155714Skris/* ssl/ssl_ciph.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8296341Sdelphij * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15296341Sdelphij * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22296341Sdelphij * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37296341Sdelphij * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40296341Sdelphij * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52296341Sdelphij * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 58160814Ssimon/* ==================================================================== 59238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60162911Ssimon * 61162911Ssimon * Redistribution and use in source and binary forms, with or without 62162911Ssimon * modification, are permitted provided that the following conditions 63162911Ssimon * are met: 64162911Ssimon * 65162911Ssimon * 1. Redistributions of source code must retain the above copyright 66296341Sdelphij * notice, this list of conditions and the following disclaimer. 67162911Ssimon * 68162911Ssimon * 2. Redistributions in binary form must reproduce the above copyright 69162911Ssimon * notice, this list of conditions and the following disclaimer in 70162911Ssimon * the documentation and/or other materials provided with the 71162911Ssimon * distribution. 72162911Ssimon * 73162911Ssimon * 3. All advertising materials mentioning features or use of this 74162911Ssimon * software must display the following acknowledgment: 75162911Ssimon * "This product includes software developed by the OpenSSL Project 76162911Ssimon * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77162911Ssimon * 78162911Ssimon * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79162911Ssimon * endorse or promote products derived from this software without 80162911Ssimon * prior written permission. For written permission, please contact 81162911Ssimon * openssl-core@openssl.org. 82162911Ssimon * 83162911Ssimon * 5. Products derived from this software may not be called "OpenSSL" 84162911Ssimon * nor may "OpenSSL" appear in their names without prior written 85162911Ssimon * permission of the OpenSSL Project. 86162911Ssimon * 87162911Ssimon * 6. Redistributions of any form whatsoever must retain the following 88162911Ssimon * acknowledgment: 89162911Ssimon * "This product includes software developed by the OpenSSL Project 90162911Ssimon * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91162911Ssimon * 92162911Ssimon * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93162911Ssimon * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94162911Ssimon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95162911Ssimon * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96162911Ssimon * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97162911Ssimon * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98162911Ssimon * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99162911Ssimon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100162911Ssimon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101162911Ssimon * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102162911Ssimon * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103162911Ssimon * OF THE POSSIBILITY OF SUCH DAMAGE. 104162911Ssimon * ==================================================================== 105162911Ssimon * 106162911Ssimon * This product includes cryptographic software written by Eric Young 107162911Ssimon * (eay@cryptsoft.com). This product includes software written by Tim 108162911Ssimon * Hudson (tjh@cryptsoft.com). 109162911Ssimon * 110162911Ssimon */ 111162911Ssimon/* ==================================================================== 112160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113296341Sdelphij * ECC cipher suite support in OpenSSL originally developed by 114160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115160814Ssimon */ 116238405Sjkim/* ==================================================================== 117238405Sjkim * Copyright 2005 Nokia. All rights reserved. 118238405Sjkim * 119238405Sjkim * The portions of the attached software ("Contribution") is developed by 120238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121238405Sjkim * license. 122238405Sjkim * 123238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125238405Sjkim * support (see RFC 4279) to OpenSSL. 126238405Sjkim * 127238405Sjkim * No patent licenses or other rights except those expressly stated in 128238405Sjkim * the OpenSSL open source license shall be deemed granted or received 129238405Sjkim * expressly, by implication, estoppel, or otherwise. 130238405Sjkim * 131238405Sjkim * No assurances are provided by Nokia that the Contribution does not 132238405Sjkim * infringe the patent or other intellectual property rights of any third 133238405Sjkim * party or that the license provides you with all the necessary rights 134238405Sjkim * to make use of the Contribution. 135238405Sjkim * 136238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140238405Sjkim * OTHERWISE. 141238405Sjkim */ 142238405Sjkim 14355714Skris#include <stdio.h> 14455714Skris#include <openssl/objects.h> 145194206Ssimon#ifndef OPENSSL_NO_COMP 146296341Sdelphij# include <openssl/comp.h> 147194206Ssimon#endif 148238405Sjkim#ifndef OPENSSL_NO_ENGINE 149296341Sdelphij# include <openssl/engine.h> 150238405Sjkim#endif 15155714Skris#include "ssl_locl.h" 15255714Skris 153296341Sdelphij#define SSL_ENC_DES_IDX 0 154296341Sdelphij#define SSL_ENC_3DES_IDX 1 155296341Sdelphij#define SSL_ENC_RC4_IDX 2 156296341Sdelphij#define SSL_ENC_RC2_IDX 3 157296341Sdelphij#define SSL_ENC_IDEA_IDX 4 158296341Sdelphij#define SSL_ENC_NULL_IDX 5 159296341Sdelphij#define SSL_ENC_AES128_IDX 6 160296341Sdelphij#define SSL_ENC_AES256_IDX 7 161296341Sdelphij#define SSL_ENC_CAMELLIA128_IDX 8 162296341Sdelphij#define SSL_ENC_CAMELLIA256_IDX 9 163296341Sdelphij#define SSL_ENC_GOST89_IDX 10 164296341Sdelphij#define SSL_ENC_SEED_IDX 11 165296341Sdelphij#define SSL_ENC_AES128GCM_IDX 12 166296341Sdelphij#define SSL_ENC_AES256GCM_IDX 13 167296341Sdelphij#define SSL_ENC_NUM_IDX 14 16855714Skris 169296341Sdelphijstatic const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { 170296341Sdelphij NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 171296341Sdelphij NULL, NULL 172296341Sdelphij}; 173162911Ssimon 174296341Sdelphij#define SSL_COMP_NULL_IDX 0 175296341Sdelphij#define SSL_COMP_ZLIB_IDX 1 176296341Sdelphij#define SSL_COMP_NUM_IDX 2 17755714Skris 178296341Sdelphijstatic STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 179160814Ssimon 180296341Sdelphij#define SSL_MD_MD5_IDX 0 181296341Sdelphij#define SSL_MD_SHA1_IDX 1 182238405Sjkim#define SSL_MD_GOST94_IDX 2 183238405Sjkim#define SSL_MD_GOST89MAC_IDX 3 184238405Sjkim#define SSL_MD_SHA256_IDX 4 185238405Sjkim#define SSL_MD_SHA384_IDX 5 186296341Sdelphij/* 187296341Sdelphij * Constant SSL_MAX_DIGEST equal to size of digests array should be defined 188296341Sdelphij * in the ssl_locl.h 189238405Sjkim */ 190296341Sdelphij#define SSL_MD_NUM_IDX SSL_MAX_DIGEST 191296341Sdelphijstatic const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { 192296341Sdelphij NULL, NULL, NULL, NULL, NULL, NULL 193296341Sdelphij}; 19455714Skris 195296341Sdelphij/* 196296341Sdelphij * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation 197296341Sdelphij * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is 198296341Sdelphij * found 199296341Sdelphij */ 200296341Sdelphijstatic int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { 201296341Sdelphij EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, 202296341Sdelphij EVP_PKEY_HMAC, EVP_PKEY_HMAC 203296341Sdelphij}; 204238405Sjkim 205296341Sdelphijstatic int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { 206296341Sdelphij 0, 0, 0, 0, 0, 0 207296341Sdelphij}; 208238405Sjkim 209296341Sdelphijstatic int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { 210296341Sdelphij SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, 211296341Sdelphij SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, 212296341Sdelphij SSL_HANDSHAKE_MAC_SHA384 213296341Sdelphij}; 21455714Skris 215296341Sdelphij#define CIPHER_ADD 1 216296341Sdelphij#define CIPHER_KILL 2 217296341Sdelphij#define CIPHER_DEL 3 218296341Sdelphij#define CIPHER_ORD 4 219296341Sdelphij#define CIPHER_SPECIAL 5 22055714Skris 221296341Sdelphijtypedef struct cipher_order_st { 222296341Sdelphij const SSL_CIPHER *cipher; 223296341Sdelphij int active; 224296341Sdelphij int dead; 225296341Sdelphij struct cipher_order_st *next, *prev; 226296341Sdelphij} CIPHER_ORDER; 22755714Skris 228296341Sdelphijstatic const SSL_CIPHER cipher_aliases[] = { 229296341Sdelphij /* "ALL" doesn't include eNULL (must be specifically enabled) */ 230296341Sdelphij {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0}, 231296341Sdelphij /* "COMPLEMENTOFALL" */ 232296341Sdelphij {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 23355714Skris 234296341Sdelphij /* 235296341Sdelphij * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in 236296341Sdelphij * ALL!) 237296341Sdelphij */ 238296341Sdelphij {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, 239296341Sdelphij SSL_EXP_MASK, 0, 0, 0}, 24055714Skris 241296341Sdelphij /* 242296341Sdelphij * key exchange aliases (some of those using only a single bit here 243296341Sdelphij * combine multiple key exchange algs according to the RFCs, e.g. kEDH 244296341Sdelphij * combines DHE_DSS and DHE_RSA) 245296341Sdelphij */ 246296341Sdelphij {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, 24755714Skris 248296341Sdelphij /* no such ciphersuites supported! */ 249296341Sdelphij {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 250296341Sdelphij /* no such ciphersuites