155714Skris/* ssl/ssl_ciph.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280304Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280304Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280304Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280304Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280304Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 58160814Ssimon/* ==================================================================== 59238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60162911Ssimon * 61162911Ssimon * Redistribution and use in source and binary forms, with or without 62162911Ssimon * modification, are permitted provided that the following conditions 63162911Ssimon * are met: 64162911Ssimon * 65162911Ssimon * 1. Redistributions of source code must retain the above copyright 66280304Sjkim * notice, this list of conditions and the following disclaimer. 67162911Ssimon * 68162911Ssimon * 2. Redistributions in binary form must reproduce the above copyright 69162911Ssimon * notice, this list of conditions and the following disclaimer in 70162911Ssimon * the documentation and/or other materials provided with the 71162911Ssimon * distribution. 72162911Ssimon * 73162911Ssimon * 3. All advertising materials mentioning features or use of this 74162911Ssimon * software must display the following acknowledgment: 75162911Ssimon * "This product includes software developed by the OpenSSL Project 76162911Ssimon * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77162911Ssimon * 78162911Ssimon * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79162911Ssimon * endorse or promote products derived from this software without 80162911Ssimon * prior written permission. For written permission, please contact 81162911Ssimon * openssl-core@openssl.org. 82162911Ssimon * 83162911Ssimon * 5. Products derived from this software may not be called "OpenSSL" 84162911Ssimon * nor may "OpenSSL" appear in their names without prior written 85162911Ssimon * permission of the OpenSSL Project. 86162911Ssimon * 87162911Ssimon * 6. Redistributions of any form whatsoever must retain the following 88162911Ssimon * acknowledgment: 89162911Ssimon * "This product includes software developed by the OpenSSL Project 90162911Ssimon * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91162911Ssimon * 92162911Ssimon * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93162911Ssimon * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94162911Ssimon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95162911Ssimon * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96162911Ssimon * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97162911Ssimon * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98162911Ssimon * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99162911Ssimon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100162911Ssimon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101162911Ssimon * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102162911Ssimon * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103162911Ssimon * OF THE POSSIBILITY OF SUCH DAMAGE. 104162911Ssimon * ==================================================================== 105162911Ssimon * 106162911Ssimon * This product includes cryptographic software written by Eric Young 107162911Ssimon * (eay@cryptsoft.com). This product includes software written by Tim 108162911Ssimon * Hudson (tjh@cryptsoft.com). 109162911Ssimon * 110162911Ssimon */ 111162911Ssimon/* ==================================================================== 112160814Ssimon * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113280304Sjkim * ECC cipher suite support in OpenSSL originally developed by 114160814Ssimon * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115160814Ssimon */ 116238405Sjkim/* ==================================================================== 117238405Sjkim * Copyright 2005 Nokia. All rights reserved. 118238405Sjkim * 119238405Sjkim * The portions of the attached software ("Contribution") is developed by 120238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121238405Sjkim * license. 122238405Sjkim * 123238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125238405Sjkim * support (see RFC 4279) to OpenSSL. 126238405Sjkim * 127238405Sjkim * No patent licenses or other rights except those expressly stated in 128238405Sjkim * the OpenSSL open source license shall be deemed granted or received 129238405Sjkim * expressly, by implication, estoppel, or otherwise. 130238405Sjkim * 131238405Sjkim * No assurances are provided by Nokia that the Contribution does not 132238405Sjkim * infringe the patent or other intellectual property rights of any third 133238405Sjkim * party or that the license provides you with all the necessary rights 134238405Sjkim * to make use of the Contribution. 135238405Sjkim * 136238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140238405Sjkim * OTHERWISE. 141238405Sjkim */ 142238405Sjkim 14355714Skris#include <stdio.h> 14455714Skris#include <openssl/objects.h> 145194206Ssimon#ifndef OPENSSL_NO_COMP 146280304Sjkim# include <openssl/comp.h> 147194206Ssimon#endif 148238405Sjkim#ifndef OPENSSL_NO_ENGINE 149280304Sjkim# include <openssl/engine.h> 150238405Sjkim#endif 15155714Skris#include "ssl_locl.h" 15255714Skris 153280304Sjkim#define SSL_ENC_DES_IDX 0 154280304Sjkim#define SSL_ENC_3DES_IDX 1 155280304Sjkim#define SSL_ENC_RC4_IDX 2 156280304Sjkim#define SSL_ENC_RC2_IDX 3 157280304Sjkim#define SSL_ENC_IDEA_IDX 4 158280304Sjkim#define SSL_ENC_NULL_IDX 5 159280304Sjkim#define SSL_ENC_AES128_IDX 6 160280304Sjkim#define SSL_ENC_AES256_IDX 7 161280304Sjkim#define SSL_ENC_CAMELLIA128_IDX 8 162280304Sjkim#define SSL_ENC_CAMELLIA256_IDX 9 163280304Sjkim#define SSL_ENC_GOST89_IDX 10 164280304Sjkim#define SSL_ENC_SEED_IDX 11 165280304Sjkim#define SSL_ENC_AES128GCM_IDX 12 166280304Sjkim#define SSL_ENC_AES256GCM_IDX 13 167280304Sjkim#define SSL_ENC_NUM_IDX 14 16855714Skris 169280304Sjkimstatic const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { 170280304Sjkim NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 171280304Sjkim NULL, NULL 172280304Sjkim}; 173162911Ssimon 174280304Sjkim#define SSL_COMP_NULL_IDX 0 175280304Sjkim#define SSL_COMP_ZLIB_IDX 1 176280304Sjkim#define SSL_COMP_NUM_IDX 2 17755714Skris 178280304Sjkimstatic STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 179160814Ssimon 180280304Sjkim#define SSL_MD_MD5_IDX 0 181280304Sjkim#define SSL_MD_SHA1_IDX 1 182238405Sjkim#define SSL_MD_GOST94_IDX 2 183238405Sjkim#define SSL_MD_GOST89MAC_IDX 3 184238405Sjkim#define SSL_MD_SHA256_IDX 4 185238405Sjkim#define SSL_MD_SHA384_IDX 5 186280304Sjkim/* 187280304Sjkim * Constant SSL_MAX_DIGEST equal to size of digests array should be defined 188280304Sjkim * in the ssl_locl.h 189238405Sjkim */ 190280304Sjkim#define SSL_MD_NUM_IDX SSL_MAX_DIGEST 191280304Sjkimstatic const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { 192280304Sjkim NULL, NULL, NULL, NULL, NULL, NULL 193280304Sjkim}; 19455714Skris 195280304Sjkim/* 196280304Sjkim * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation 197280304Sjkim * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is 198280304Sjkim * found 199280304Sjkim */ 200280304Sjkimstatic int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { 201280304Sjkim EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, 202280304Sjkim EVP_PKEY_HMAC, EVP_PKEY_HMAC 203280304Sjkim}; 204238405Sjkim 205280304Sjkimstatic int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { 206280304Sjkim 0, 0, 0, 0, 0, 0 207280304Sjkim}; 208238405Sjkim 209280304Sjkimstatic int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { 210280304Sjkim SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, 211280304Sjkim SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, 212280304Sjkim SSL_HANDSHAKE_MAC_SHA384 213280304Sjkim}; 21455714Skris 215280304Sjkim#define CIPHER_ADD 1 216280304Sjkim#define CIPHER_KILL 2 217280304Sjkim#define CIPHER_DEL 3 218280304Sjkim#define CIPHER_ORD 4 219280304Sjkim#define CIPHER_SPECIAL 5 22055714Skris 221280304Sjkimtypedef struct cipher_order_st { 222280304Sjkim const SSL_CIPHER *cipher; 223280304Sjkim int active; 224280304Sjkim int dead; 225280304Sjkim struct cipher_order_st *next, *prev; 226280304Sjkim} CIPHER_ORDER; 22755714Skris 228280304Sjkimstatic const SSL_CIPHER cipher_aliases[] = { 229280304Sjkim /* "ALL" doesn't include eNULL (must be specifically enabled) */ 230280304Sjkim {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0}, 231280304Sjkim /* "COMPLEMENTOFALL" */ 232280304Sjkim {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 23355714Skris 234280304Sjkim /* 235280304Sjkim * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in 236280304Sjkim * ALL!) 237280304Sjkim */ 238280304Sjkim {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, 239280304Sjkim SSL_EXP_MASK, 0, 0, 0}, 24055714Skris 241280304Sjkim /* 242280304Sjkim * key exchange aliases (some of those using only a single bit here 243280304Sjkim * combine multiple key exchange algs according to the RFCs, e.g. kEDH 244280304Sjkim * combines DHE_DSS and DHE_RSA) 245280304Sjkim */ 246280304Sjkim {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, 24755714Skris 248280304Sjkim /* no such ciphersuites supported! */ 249280304Sjkim {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 250280304Sjkim /* no such ciphersuites supported! */ 251280304Sjkim {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, 252280304Sjkim /* no such ciphersuites supported! */ 253280304Sjkim {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, 254280304Sjkim {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, 255280304Sjkim {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 256280304Sjkim 0}, 25759191Skris 258280304Sjkim {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, 259238405Sjkim 260280304Sjkim {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 261280304Sjkim {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 262280304Sjkim {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 263280304Sjkim {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 264280304Sjkim {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0, 265280304Sjkim 0, 0, 0}, 266238405Sjkim 267280304Sjkim {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, 268280304Sjkim {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 269280304Sjkim {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, 270238405Sjkim 271280304Sjkim /* server authentication aliases */ 272280304Sjkim {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 273280304Sjkim {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 274280304Sjkim {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 275280304Sjkim {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 276280304Sjkim {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 277280304Sjkim /* no such ciphersuites supported! */ 278280304Sjkim {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, 279280304Sjkim {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 280280304Sjkim {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 281280304Sjkim {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 282280304Sjkim {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 283280304Sjkim {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 284280304Sjkim {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 285280304Sjkim {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 286280304Sjkim {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0}, 287238405Sjkim 288280304Sjkim /* aliases combining key exchange and server authentication */ 289280304Sjkim {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 290280304Sjkim {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 291280304Sjkim {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 292280304Sjkim {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 293280304Sjkim {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 294280304Sjkim {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 295280304Sjkim {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 296280304Sjkim {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 297280304Sjkim {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 298238405Sjkim 299280304Sjkim /* symmetric encryption aliases */ 300280304Sjkim {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 301280304Sjkim {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 302280304Sjkim {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 303280304Sjkim {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 304280304Sjkim {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 305280304Sjkim {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 306280304Sjkim {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 307280304Sjkim {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0, 308280304Sjkim 0}, 309280304Sjkim {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0, 310280304Sjkim 0}, 311280304Sjkim {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 312280304Sjkim {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0, 313280304Sjkim 0, 0}, 314280304Sjkim {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 315280304Sjkim {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 316280304Sjkim {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0, 317280304Sjkim 0, 0, 0}, 318238405Sjkim 319280304Sjkim /* MAC aliases */ 320280304Sjkim {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 321280304Sjkim {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 322280304Sjkim {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 323280304Sjkim {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 324280304Sjkim {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 325280304Sjkim {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 326280304Sjkim {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 327238405Sjkim 328280304Sjkim /* protocol version aliases */ 329280304Sjkim {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 330280304Sjkim {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 331280304Sjkim {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 332280304Sjkim {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 333238405Sjkim 334280304Sjkim /* export flag */ 335280304Sjkim {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 336280304Sjkim {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 337238405Sjkim 338280304Sjkim /* strength classes */ 339280304Sjkim {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 340280304Sjkim {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 341280304Sjkim {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 342280304Sjkim {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 343280304Sjkim {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 344280304Sjkim /* FIPS 140-2 approved ciphersuite */ 345280304Sjkim {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 346280304Sjkim}; 347280304Sjkim 348280304Sjkim/* 349280304Sjkim * Search for public key algorithm with given name and return its pkey_id if 350280304Sjkim * it is available. Otherwise return 0 351238405Sjkim */ 352238405Sjkim#ifdef OPENSSL_NO_ENGINE 35355714Skris 354238405Sjkimstatic int get_optional_pkey_id(const char *pkey_name) 355280304Sjkim{ 356280304Sjkim const EVP_PKEY_ASN1_METHOD *ameth; 357280304Sjkim int pkey_id = 0; 358280304Sjkim ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); 359280304Sjkim if (ameth) { 360280304Sjkim EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 361280304Sjkim } 362280304Sjkim return pkey_id; 363280304Sjkim} 364238405Sjkim 365238405Sjkim#else 366238405Sjkim 367238405Sjkimstatic int get_optional_pkey_id(const char *pkey_name) 368280304Sjkim{ 369280304Sjkim const EVP_PKEY_ASN1_METHOD *ameth; 370280304Sjkim ENGINE *tmpeng = NULL; 371280304Sjkim int pkey_id = 0; 372280304Sjkim ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); 373280304Sjkim if (ameth) { 374280304Sjkim EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 375280304Sjkim } 376280304Sjkim if (tmpeng) 377280304Sjkim ENGINE_finish(tmpeng); 378280304Sjkim return pkey_id; 379280304Sjkim} 380238405Sjkim 381238405Sjkim#endif 382238405Sjkim 383160814Ssimonvoid ssl_load_ciphers(void) 384280304Sjkim{ 385280304Sjkim ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc); 386280304Sjkim ssl_cipher_methods[SSL_ENC_3DES_IDX] = 387280304Sjkim EVP_get_cipherbyname(SN_des_ede3_cbc); 388280304Sjkim ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4); 389280304Sjkim ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc); 390127128Snectar#ifndef OPENSSL_NO_IDEA 391280304Sjkim ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc); 392127128Snectar#else 393280304Sjkim ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; 394127128Snectar#endif 395280304Sjkim ssl_cipher_methods[SSL_ENC_AES128_IDX] = 396280304Sjkim EVP_get_cipherbyname(SN_aes_128_cbc); 397280304Sjkim ssl_cipher_methods[SSL_ENC_AES256_IDX] = 398280304Sjkim EVP_get_cipherbyname(SN_aes_256_cbc); 399280304Sjkim ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] = 400280304Sjkim EVP_get_cipherbyname(SN_camellia_128_cbc); 401280304Sjkim ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] = 402280304Sjkim EVP_get_cipherbyname(SN_camellia_256_cbc); 403280304Sjkim ssl_cipher_methods[SSL_ENC_GOST89_IDX] = 404280304Sjkim EVP_get_cipherbyname(SN_gost89_cnt); 405280304Sjkim ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc); 40655714Skris 407280304Sjkim ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = 408280304Sjkim EVP_get_cipherbyname(SN_aes_128_gcm); 409280304Sjkim ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = 410280304Sjkim EVP_get_cipherbyname(SN_aes_256_gcm); 411238405Sjkim 412280304Sjkim ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5); 413280304Sjkim ssl_mac_secret_size[SSL_MD_MD5_IDX] = 414280304Sjkim EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); 415280304Sjkim OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); 416280304Sjkim ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1); 417280304Sjkim ssl_mac_secret_size[SSL_MD_SHA1_IDX] = 418280304Sjkim EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); 419280304Sjkim OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); 420280304Sjkim ssl_digest_methods[SSL_MD_GOST94_IDX] = 