->id>>24L);
  1562. if (i == 3)
  1563. return("TLSv1/SSLv3");
  1564. else if (i == 2)
  1565. return("SSLv2");
  1566. else
  1567. return("unknown");
  1568. }
  1569. /* return the actual cipher being used */
  1570. const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
  1571. {
  1572. if (c != NULL)
  1573. return(c->name);
  1574. return("(NONE)");
  1575. }
  1576. /* number of bits for symmetric cipher */
  1577. int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
  1578. {
  1579. int ret=0;
  1580. if (c != NULL)
  1581. {
  1582. if (alg_bits != NULL) *alg_bits = c->alg_bits;
  1583. ret = c->strength_bits;
  1584. }
  1585. return(ret);
  1586. }
  1587. unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
  1588. {
  1589. return c->id;
  1590. }
  1591. SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
  1592. {
  1593. SSL_COMP *ctmp;
  1594. int i,nn;
  1595. if ((n == 0) || (sk == NULL)) return(NULL);
  1596. nn=sk_SSL_COMP_num(sk);
  1597. for (i=0; i<nn; i++)
  1598. {
  1599. ctmp=sk_SSL_COMP_value(sk,i);
  1600. if (ctmp->id == n)
  1601. return(ctmp);
  1602. }
  1603. return(NULL);
  1604. }
  1605. #ifdef OPENSSL_NO_COMP
  1606. void *SSL_COMP_get_compression_methods(void)
  1607. {
  1608. return NULL;
  1609. }
  1610. int SSL_COMP_add_compression_method(int id, void *cm)
  1611. {
  1612. return 1;
  1613. }
  1614. const char *SSL_COMP_get_name(const void *comp)
  1615. {
  1616. return NULL;
  1617. }
  1618. #else
  1619. STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
  1620. {
  1621. load_builtin_compressions();
  1622. return(ssl_comp_methods);
  1623. }
  1624. int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
  1625. {
  1626. SSL_COMP *comp;
  1627. if (cm == NULL || cm->type == NID_undef)
  1628. return 1;
  1629. /* According to draft-ietf-tls-compression-04.txt, the
  1630. compression number ranges should be the following:
  1631. 0 to 63: methods defined by the IETF
  1632. 64 to 192: external party methods assigned by IANA
  1633. 193 to 255: reserved for private use */
  1634. if (id < 193 || id > 255)
  1635. {
  1636. SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
  1637. return 0;
  1638. }
  1639. MemCheck_off();
  1640. comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
  1641. comp->id=id;
  1642. comp->method=cm;
  1643. load_builtin_compressions();
  1644. if (ssl_comp_methods
  1645. && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
  1646. {
  1647. OPENSSL_free(comp);
  1648. MemCheck_on();
  1649. SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
  1650. return(1);
  1651. }
  1652. else if ((ssl_comp_methods == NULL)
  1653. || !sk_SSL_COMP_push(ssl_comp_methods,comp))
  1654. {
  1655. OPENSSL_free(comp);
  1656. MemCheck_on();
  1657. SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
  1658. return(1);
  1659. }
  1660. else
  1661. {
  1662. MemCheck_on();
  1663. return(0);
  1664. }
  1665. }
  1666. const char *SSL_COMP_get_name(const COMP_METHOD *comp)
  1667. {
  1668. if (comp)
  1669. return comp->name;
  1670. return NULL;
  1671. }
  1672. #endif