supported! */ 251296341Sdelphij {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, 252296341Sdelphij /* no such ciphersuites supported! */ 253296341Sdelphij {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, 254296341Sdelphij {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, 255296341Sdelphij {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 256296341Sdelphij 0}, 25759191Skris 258296341Sdelphij {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, 259238405Sjkim 260296341Sdelphij {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 261296341Sdelphij {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 262296341Sdelphij {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 263296341Sdelphij {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 264296341Sdelphij {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0, 265296341Sdelphij 0, 0, 0}, 266238405Sjkim 267296341Sdelphij {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, 268296341Sdelphij {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 269296341Sdelphij {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, 270238405Sjkim 271296341Sdelphij /* server authentication aliases */ 272296341Sdelphij {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 273296341Sdelphij {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 274296341Sdelphij {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 275296341Sdelphij {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 276296341Sdelphij {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 277296341Sdelphij /* no such ciphersuites supported! */ 278296341Sdelphij {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, 279296341Sdelphij {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 280296341Sdelphij {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 281296341Sdelphij {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 282296341Sdelphij {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 283296341Sdelphij {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 284296341Sdelphij {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 285296341Sdelphij {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 286296341Sdelphij {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0}, 287238405Sjkim 288296341Sdelphij /* aliases combining key exchange and server authentication */ 289296341Sdelphij {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 290296341Sdelphij {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 291296341Sdelphij {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 292296341Sdelphij {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 293296341Sdelphij {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 294296341Sdelphij {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 295296341Sdelphij {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 296296341Sdelphij {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 297296341Sdelphij {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 298238405Sjkim 299296341Sdelphij /* symmetric encryption aliases */ 300296341Sdelphij {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 301296341Sdelphij {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 302296341Sdelphij {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 303296341Sdelphij {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 304296341Sdelphij {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 305296341Sdelphij {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 306296341Sdelphij {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 307296341Sdelphij {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0, 308296341Sdelphij 0}, 309296341Sdelphij {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0, 310296341Sdelphij 0}, 311296341Sdelphij {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 312296341Sdelphij {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0, 313296341Sdelphij 0, 0}, 314296341Sdelphij {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 315296341Sdelphij {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 316296341Sdelphij {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0, 317296341Sdelphij 0, 0, 0}, 318238405Sjkim 319296341Sdelphij /* MAC aliases */ 320296341Sdelphij {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 321296341Sdelphij {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 322296341Sdelphij {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 323296341Sdelphij {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 324296341Sdelphij {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 325296341Sdelphij {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 326296341Sdelphij {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 327238405Sjkim 328296341Sdelphij /* protocol version aliases */ 329296341Sdelphij {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 330296341Sdelphij {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 331296341Sdelphij {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 332296341Sdelphij {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 333238405Sjkim 334296341Sdelphij /* export flag */ 335296341Sdelphij {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 336296341Sdelphij {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 337238405Sjkim 338296341Sdelphij /* strength classes */ 339296341Sdelphij {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 340296341Sdelphij {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 341296341Sdelphij {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 342296341Sdelphij {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 343296341Sdelphij {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 344296341Sdelphij /* FIPS 140-2 approved ciphersuite */ 345296341Sdelphij {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 346296341Sdelphij}; 347296341Sdelphij 348296341Sdelphij/* 349296341Sdelphij * Search for public key algorithm with given name and return its pkey_id if 350296341Sdelphij * it is available. Otherwise return 0 351238405Sjkim */ 352238405Sjkim#ifdef OPENSSL_NO_ENGINE 35355714Skris 354238405Sjkimstatic int get_optional_pkey_id(const char *pkey_name) 355296341Sdelphij{ 356296341Sdelphij const EVP_PKEY_ASN1_METHOD *ameth; 357296341Sdelphij int pkey_id = 0; 358296341Sdelphij ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); 359296341Sdelphij if (ameth) { 360296341Sdelphij EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 361296341Sdelphij } 362296341Sdelphij return pkey_id; 363296341Sdelphij} 364238405Sjkim 365238405Sjkim#else 366238405Sjkim 367238405Sjkimstatic int get_optional_pkey_id(const char *pkey_name) 368296341Sdelphij{ 369296341Sdelphij const EVP_PKEY_ASN1_METHOD *ameth; 370296341Sdelphij ENGINE *tmpeng = NULL; 371296341Sdelphij int pkey_id = 0; 372296341Sdelphij ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); 373296341Sdelphij if (ameth) { 374296341Sdelphij EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 375296341Sdelphij } 376296341Sdelphij if (tmpeng) 377296341Sdelphij ENGINE_finish(tmpeng); 378296341Sdelphij return pkey_id; 379296341Sdelphij} 380238405Sjkim 381238405Sjkim#endif 382238405Sjkim 383160814Ssimonvoid ssl_load_ciphers(void) 384296341Sdelphij{ 385296341Sdelphij ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc); 386296341Sdelphij ssl_cipher_methods[SSL_ENC_3DES_IDX] = 387296341Sdelphij EVP_get_cipherbyname(SN_des_ede3_cbc); 388296341Sdelphij ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4); 389296341Sdelphij ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc); 390127128Snectar#ifndef OPENSSL_NO_IDEA 391296341Sdelphij ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc); 392127128Snectar#else 393296341Sdelphij ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; 394127128Snectar#endif 395296341Sdelphij ssl_cipher_methods[SSL_ENC_AES128_IDX] = 396296341Sdelphij EVP_get_cipherbyname(SN_aes_128_cbc); 397296341Sdelphij ssl_cipher_methods[SSL_ENC_AES256_IDX] = 398296341Sdelphij EVP_get_cipherbyname(SN_aes_256_cbc); 399296341Sdelphij ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] = 400296341Sdelphij EVP_get_cipherbyname(SN_camellia_128_cbc); 401296341Sdelphij ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] = 402296341Sdelphij EVP_get_cipherbyname(SN_camellia_256_cbc); 403296341Sdelphij ssl_cipher_methods[SSL_ENC_GOST89_IDX] = 404296341Sdelphij EVP_get_cipherbyname(SN_gost89_cnt); 405296341Sdelphij ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc); 40655714Skris 407296341Sdelphij ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = 408296341Sdelphij EVP_get_cipherbyname(SN_aes_128_gcm); 409296341Sdelphij ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = 410296341Sdelphij EVP_get_cipherbyname(SN_aes_256_gcm); 411238405Sjkim 412296341Sdelphij ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5); 413296341Sdelphij ssl_mac_secret_size[SSL_MD_MD5_IDX] = 414296341Sdelphij EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); 415296341Sdelphij OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); 416296341Sdelphij ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1); 417296341Sdelphij ssl_mac_secret_size[SSL_MD_SHA1_IDX] = 418296341Sdelphij EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); 419296341Sdelphij OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); 420296341Sdelphij ssl_digest_methods[SSL_MD_GOST94_IDX] = 421296341Sdelphij EVP_get_digestbyname(SN_id_GostR3411_94); 422296341Sdelphij if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { 423296341Sdelphij ssl_mac_secret_size[SSL_MD_GOST94_IDX] = 424296341Sdelphij EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); 425296341Sdelphij OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); 426296341Sdelphij } 427296341Sdelphij ssl_digest_methods[SSL_MD_GOST89MAC_IDX] = 428296341Sdelphij EVP_get_digestbyname(SN_id_Gost28147_89_MAC); 429296341Sdelphij ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); 430296341Sdelphij if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { 431296341Sdelphij ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; 432296341Sdelphij } 433238405Sjkim 434296341Sdelphij ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256); 435296341Sdelphij ssl_mac_secret_size[SSL_MD_SHA256_IDX] = 436296341Sdelphij EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); 437296341Sdelphij ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384); 438296341Sdelphij ssl_mac_secret_size[SSL_MD_SHA384_IDX] = 439296341Sdelphij EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 440296341Sdelphij} 441296341Sdelphij 442160814Ssimon#ifndef OPENSSL_NO_COMP 443160814Ssimon 444296341Sdelphijstatic int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) 445296341Sdelphij{ 446296341Sdelphij return ((*a)->id - (*b)->id); 447296341Sdelphij} 448160814Ssimon 449160814Ssimonstatic void load_builtin_compressions(void) 450296341Sdelphij{ 451296341Sdelphij int got_write_lock = 0; 452160814Ssimon 453296341Sdelphij CRYPTO_r_lock(CRYPTO_LOCK_SSL); 454296341Sdelphij if (ssl_comp_methods == NULL) { 455296341Sdelphij CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 456296341Sdelphij CRYPTO_w_lock(CRYPTO_LOCK_SSL); 457296341Sdelphij got_write_lock = 1; 458160814Ssimon 459296341Sdelphij if (ssl_comp_methods == NULL) { 460296341Sdelphij SSL_COMP *comp = NULL; 461296341Sdelphij 462296341Sdelphij MemCheck_off(); 463296341Sdelphij ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); 464296341Sdelphij if (ssl_comp_methods != NULL) { 465296341Sdelphij comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 466296341Sdelphij if (comp != NULL) { 467296341Sdelphij comp->method = COMP_zlib(); 468296341Sdelphij if (comp->method && comp->method->type == NID_undef) 469296341Sdelphij OPENSSL_free(comp); 470296341Sdelphij else { 471296341Sdelphij comp->id = SSL_COMP_ZLIB_IDX; 472296341Sdelphij comp->name = comp->method->name; 473296341Sdelphij sk_SSL_COMP_push(ssl_comp_methods, comp); 474296341Sdelphij } 475296341Sdelphij } 476296341Sdelphij sk_SSL_COMP_sort(ssl_comp_methods); 477296341Sdelphij } 478296341Sdelphij MemCheck_on(); 479296341Sdelphij } 480296341Sdelphij } 481296341Sdelphij 482296341Sdelphij if (got_write_lock) 483296341Sdelphij CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 484296341Sdelphij else 485296341Sdelphij CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 486296341Sdelphij} 487160814Ssimon#endif 488160814Ssimon 489160814Ssimonint ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 490296341Sdelphij const EVP_MD **md, int *mac_pkey_type, 491296341Sdelphij int *mac_secret_size, SSL_COMP **comp) 492296341Sdelphij{ 493296341Sdelphij int i; 494296341Sdelphij const SSL_CIPHER *c; 49555714Skris 496296341Sdelphij c = s->cipher; 497296341Sdelphij if (c == NULL) 498296341Sdelphij return (0); 499296341Sdelphij if (comp != NULL) { 500296341Sdelphij SSL_COMP ctmp; 501160814Ssimon#ifndef OPENSSL_NO_COMP 502296341Sdelphij load_builtin_compressions(); 503160814Ssimon#endif 50455714Skris 505296341Sdelphij *comp = NULL; 506296341Sdelphij ctmp.id = s->compress_meth; 507296341Sdelphij if (ssl_comp_methods != NULL) { 508296341Sdelphij i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); 509296341Sdelphij if (i >= 0) 510296341Sdelphij *comp = sk_SSL_COMP_value(ssl_comp_methods, i); 511296341Sdelphij else 512296341Sdelphij *comp = NULL; 513296341Sdelphij } 514296341Sdelphij } 51555714Skris 516296341Sdelphij if ((enc == NULL) || (md == NULL)) 517296341Sdelphij return (0); 51855714Skris 519296341Sdelphij switch (c->algorithm_enc) { 520296341Sdelphij case SSL_DES: 521296341Sdelphij i = SSL_ENC_DES_IDX; 522296341Sdelphij break; 523296341Sdelphij case SSL_3DES: 524296341Sdelphij i = SSL_ENC_3DES_IDX; 525296341Sdelphij break; 526296341Sdelphij case SSL_RC4: 527296341Sdelphij i = SSL_ENC_RC4_IDX; 528296341Sdelphij break; 529296341Sdelphij case SSL_RC2: 530296341Sdelphij i = SSL_ENC_RC2_IDX; 531296341Sdelphij break; 532296341Sdelphij case SSL_IDEA: 533296341Sdelphij i = SSL_ENC_IDEA_IDX; 534296341Sdelphij break; 535296341Sdelphij case SSL_eNULL: 536296341Sdelphij i = SSL_ENC_NULL_IDX; 537296341Sdelphij break; 538296341Sdelphij case SSL_AES128: 539296341Sdelphij i = SSL_ENC_AES128_IDX; 540296341Sdelphij break; 541296341Sdelphij case SSL_AES256: 542296341Sdelphij i = SSL_ENC_AES256_IDX; 543296341Sdelphij break; 544296341Sdelphij case SSL_CAMELLIA128: 545296341Sdelphij i = SSL_ENC_CAMELLIA128_IDX; 546296341Sdelphij break; 547296341Sdelphij case SSL_CAMELLIA256: 548296341Sdelphij i = SSL_ENC_CAMELLIA256_IDX; 549296341Sdelphij break; 550296341Sdelphij case SSL_eGOST2814789CNT: 551296341Sdelphij i = SSL_ENC_GOST89_IDX; 552296341Sdelphij break; 553296341Sdelphij case SSL_SEED: 554296341Sdelphij i = SSL_ENC_SEED_IDX; 555296341Sdelphij break; 556296341Sdelphij case SSL_AES128GCM: 557296341Sdelphij i = SSL_ENC_AES128GCM_IDX; 558296341Sdelphij break; 559296341Sdelphij case SSL_AES256GCM: 560296341Sdelphij i = SSL_ENC_AES256GCM_IDX; 561296341Sdelphij break; 562296341Sdelphij default: 563296341Sdelphij i = -1; 564296341Sdelphij break; 565296341Sdelphij } 56655714Skris 567296341Sdelphij if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) 568296341Sdelphij *enc = NULL; 569296341Sdelphij else { 570296341Sdelphij if (i == SSL_ENC_NULL_IDX) 571296341Sdelphij *enc = EVP_enc_null(); 572296341Sdelphij else 573296341Sdelphij *enc = ssl_cipher_methods[i]; 574296341Sdelphij } 57555714Skris 576296341Sdelphij switch (c->algorithm_mac) { 577296341Sdelphij case SSL_MD5: 578296341Sdelphij i = SSL_MD_MD5_IDX; 579296341Sdelphij break; 580296341Sdelphij case SSL_SHA1: 581296341Sdelphij i = SSL_MD_SHA1_IDX; 582296341Sdelphij break; 583296341Sdelphij case SSL_SHA256: 584296341Sdelphij i = SSL_MD_SHA256_IDX; 585296341Sdelphij break; 586296341Sdelphij case SSL_SHA384: 587296341Sdelphij i = SSL_MD_SHA384_IDX; 588296341Sdelphij break; 589296341Sdelphij case SSL_GOST94: 590296341Sdelphij i = SSL_MD_GOST94_IDX; 591296341Sdelphij break; 592296341Sdelphij case SSL_GOST89MAC: 593296341Sdelphij i = SSL_MD_GOST89MAC_IDX; 594296341Sdelphij break; 595296341Sdelphij default: 596296341Sdelphij i = -1; 597296341Sdelphij break; 598296341Sdelphij } 599296341Sdelphij if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { 600296341Sdelphij *md = NULL; 601296341Sdelphij if (mac_pkey_type != NULL) 602296341Sdelphij *mac_pkey_type = NID_undef; 603296341Sdelphij if (mac_secret_size != NULL) 604296341Sdelphij *mac_secret_size = 0; 605296341Sdelphij if (c->algorithm_mac == SSL_AEAD) 606296341Sdelphij mac_pkey_type = NULL; 607296341Sdelphij } else { 608296341Sdelphij *md = ssl_digest_methods[i]; 609296341Sdelphij if (mac_pkey_type != NULL) 610296341Sdelphij *mac_pkey_type = ssl_mac_pkey_id[i]; 611296341Sdelphij if (mac_secret_size != NULL) 612296341Sdelphij *mac_secret_size = ssl_mac_secret_size[i]; 613296341Sdelphij } 61455714Skris 615296341Sdelphij if ((*enc != NULL) && 616296341Sdelphij (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) 617296341Sdelphij && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { 618296341Sdelphij const EVP_CIPHER *evp; 619238405Sjkim 620296341Sdelphij if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || 621296341Sdelphij s->ssl_version < TLS1_VERSION) 622296341Sdelphij return 1; 623238405Sjkim 624238405Sjkim#ifdef OPENSSL_FIPS 625296341Sdelphij if (FIPS_mode()) 626296341Sdelphij return 1; 627238405Sjkim#endif 628238405Sjkim 629296341Sdelphij if (c->algorithm_enc == SSL_RC4 && 630296341Sdelphij c->algorithm_mac == SSL_MD5 && 631296341Sdelphij (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) 632296341Sdelphij *enc = evp, *md = NULL; 633296341Sdelphij else if (c->algorithm_enc == SSL_AES128 && 634296341Sdelphij c->algorithm_mac == SSL_SHA1 && 635296341Sdelphij (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) 636296341Sdelphij *enc = evp, *md = NULL; 637296341Sdelphij else if (c->algorithm_enc == SSL_AES256 && 638296341Sdelphij c->algorithm_mac == SSL_SHA1 && 639296341Sdelphij (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) 640296341Sdelphij *enc = evp, *md = NULL; 641296341Sdelphij return (1); 642296341Sdelphij } else 643296341Sdelphij return (0); 644296341Sdelphij} 64555714Skris 646296341Sdelphijint ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 647238405Sjkim{ 648296341Sdelphij if (idx < 0 || idx >= SSL_MD_NUM_IDX) { 649296341Sdelphij return 0; 650296341Sdelphij } 651296341Sdelphij *mask = ssl_handshake_digest_flag[idx]; 652296341Sdelphij if (*mask) 653296341Sdelphij *md = ssl_digest_methods[idx]; 654296341Sdelphij else 655296341Sdelphij *md = NULL; 656296341Sdelphij return 1; 657238405Sjkim} 658238405Sjkim 65955714Skris#define ITEM_SEP(a) \ 660296341Sdelphij (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 66155714Skris 66255714Skrisstatic void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 663296341Sdelphij CIPHER_ORDER **tail) 664296341Sdelphij{ 665296341Sdelphij if (curr == *tail) 666296341Sdelphij return; 667296341Sdelphij if (curr == *head) 668296341Sdelphij *head = curr->next; 669296341Sdelphij if (curr->prev != NULL) 670296341Sdelphij curr->prev->next = curr->next; 671296341Sdelphij if (curr->next != NULL) 672296341Sdelphij curr->next->prev = curr->prev; 673296341Sdelphij (*tail)->next = curr; 674296341Sdelphij curr->prev = *tail; 675296341Sdelphij curr->next = NULL; 676296341Sdelphij *tail = curr; 677296341Sdelphij} 67855714Skris 679238405Sjkimstatic void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, 680296341Sdelphij CIPHER_ORDER **tail) 681296341Sdelphij{ 682296341Sdelphij if (curr == *head) 683296341Sdelphij return; 684296341Sdelphij if (curr == *tail) 685296341Sdelphij *tail = curr->prev; 686296341Sdelphij if (curr->next != NULL) 687296341Sdelphij curr->next->prev = curr->prev; 688296341Sdelphij if (curr->prev != NULL) 689296341Sdelphij curr->prev->next = curr->next; 690296341Sdelphij (*head)->prev = curr; 691296341Sdelphij curr->next = *head; 692296341Sdelphij curr->prev = NULL; 693296341Sdelphij *head = curr; 694296341Sdelphij} 695167612Ssimon 696296341Sdelphijstatic void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, 697296341Sdelphij unsigned long *enc, unsigned long *mac, 698296341Sdelphij unsigned long *ssl) 699296341Sdelphij{ 700296341Sdelphij *mkey = 0; 701296341Sdelphij *auth = 0; 702296341Sdelphij *enc = 0; 703296341Sdelphij *mac = 0; 704296341Sdelphij *ssl = 0; 70555714Skris 706109998Smarkm#ifdef OPENSSL_NO_RSA 707296341Sdelphij *mkey |= SSL_kRSA; 708296341Sdelphij *auth |= SSL_aRSA; 70955714Skris#endif 710109998Smarkm#ifdef OPENSSL_NO_DSA 711296341Sdelphij *auth |= SSL_aDSS; 71255714Skris#endif 713296341Sdelphij *mkey |= SSL_kDHr | SSL_kDHd; /* no such ciphersuites supported! */ 714296341Sdelphij *auth |= SSL_aDH; 715109998Smarkm#ifdef OPENSSL_NO_DH 716296341Sdelphij *mkey |= SSL_kDHr | SSL_kDHd | SSL_kEDH; 717296341Sdelphij *auth |= SSL_aDH; 71855714Skris#endif 719109998Smarkm#ifdef OPENSSL_NO_KRB5 720296341Sdelphij *mkey |= SSL_kKRB5; 721296341Sdelphij *auth |= SSL_aKRB5; 722109998Smarkm#endif 723238405Sjkim#ifdef OPENSSL_NO_ECDSA 724296341Sdelphij *auth |= SSL_aECDSA; 725238405Sjkim#endif 726160814Ssimon#ifdef OPENSSL_NO_ECDH 727296341Sdelphij *mkey |= SSL_kECDHe | SSL_kECDHr; 728296341Sdelphij *auth |= SSL_aECDH; 729160814Ssimon#endif 730238405Sjkim#ifdef OPENSSL_NO_PSK 731296341Sdelphij *mkey |= SSL_kPSK; 732296341Sdelphij *auth |= SSL_aPSK; 733238405Sjkim#endif 734238405Sjkim#ifdef OPENSSL_NO_SRP 735296341Sdelphij *mkey |= SSL_kSRP; 736238405Sjkim#endif 737296341Sdelphij /* 738296341Sdelphij * Check for presence of GOST 34.10 algorithms, and if they do not 739296341Sdelphij * present, disable appropriate auth and key exchange 740296341Sdelphij */ 741296341Sdelphij if (!get_optional_pkey_id("gost94")) { 742296341Sdelphij *auth |= SSL_aGOST94; 743296341Sdelphij } 744296341Sdelphij if (!get_optional_pkey_id("gost2001")) { 745296341Sdelphij *auth |= SSL_aGOST01; 746296341Sdelphij } 747296341Sdelphij /* 748296341Sdelphij * Disable GOST key exchange if no GOST signature algs are available * 749296341Sdelphij */ 750296341Sdelphij if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) { 751296341Sdelphij *mkey |= SSL_kGOST; 752296341Sdelphij } 75355714Skris#ifdef SSL_FORBID_ENULL 754296341Sdelphij *enc |= SSL_eNULL; 75555714Skris#endif 75655714Skris 757296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0; 758296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; 759296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0; 760296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0; 761296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; 762296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; 763296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; 764296341Sdelphij *enc |= 765296341Sdelphij (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == 766296341Sdelphij NULL) ? SSL_AES128GCM : 0; 767296341Sdelphij *enc |= 768296341Sdelphij (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == 769296341Sdelphij NULL) ? SSL_AES256GCM : 0; 770296341Sdelphij *enc |= 771296341Sdelphij (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == 772296341Sdelphij NULL) ? SSL_CAMELLIA128 : 0; 773296341Sdelphij *enc |= 774296341Sdelphij (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == 775296341Sdelphij NULL) ? SSL_CAMELLIA256 : 0; 776296341Sdelphij *enc |= 777296341Sdelphij (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == 778296341Sdelphij NULL) ? SSL_eGOST2814789CNT : 0; 779296341Sdelphij *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; 78055714Skris 781296341Sdelphij *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0; 782296341Sdelphij *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; 783296341Sdelphij *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; 784296341Sdelphij *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; 785296341Sdelphij *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; 786296341Sdelphij *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL 787296341Sdelphij || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] == 788296341Sdelphij NID_undef) ? SSL_GOST89MAC : 0; 78955714Skris 790296341Sdelphij} 791167612Ssimon 79259191Skrisstatic void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 793296341Sdelphij int num_of_ciphers, 794296341Sdelphij unsigned long disabled_mkey, 795296341Sdelphij unsigned long disabled_auth, 796296341Sdelphij unsigned long disabled_enc, 797296341Sdelphij unsigned long disabled_mac, 798296341Sdelphij unsigned long disabled_ssl, 799296341Sdelphij CIPHER_ORDER *co_list, 800296341Sdelphij CIPHER_ORDER **head_p, 801296341Sdelphij CIPHER_ORDER **tail_p) 802296341Sdelphij{ 803296341Sdelphij int i, co_list_num; 804296341Sdelphij const SSL_CIPHER *c; 80559191Skris 806296341Sdelphij /* 807296341Sdelphij * We have num_of_ciphers descriptions compiled in, depending on the 808296341Sdelphij * method selected (SSLv2 and/or SSLv3, TLSv1 etc). 809296341Sdelphij * These will later be sorted in a linked list with at most num 810296341Sdelphij * entries. 811296341Sdelphij */ 81259191Skris 813296341Sdelphij /* Get the initial list of ciphers */ 814296341Sdelphij co_list_num = 0; /* actual count of ciphers */ 815296341Sdelphij for (i = 0; i < num_of_ciphers; i++) { 816296341Sdelphij c = ssl_method->get_cipher(i); 817296341Sdelphij /* drop those that use any of that is not available */ 818296341Sdelphij if ((c != NULL) && c->valid && 819194206Ssimon#ifdef OPENSSL_FIPS 820296341Sdelphij (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && 821194206Ssimon#endif 822296341Sdelphij !(c->algorithm_mkey & disabled_mkey) && 823296341Sdelphij !(c->algorithm_auth & disabled_auth) && 824296341Sdelphij !(c->algorithm_enc & disabled_enc) && 825296341Sdelphij !(c->algorithm_mac & disabled_mac) && 826296341Sdelphij !(c->algorithm_ssl & disabled_ssl)) { 827296341Sdelphij co_list[co_list_num].cipher = c; 828296341Sdelphij co_list[co_list_num].next = NULL; 829296341Sdelphij co_list[co_list_num].prev = NULL; 830296341Sdelphij co_list[co_list_num].active = 0; 831296341Sdelphij co_list_num++; 832109998Smarkm#ifdef KSSL_DEBUG 833296341Sdelphij fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id, 834296341Sdelphij c->algorithm_mkey, c->algorithm_auth); 835296341Sdelphij#endif /* KSSL_DEBUG */ 836296341Sdelphij /* 837296341Sdelphij * if (!sk_push(ca_list,(char *)c)) goto err; 838296341Sdelphij */ 839296341Sdelphij } 840296341Sdelphij } 84159191Skris 842296341Sdelphij /* 843296341Sdelphij * Prepare linked list from list entries 844296341Sdelphij */ 845296341Sdelphij if (co_list_num > 0) { 846296341Sdelphij co_list[0].prev = NULL; 847238405Sjkim 848296341Sdelphij if (co_list_num > 1) { 849296341Sdelphij co_list[0].next = &co_list[1]; 850238405Sjkim 851296341Sdelphij for (i = 1; i < co_list_num - 1; i++) { 852296341Sdelphij co_list[i].prev = &co_list[i - 1]; 853296341Sdelphij co_list[i].next = &co_list[i + 1]; 854296341Sdelphij } 855238405Sjkim 856296341Sdelphij co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; 857296341Sdelphij } 85855714Skris 859296341Sdelphij co_list[co_list_num - 1].next = NULL; 860296341Sdelphij 861296341Sdelphij *head_p = &co_list[0]; 862296341Sdelphij *tail_p = &co_list[co_list_num - 1]; 863296341Sdelphij } 864296341Sdelphij} 865296341Sdelphij 866238405Sjkimstatic void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, 867296341Sdelphij int num_of_group_aliases, 868296341Sdelphij unsigned long disabled_mkey, 869296341Sdelphij unsigned long disabled_auth, 870296341Sdelphij unsigned long disabled_enc, 871296341Sdelphij unsigned long disabled_mac, 872296341Sdelphij unsigned long disabled_ssl, 873296341Sdelphij CIPHER_ORDER *head) 874296341Sdelphij{ 875296341Sdelphij CIPHER_ORDER *ciph_curr; 876296341Sdelphij const SSL_CIPHER **ca_curr; 877296341Sdelphij int i; 878296341Sdelphij unsigned long mask_mkey = ~disabled_mkey; 879296341Sdelphij unsigned long mask_auth = ~disabled_auth; 880296341Sdelphij unsigned long mask_enc = ~disabled_enc; 881296341Sdelphij unsigned long mask_mac = ~disabled_mac; 882296341Sdelphij unsigned long mask_ssl = ~disabled_ssl; 88355714Skris 884296341Sdelphij /* 885296341Sdelphij * First, add the real ciphers as already collected 886296341Sdelphij */ 887296341Sdelphij ciph_curr = head; 888296341Sdelphij ca_curr = ca_list; 889296341Sdelphij while (ciph_curr != NULL) { 890296341Sdelphij *ca_curr = ciph_curr->cipher; 891296341Sdelphij ca_curr++; 892296341Sdelphij ciph_curr = ciph_curr->next; 893296341Sdelphij } 89455714Skris 895296341Sdelphij /* 896296341Sdelphij * Now we add the available ones from the cipher_aliases[] table. 897296341Sdelphij * They represent either one or more algorithms, some of which 898296341Sdelphij * in any affected category must be supported (set in enabled_mask), 899296341Sdelphij * or represent a cipher strength value (will be added in any case because algorithms=0). 