421280304Sjkim EVP_get_digestbyname(SN_id_GostR3411_94); 422280304Sjkim if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { 423280304Sjkim ssl_mac_secret_size[SSL_MD_GOST94_IDX] = 424280304Sjkim EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); 425280304Sjkim OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); 426280304Sjkim } 427280304Sjkim ssl_digest_methods[SSL_MD_GOST89MAC_IDX] = 428280304Sjkim EVP_get_digestbyname(SN_id_Gost28147_89_MAC); 429280304Sjkim ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); 430280304Sjkim if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { 431280304Sjkim ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; 432280304Sjkim } 433238405Sjkim 434280304Sjkim ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256); 435280304Sjkim ssl_mac_secret_size[SSL_MD_SHA256_IDX] = 436280304Sjkim EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); 437280304Sjkim ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384); 438280304Sjkim ssl_mac_secret_size[SSL_MD_SHA384_IDX] = 439280304Sjkim EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 440280304Sjkim} 441280304Sjkim 442160814Ssimon#ifndef OPENSSL_NO_COMP 443160814Ssimon 444280304Sjkimstatic int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) 445280304Sjkim{ 446280304Sjkim return ((*a)->id - (*b)->id); 447280304Sjkim} 448160814Ssimon 449160814Ssimonstatic void load_builtin_compressions(void) 450280304Sjkim{ 451280304Sjkim int got_write_lock = 0; 452160814Ssimon 453280304Sjkim CRYPTO_r_lock(CRYPTO_LOCK_SSL); 454280304Sjkim if (ssl_comp_methods == NULL) { 455280304Sjkim CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 456280304Sjkim CRYPTO_w_lock(CRYPTO_LOCK_SSL); 457280304Sjkim got_write_lock = 1; 458160814Ssimon 459280304Sjkim if (ssl_comp_methods == NULL) { 460280304Sjkim SSL_COMP *comp = NULL; 461280304Sjkim 462280304Sjkim MemCheck_off(); 463280304Sjkim ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); 464280304Sjkim if (ssl_comp_methods != NULL) { 465280304Sjkim comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 466280304Sjkim if (comp != NULL) { 467280304Sjkim comp->method = COMP_zlib(); 468280304Sjkim if (comp->method && comp->method->type == NID_undef) 469280304Sjkim OPENSSL_free(comp); 470280304Sjkim else { 471280304Sjkim comp->id = SSL_COMP_ZLIB_IDX; 472280304Sjkim comp->name = comp->method->name; 473280304Sjkim sk_SSL_COMP_push(ssl_comp_methods, comp); 474280304Sjkim } 475280304Sjkim } 476280304Sjkim sk_SSL_COMP_sort(ssl_comp_methods); 477280304Sjkim } 478280304Sjkim MemCheck_on(); 479280304Sjkim } 480280304Sjkim } 481280304Sjkim 482280304Sjkim if (got_write_lock) 483280304Sjkim CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 484280304Sjkim else 485280304Sjkim CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 486280304Sjkim} 487160814Ssimon#endif 488160814Ssimon 489160814Ssimonint ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 490280304Sjkim const EVP_MD **md, int *mac_pkey_type, 491280304Sjkim int *mac_secret_size, SSL_COMP **comp) 492280304Sjkim{ 493280304Sjkim int i; 494280304Sjkim const SSL_CIPHER *c; 49555714Skris 496280304Sjkim c = s->cipher; 497280304Sjkim if (c == NULL) 498280304Sjkim return (0); 499280304Sjkim if (comp != NULL) { 500280304Sjkim SSL_COMP ctmp; 501160814Ssimon#ifndef OPENSSL_NO_COMP 502280304Sjkim load_builtin_compressions(); 503160814Ssimon#endif 50455714Skris 505280304Sjkim *comp = NULL; 506280304Sjkim ctmp.id = s->compress_meth; 507280304Sjkim if (ssl_comp_methods != NULL) { 508280304Sjkim i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); 509280304Sjkim if (i >= 0) 510280304Sjkim *comp = sk_SSL_COMP_value(ssl_comp_methods, i); 511280304Sjkim else 512280304Sjkim *comp = NULL; 513280304Sjkim } 514280304Sjkim } 51555714Skris 516280304Sjkim if ((enc == NULL) || (md == NULL)) 517280304Sjkim return (0); 51855714Skris 519280304Sjkim switch (c->algorithm_enc) { 520280304Sjkim case SSL_DES: 521280304Sjkim i = SSL_ENC_DES_IDX; 522280304Sjkim break; 523280304Sjkim case SSL_3DES: 524280304Sjkim i = SSL_ENC_3DES_IDX; 525280304Sjkim break; 526280304Sjkim case SSL_RC4: 527280304Sjkim i = SSL_ENC_RC4_IDX; 528280304Sjkim break; 529280304Sjkim case SSL_RC2: 530280304Sjkim i = SSL_ENC_RC2_IDX; 531280304Sjkim break; 532280304Sjkim case SSL_IDEA: 533280304Sjkim i = SSL_ENC_IDEA_IDX; 534280304Sjkim break; 535280304Sjkim case SSL_eNULL: 536280304Sjkim i = SSL_ENC_NULL_IDX; 537280304Sjkim break; 538280304Sjkim case SSL_AES128: 539280304Sjkim i = SSL_ENC_AES128_IDX; 540280304Sjkim break; 541280304Sjkim case SSL_AES256: 542280304Sjkim i = SSL_ENC_AES256_IDX; 543280304Sjkim break; 544280304Sjkim case SSL_CAMELLIA128: 545280304Sjkim i = SSL_ENC_CAMELLIA128_IDX; 546280304Sjkim break; 547280304Sjkim case SSL_CAMELLIA256: 548280304Sjkim i = SSL_ENC_CAMELLIA256_IDX; 549280304Sjkim break; 550280304Sjkim case SSL_eGOST2814789CNT: 551280304Sjkim i = SSL_ENC_GOST89_IDX; 552280304Sjkim break; 553280304Sjkim case SSL_SEED: 554280304Sjkim i = SSL_ENC_SEED_IDX; 555280304Sjkim break; 556280304Sjkim case SSL_AES128GCM: 557280304Sjkim i = SSL_ENC_AES128GCM_IDX; 558280304Sjkim break; 559280304Sjkim case SSL_AES256GCM: 560280304Sjkim i = SSL_ENC_AES256GCM_IDX; 561280304Sjkim break; 562280304Sjkim default: 563280304Sjkim i = -1; 564280304Sjkim break; 565280304Sjkim } 56655714Skris 567280304Sjkim if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) 568280304Sjkim *enc = NULL; 569280304Sjkim else { 570280304Sjkim if (i == SSL_ENC_NULL_IDX) 571280304Sjkim *enc = EVP_enc_null(); 572280304Sjkim else 573280304Sjkim *enc = ssl_cipher_methods[i]; 574280304Sjkim } 57555714Skris 576280304Sjkim switch (c->algorithm_mac) { 577280304Sjkim case SSL_MD5: 578280304Sjkim i = SSL_MD_MD5_IDX; 579280304Sjkim break; 580280304Sjkim case SSL_SHA1: 581280304Sjkim i = SSL_MD_SHA1_IDX; 582280304Sjkim break; 583280304Sjkim case SSL_SHA256: 584280304Sjkim i = SSL_MD_SHA256_IDX; 585280304Sjkim break; 586280304Sjkim case SSL_SHA384: 587280304Sjkim i = SSL_MD_SHA384_IDX; 588280304Sjkim break; 589280304Sjkim case SSL_GOST94: 590280304Sjkim i = SSL_MD_GOST94_IDX; 591280304Sjkim break; 592280304Sjkim case SSL_GOST89MAC: 593280304Sjkim i = SSL_MD_GOST89MAC_IDX; 594280304Sjkim break; 595280304Sjkim default: 596280304Sjkim i = -1; 597280304Sjkim break; 598280304Sjkim } 599280304Sjkim if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { 600280304Sjkim *md = NULL; 601280304Sjkim if (mac_pkey_type != NULL) 602280304Sjkim *mac_pkey_type = NID_undef; 603280304Sjkim if (mac_secret_size != NULL) 604280304Sjkim *mac_secret_size = 0; 605280304Sjkim if (c->algorithm_mac == SSL_AEAD) 606280304Sjkim mac_pkey_type = NULL; 607280304Sjkim } else { 608280304Sjkim *md = ssl_digest_methods[i]; 609280304Sjkim if (mac_pkey_type != NULL) 610280304Sjkim *mac_pkey_type = ssl_mac_pkey_id[i]; 611280304Sjkim if (mac_secret_size != NULL) 612280304Sjkim *mac_secret_size = ssl_mac_secret_size[i]; 613280304Sjkim } 61455714Skris 615280304Sjkim if ((*enc != NULL) && 616280304Sjkim (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) 617280304Sjkim && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { 618280304Sjkim const EVP_CIPHER *evp; 619238405Sjkim 620280304Sjkim if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || 621280304Sjkim s->ssl_version < TLS1_VERSION) 622280304Sjkim return 1; 623238405Sjkim 624238405Sjkim#ifdef OPENSSL_FIPS 625280304Sjkim if (FIPS_mode()) 626280304Sjkim return 1; 627238405Sjkim#endif 628238405Sjkim 629280304Sjkim if (c->algorithm_enc == SSL_RC4 && 630280304Sjkim c->algorithm_mac == SSL_MD5 && 631280304Sjkim (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) 632280304Sjkim *enc = evp, *md = NULL; 633280304Sjkim else if (c->algorithm_enc == SSL_AES128 && 634280304Sjkim c->algorithm_mac == SSL_SHA1 && 635280304Sjkim (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) 636280304Sjkim *enc = evp, *md = NULL; 637280304Sjkim else if (c->algorithm_enc == SSL_AES256 && 638280304Sjkim c->algorithm_mac == SSL_SHA1 && 639280304Sjkim (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) 640280304Sjkim *enc = evp, *md = NULL; 641280304Sjkim return (1); 642280304Sjkim } else 643280304Sjkim return (0); 644280304Sjkim} 64555714Skris 646280304Sjkimint ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 647238405Sjkim{ 648280304Sjkim if (idx < 0 || idx >= SSL_MD_NUM_IDX) { 649280304Sjkim return 0; 650280304Sjkim } 651280304Sjkim *mask = ssl_handshake_digest_flag[idx]; 652280304Sjkim if (*mask) 653280304Sjkim *md = ssl_digest_methods[idx]; 654280304Sjkim else 655280304Sjkim *md = NULL; 656280304Sjkim return 1; 657238405Sjkim} 658238405Sjkim 65955714Skris#define ITEM_SEP(a) \ 660280304Sjkim (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 66155714Skris 66255714Skrisstatic void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 663280304Sjkim CIPHER_ORDER **tail) 664280304Sjkim{ 665280304Sjkim if (curr == *tail) 666280304Sjkim return; 667280304Sjkim if (curr == *head) 668280304Sjkim *head = curr->next; 669280304Sjkim if (curr->prev != NULL) 670280304Sjkim curr->prev->next = curr->next; 671280304Sjkim if (curr->next != NULL) 672280304Sjkim curr->next->prev = curr->prev; 673280304Sjkim (*tail)->next = curr; 674280304Sjkim curr->prev = *tail; 675280304Sjkim curr->next = NULL; 676280304Sjkim *tail = curr; 677280304Sjkim} 67855714Skris 679238405Sjkimstatic void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, 680280304Sjkim CIPHER_ORDER **tail) 681280304Sjkim{ 682280304Sjkim if (curr == *head) 683280304Sjkim return; 684280304Sjkim if (curr == *tail) 685280304Sjkim *tail = curr->prev; 686280304Sjkim if (curr->next != NULL) 687280304Sjkim curr->next->prev = curr->prev; 688280304Sjkim if (curr->prev != NULL) 689280304Sjkim curr->prev->next = curr->next; 690280304Sjkim (*head)->prev = curr; 691280304Sjkim curr->next = *head; 692280304Sjkim curr->prev = NULL; 693280304Sjkim *head = curr; 694280304Sjkim} 695167612Ssimon 696280304Sjkimstatic void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, 697280304Sjkim unsigned long *enc, unsigned long *mac, 698280304Sjkim unsigned long *ssl) 699280304Sjkim{ 700280304Sjkim *mkey = 0; 701280304Sjkim *auth = 0; 702280304Sjkim *enc = 0; 703280304Sjkim *mac = 0; 704280304Sjkim *ssl = 0; 70555714Skris 706109998Smarkm#ifdef OPENSSL_NO_RSA 707280304Sjkim *mkey |= SSL_kRSA; 708280304Sjkim *auth |= SSL_aRSA; 70955714Skris#endif 710109998Smarkm#ifdef OPENSSL_NO_DSA 711280304Sjkim *auth |= SSL_aDSS; 71255714Skris#endif 713280304Sjkim *mkey |= SSL_kDHr | SSL_kDHd; /* no such ciphersuites supported! */ 714280304Sjkim *auth |= SSL_aDH; 715109998Smarkm#ifdef OPENSSL_NO_DH 716280304Sjkim *mkey |= SSL_kDHr | SSL_kDHd | SSL_kEDH; 717280304Sjkim *auth |= SSL_aDH; 71855714Skris#endif 719109998Smarkm#ifdef OPENSSL_NO_KRB5 720280304Sjkim *mkey |= SSL_kKRB5; 721280304Sjkim *auth |= SSL_aKRB5; 722109998Smarkm#endif 723238405Sjkim#ifdef OPENSSL_NO_ECDSA 724280304Sjkim *auth |= SSL_aECDSA; 725238405Sjkim#endif 726160814Ssimon#ifdef OPENSSL_NO_ECDH 727280304Sjkim *mkey |= SSL_kECDHe | SSL_kECDHr; 728280304Sjkim *auth |= SSL_aECDH; 729160814Ssimon#endif 730238405Sjkim#ifdef OPENSSL_NO_PSK 731280304Sjkim *mkey |= SSL_kPSK; 732280304Sjkim *auth |= SSL_aPSK; 733238405Sjkim#endif 734238405Sjkim#ifdef OPENSSL_NO_SRP 735280304Sjkim *mkey |= SSL_kSRP; 736238405Sjkim#endif 737280304Sjkim /* 738280304Sjkim * Check for presence of GOST 34.10 algorithms, and if they do not 739280304Sjkim * present, disable appropriate auth and key exchange 740280304Sjkim */ 741280304Sjkim if (!get_optional_pkey_id("gost94")) { 742280304Sjkim *auth |= SSL_aGOST94; 743280304Sjkim } 744280304Sjkim if (!get_optional_pkey_id("gost2001")) { 745280304Sjkim *auth |= SSL_aGOST01; 746280304Sjkim } 747280304Sjkim /* 748280304Sjkim * Disable GOST key exchange if no GOST signature algs are available * 749280304Sjkim */ 750280304Sjkim if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) { 751280304Sjkim *mkey |= SSL_kGOST; 752280304Sjkim } 75355714Skris#ifdef SSL_FORBID_ENULL 754280304Sjkim *enc |= SSL_eNULL; 75555714Skris#endif 75655714Skris 757280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0; 758280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; 759280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0; 760280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0; 761280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; 762280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; 763280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; 764280304Sjkim *enc |= 765280304Sjkim (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == 766280304Sjkim NULL) ? SSL_AES128GCM : 0; 767280304Sjkim *enc |= 768280304Sjkim (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == 769280304Sjkim NULL) ? SSL_AES256GCM : 0; 770280304Sjkim *enc |= 771280304Sjkim (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == 772280304Sjkim NULL) ? SSL_CAMELLIA128 : 0; 773280304Sjkim *enc |= 774280304Sjkim (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == 775280304Sjkim NULL) ? SSL_CAMELLIA256 : 0; 776280304Sjkim *enc |= 777280304Sjkim (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == 778280304Sjkim NULL) ? SSL_eGOST2814789CNT : 0; 779280304Sjkim *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; 78055714Skris 781280304Sjkim *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0; 782280304Sjkim *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; 783280304Sjkim *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; 784280304Sjkim *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; 785280304Sjkim *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; 786280304Sjkim *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL 787280304Sjkim || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] == 788280304Sjkim NID_undef) ? SSL_GOST89MAC : 0; 78955714Skris 790280304Sjkim} 791167612Ssimon 79259191Skrisstatic void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 793280304Sjkim int num_of_ciphers, 794280304Sjkim unsigned long disabled_mkey, 795280304Sjkim unsigned long disabled_auth, 796280304Sjkim unsigned long disabled_enc, 797280304Sjkim unsigned long disabled_mac, 798280304Sjkim unsigned long disabled_ssl, 799280304Sjkim CIPHER_ORDER *co_list, 800280304Sjkim CIPHER_ORDER **head_p, 801280304Sjkim CIPHER_ORDER **tail_p) 802280304Sjkim{ 803280304Sjkim int i, co_list_num; 804280304Sjkim const SSL_CIPHER *c; 80559191Skris 806280304Sjkim /* 807280304Sjkim * We have num_of_ciphers descriptions compiled in, depending on the 808280304Sjkim * method selected (SSLv2 and/or SSLv3, TLSv1 etc). 809280304Sjkim * These will later be sorted in a linked list with at most num 810280304Sjkim * entries. 811280304Sjkim */ 81259191Skris 813280304Sjkim /* Get the initial list of ciphers */ 814280304Sjkim co_list_num = 0; /* actual count of ciphers */ 815280304Sjkim for (i = 0; i < num_of_ciphers; i++) { 816280304Sjkim c = ssl_method->get_cipher(i); 817280304Sjkim /* drop those that use any of that is not available */ 818280304Sjkim if ((c != NULL) && c->valid && 819194206Ssimon#ifdef OPENSSL_FIPS 820280304Sjkim (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && 821194206Ssimon#endif 822280304Sjkim !(c->algorithm_mkey & disabled_mkey) && 823280304Sjkim !(c->algorithm_auth & disabled_auth) && 824280304Sjkim !(c->algorithm_enc & disabled_enc) && 825280304Sjkim !(c->algorithm_mac & disabled_mac) && 826280304Sjkim !(c->algorithm_ssl & disabled_ssl)) { 827280304Sjkim co_list[co_list_num].cipher = c; 828280304Sjkim co_list[co_list_num].next = NULL; 829280304Sjkim co_list[co_list_num].prev = NULL; 830280304Sjkim co_list[co_list_num].active = 0; 831280304Sjkim co_list_num++; 832109998Smarkm#ifdef KSSL_DEBUG 833280304Sjkim fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id, 834280304Sjkim c->algorithm_mkey, c->algorithm_auth); 835280304Sjkim#endif /* KSSL_DEBUG */ 836280304Sjkim /* 837280304Sjkim * if (!sk_push(ca_list,(char *)c)) goto err; 838280304Sjkim */ 839280304Sjkim } 840280304Sjkim } 84159191Skris 842280304Sjkim /* 843280304Sjkim * Prepare linked list from list entries 844280304Sjkim */ 845280304Sjkim if (co_list_num > 0) { 846280304Sjkim co_list[0].prev = NULL; 847238405Sjkim 848280304Sjkim if (co_list_num > 1) { 849280304Sjkim co_list[0].next = &co_list[1]; 850238405Sjkim 851280304Sjkim for (i = 1; i < co_list_num - 1; i++) { 852280304Sjkim co_list[i].prev = &co_list[i - 1]; 853280304Sjkim co_list[i].next = &co_list[i + 1]; 854280304Sjkim } 855238405Sjkim 856280304Sjkim co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; 857280304Sjkim } 85855714Skris 859280304Sjkim co_list[co_list_num - 1].next = NULL; 860280304Sjkim 861280304Sjkim *head_p = &co_list[0]; 862280304Sjkim *tail_p = &co_list[co_list_num - 1]; 863280304Sjkim } 864280304Sjkim} 865280304Sjkim 866238405Sjkimstatic void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, 867280304Sjkim int num_of_group_aliases, 868280304Sjkim unsigned long disabled_mkey, 869280304Sjkim unsigned long disabled_auth, 870280304Sjkim unsigned long disabled_enc, 871280304Sjkim unsigned long disabled_mac, 872280304Sjkim unsigned long disabled_ssl, 873280304Sjkim CIPHER_ORDER *head) 874280304Sjkim{ 875280304Sjkim CIPHER_ORDER *ciph_curr; 876280304Sjkim const SSL_CIPHER **ca_curr; 877280304Sjkim int i; 878280304Sjkim unsigned long mask_mkey = ~disabled_mkey; 879280304Sjkim unsigned long mask_auth = ~disabled_auth; 880280304Sjkim unsigned long mask_enc = ~disabled_enc; 881280304Sjkim unsigned long mask_mac = ~disabled_mac; 882280304Sjkim unsigned long mask_ssl = ~disabled_ssl; 88355714Skris 884280304Sjkim /* 885280304Sjkim * First, add the real ciphers as already collected 886280304Sjkim */ 887280304Sjkim ciph_curr = head; 888280304Sjkim ca_curr = ca_list; 889280304Sjkim while (ciph_curr != NULL) { 890280304Sjkim *ca_curr = ciph_curr->cipher; 891280304Sjkim ca_curr++; 892280304Sjkim ciph_curr = ciph_curr->next; 893280304Sjkim } 89455714Skris 895280304Sjkim /* 896280304Sjkim * Now we add the available ones from the cipher_aliases[] table. 897280304Sjkim * They represent either one or more algorithms, some of which 898280304Sjkim * in any affected category must be supported (set in enabled_mask), 899280304Sjkim * or represent a cipher strength value (will be added in any case because algorithms=0). 