900296341Sdelphij */ 901296341Sdelphij for (i = 0; i < num_of_group_aliases; i++) { 902296341Sdelphij unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; 903296341Sdelphij unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; 904296341Sdelphij unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; 905296341Sdelphij unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; 906296341Sdelphij unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; 907238405Sjkim 908296341Sdelphij if (algorithm_mkey) 909296341Sdelphij if ((algorithm_mkey & mask_mkey) == 0) 910296341Sdelphij continue; 91155714Skris 912296341Sdelphij if (algorithm_auth) 913296341Sdelphij if ((algorithm_auth & mask_auth) == 0) 914296341Sdelphij continue; 91555714Skris 916296341Sdelphij if (algorithm_enc) 917296341Sdelphij if ((algorithm_enc & mask_enc) == 0) 918296341Sdelphij continue; 919296341Sdelphij 920296341Sdelphij if (algorithm_mac) 921296341Sdelphij if ((algorithm_mac & mask_mac) == 0) 922296341Sdelphij continue; 923296341Sdelphij 924296341Sdelphij if (algorithm_ssl) 925296341Sdelphij if ((algorithm_ssl & mask_ssl) == 0) 926296341Sdelphij continue; 927296341Sdelphij 928296341Sdelphij *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 929296341Sdelphij ca_curr++; 930296341Sdelphij } 931296341Sdelphij 932296341Sdelphij *ca_curr = NULL; /* end of list */ 933296341Sdelphij} 934296341Sdelphij 935238405Sjkimstatic void ssl_cipher_apply_rule(unsigned long cipher_id, 936296341Sdelphij unsigned long alg_mkey, 937296341Sdelphij unsigned long alg_auth, 938296341Sdelphij unsigned long alg_enc, 939296341Sdelphij unsigned long alg_mac, 940296341Sdelphij unsigned long alg_ssl, 941296341Sdelphij unsigned long algo_strength, int rule, 942296341Sdelphij int strength_bits, CIPHER_ORDER **head_p, 943296341Sdelphij CIPHER_ORDER **tail_p) 944296341Sdelphij{ 945296341Sdelphij CIPHER_ORDER *head, *tail, *curr, *next, *last; 946296341Sdelphij const SSL_CIPHER *cp; 947296341Sdelphij int reverse = 0; 94855714Skris 94959191Skris#ifdef CIPHER_DEBUG 950296341Sdelphij fprintf(stderr, 951296341Sdelphij "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", 952296341Sdelphij rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, 953296341Sdelphij algo_strength, strength_bits); 95459191Skris#endif 95559191Skris 956296341Sdelphij if (rule == CIPHER_DEL) 957296341Sdelphij reverse = 1; /* needed to maintain sorting between 958296341Sdelphij * currently deleted ciphers */ 959238405Sjkim 960296341Sdelphij head = *head_p; 961296341Sdelphij tail = *tail_p; 962238405Sjkim 963296341Sdelphij if (reverse) { 964296341Sdelphij next = tail; 965296341Sdelphij last = head; 966296341Sdelphij } else { 967296341Sdelphij next = head; 968296341Sdelphij last = tail; 969296341Sdelphij } 970238405Sjkim 971296341Sdelphij curr = NULL; 972296341Sdelphij for (;;) { 973296341Sdelphij if (curr == last) 974296341Sdelphij break; 97555714Skris 976296341Sdelphij curr = next; 977269686Sjkim 978296341Sdelphij if (curr == NULL) 979296341Sdelphij break; 980269686Sjkim 981296341Sdelphij next = reverse ? curr->prev : curr->next; 982269686Sjkim 983296341Sdelphij cp = curr->cipher; 98455714Skris 985296341Sdelphij /* 986296341Sdelphij * Selection criteria is either the value of strength_bits 987296341Sdelphij * or the algorithms used. 988296341Sdelphij */ 989296341Sdelphij if (strength_bits >= 0) { 990296341Sdelphij if (strength_bits != cp->strength_bits) 991296341Sdelphij continue; 992296341Sdelphij } else { 99359191Skris#ifdef CIPHER_DEBUG 994296341Sdelphij fprintf(stderr, 995296341Sdelphij "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", 996296341Sdelphij cp->name, cp->algorithm_mkey, cp->algorithm_auth, 997296341Sdelphij cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, 998296341Sdelphij cp->algo_strength); 99959191Skris#endif 1000296341Sdelphij if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) 1001296341Sdelphij goto ok; 1002296341Sdelphij if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) 1003296341Sdelphij goto ok; 1004296341Sdelphij if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 1005296341Sdelphij continue; 1006296341Sdelphij if (alg_auth && !(alg_auth & cp->algorithm_auth)) 1007296341Sdelphij continue; 1008296341Sdelphij if (alg_enc && !(alg_enc & cp->algorithm_enc)) 1009296341Sdelphij continue; 1010296341Sdelphij if (alg_mac && !(alg_mac & cp->algorithm_mac)) 1011296341Sdelphij continue; 1012296341Sdelphij if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 1013296341Sdelphij continue; 1014296341Sdelphij if ((algo_strength & SSL_EXP_MASK) 1015296341Sdelphij && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) 1016296341Sdelphij continue; 1017296341Sdelphij if ((algo_strength & SSL_STRONG_MASK) 1018296341Sdelphij && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 1019296341Sdelphij continue; 1020296341Sdelphij } 1021238405Sjkim 1022296341Sdelphij ok: 102359191Skris 102459191Skris#ifdef CIPHER_DEBUG 1025296341Sdelphij fprintf(stderr, "Action = %d\n", rule); 102659191Skris#endif 102759191Skris 1028296341Sdelphij /* add the cipher if it has not been added yet. */ 1029296341Sdelphij if (rule == CIPHER_ADD) { 1030296341Sdelphij /* reverse == 0 */ 1031296341Sdelphij if (!curr->active) { 1032296341Sdelphij ll_append_tail(&head, curr, &tail); 1033296341Sdelphij curr->active = 1; 1034296341Sdelphij } 1035296341Sdelphij } 1036296341Sdelphij /* Move the added cipher to this location */ 1037296341Sdelphij else if (rule == CIPHER_ORD) { 1038296341Sdelphij /* reverse == 0 */ 1039296341Sdelphij if (curr->active) { 1040296341Sdelphij ll_append_tail(&head, curr, &tail); 1041296341Sdelphij } 1042296341Sdelphij } else if (rule == CIPHER_DEL) { 1043296341Sdelphij /* reverse == 1 */ 1044296341Sdelphij if (curr->active) { 1045296341Sdelphij /* 1046296341Sdelphij * most recently deleted ciphersuites get best positions for 1047296341Sdelphij * any future CIPHER_ADD (note that the CIPHER_DEL loop works 1048296341Sdelphij * in reverse to maintain the order) 1049296341Sdelphij */ 1050296341Sdelphij ll_append_head(&head, curr, &tail); 1051296341Sdelphij curr->active = 0; 1052296341Sdelphij } 1053296341Sdelphij } else if (rule == CIPHER_KILL) { 1054296341Sdelphij /* reverse == 0 */ 1055296341Sdelphij if (head == curr) 1056296341Sdelphij head = curr->next; 1057296341Sdelphij else 1058296341Sdelphij curr->prev->next = curr->next; 1059296341Sdelphij if (tail == curr) 1060296341Sdelphij tail = curr->prev; 1061296341Sdelphij curr->active = 0; 1062296341Sdelphij if (curr->next != NULL) 1063296341Sdelphij curr->next->prev = curr->prev; 1064296341Sdelphij if (curr->prev != NULL) 1065296341Sdelphij curr->prev->next = curr->next; 1066296341Sdelphij curr->next = NULL; 1067296341Sdelphij curr->prev = NULL; 1068296341Sdelphij } 1069296341Sdelphij } 107059191Skris 1071296341Sdelphij *head_p = head; 1072296341Sdelphij *tail_p = tail; 1073296341Sdelphij} 107459191Skris 1075238405Sjkimstatic int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, 1076296341Sdelphij CIPHER_ORDER **tail_p) 1077296341Sdelphij{ 1078296341Sdelphij int max_strength_bits, i, *number_uses; 1079296341Sdelphij CIPHER_ORDER *curr; 108059191Skris 1081296341Sdelphij /* 1082296341Sdelphij * This routine sorts the ciphers with descending strength. The sorting 1083296341Sdelphij * must keep the pre-sorted sequence, so we apply the normal sorting 1084296341Sdelphij * routine as '+' movement to the end of the list. 1085296341Sdelphij */ 1086296341Sdelphij max_strength_bits = 0; 1087296341Sdelphij curr = *head_p; 1088296341Sdelphij while (curr != NULL) { 1089296341Sdelphij if (curr->active && (curr->cipher->strength_bits > max_strength_bits)) 1090296341Sdelphij max_strength_bits = curr->cipher->strength_bits; 1091296341Sdelphij curr = curr->next; 1092296341Sdelphij } 109359191Skris 1094296341Sdelphij number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 1095296341Sdelphij if (!number_uses) { 1096296341Sdelphij SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); 1097296341Sdelphij return (0); 1098296341Sdelphij } 1099296341Sdelphij memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 110059191Skris 1101296341Sdelphij /* 1102296341Sdelphij * Now find the strength_bits values actually used 1103296341Sdelphij */ 1104296341Sdelphij curr = *head_p; 1105296341Sdelphij while (curr != NULL) { 1106296341Sdelphij if (curr->active) 1107296341Sdelphij number_uses[curr->cipher->strength_bits]++; 1108296341Sdelphij curr = curr->next; 1109296341Sdelphij } 1110296341Sdelphij /* 1111296341Sdelphij * Go through the list of used strength_bits values in descending 1112296341Sdelphij * order. 1113296341Sdelphij */ 1114296341Sdelphij for (i = max_strength_bits; i >= 0; i--) 1115296341Sdelphij if (number_uses[i] > 0) 1116296341Sdelphij ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, 1117296341Sdelphij tail_p); 111859191Skris 1119296341Sdelphij OPENSSL_free(number_uses); 1120296341Sdelphij return (1); 1121296341Sdelphij} 112259191Skris 112359191Skrisstatic int ssl_cipher_process_rulestr(const char *rule_str, 1124296341Sdelphij CIPHER_ORDER **head_p, 1125296341Sdelphij CIPHER_ORDER **tail_p, 1126296341Sdelphij const SSL_CIPHER **ca_list) 1127296341Sdelphij{ 1128296341Sdelphij unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, 1129296341Sdelphij algo_strength; 1130296341Sdelphij const char *l, *buf; 1131296341Sdelphij int j, multi, found, rule, retval, ok, buflen; 1132296341Sdelphij unsigned long cipher_id = 0; 1133296341Sdelphij char ch; 113459191Skris 1135296341Sdelphij retval = 1; 1136296341Sdelphij l = rule_str; 1137296341Sdelphij for (;;) { 1138296341Sdelphij ch = *l; 113959191Skris 1140296341Sdelphij if (ch == '\0') 1141296341Sdelphij break; /* done */ 1142296341Sdelphij if (ch == '-') { 1143296341Sdelphij rule = CIPHER_DEL; 1144296341Sdelphij l++; 1145296341Sdelphij } else if (ch == '+') { 1146296341Sdelphij rule = CIPHER_ORD; 1147296341Sdelphij l++; 1148296341Sdelphij } else if (ch == '!') { 1149296341Sdelphij rule = CIPHER_KILL; 1150296341Sdelphij l++; 1151296341Sdelphij } else if (ch == '@') { 1152296341Sdelphij rule = CIPHER_SPECIAL; 1153296341Sdelphij l++; 1154296341Sdelphij } else { 1155296341Sdelphij rule = CIPHER_ADD; 1156296341Sdelphij } 115755714Skris 1158296341Sdelphij if (ITEM_SEP(ch)) { 1159296341Sdelphij l++; 1160296341Sdelphij continue; 1161296341Sdelphij } 116255714Skris 1163296341Sdelphij alg_mkey = 0; 1164296341Sdelphij alg_auth = 0; 1165296341Sdelphij alg_enc = 0; 1166296341Sdelphij alg_mac = 0; 1167296341Sdelphij alg_ssl = 0; 1168296341Sdelphij algo_strength = 0; 116959191Skris 1170296341Sdelphij for (;;) { 1171296341Sdelphij ch = *l; 1172296341Sdelphij buf = l; 1173296341Sdelphij buflen = 0; 117455714Skris#ifndef CHARSET_EBCDIC 1175296341Sdelphij while (((ch >= 'A') && (ch <= 'Z')) || 1176296341Sdelphij ((ch >= '0') && (ch <= '9')) || 1177296341Sdelphij ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) 117855714Skris#else 1179296341Sdelphij while (isalnum(ch) || (ch == '-') || (ch == '.')) 118055714Skris#endif 1181296341Sdelphij { 1182296341Sdelphij ch = *(++l); 1183296341Sdelphij buflen++; 1184296341Sdelphij } 118555714Skris 1186296341Sdelphij if (buflen == 0) { 1187296341Sdelphij /* 1188296341Sdelphij * We hit something we cannot deal with, 1189296341Sdelphij * it is no command or separator nor 1190296341Sdelphij * alphanumeric, so we call this an error. 1191296341Sdelphij */ 1192296341Sdelphij SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1193296341Sdelphij SSL_R_INVALID_COMMAND); 1194296341Sdelphij retval = found = 0; 1195296341Sdelphij l++; 1196296341Sdelphij break; 1197296341Sdelphij } 119859191Skris 1199296341Sdelphij if (rule == CIPHER_SPECIAL) { 1200296341Sdelphij found = 0; /* unused -- avoid compiler warning */ 1201296341Sdelphij break; /* special treatment */ 1202296341Sdelphij } 120359191Skris 1204296341Sdelphij /* check for multi-part specification */ 1205296341Sdelphij if (ch == '+') { 1206296341Sdelphij multi = 1; 1207296341Sdelphij l++; 1208296341Sdelphij } else 1209296341Sdelphij multi = 0; 121055714Skris 1211296341Sdelphij /* 1212296341Sdelphij * Now search for the cipher alias in the ca_list. Be careful 1213296341Sdelphij * with the strncmp, because the "buflen" limitation 1214296341Sdelphij * will make the rule "ADH:SOME" and the cipher 1215296341Sdelphij * "ADH-MY-CIPHER" look like a match for buflen=3. 1216296341Sdelphij * So additionally check whether the cipher name found 1217296341Sdelphij * has the correct length. We can save a strlen() call: 1218296341Sdelphij * just checking for the '\0' at the right place is 1219296341Sdelphij * sufficient, we have to strncmp() anyway. (We cannot 1220296341Sdelphij * use strcmp(), because buf is not '\0' terminated.) 1221296341Sdelphij */ 1222296341Sdelphij j = found = 0; 1223296341Sdelphij cipher_id = 0; 1224296341Sdelphij while (ca_list[j]) { 1225296341Sdelphij if (!strncmp(buf, ca_list[j]->name, buflen) && 1226296341Sdelphij (ca_list[j]->name[buflen] == '\0')) { 1227296341Sdelphij found = 1; 1228296341Sdelphij break; 1229296341Sdelphij } else 1230296341Sdelphij j++; 1231296341Sdelphij } 1232238405Sjkim 1233296341Sdelphij if (!found) 1234296341Sdelphij break; /* ignore this entry */ 123555714Skris 1236296341Sdelphij if (ca_list[j]->algorithm_mkey) { 1237296341Sdelphij if (alg_mkey) { 1238296341Sdelphij alg_mkey &= ca_list[j]->algorithm_mkey; 1239296341Sdelphij if (!alg_mkey) { 1240296341Sdelphij found = 0; 1241296341Sdelphij break; 1242296341Sdelphij } 1243296341Sdelphij } else 1244296341Sdelphij alg_mkey = ca_list[j]->algorithm_mkey; 1245296341Sdelphij } 124659191Skris 1247296341Sdelphij if (ca_list[j]->algorithm_auth) { 1248296341Sdelphij if (alg_auth) { 1249296341Sdelphij alg_auth &= ca_list[j]->algorithm_auth; 1250296341Sdelphij if (!alg_auth) { 1251296341Sdelphij found = 0; 1252296341Sdelphij break; 1253296341Sdelphij } 1254296341Sdelphij } else 1255296341Sdelphij alg_auth = ca_list[j]->algorithm_auth; 1256296341Sdelphij } 1257238405Sjkim 1258296341Sdelphij if (ca_list[j]->algorithm_enc) { 1259296341Sdelphij if (alg_enc) { 1260296341Sdelphij alg_enc &= ca_list[j]->algorithm_enc; 1261296341Sdelphij if (!alg_enc) { 1262296341Sdelphij found = 0; 1263296341Sdelphij break; 1264296341Sdelphij } 1265296341Sdelphij } else 1266296341Sdelphij alg_enc = ca_list[j]->algorithm_enc; 1267296341Sdelphij } 1268238405Sjkim 1269296341Sdelphij if (ca_list[j]->algorithm_mac) { 1270296341Sdelphij if (alg_mac) { 1271296341Sdelphij alg_mac &= ca_list[j]->algorithm_mac; 1272296341Sdelphij if (!alg_mac) { 1273296341Sdelphij found = 0; 1274296341Sdelphij break; 1275296341Sdelphij } 1276296341Sdelphij } else 1277296341Sdelphij alg_mac = ca_list[j]->algorithm_mac; 1278296341Sdelphij } 1279162911Ssimon 1280296341Sdelphij if (ca_list[j]->algo_strength & SSL_EXP_MASK) { 1281296341Sdelphij if (algo_strength & SSL_EXP_MASK) { 1282296341Sdelphij algo_strength &= 1283296341Sdelphij (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1284296341Sdelphij ~SSL_EXP_MASK; 1285296341Sdelphij if (!(algo_strength & SSL_EXP_MASK)) { 1286296341Sdelphij found = 0; 1287296341Sdelphij break; 1288296341Sdelphij } 1289296341Sdelphij } else 1290296341Sdelphij algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; 1291296341Sdelphij } 129259191Skris 1293296341Sdelphij if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1294296341Sdelphij if (algo_strength & SSL_STRONG_MASK) { 1295296341Sdelphij algo_strength &= 1296296341Sdelphij (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1297296341Sdelphij ~SSL_STRONG_MASK; 1298296341Sdelphij if (!(algo_strength & SSL_STRONG_MASK)) { 1299296341Sdelphij found = 0; 1300296341Sdelphij break; 1301296341Sdelphij } 1302296341Sdelphij } else 1303296341Sdelphij algo_strength |= 1304296341Sdelphij ca_list[j]->algo_strength & SSL_STRONG_MASK; 1305296341Sdelphij } 130655714Skris 1307296341Sdelphij if (ca_list[j]->valid) { 1308296341Sdelphij /* 1309296341Sdelphij * explicit ciphersuite found; its protocol version does not 1310296341Sdelphij * become part of the search pattern! 1311296341Sdelphij */ 131255714Skris 1313296341Sdelphij cipher_id = ca_list[j]->id; 1314296341Sdelphij } else { 1315296341Sdelphij /* 1316296341Sdelphij * not an explicit ciphersuite; only in this case, the 1317296341Sdelphij * protocol version is considered part of the search pattern 1318296341Sdelphij */ 131959191Skris 1320296341Sdelphij if (ca_list[j]->algorithm_ssl) { 1321296341Sdelphij if (alg_ssl) { 1322296341Sdelphij alg_ssl &= ca_list[j]->algorithm_ssl; 1323296341Sdelphij if (!alg_ssl) { 1324296341Sdelphij found = 0; 1325296341Sdelphij break; 1326296341Sdelphij } 1327296341Sdelphij } else 1328296341Sdelphij alg_ssl = ca_list[j]->algorithm_ssl; 1329296341Sdelphij } 1330296341Sdelphij } 133159191Skris 1332296341Sdelphij if (!multi) 1333296341Sdelphij break; 1334296341Sdelphij } 133559191Skris 1336296341Sdelphij /* 1337296341Sdelphij * Ok, we have the rule, now apply it 1338296341Sdelphij */ 1339296341Sdelphij if (rule == CIPHER_SPECIAL) { /* special command */ 1340296341Sdelphij ok = 0; 1341296341Sdelphij if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) 1342296341Sdelphij ok = ssl_cipher_strength_sort(head_p, tail_p); 1343296341Sdelphij else 1344296341Sdelphij SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1345296341Sdelphij SSL_R_INVALID_COMMAND); 1346296341Sdelphij if (ok == 0) 1347296341Sdelphij retval = 0; 1348296341Sdelphij /* 1349296341Sdelphij * We do not support any "multi" options 1350296341Sdelphij * together with "@", so throw away the 1351296341Sdelphij * rest of the command, if any left, until 1352296341Sdelphij * end or ':' is found. 1353296341Sdelphij */ 1354296341Sdelphij while ((*l != '\0') && !ITEM_SEP(*l)) 1355296341Sdelphij l++; 1356296341Sdelphij } else if (found) { 1357296341Sdelphij ssl_cipher_apply_rule(cipher_id, 1358296341Sdelphij alg_mkey, alg_auth, alg_enc, alg_mac, 1359296341Sdelphij alg_ssl, algo_strength, rule, -1, head_p, 1360296341Sdelphij tail_p); 1361296341Sdelphij } else { 1362296341Sdelphij while ((*l != '\0') && !ITEM_SEP(*l)) 1363296341Sdelphij l++; 1364296341Sdelphij } 1365296341Sdelphij if (*l == '\0') 1366296341Sdelphij break; /* done */ 1367296341Sdelphij } 1368296341Sdelphij 1369296341Sdelphij return (retval); 1370296341Sdelphij} 1371296341Sdelphij 1372296341SdelphijSTACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) 1373296341Sdelphij **cipher_list, STACK_OF(SSL_CIPHER) 1374296341Sdelphij **cipher_list_by_id, 1375296341Sdelphij const char *rule_str) 1376296341Sdelphij{ 1377296341Sdelphij int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1378296341Sdelphij unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, 1379296341Sdelphij disabled_ssl; 1380296341Sdelphij STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1381296341Sdelphij const char *rule_p; 1382296341Sdelphij CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 1383296341Sdelphij const SSL_CIPHER **ca_list = NULL; 1384296341Sdelphij 1385296341Sdelphij /* 1386296341Sdelphij * Return with error if nothing to do. 1387296341Sdelphij */ 1388296341Sdelphij if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 1389296341Sdelphij return NULL; 1390296341Sdelphij 1391296341Sdelphij /* 1392296341Sdelphij * To reduce the work to do we only want to process the compiled 1393296341Sdelphij * in algorithms, so we first get the mask of disabled ciphers. 1394296341Sdelphij */ 1395296341Sdelphij ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, 1396296341Sdelphij &disabled_mac, &disabled_ssl); 1397296341Sdelphij 1398296341Sdelphij /* 1399296341Sdelphij * Now we have to collect the available ciphers from the compiled 1400296341Sdelphij * in ciphers. We cannot get more than the number compiled in, so 1401296341Sdelphij * it is used for allocation. 