900280304Sjkim */ 901280304Sjkim for (i = 0; i < num_of_group_aliases; i++) { 902280304Sjkim unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; 903280304Sjkim unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; 904280304Sjkim unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; 905280304Sjkim unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; 906280304Sjkim unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; 907238405Sjkim 908280304Sjkim if (algorithm_mkey) 909280304Sjkim if ((algorithm_mkey & mask_mkey) == 0) 910280304Sjkim continue; 91155714Skris 912280304Sjkim if (algorithm_auth) 913280304Sjkim if ((algorithm_auth & mask_auth) == 0) 914280304Sjkim continue; 91555714Skris 916280304Sjkim if (algorithm_enc) 917280304Sjkim if ((algorithm_enc & mask_enc) == 0) 918280304Sjkim continue; 919280304Sjkim 920280304Sjkim if (algorithm_mac) 921280304Sjkim if ((algorithm_mac & mask_mac) == 0) 922280304Sjkim continue; 923280304Sjkim 924280304Sjkim if (algorithm_ssl) 925280304Sjkim if ((algorithm_ssl & mask_ssl) == 0) 926280304Sjkim continue; 927280304Sjkim 928280304Sjkim *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 929280304Sjkim ca_curr++; 930280304Sjkim } 931280304Sjkim 932280304Sjkim *ca_curr = NULL; /* end of list */ 933280304Sjkim} 934280304Sjkim 935238405Sjkimstatic void ssl_cipher_apply_rule(unsigned long cipher_id, 936280304Sjkim unsigned long alg_mkey, 937280304Sjkim unsigned long alg_auth, 938280304Sjkim unsigned long alg_enc, 939280304Sjkim unsigned long alg_mac, 940280304Sjkim unsigned long alg_ssl, 941280304Sjkim unsigned long algo_strength, int rule, 942280304Sjkim int strength_bits, CIPHER_ORDER **head_p, 943280304Sjkim CIPHER_ORDER **tail_p) 944280304Sjkim{ 945280304Sjkim CIPHER_ORDER *head, *tail, *curr, *next, *last; 946280304Sjkim const SSL_CIPHER *cp; 947280304Sjkim int reverse = 0; 94855714Skris 94959191Skris#ifdef CIPHER_DEBUG 950280304Sjkim fprintf(stderr, 951280304Sjkim "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", 952280304Sjkim rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, 953280304Sjkim algo_strength, strength_bits); 95459191Skris#endif 95559191Skris 956280304Sjkim if (rule == CIPHER_DEL) 957280304Sjkim reverse = 1; /* needed to maintain sorting between 958280304Sjkim * currently deleted ciphers */ 959238405Sjkim 960280304Sjkim head = *head_p; 961280304Sjkim tail = *tail_p; 962238405Sjkim 963280304Sjkim if (reverse) { 964280304Sjkim next = tail; 965280304Sjkim last = head; 966280304Sjkim } else { 967280304Sjkim next = head; 968280304Sjkim last = tail; 969280304Sjkim } 970238405Sjkim 971280304Sjkim curr = NULL; 972280304Sjkim for (;;) { 973280304Sjkim if (curr == last) 974280304Sjkim break; 97555714Skris 976280304Sjkim curr = next; 977269686Sjkim 978280304Sjkim if (curr == NULL) 979280304Sjkim break; 980269686Sjkim 981280304Sjkim next = reverse ? curr->prev : curr->next; 982269686Sjkim 983280304Sjkim cp = curr->cipher; 98455714Skris 985280304Sjkim /* 986280304Sjkim * Selection criteria is either the value of strength_bits 987280304Sjkim * or the algorithms used. 988280304Sjkim */ 989280304Sjkim if (strength_bits >= 0) { 990280304Sjkim if (strength_bits != cp->strength_bits) 991280304Sjkim continue; 992280304Sjkim } else { 99359191Skris#ifdef CIPHER_DEBUG 994280304Sjkim fprintf(stderr, 995280304Sjkim "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", 996280304Sjkim cp->name, cp->algorithm_mkey, cp->algorithm_auth, 997280304Sjkim cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, 998280304Sjkim cp->algo_strength); 99959191Skris#endif 1000280304Sjkim if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) 1001280304Sjkim goto ok; 1002280304Sjkim if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) 1003280304Sjkim goto ok; 1004280304Sjkim if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 1005280304Sjkim continue; 1006280304Sjkim if (alg_auth && !(alg_auth & cp->algorithm_auth)) 1007280304Sjkim continue; 1008280304Sjkim if (alg_enc && !(alg_enc & cp->algorithm_enc)) 1009280304Sjkim continue; 1010280304Sjkim if (alg_mac && !(alg_mac & cp->algorithm_mac)) 1011280304Sjkim continue; 1012280304Sjkim if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 1013280304Sjkim continue; 1014280304Sjkim if ((algo_strength & SSL_EXP_MASK) 1015280304Sjkim && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) 1016280304Sjkim continue; 1017280304Sjkim if ((algo_strength & SSL_STRONG_MASK) 1018280304Sjkim && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 1019280304Sjkim continue; 1020280304Sjkim } 1021238405Sjkim 1022280304Sjkim ok: 102359191Skris 102459191Skris#ifdef CIPHER_DEBUG 1025280304Sjkim fprintf(stderr, "Action = %d\n", rule); 102659191Skris#endif 102759191Skris 1028280304Sjkim /* add the cipher if it has not been added yet. */ 1029280304Sjkim if (rule == CIPHER_ADD) { 1030280304Sjkim /* reverse == 0 */ 1031280304Sjkim if (!curr->active) { 1032280304Sjkim ll_append_tail(&head, curr, &tail); 1033280304Sjkim curr->active = 1; 1034280304Sjkim } 1035280304Sjkim } 1036280304Sjkim /* Move the added cipher to this location */ 1037280304Sjkim else if (rule == CIPHER_ORD) { 1038280304Sjkim /* reverse == 0 */ 1039280304Sjkim if (curr->active) { 1040280304Sjkim ll_append_tail(&head, curr, &tail); 1041280304Sjkim } 1042280304Sjkim } else if (rule == CIPHER_DEL) { 1043280304Sjkim /* reverse == 1 */ 1044280304Sjkim if (curr->active) { 1045280304Sjkim /* 1046280304Sjkim * most recently deleted ciphersuites get best positions for 1047280304Sjkim * any future CIPHER_ADD (note that the CIPHER_DEL loop works 1048280304Sjkim * in reverse to maintain the order) 1049280304Sjkim */ 1050280304Sjkim ll_append_head(&head, curr, &tail); 1051280304Sjkim curr->active = 0; 1052280304Sjkim } 1053280304Sjkim } else if (rule == CIPHER_KILL) { 1054280304Sjkim /* reverse == 0 */ 1055280304Sjkim if (head == curr) 1056280304Sjkim head = curr->next; 1057280304Sjkim else 1058280304Sjkim curr->prev->next = curr->next; 1059280304Sjkim if (tail == curr) 1060280304Sjkim tail = curr->prev; 1061280304Sjkim curr->active = 0; 1062280304Sjkim if (curr->next != NULL) 1063280304Sjkim curr->next->prev = curr->prev; 1064280304Sjkim if (curr->prev != NULL) 1065280304Sjkim curr->prev->next = curr->next; 1066280304Sjkim curr->next = NULL; 1067280304Sjkim curr->prev = NULL; 1068280304Sjkim } 1069280304Sjkim } 107059191Skris 1071280304Sjkim *head_p = head; 1072280304Sjkim *tail_p = tail; 1073280304Sjkim} 107459191Skris 1075238405Sjkimstatic int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, 1076280304Sjkim CIPHER_ORDER **tail_p) 1077280304Sjkim{ 1078280304Sjkim int max_strength_bits, i, *number_uses; 1079280304Sjkim CIPHER_ORDER *curr; 108059191Skris 1081280304Sjkim /* 1082280304Sjkim * This routine sorts the ciphers with descending strength. The sorting 1083280304Sjkim * must keep the pre-sorted sequence, so we apply the normal sorting 1084280304Sjkim * routine as '+' movement to the end of the list. 1085280304Sjkim */ 1086280304Sjkim max_strength_bits = 0; 1087280304Sjkim curr = *head_p; 1088280304Sjkim while (curr != NULL) { 1089280304Sjkim if (curr->active && (curr->cipher->strength_bits > max_strength_bits)) 1090280304Sjkim max_strength_bits = curr->cipher->strength_bits; 1091280304Sjkim curr = curr->next; 1092280304Sjkim } 109359191Skris 1094280304Sjkim number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 1095280304Sjkim if (!number_uses) { 1096280304Sjkim SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); 1097280304Sjkim return (0); 1098280304Sjkim } 1099280304Sjkim memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 110059191Skris 1101280304Sjkim /* 1102280304Sjkim * Now find the strength_bits values actually used 1103280304Sjkim */ 1104280304Sjkim curr = *head_p; 1105280304Sjkim while (curr != NULL) { 1106280304Sjkim if (curr->active) 1107280304Sjkim number_uses[curr->cipher->strength_bits]++; 1108280304Sjkim curr = curr->next; 1109280304Sjkim } 1110280304Sjkim /* 1111280304Sjkim * Go through the list of used strength_bits values in descending 1112280304Sjkim * order. 1113280304Sjkim */ 1114280304Sjkim for (i = max_strength_bits; i >= 0; i--) 1115280304Sjkim if (number_uses[i] > 0) 1116280304Sjkim ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, 1117280304Sjkim tail_p); 111859191Skris 1119280304Sjkim OPENSSL_free(number_uses); 1120280304Sjkim return (1); 1121280304Sjkim} 112259191Skris 112359191Skrisstatic int ssl_cipher_process_rulestr(const char *rule_str, 1124280304Sjkim CIPHER_ORDER **head_p, 1125280304Sjkim CIPHER_ORDER **tail_p, 1126280304Sjkim const SSL_CIPHER **ca_list) 1127280304Sjkim{ 1128280304Sjkim unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, 1129280304Sjkim algo_strength; 1130280304Sjkim const char *l, *buf; 1131280304Sjkim int j, multi, found, rule, retval, ok, buflen; 1132280304Sjkim unsigned long cipher_id = 0; 1133280304Sjkim char ch; 113459191Skris 1135280304Sjkim retval = 1; 1136280304Sjkim l = rule_str; 1137280304Sjkim for (;;) { 1138280304Sjkim ch = *l; 113959191Skris 1140280304Sjkim if (ch == '\0') 1141280304Sjkim break; /* done */ 1142280304Sjkim if (ch == '-') { 1143280304Sjkim rule = CIPHER_DEL; 1144280304Sjkim l++; 1145280304Sjkim } else if (ch == '+') { 1146280304Sjkim rule = CIPHER_ORD; 1147280304Sjkim l++; 1148280304Sjkim } else if (ch == '!') { 1149280304Sjkim rule = CIPHER_KILL; 1150280304Sjkim l++; 1151280304Sjkim } else if (ch == '@') { 1152280304Sjkim rule = CIPHER_SPECIAL; 1153280304Sjkim l++; 1154280304Sjkim } else { 1155280304Sjkim rule = CIPHER_ADD; 1156280304Sjkim } 115755714Skris 1158280304Sjkim if (ITEM_SEP(ch)) { 1159280304Sjkim l++; 1160280304Sjkim continue; 1161280304Sjkim } 116255714Skris 1163280304Sjkim alg_mkey = 0; 1164280304Sjkim alg_auth = 0; 1165280304Sjkim alg_enc = 0; 1166280304Sjkim alg_mac = 0; 1167280304Sjkim alg_ssl = 0; 1168280304Sjkim algo_strength = 0; 116959191Skris 1170280304Sjkim for (;;) { 1171280304Sjkim ch = *l; 1172280304Sjkim buf = l; 1173280304Sjkim buflen = 0; 117455714Skris#ifndef CHARSET_EBCDIC 1175280304Sjkim while (((ch >= 'A') && (ch <= 'Z')) || 1176280304Sjkim ((ch >= '0') && (ch <= '9')) || 1177280304Sjkim ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) 117855714Skris#else 1179280304Sjkim while (isalnum(ch) || (ch == '-') || (ch == '.')) 