1402296341Sdelphij */ 1403296341Sdelphij num_of_ciphers = ssl_method->num_ciphers(); 1404109998Smarkm#ifdef KSSL_DEBUG 1405296341Sdelphij fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", 1406296341Sdelphij num_of_ciphers); 1407296341Sdelphij#endif /* KSSL_DEBUG */ 1408296341Sdelphij co_list = 1409296341Sdelphij (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 1410296341Sdelphij if (co_list == NULL) { 1411296341Sdelphij SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1412296341Sdelphij return (NULL); /* Failure */ 1413296341Sdelphij } 141455714Skris 1415296341Sdelphij ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1416296341Sdelphij disabled_mkey, disabled_auth, disabled_enc, 1417296341Sdelphij disabled_mac, disabled_ssl, co_list, &head, 1418296341Sdelphij &tail); 141955714Skris 1420296341Sdelphij /* Now arrange all ciphers by preference: */ 1421238405Sjkim 1422296341Sdelphij /* 1423296341Sdelphij * Everything else being equal, prefer ephemeral ECDH over other key 1424296341Sdelphij * exchange mechanisms 1425296341Sdelphij */ 1426296341Sdelphij ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, 1427296341Sdelphij &tail); 1428296341Sdelphij ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, 1429296341Sdelphij &tail); 1430238405Sjkim 1431296341Sdelphij /* AES is our preferred symmetric cipher */ 1432296341Sdelphij ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, 1433296341Sdelphij &tail); 1434238405Sjkim 1435296341Sdelphij /* Temporarily enable everything else for sorting */ 1436296341Sdelphij ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1437238405Sjkim 1438296341Sdelphij /* Low priority for MD5 */ 1439296341Sdelphij ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, 1440296341Sdelphij &tail); 1441238405Sjkim 1442296341Sdelphij /* 1443296341Sdelphij * Move anonymous ciphers to the end. Usually, these will remain 1444296341Sdelphij * disabled. (For applications that allow them, they aren't too bad, but 1445296341Sdelphij * we prefer authenticated ciphers.) 1446296341Sdelphij */ 1447296341Sdelphij ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1448296341Sdelphij &tail); 1449238405Sjkim 1450296341Sdelphij /* Move ciphers without forward secrecy to the end */ 1451296341Sdelphij ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1452296341Sdelphij &tail); 1453296341Sdelphij /* 1454296341Sdelphij * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, 1455296341Sdelphij * &head, &tail); 1456296341Sdelphij */ 1457296341Sdelphij ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1458296341Sdelphij &tail); 1459296341Sdelphij ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1460296341Sdelphij &tail); 1461296341Sdelphij ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1462296341Sdelphij &tail); 1463238405Sjkim 1464296341Sdelphij /* RC4 is sort-of broken -- move the the end */ 1465296341Sdelphij ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, 1466296341Sdelphij &tail); 1467238405Sjkim 1468296341Sdelphij /* 1469296341Sdelphij * Now sort by symmetric encryption strength. The above ordering remains 1470296341Sdelphij * in force within each class 1471296341Sdelphij */ 1472296341Sdelphij if (!ssl_cipher_strength_sort(&head, &tail)) { 1473296341Sdelphij OPENSSL_free(co_list); 1474296341Sdelphij return NULL; 1475296341Sdelphij } 1476238405Sjkim 1477296341Sdelphij /* Now disable everything (maintaining the ordering!) */ 1478296341Sdelphij ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1479238405Sjkim 1480296341Sdelphij /* 1481296341Sdelphij * We also need cipher aliases for selecting based on the rule_str. 1482296341Sdelphij * There might be two types of entries in the rule_str: 1) names 1483296341Sdelphij * of ciphers themselves 2) aliases for groups of ciphers. 1484296341Sdelphij * For 1) we need the available ciphers and for 2) the cipher 1485296341Sdelphij * groups of cipher_aliases added together in one list (otherwise 1486296341Sdelphij * we would be happy with just the cipher_aliases table). 1487296341Sdelphij */ 1488296341Sdelphij num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1489296341Sdelphij num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1490296341Sdelphij ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1491296341Sdelphij if (ca_list == NULL) { 1492296341Sdelphij OPENSSL_free(co_list); 1493296341Sdelphij SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1494296341Sdelphij return (NULL); /* Failure */ 1495296341Sdelphij } 1496296341Sdelphij ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1497296341Sdelphij disabled_mkey, disabled_auth, disabled_enc, 1498296341Sdelphij disabled_mac, disabled_ssl, head); 1499238405Sjkim 1500296341Sdelphij /* 1501296341Sdelphij * If the rule_string begins with DEFAULT, apply the default rule 1502296341Sdelphij * before using the (possibly available) additional rules. 1503296341Sdelphij */ 1504296341Sdelphij ok = 1; 1505296341Sdelphij rule_p = rule_str; 1506296341Sdelphij if (strncmp(rule_str, "DEFAULT", 7) == 0) { 1507296341Sdelphij ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1508296341Sdelphij &head, &tail, ca_list); 1509296341Sdelphij rule_p += 7; 1510296341Sdelphij if (*rule_p == ':') 1511296341Sdelphij rule_p++; 1512296341Sdelphij } 1513238405Sjkim 1514296341Sdelphij if (ok && (strlen(rule_p) > 0)) 1515296341Sdelphij ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); 151655714Skris 1517296341Sdelphij OPENSSL_free((void *)ca_list); /* Not needed anymore */ 151855714Skris 1519296341Sdelphij if (!ok) { /* Rule processing failure */ 1520296341Sdelphij OPENSSL_free(co_list); 1521296341Sdelphij return (NULL); 1522296341Sdelphij } 152359191Skris 1524296341Sdelphij /* 1525296341Sdelphij * Allocate new "cipherstack" for the result, return with error 1526296341Sdelphij * if we cannot get one. 1527296341Sdelphij */ 1528296341Sdelphij if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { 1529296341Sdelphij OPENSSL_free(co_list); 1530296341Sdelphij return (NULL); 1531296341Sdelphij } 153259191Skris 1533296341Sdelphij /* 1534296341Sdelphij * The cipher selection for the list is done. The ciphers are added 1535296341Sdelphij * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1536296341Sdelphij */ 1537296341Sdelphij for (curr = head; curr != NULL; curr = curr->next) { 1538194206Ssimon#ifdef OPENSSL_FIPS 1539296341Sdelphij if (curr->active 1540296341Sdelphij && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) 1541194206Ssimon#else 1542296341Sdelphij if (curr->active) 1543194206Ssimon#endif 1544296341Sdelphij { 1545296341Sdelphij sk_SSL_CIPHER_push(cipherstack, curr->cipher); 154655714Skris#ifdef CIPHER_DEBUG 1547296341Sdelphij fprintf(stderr, "<%s>\n", curr->cipher->name); 154855714Skris#endif 1549296341Sdelphij } 1550296341Sdelphij } 1551296341Sdelphij OPENSSL_free(co_list); /* Not needed any longer */ 155255714Skris 1553296341Sdelphij tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 1554296341Sdelphij if (tmp_cipher_list == NULL) { 1555296341Sdelphij sk_SSL_CIPHER_free(cipherstack); 1556296341Sdelphij return NULL; 1557296341Sdelphij } 1558296341Sdelphij if (*cipher_list != NULL) 1559296341Sdelphij sk_SSL_CIPHER_free(*cipher_list); 1560296341Sdelphij *cipher_list = cipherstack; 1561296341Sdelphij if (*cipher_list_by_id != NULL) 1562296341Sdelphij sk_SSL_CIPHER_free(*cipher_list_by_id); 1563296341Sdelphij *cipher_list_by_id = tmp_cipher_list; 1564296341Sdelphij (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, 1565296341Sdelphij ssl_cipher_ptr_id_cmp); 156655714Skris 1567296341Sdelphij sk_SSL_CIPHER_sort(*cipher_list_by_id); 1568296341Sdelphij return (cipherstack); 1569296341Sdelphij} 157055714Skris 1571205128Ssimonchar *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1572296341Sdelphij{ 1573296341Sdelphij int is_export, pkl, kl; 1574296341Sdelphij const char *ver, *exp_str; 1575296341Sdelphij const char *kx, *au, *enc, *mac; 1576296341Sdelphij unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1577109998Smarkm#ifdef KSSL_DEBUG 1578296341Sdelphij static const char *format = 1579296341Sdelphij "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 1580109998Smarkm#else 1581296341Sdelphij static const char *format = 1582296341Sdelphij "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1583296341Sdelphij#endif /* KSSL_DEBUG */ 1584109998Smarkm 1585296341Sdelphij alg_mkey = cipher->algorithm_mkey; 1586296341Sdelphij alg_auth = cipher->algorithm_auth; 1587296341Sdelphij alg_enc = cipher->algorithm_enc; 1588296341Sdelphij alg_mac = cipher->algorithm_mac; 1589296341Sdelphij alg_ssl = cipher->algorithm_ssl; 1590238405Sjkim 1591296341Sdelphij alg2 = cipher->algorithm2; 159255714Skris 1593296341Sdelphij is_export = SSL_C_IS_EXPORT(cipher); 1594296341Sdelphij pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); 1595296341Sdelphij kl = SSL_C_EXPORT_KEYLENGTH(cipher); 1596296341Sdelphij exp_str = is_export ? " export" : ""; 159755714Skris 1598296341Sdelphij if (alg_ssl & SSL_SSLV2) 1599296341Sdelphij ver = "SSLv2"; 1600296341Sdelphij else if (alg_ssl & SSL_SSLV3) 1601296341Sdelphij ver = "SSLv3"; 1602296341Sdelphij else if (alg_ssl & SSL_TLSV1_2) 1603296341Sdelphij ver = "TLSv1.2"; 1604296341Sdelphij else 1605296341Sdelphij ver = "unknown"; 160655714Skris 1607296341Sdelphij switch (alg_mkey) { 1608296341Sdelphij case SSL_kRSA: 1609296341Sdelphij kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA"; 1610296341Sdelphij break; 1611296341Sdelphij case SSL_kDHr: 1612296341Sdelphij kx = "DH/RSA"; 1613296341Sdelphij break; 1614296341Sdelphij case SSL_kDHd: 1615296341Sdelphij kx = "DH/DSS"; 1616296341Sdelphij break; 1617296341Sdelphij case SSL_kKRB5: 1618296341Sdelphij kx = "KRB5"; 1619296341Sdelphij break; 1620296341Sdelphij case SSL_kEDH: 1621296341Sdelphij kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; 1622296341Sdelphij break; 1623296341Sdelphij case SSL_kECDHr: 1624296341Sdelphij kx = "ECDH/RSA"; 1625296341Sdelphij break; 1626296341Sdelphij case SSL_kECDHe: 1627296341Sdelphij kx = "ECDH/ECDSA"; 1628296341Sdelphij break; 1629296341Sdelphij case