118055714Skris#endif 1181280304Sjkim { 1182280304Sjkim ch = *(++l); 1183280304Sjkim buflen++; 1184280304Sjkim } 118555714Skris 1186280304Sjkim if (buflen == 0) { 1187280304Sjkim /* 1188280304Sjkim * We hit something we cannot deal with, 1189280304Sjkim * it is no command or separator nor 1190280304Sjkim * alphanumeric, so we call this an error. 1191280304Sjkim */ 1192280304Sjkim SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1193280304Sjkim SSL_R_INVALID_COMMAND); 1194280304Sjkim retval = found = 0; 1195280304Sjkim l++; 1196280304Sjkim break; 1197280304Sjkim } 119859191Skris 1199280304Sjkim if (rule == CIPHER_SPECIAL) { 1200280304Sjkim found = 0; /* unused -- avoid compiler warning */ 1201280304Sjkim break; /* special treatment */ 1202280304Sjkim } 120359191Skris 1204280304Sjkim /* check for multi-part specification */ 1205280304Sjkim if (ch == '+') { 1206280304Sjkim multi = 1; 1207280304Sjkim l++; 1208280304Sjkim } else 1209280304Sjkim multi = 0; 121055714Skris 1211280304Sjkim /* 1212280304Sjkim * Now search for the cipher alias in the ca_list. Be careful 1213280304Sjkim * with the strncmp, because the "buflen" limitation 1214280304Sjkim * will make the rule "ADH:SOME" and the cipher 1215280304Sjkim * "ADH-MY-CIPHER" look like a match for buflen=3. 1216280304Sjkim * So additionally check whether the cipher name found 1217280304Sjkim * has the correct length. We can save a strlen() call: 1218280304Sjkim * just checking for the '\0' at the right place is 1219280304Sjkim * sufficient, we have to strncmp() anyway. (We cannot 1220280304Sjkim * use strcmp(), because buf is not '\0' terminated.) 1221280304Sjkim */ 1222280304Sjkim j = found = 0; 1223280304Sjkim cipher_id = 0; 1224280304Sjkim while (ca_list[j]) { 1225280304Sjkim if (!strncmp(buf, ca_list[j]->name, buflen) && 1226280304Sjkim (ca_list[j]->name[buflen] == '\0')) { 1227280304Sjkim found = 1; 1228280304Sjkim break; 1229280304Sjkim } else 1230280304Sjkim j++; 1231280304Sjkim } 1232238405Sjkim 1233280304Sjkim if (!found) 1234280304Sjkim break; /* ignore this entry */ 123555714Skris 1236280304Sjkim if (ca_list[j]->algorithm_mkey) { 1237280304Sjkim if (alg_mkey) { 1238280304Sjkim alg_mkey &= ca_list[j]->algorithm_mkey; 1239280304Sjkim if (!alg_mkey) { 1240280304Sjkim found = 0; 1241280304Sjkim break; 1242280304Sjkim } 1243280304Sjkim } else 1244280304Sjkim alg_mkey = ca_list[j]->algorithm_mkey; 1245280304Sjkim } 124659191Skris 1247280304Sjkim if (ca_list[j]->algorithm_auth) { 1248280304Sjkim if (alg_auth) { 1249280304Sjkim alg_auth &= ca_list[j]->algorithm_auth; 1250280304Sjkim if (!alg_auth) { 1251280304Sjkim found = 0; 1252280304Sjkim break; 1253280304Sjkim } 1254280304Sjkim } else 1255280304Sjkim alg_auth = ca_list[j]->algorithm_auth; 1256280304Sjkim } 1257238405Sjkim 1258280304Sjkim if (ca_list[j]->algorithm_enc) { 1259280304Sjkim if (alg_enc) { 1260280304Sjkim alg_enc &= ca_list[j]->algorithm_enc; 1261280304Sjkim if (!alg_enc) { 1262280304Sjkim found = 0; 1263280304Sjkim break; 1264280304Sjkim } 1265280304Sjkim } else 1266280304Sjkim alg_enc = ca_list[j]->algorithm_enc; 1267280304Sjkim } 1268238405Sjkim 1269280304Sjkim if (ca_list[j]->algorithm_mac) { 1270280304Sjkim if (alg_mac) { 1271280304Sjkim alg_mac &= ca_list[j]->algorithm_mac; 1272280304Sjkim if (!alg_mac) { 1273280304Sjkim found = 0; 1274280304Sjkim break; 1275280304Sjkim } 1276280304Sjkim } else 1277280304Sjkim alg_mac = ca_list[j]->algorithm_mac; 1278280304Sjkim } 1279162911Ssimon 1280280304Sjkim if (ca_list[j]->algo_strength & SSL_EXP_MASK) { 1281280304Sjkim if (algo_strength & SSL_EXP_MASK) { 1282280304Sjkim algo_strength &= 1283280304Sjkim (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1284280304Sjkim ~SSL_EXP_MASK; 1285280304Sjkim if (!(algo_strength & SSL_EXP_MASK)) { 1286280304Sjkim found = 0; 1287280304Sjkim break; 1288280304Sjkim } 1289280304Sjkim } else 1290280304Sjkim algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; 1291280304Sjkim } 129259191Skris 1293280304Sjkim if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1294280304Sjkim if (algo_strength & SSL_STRONG_MASK) { 1295280304Sjkim algo_strength &= 1296280304Sjkim (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1297280304Sjkim ~SSL_STRONG_MASK; 1298280304Sjkim if (!(algo_strength & SSL_STRONG_MASK)) { 1299280304Sjkim found = 0; 1300280304Sjkim break; 1301280304Sjkim } 1302280304Sjkim } else 1303280304Sjkim algo_strength |= 1304280304Sjkim ca_list[j]->algo_strength & SSL_STRONG_MASK; 1305280304Sjkim } 130655714Skris 1307280304Sjkim if (ca_list[j]->valid) { 1308280304Sjkim /* 1309280304Sjkim * explicit ciphersuite found; its protocol version does not 1310280304Sjkim * become part of the search pattern! 1311280304Sjkim */ 131255714Skris 1313280304Sjkim cipher_id = ca_list[j]->id; 1314280304Sjkim } else { 1315280304Sjkim /* 1316280304Sjkim * not an explicit ciphersuite; only in this case, the 1317280304Sjkim * protocol version is considered part of the search pattern 1318280304Sjkim */ 131959191Skris 1320280304Sjkim if (ca_list[j]->algorithm_ssl) { 1321280304Sjkim if (alg_ssl) { 1322280304Sjkim alg_ssl &= ca_list[j]->algorithm_ssl; 1323280304Sjkim if (!alg_ssl) { 1324280304Sjkim found = 0; 1325280304Sjkim break; 1326280304Sjkim } 1327280304Sjkim } else 1328280304Sjkim alg_ssl = ca_list[j]->algorithm_ssl; 1329280304Sjkim } 1330280304Sjkim } 133159191Skris 1332280304Sjkim if (!multi) 1333280304Sjkim break; 1334280304Sjkim } 133559191Skris 1336280304Sjkim /* 1337280304Sjkim * Ok, we have the rule, now apply it 1338280304Sjkim */ 1339280304Sjkim if (rule == CIPHER_SPECIAL) { /* special command */ 1340280304Sjkim ok = 0; 1341280304Sjkim if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) 1342280304Sjkim ok = ssl_cipher_strength_sort(head_p, tail_p); 1343280304Sjkim else 1344280304Sjkim SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1345280304Sjkim SSL_R_INVALID_COMMAND); 1346280304Sjkim if (ok == 0) 1347280304Sjkim retval = 0; 1348280304Sjkim /* 1349280304Sjkim * We do not support any "multi" options 1350280304Sjkim * together with "@", so throw away the 1351280304Sjkim * rest of the command, if any left, until 1352280304Sjkim * end or ':' is found. 1353280304Sjkim */ 1354280304Sjkim while ((*l != '\0') && !ITEM_SEP(*l)) 1355280304Sjkim l++; 1356280304Sjkim } else if (found) { 1357280304Sjkim ssl_cipher_apply_rule(cipher_id, 1358280304Sjkim alg_mkey, alg_auth, alg_enc, alg_mac, 1359280304Sjkim alg_ssl, algo_strength, rule, -1, head_p, 1360280304Sjkim tail_p); 1361280304Sjkim } else { 1362280304Sjkim while ((*l != '\0') && !ITEM_SEP(*l)) 1363280304Sjkim l++; 1364280304Sjkim } 1365280304Sjkim if (*l == '\0') 1366280304Sjkim break; /* done */ 1367280304Sjkim } 1368280304Sjkim 1369280304Sjkim return (retval); 1370280304Sjkim} 1371280304Sjkim 1372280304SjkimSTACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) 1373280304Sjkim **cipher_list, STACK_OF(SSL_CIPHER) 1374280304Sjkim **cipher_list_by_id, 1375280304Sjkim const char *rule_str) 1376280304Sjkim{ 1377280304Sjkim int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1378280304Sjkim unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, 1379280304Sjkim disabled_ssl; 1380280304Sjkim STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1381280304Sjkim const char *rule_p; 1382280304Sjkim CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 1383280304Sjkim const SSL_CIPHER **ca_list = NULL; 1384280304Sjkim 1385280304Sjkim /* 1386280304Sjkim * Return with error if nothing to do. 1387280304Sjkim */ 1388280304Sjkim if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 1389280304Sjkim return NULL; 1390280304Sjkim 1391280304Sjkim /* 1392280304Sjkim * To reduce the work to do we only want to process the compiled 1393280304Sjkim * in algorithms, so we first get the mask of disabled ciphers. 1394280304Sjkim */ 1395280304Sjkim ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, 1396280304Sjkim &disabled_mac, &disabled_ssl); 1397280304Sjkim 1398280304Sjkim /* 1399280304Sjkim * Now we have to collect the available ciphers from the compiled 1400280304Sjkim * in ciphers. We cannot get more than the number compiled in, so 1401280304Sjkim * it is used for allocation. 1402280304Sjkim */ 1403280304Sjkim num_of_ciphers = ssl_method->num_ciphers(); 1404109998Smarkm#ifdef KSSL_DEBUG 1405280304Sjkim fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", 1406280304Sjkim num_of_ciphers); 1407280304Sjkim#endif /* KSSL_DEBUG */ 1408280304Sjkim co_list = 1409280304Sjkim (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 1410280304Sjkim if (co_list == NULL) { 1411280304Sjkim SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1412280304Sjkim return (NULL); /* Failure */ 1413280304Sjkim } 141455714Skris 1415280304Sjkim ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1416280304Sjkim disabled_mkey, disabled_auth, disabled_enc, 1417280304Sjkim disabled_mac, disabled_ssl, co_list, &head, 1418280304Sjkim &tail); 141955714Skris 1420280304Sjkim /* Now arrange all ciphers by preference: */ 1421238405Sjkim 1422280304Sjkim /* 1423280304Sjkim * Everything else being equal, prefer ephemeral ECDH over other key 1424280304Sjkim * exchange mechanisms 1425280304Sjkim */ 1426280304Sjkim ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, 1427280304Sjkim &tail); 1428280304Sjkim ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, 1429280304Sjkim &tail); 1430238405Sjkim 1431280304Sjkim /* AES is our preferred symmetric cipher */ 1432280304Sjkim ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, 1433280304Sjkim &tail); 1434238405Sjkim 1435280304Sjkim /* Temporarily enable everything else for sorting */ 1436280304Sjkim ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1437238405Sjkim 1438280304Sjkim /* Low priority for MD5 */ 1439280304Sjkim ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, 1440280304Sjkim &tail); 1441238405Sjkim 1442280304Sjkim /* 1443280304Sjkim * Move anonymous ciphers to the end. Usually, these will remain 1444280304Sjkim * disabled. (For applications that allow them, they aren't too bad, but 1445280304Sjkim * we prefer authenticated ciphers.) 1446280304Sjkim */ 1447280304Sjkim ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1448280304Sjkim &tail); 1449238405Sjkim 1450280304Sjkim /* Move ciphers without forward secrecy to the end */ 1451280304Sjkim ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1452280304Sjkim &tail); 1453280304Sjkim /* 1454280304Sjkim * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, 1455280304Sjkim * &head, &tail); 1456280304Sjkim */ 1457280304Sjkim ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1458280304Sjkim &tail); 1459280304Sjkim ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1460280304Sjkim &tail); 1461280304Sjkim ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1462280304Sjkim &tail); 1463238405Sjkim 1464280304Sjkim /* RC4 is sort-of broken -- move the the end */ 1465280304Sjkim ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, 1466280304Sjkim &tail); 1467238405Sjkim 1468280304Sjkim /* 1469280304Sjkim * Now sort by symmetric encryption strength. The above ordering remains 1470280304Sjkim * in force within each class 1471280304Sjkim */ 1472280304Sjkim if (!ssl_cipher_strength_sort(&head, &tail)) { 1473280304Sjkim OPENSSL_free(co_list); 1474280304Sjkim return NULL; 1475280304Sjkim } 1476238405Sjkim 1477280304Sjkim /* Now disable everything (maintaining the ordering!) */ 1478280304Sjkim ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1479238405Sjkim 1480280304Sjkim /* 1481280304Sjkim * We also need cipher aliases for selecting based on the rule_str. 1482280304Sjkim * There might be two types of entries in the rule_str: 1) names 1483280304Sjkim * of ciphers themselves 2) aliases for groups of ciphers. 1484280304Sjkim * For 1) we need the available ciphers and for 2) the cipher 1485280304Sjkim * groups of cipher_aliases added together in one list (otherwise 1486280304Sjkim * we would be happy with just the cipher_aliases table). 1487280304Sjkim */ 1488280304Sjkim num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1489280304Sjkim num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1490280304Sjkim ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1491280304Sjkim if (ca_list == NULL) { 1492280304Sjkim OPENSSL_free(co_list); 1493280304Sjkim SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1494280304Sjkim return (NULL); /* Failure */ 1495280304Sjkim } 1496280304Sjkim ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1497280304Sjkim disabled_mkey, disabled_auth, disabled_enc, 1498280304Sjkim disabled_mac, disabled_ssl, head); 1499238405Sjkim 1500280304Sjkim /* 1501280304Sjkim * If the rule_string begins with DEFAULT, apply the default rule 1502280304Sjkim * before using the (possibly available) additional rules. 1503280304Sjkim */ 1504280304Sjkim ok = 1; 1505280304Sjkim rule_p = rule_str; 1506280304Sjkim if (strncmp(rule_str, "DEFAULT", 7) == 0) { 1507280304Sjkim ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1508280304Sjkim &head, &tail, ca_list); 1509280304Sjkim rule_p += 7; 1510280304Sjkim if (*rule_p == ':') 1511280304Sjkim rule_p++; 1512280304Sjkim } 1513238405Sjkim 1514280304Sjkim if (ok && (strlen(rule_p) > 0)) 1515280304Sjkim ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); 151655714Skris 1517280304Sjkim OPENSSL_free((void *)ca_list); /* Not needed anymore */ 151855714Skris 1519280304Sjkim if (!ok) { /* Rule processing failure */ 1520280304Sjkim OPENSSL_free(co_list); 1521280304Sjkim return (NULL); 1522280304Sjkim } 152359191Skris 1524280304Sjkim /* 1525280304Sjkim * Allocate new "cipherstack" for the result, return with error 1526280304Sjkim * if we cannot get one. 1527280304Sjkim */ 1528280304Sjkim if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { 1529280304Sjkim OPENSSL_free(co_list); 1530280304Sjkim return (NULL); 1531280304Sjkim } 153259191Skris 1533280304Sjkim /* 1534280304Sjkim * The cipher selection for the list is done. The ciphers are added 1535280304Sjkim * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1536280304Sjkim */ 1537280304Sjkim for (curr = head; curr != NULL; curr = curr->next) { 1538194206Ssimon#ifdef OPENSSL_FIPS 1539280304Sjkim if (curr->active 1540280304Sjkim && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) 1541194206Ssimon#else 1542280304Sjkim if (curr->active) 1543194206Ssimon#endif 1544280304Sjkim { 1545280304Sjkim sk_SSL_CIPHER_push(cipherstack, curr->cipher); 154655714Skris#ifdef CIPHER_DEBUG 1547280304Sjkim fprintf(stderr, "<%s>\n", curr->cipher->name); 154855714Skris#endif 1549280304Sjkim } 1550280304Sjkim } 1551280304Sjkim OPENSSL_free(co_list); /* Not needed any longer */ 155255714Skris 1553280304Sjkim tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 1554280304Sjkim if (tmp_cipher_list == NULL) { 1555280304Sjkim sk_SSL_CIPHER_free(cipherstack); 1556280304Sjkim return NULL; 1557280304Sjkim } 1558280304Sjkim if (*cipher_list != NULL) 1559280304Sjkim sk_SSL_CIPHER_free(*cipher_list); 1560280304Sjkim *cipher_list = cipherstack; 1561280304Sjkim if (*cipher_list_by_id != NULL) 1562280304Sjkim sk_SSL_CIPHER_free(*cipher_list_by_id); 1563280304Sjkim *cipher_list_by_id = tmp_cipher_list; 1564280304Sjkim (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, 1565280304Sjkim ssl_cipher_ptr_id_cmp); 156655714Skris 1567280304Sjkim sk_SSL_CIPHER_sort(*cipher_list_by_id); 1568280304Sjkim return (cipherstack); 1569280304Sjkim} 157055714Skris 1571205128Ssimonchar *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1572280304Sjkim{ 1573280304Sjkim int is_export, pkl, kl; 1574280304Sjkim const char *ver, *exp_str; 1575280304Sjkim const char *kx, *au, *enc, *mac; 1576280304Sjkim unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1577109998Smarkm#ifdef KSSL_DEBUG 1578280304Sjkim static const char *format = 1579280304Sjkim "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 1580109998Smarkm#else 1581280304Sjkim static const char *format = 1582280304Sjkim "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1583280304Sjkim#endif /* KSSL_DEBUG */ 1584109998Smarkm 1585280304Sjkim alg_mkey = cipher->algorithm_mkey; 1586280304Sjkim alg_auth = cipher->algorithm_auth; 1587280304Sjkim alg_enc = cipher->algorithm_enc; 1588280304Sjkim alg_mac = cipher->algorithm_mac; 1589280304Sjkim alg_ssl = cipher->algorithm_ssl; 1590238405Sjkim 1591280304Sjkim alg2 = cipher->algorithm2; 159255714Skris 1593280304Sjkim is_export = SSL_C_IS_EXPORT(cipher); 1594280304Sjkim pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); 1595280304Sjkim kl = SSL_C_EXPORT_KEYLENGTH(cipher); 1596280304Sjkim exp_str = is_export ? " export" : ""; 159755714Skris 1598280304Sjkim if (alg_ssl & SSL_SSLV2) 1599280304Sjkim ver = "SSLv2"; 1600280304Sjkim else if (alg_ssl & SSL_SSLV3) 1601280304Sjkim ver = "SSLv3"; 1602280304Sjkim else if (alg_ssl & SSL_TLSV1_2) 1603280304Sjkim ver = "TLSv1.2"; 1604280304Sjkim else 1605280304Sjkim ver = "unknown"; 160655714Skris 1607280304Sjkim switch (alg_mkey) { 1608280304Sjkim case SSL_kRSA: 1609280304Sjkim kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA"; 1610280304Sjkim break; 1611280304Sjkim case SSL_kDHr: 1612280304Sjkim kx = "DH/RSA"; 1613280304Sjkim break; 1614280304Sjkim case SSL_kDHd: 1615280304Sjkim kx = "DH/DSS"; 1616280304Sjkim break; 1617280304Sjkim case SSL_kKRB5: 1618280304Sjkim kx = "KRB5"; 1619280304Sjkim break; 1620280304Sjkim case SSL_kEDH: 1621280304Sjkim kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; 1622280304Sjkim break; 1623280304Sjkim case SSL_kECDHr: 1624280304Sjkim kx = "ECDH/RSA"; 