SSL_kEECDH: 1630296341Sdelphij kx = "ECDH"; 1631296341Sdelphij break; 1632296341Sdelphij case SSL_kPSK: 1633296341Sdelphij kx = "PSK"; 1634296341Sdelphij break; 1635296341Sdelphij case SSL_kSRP: 1636296341Sdelphij kx = "SRP"; 1637296341Sdelphij break; 1638296341Sdelphij case SSL_kGOST: 1639296341Sdelphij kx = "GOST"; 1640296341Sdelphij break; 1641296341Sdelphij default: 1642296341Sdelphij kx = "unknown"; 1643296341Sdelphij } 164455714Skris 1645296341Sdelphij switch (alg_auth) { 1646296341Sdelphij case SSL_aRSA: 1647296341Sdelphij au = "RSA"; 1648296341Sdelphij break; 1649296341Sdelphij case SSL_aDSS: 1650296341Sdelphij au = "DSS"; 1651296341Sdelphij break; 1652296341Sdelphij case SSL_aDH: 1653296341Sdelphij au = "DH"; 1654296341Sdelphij break; 1655296341Sdelphij case SSL_aKRB5: 1656296341Sdelphij au = "KRB5"; 1657296341Sdelphij break; 1658296341Sdelphij case SSL_aECDH: 1659296341Sdelphij au = "ECDH"; 1660296341Sdelphij break; 1661296341Sdelphij case SSL_aNULL: 1662296341Sdelphij au = "None"; 1663296341Sdelphij break; 1664296341Sdelphij case SSL_aECDSA: 1665296341Sdelphij au = "ECDSA"; 1666296341Sdelphij break; 1667296341Sdelphij case SSL_aPSK: 1668296341Sdelphij au = "PSK"; 1669296341Sdelphij break; 1670296341Sdelphij case SSL_aSRP: 1671296341Sdelphij au = "SRP"; 1672296341Sdelphij break; 1673296341Sdelphij case SSL_aGOST94: 1674296341Sdelphij au = "GOST94"; 1675296341Sdelphij break; 1676296341Sdelphij case SSL_aGOST01: 1677296341Sdelphij au = "GOST01"; 1678296341Sdelphij break; 1679296341Sdelphij default: 1680296341Sdelphij au = "unknown"; 1681296341Sdelphij break; 1682296341Sdelphij } 168355714Skris 1684296341Sdelphij switch (alg_enc) { 1685296341Sdelphij case SSL_DES: 1686296341Sdelphij enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)"; 1687296341Sdelphij break; 1688296341Sdelphij case SSL_3DES: 1689296341Sdelphij enc = "3DES(168)"; 1690296341Sdelphij break; 1691296341Sdelphij case SSL_RC4: 1692296341Sdelphij enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)") 1693296341Sdelphij : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)"); 1694296341Sdelphij break; 1695296341Sdelphij case SSL_RC2: 1696296341Sdelphij enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)"; 1697296341Sdelphij break; 1698296341Sdelphij case SSL_IDEA: 1699296341Sdelphij enc = "IDEA(128)"; 1700296341Sdelphij break; 1701296341Sdelphij case SSL_eNULL: 1702296341Sdelphij enc = "None"; 1703296341Sdelphij break; 1704296341Sdelphij case SSL_AES128: 1705296341Sdelphij enc = "AES(128)"; 1706296341Sdelphij break; 1707296341Sdelphij case SSL_AES256: 1708296341Sdelphij enc = "AES(256)"; 1709296341Sdelphij break; 1710296341Sdelphij case SSL_AES128GCM: 1711296341Sdelphij enc = "AESGCM(128)"; 1712296341Sdelphij break; 1713296341Sdelphij case SSL_AES256GCM: 1714296341Sdelphij enc = "AESGCM(256)"; 1715296341Sdelphij break; 1716296341Sdelphij case SSL_CAMELLIA128: 1717296341Sdelphij enc = "Camellia(128)"; 1718296341Sdelphij break; 1719296341Sdelphij case SSL_CAMELLIA256: 1720296341Sdelphij enc = "Camellia(256)"; 1721296341Sdelphij break; 1722296341Sdelphij case SSL_SEED: 1723296341Sdelphij enc = "SEED(128)"; 1724296341Sdelphij break; 1725296341Sdelphij case SSL_eGOST2814789CNT: 1726296341Sdelphij enc = "GOST89(256)"; 1727296341Sdelphij break; 1728296341Sdelphij default: 1729296341Sdelphij enc = "unknown"; 1730296341Sdelphij break; 1731296341Sdelphij } 173255714Skris 1733296341Sdelphij switch (alg_mac) { 1734296341Sdelphij case SSL_MD5: 1735296341Sdelphij mac = "MD5"; 1736296341Sdelphij break; 1737296341Sdelphij case SSL_SHA1: 1738296341Sdelphij mac = "SHA1"; 1739296341Sdelphij break; 1740296341Sdelphij case SSL_SHA256: 1741296341Sdelphij mac = "SHA256"; 1742296341Sdelphij break; 1743296341Sdelphij case SSL_SHA384: 1744296341Sdelphij mac = "SHA384"; 1745296341Sdelphij break; 1746296341Sdelphij case SSL_AEAD: 1747296341Sdelphij mac = "AEAD"; 1748296341Sdelphij break; 1749296341Sdelphij case SSL_GOST89MAC: 1750296341Sdelphij mac = "GOST89"; 1751296341Sdelphij break; 1752296341Sdelphij case SSL_GOST94: 1753296341Sdelphij mac = "GOST94"; 1754296341Sdelphij break; 1755296341Sdelphij default: 1756296341Sdelphij mac = "unknown"; 1757296341Sdelphij break; 1758296341Sdelphij } 175955714Skris 1760296341Sdelphij if (buf == NULL) { 1761296341Sdelphij len = 128; 1762296341Sdelphij buf = OPENSSL_malloc(len); 1763296341Sdelphij if (buf == NULL) 1764296341Sdelphij return ("OPENSSL_malloc Error"); 1765296341Sdelphij } else if (len < 128) 1766296341Sdelphij return ("Buffer too small"); 1767296341Sdelphij 1768109998Smarkm#ifdef KSSL_DEBUG 1769296341Sdelphij BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, 1770296341Sdelphij exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); 1771109998Smarkm#else 1772296341Sdelphij BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, 1773296341Sdelphij exp_str); 1774296341Sdelphij#endif /* KSSL_DEBUG */ 1775296341Sdelphij return (buf); 1776296341Sdelphij} 177755714Skris 1778160814Ssimonchar *SSL_CIPHER_get_version(const SSL_CIPHER *c) 1779296341Sdelphij{ 1780296341Sdelphij int i; 178155714Skris 1782296341Sdelphij if (c == NULL) 1783296341Sdelphij return ("(NONE)"); 1784296341Sdelphij i = (int)(c->id >> 24L); 1785296341Sdelphij if (i == 3) 1786296341Sdelphij return ("TLSv1/SSLv3"); 1787296341Sdelphij else if (i == 2) 1788296341Sdelphij return ("SSLv2"); 1789296341Sdelphij else 1790296341Sdelphij return ("unknown"); 1791296341Sdelphij} 179255714Skris 179355714Skris/* return the actual cipher being used */ 1794160814Ssimonconst char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 1795296341Sdelphij{ 1796296341Sdelphij if (c != NULL) 1797296341Sdelphij return (c->name); 1798296341Sdelphij return ("(NONE)"); 1799296341Sdelphij} 180055714Skris 180159191Skris/* number of bits for symmetric cipher */ 1802160814Ssimonint SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 1803296341Sdelphij{ 1804296341Sdelphij int ret = 0; 180555714Skris 1806296341Sdelphij if (c != NULL) { 1807296341Sdelphij if (alg_bits != NULL) 1808296341Sdelphij *alg_bits = c->alg_bits; 1809296341Sdelphij ret = c->strength_bits; 1810296341Sdelphij } 1811296341Sdelphij return (ret); 1812296341Sdelphij} 181355714Skris 1814238405Sjkimunsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) 1815296341Sdelphij{ 1816296341Sdelphij return c->id; 1817296341Sdelphij} 1818238405Sjkim 181955714SkrisSSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 1820296341Sdelphij{ 1821296341Sdelphij SSL_COMP *ctmp; 1822296341Sdelphij int i, nn; 182355714Skris 1824296341Sdelphij if ((n == 0) || (sk == NULL)) 1825296341Sdelphij return (NULL); 1826296341Sdelphij nn = sk_SSL_COMP_num(sk); 1827296341Sdelphij for (i = 0; i < nn; i++) { 1828296341Sdelphij ctmp = sk_SSL_COMP_value(sk, i); 1829296341Sdelphij if (ctmp->id == n) 1830296341Sdelphij return (ctmp); 1831296341Sdelphij } 1832296341Sdelphij return (NULL); 1833296341Sdelphij} 183455714Skris 1835160814Ssimon#ifdef OPENSSL_NO_COMP 1836160814Ssimonvoid *SSL_COMP_get_compression_methods(void) 1837296341Sdelphij{ 1838296341Sdelphij return NULL; 1839296341Sdelphij} 1840296341Sdelphij 1841160814Ssimonint SSL_COMP_add_compression_method(int id, void *cm) 1842296341Sdelphij{ 1843296341Sdelphij return 1; 1844296341Sdelphij} 184555714Skris 1846160814Ssimonconst char *SSL_COMP_get_name(const void *comp) 1847296341Sdelphij{ 1848296341Sdelphij return NULL; 1849296341Sdelphij} 1850160814Ssimon#else 185155714SkrisSTACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 1852296341Sdelphij{ 1853296341Sdelphij load_builtin_compressions(); 1854296341Sdelphij return (ssl_comp_methods); 1855296341Sdelphij} 185655714Skris 185755714Skrisint SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 1858296341Sdelphij{ 1859296341Sdelphij SSL_COMP *comp; 186055714Skris 1861296341Sdelphij if (cm == NULL || cm->type == NID_undef) 1862296341Sdelphij return 1; 1863109998Smarkm 1864296341Sdelphij /*- 1865296341Sdelphij * According to draft-ietf-tls-compression-04.txt, the 1866296341Sdelphij * compression number ranges should be the following: 1867296341Sdelphij * 1868296341Sdelphij * 0 to 63: methods defined by the IETF 1869296341Sdelphij * 64 to 192: external party methods assigned by IANA 1870296341Sdelphij * 193 to 255: reserved for private use 1871296341Sdelphij */ 1872296341Sdelphij if (id < 193 || id > 255) { 1873296341Sdelphij SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 1874296341Sdelphij SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); 1875296341Sdelphij return 0; 1876296341Sdelphij } 1877160814Ssimon 1878296341Sdelphij MemCheck_off(); 1879296341Sdelphij comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 1880296341Sdelphij comp->id = id; 1881296341Sdelphij comp->method = cm; 1882296341Sdelphij load_builtin_compressions(); 1883296341Sdelphij if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { 1884296341Sdelphij OPENSSL_free(comp); 1885296341Sdelphij MemCheck_on(); 1886296341Sdelphij SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 1887296341Sdelphij SSL_R_DUPLICATE_COMPRESSION_ID); 1888296341Sdelphij return (1); 1889296341Sdelphij } else if ((ssl_comp_methods == NULL) 1890296341Sdelphij || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { 1891296341Sdelphij OPENSSL_free(comp); 1892296341Sdelphij MemCheck_on(); 1893296341Sdelphij SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); 1894296341Sdelphij return (1); 1895296341Sdelphij } else { 1896296341Sdelphij MemCheck_on(); 1897296341Sdelphij return (0); 1898296341Sdelphij } 1899296341Sdelphij} 1900160814Ssimon 1901160814Ssimonconst char *SSL_COMP_get_name(const COMP_METHOD *comp) 1902296341Sdelphij{ 1903296341Sdelphij if (comp) 1904296341Sdelphij return comp->name; 1905296341Sdelphij return NULL; 1906296341Sdelphij} 1907160814Ssimon 1908160814Ssimon#endif 1909