1625280304Sjkim break; 1626280304Sjkim case SSL_kECDHe: 1627280304Sjkim kx = "ECDH/ECDSA"; 1628280304Sjkim break; 1629280304Sjkim case SSL_kEECDH: 1630280304Sjkim kx = "ECDH"; 1631280304Sjkim break; 1632280304Sjkim case SSL_kPSK: 1633280304Sjkim kx = "PSK"; 1634280304Sjkim break; 1635280304Sjkim case SSL_kSRP: 1636280304Sjkim kx = "SRP"; 1637280304Sjkim break; 1638280304Sjkim case SSL_kGOST: 1639280304Sjkim kx = "GOST"; 1640280304Sjkim break; 1641280304Sjkim default: 1642280304Sjkim kx = "unknown"; 1643280304Sjkim } 164455714Skris 1645280304Sjkim switch (alg_auth) { 1646280304Sjkim case SSL_aRSA: 1647280304Sjkim au = "RSA"; 1648280304Sjkim break; 1649280304Sjkim case SSL_aDSS: 1650280304Sjkim au = "DSS"; 1651280304Sjkim break; 1652280304Sjkim case SSL_aDH: 1653280304Sjkim au = "DH"; 1654280304Sjkim break; 1655280304Sjkim case SSL_aKRB5: 1656280304Sjkim au = "KRB5"; 1657280304Sjkim break; 1658280304Sjkim case SSL_aECDH: 1659280304Sjkim au = "ECDH"; 1660280304Sjkim break; 1661280304Sjkim case SSL_aNULL: 1662280304Sjkim au = "None"; 1663280304Sjkim break; 1664280304Sjkim case SSL_aECDSA: 1665280304Sjkim au = "ECDSA"; 1666280304Sjkim break; 1667280304Sjkim case SSL_aPSK: 1668280304Sjkim au = "PSK"; 1669280304Sjkim break; 1670280304Sjkim case SSL_aSRP: 1671280304Sjkim au = "SRP"; 1672280304Sjkim break; 1673280304Sjkim case SSL_aGOST94: 1674280304Sjkim au = "GOST94"; 1675280304Sjkim break; 1676280304Sjkim case SSL_aGOST01: 1677280304Sjkim au = "GOST01"; 1678280304Sjkim break; 1679280304Sjkim default: 1680280304Sjkim au = "unknown"; 1681280304Sjkim break; 1682280304Sjkim } 168355714Skris 1684280304Sjkim switch (alg_enc) { 1685280304Sjkim case SSL_DES: 1686280304Sjkim enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)"; 1687280304Sjkim break; 1688280304Sjkim case SSL_3DES: 1689280304Sjkim enc = "3DES(168)"; 1690280304Sjkim break; 1691280304Sjkim case SSL_RC4: 1692280304Sjkim enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)") 1693280304Sjkim : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)"); 1694280304Sjkim break; 1695280304Sjkim case SSL_RC2: 1696280304Sjkim enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)"; 1697280304Sjkim break; 1698280304Sjkim case SSL_IDEA: 1699280304Sjkim enc = "IDEA(128)"; 1700280304Sjkim break; 1701280304Sjkim case SSL_eNULL: 1702280304Sjkim enc = "None"; 1703280304Sjkim break; 1704280304Sjkim case SSL_AES128: 1705280304Sjkim enc = "AES(128)"; 1706280304Sjkim break; 1707280304Sjkim case SSL_AES256: 1708280304Sjkim enc = "AES(256)"; 1709280304Sjkim break; 1710280304Sjkim case SSL_AES128GCM: 1711280304Sjkim enc = "AESGCM(128)"; 1712280304Sjkim break; 1713280304Sjkim case SSL_AES256GCM: 1714280304Sjkim enc = "AESGCM(256)"; 1715280304Sjkim break; 1716280304Sjkim case SSL_CAMELLIA128: 1717280304Sjkim enc = "Camellia(128)"; 1718280304Sjkim break; 1719280304Sjkim case SSL_CAMELLIA256: 1720280304Sjkim enc = "Camellia(256)"; 1721280304Sjkim break; 1722280304Sjkim case SSL_SEED: 1723280304Sjkim enc = "SEED(128)"; 1724280304Sjkim break; 1725280304Sjkim case SSL_eGOST2814789CNT: 1726280304Sjkim enc = "GOST89(256)"; 1727280304Sjkim break; 1728280304Sjkim default: 1729280304Sjkim enc = "unknown"; 1730280304Sjkim break; 1731280304Sjkim } 173255714Skris 1733280304Sjkim switch (alg_mac) { 1734280304Sjkim case SSL_MD5: 1735280304Sjkim mac = "MD5"; 1736280304Sjkim break; 1737280304Sjkim case SSL_SHA1: 1738280304Sjkim mac = "SHA1"; 1739280304Sjkim break; 1740280304Sjkim case SSL_SHA256: 1741280304Sjkim mac = "SHA256"; 1742280304Sjkim break; 1743280304Sjkim case SSL_SHA384: 1744280304Sjkim mac = "SHA384"; 1745280304Sjkim break; 1746280304Sjkim case SSL_AEAD: 1747280304Sjkim mac = "AEAD"; 1748280304Sjkim break; 1749280304Sjkim case SSL_GOST89MAC: 1750280304Sjkim mac = "GOST89"; 1751280304Sjkim break; 1752280304Sjkim case SSL_GOST94: 1753280304Sjkim mac = "GOST94"; 1754280304Sjkim break; 1755280304Sjkim default: 1756280304Sjkim mac = "unknown"; 1757280304Sjkim break; 1758280304Sjkim } 175955714Skris 1760280304Sjkim if (buf == NULL) { 1761280304Sjkim len = 128; 1762280304Sjkim buf = OPENSSL_malloc(len); 1763280304Sjkim if (buf == NULL) 1764280304Sjkim return ("OPENSSL_malloc Error"); 1765280304Sjkim } else if (len < 128) 1766280304Sjkim return ("Buffer too small"); 1767280304Sjkim 1768109998Smarkm#ifdef KSSL_DEBUG 1769280304Sjkim BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, 1770280304Sjkim exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); 1771109998Smarkm#else 1772280304Sjkim BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, 1773280304Sjkim exp_str); 1774280304Sjkim#endif /* KSSL_DEBUG */ 1775280304Sjkim return (buf); 1776280304Sjkim} 177755714Skris 1778160814Ssimonchar *SSL_CIPHER_get_version(const SSL_CIPHER *c) 1779280304Sjkim{ 1780280304Sjkim int i; 178155714Skris 1782280304Sjkim if (c == NULL) 1783280304Sjkim return ("(NONE)"); 1784280304Sjkim i = (int)(c->id >> 24L); 1785280304Sjkim if (i == 3) 1786280304Sjkim return ("TLSv1/SSLv3"); 1787280304Sjkim else if (i == 2) 1788280304Sjkim return ("SSLv2"); 1789280304Sjkim else 1790280304Sjkim return ("unknown"); 1791280304Sjkim} 179255714Skris 179355714Skris/* return the actual cipher being used */ 1794160814Ssimonconst char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 1795280304Sjkim{ 1796280304Sjkim if (c != NULL) 1797280304Sjkim return (c->name); 1798280304Sjkim return ("(NONE)"); 1799280304Sjkim} 180055714Skris 180159191Skris/* number of bits for symmetric cipher */ 1802160814Ssimonint SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 1803280304Sjkim{ 1804280304Sjkim int ret = 0; 180555714Skris 1806280304Sjkim if (c != NULL) { 1807280304Sjkim if (alg_bits != NULL) 1808280304Sjkim *alg_bits = c->alg_bits; 1809280304Sjkim ret = c->strength_bits; 1810280304Sjkim } 1811280304Sjkim return (ret); 1812280304Sjkim} 181355714Skris 1814238405Sjkimunsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) 1815280304Sjkim{ 1816280304Sjkim return c->id; 1817280304Sjkim} 1818238405Sjkim 181955714SkrisSSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 1820280304Sjkim{ 1821280304Sjkim SSL_COMP *ctmp; 1822280304Sjkim int i, nn; 182355714Skris 1824280304Sjkim if ((n == 0) || (sk == NULL)) 1825280304Sjkim return (NULL); 1826280304Sjkim nn = sk_SSL_COMP_num(sk); 1827280304Sjkim for (i = 0; i < nn; i++) { 1828280304Sjkim ctmp = sk_SSL_COMP_value(sk, i); 1829280304Sjkim if (ctmp->id == n) 1830280304Sjkim return (ctmp); 1831280304Sjkim } 1832280304Sjkim return (NULL); 1833280304Sjkim} 183455714Skris 1835160814Ssimon#ifdef OPENSSL_NO_COMP 1836160814Ssimonvoid *SSL_COMP_get_compression_methods(void) 1837280304Sjkim{ 1838280304Sjkim return NULL; 1839280304Sjkim} 1840280304Sjkim 1841160814Ssimonint SSL_COMP_add_compression_method(int id, void *cm) 1842280304Sjkim{ 1843280304Sjkim return 1; 1844280304Sjkim} 184555714Skris 1846160814Ssimonconst char *SSL_COMP_get_name(const void *comp) 1847280304Sjkim{ 1848280304Sjkim return NULL; 1849280304Sjkim} 1850160814Ssimon#else 185155714SkrisSTACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 1852280304Sjkim{ 1853280304Sjkim load_builtin_compressions(); 1854280304Sjkim return (ssl_comp_methods); 1855280304Sjkim} 185655714Skris 185755714Skrisint SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 1858280304Sjkim{ 1859280304Sjkim SSL_COMP *comp; 186055714Skris 1861280304Sjkim if (cm == NULL || cm->type == NID_undef) 1862280304Sjkim return 1; 1863109998Smarkm 1864280304Sjkim /*- 1865280304Sjkim * According to draft-ietf-tls-compression-04.txt, the 1866280304Sjkim * compression number ranges should be the following: 1867280304Sjkim * 1868280304Sjkim * 0 to 63: methods defined by the IETF 1869280304Sjkim * 64 to 192: external party methods assigned by IANA 1870280304Sjkim * 193 to 255: reserved for private use 1871280304Sjkim */ 1872280304Sjkim if (id < 193 || id > 255) { 1873280304Sjkim SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 1874280304Sjkim SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); 1875280304Sjkim return 0; 1876280304Sjkim } 1877160814Ssimon 1878280304Sjkim MemCheck_off(); 1879280304Sjkim comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 1880280304Sjkim comp->id = id; 1881280304Sjkim comp->method = cm; 1882280304Sjkim load_builtin_compressions(); 1883280304Sjkim if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { 1884280304Sjkim OPENSSL_free(comp); 1885280304Sjkim MemCheck_on(); 1886280304Sjkim SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 1887280304Sjkim SSL_R_DUPLICATE_COMPRESSION_ID); 1888280304Sjkim return (1); 1889280304Sjkim } else if ((ssl_comp_methods == NULL) 1890280304Sjkim || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { 1891280304Sjkim OPENSSL_free(comp); 1892280304Sjkim MemCheck_on(); 1893280304Sjkim SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); 1894280304Sjkim return (1); 1895280304Sjkim } else { 1896280304Sjkim MemCheck_on(); 1897280304Sjkim return (0); 1898280304Sjkim } 1899280304Sjkim} 1900160814Ssimon 1901160814Ssimonconst char *SSL_COMP_get_name(const COMP_METHOD *comp) 1902280304Sjkim{ 1903280304Sjkim if (comp) 1904280304Sjkim return comp->name; 1905280304Sjkim return NULL; 1906280304Sjkim} 1907160814Ssimon 1908160814Ssimon#endif 1909