1 /* ssl/ssl_ciph.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116 /* ==================================================================== 117 * Copyright 2005 Nokia. All rights reserved. 118 * 119 * The portions of the attached software ("Contribution") is developed by 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121 * license. 122 * 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125 * support (see RFC 4279) to OpenSSL. 126 * 127 * No patent licenses or other rights except those expressly stated in 128 * the OpenSSL open source license shall be deemed granted or received 129 * expressly, by implication, estoppel, or otherwise. 130 * 131 * No assurances are provided by Nokia that the Contribution does not 132 * infringe the patent or other intellectual property rights of any third 133 * party or that the license provides you with all the necessary rights 134 * to make use of the Contribution. 135 * 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140 * OTHERWISE. 141 */ 142 143 #include <stdio.h> 144 #include <openssl/objects.h> 145 #ifndef OPENSSL_NO_COMP 146 #include <openssl/comp.h> 147 #endif 148 #ifndef OPENSSL_NO_ENGINE 149 #include <openssl/engine.h> 150 #endif 151 #include "ssl_locl.h" 152 153 #define SSL_ENC_DES_IDX 0 154 #define SSL_ENC_3DES_IDX 1 155 #define SSL_ENC_RC4_IDX 2 156 #define SSL_ENC_RC2_IDX 3 157 #define SSL_ENC_IDEA_IDX 4 158 #define SSL_ENC_NULL_IDX 5 159 #define SSL_ENC_AES128_IDX 6 160 #define SSL_ENC_AES256_IDX 7 161 #define SSL_ENC_CAMELLIA128_IDX 8 162 #define SSL_ENC_CAMELLIA256_IDX 9 163 #define SSL_ENC_GOST89_IDX 10 164 #define SSL_ENC_SEED_IDX 11 165 #define SSL_ENC_AES128GCM_IDX 12 166 #define SSL_ENC_AES256GCM_IDX 13 167 #define SSL_ENC_NUM_IDX 14 168 169 170 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { 171 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 172 }; 173 174 #define SSL_COMP_NULL_IDX 0 175 #define SSL_COMP_ZLIB_IDX 1 176 #define SSL_COMP_NUM_IDX 2 177 178 static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 179 180 #define SSL_MD_MD5_IDX 0 181 #define SSL_MD_SHA1_IDX 1 182 #define SSL_MD_GOST94_IDX 2 183 #define SSL_MD_GOST89MAC_IDX 3 184 #define SSL_MD_SHA256_IDX 4 185 #define SSL_MD_SHA384_IDX 5 186 /*Constant SSL_MAX_DIGEST equal to size of digests array should be 187 * defined in the 188 * ssl_locl.h */ 189 #define SSL_MD_NUM_IDX SSL_MAX_DIGEST 190 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { 191 NULL, NULL, NULL, NULL, NULL, NULL 192 }; 193 /* PKEY_TYPE for GOST89MAC is known in advance, but, because 194 * implementation is engine-provided, we'll fill it only if 195 * corresponding EVP_PKEY_METHOD is found 196 */ 197 static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { 198 EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, 199 EVP_PKEY_HMAC, EVP_PKEY_HMAC 200 }; 201 202 static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { 203 0, 0, 0, 0, 0, 0 204 }; 205 206 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { 207 SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, 208 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, 209 SSL_HANDSHAKE_MAC_SHA384 210 }; 211 212 #define CIPHER_ADD 1 213 #define CIPHER_KILL 2 214 #define CIPHER_DEL 3 215 #define CIPHER_ORD 4 216 #define CIPHER_SPECIAL 5 217 218 typedef struct cipher_order_st { 219 const SSL_CIPHER *cipher; 220 int active; 221 int dead; 222 struct cipher_order_st *next, *prev; 223 } CIPHER_ORDER; 224 225 static const SSL_CIPHER cipher_aliases[] = { 226 /* "ALL" doesn't include eNULL (must be specifically enabled) */ 227 {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, 228 /* "COMPLEMENTOFALL" */ 229 {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 230 231 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ 232 {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, 233 234 /* key exchange aliases 235 * (some of those using only a single bit here combine 236 * multiple key exchange algs according to the RFCs, 237 * e.g. kEDH combines DHE_DSS and DHE_RSA) */ 238 {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, 239 240 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 241 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 242 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 243 {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, 244 {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, 245 246 {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, 247 248 {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 249 {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 250 {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 251 {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 252 {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 253 254 {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, 255 {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 256 {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, 257 258 /* server authentication aliases */ 259 {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 260 {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 261 {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 262 {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 263 {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 264 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 265 {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 266 {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 267 {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 268 {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 269 {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 270 {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 271 {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 272 273 /* aliases combining key exchange and server authentication */ 274 {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 275 {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 276 {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 277 {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 278 {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 279 {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 280 {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 281 {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 282 {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 283 284 285 /* symmetric encryption aliases */ 286 {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 287 {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 288 {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 289 {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 290 {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 291 {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 292 {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 293 {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, 294 {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 295 {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 296 {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, 297 {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 298 {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 299 {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 300 301 /* MAC aliases */ 302 {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 303 {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 304 {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 305 {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 306 {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 307 {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 308 {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 309 310 /* protocol version aliases */ 311 {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 312 {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 313 {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 314 {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 315 316 /* export flag */ 317 {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 318 {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 319 320 /* strength classes */ 321 {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 322 {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 323 {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 324 {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 325 {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 326 /* FIPS 140-2 approved ciphersuite */ 327 {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 328 }; 329 /* Search for public key algorithm with given name and 330 * return its pkey_id if it is available. Otherwise return 0 331 */ 332 #ifdef OPENSSL_NO_ENGINE 333 334 static int 335 get_optional_pkey_id(const char *pkey_name) 336 { 337 const EVP_PKEY_ASN1_METHOD *ameth; 338 int pkey_id = 0; 339 ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); 340 if (ameth) { 341 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 342 } 343 return pkey_id; 344 } 345 346 #else 347 348 static int 349 get_optional_pkey_id(const char *pkey_name) 350 { 351 const EVP_PKEY_ASN1_METHOD *ameth; 352 ENGINE *tmpeng = NULL; 353 int pkey_id = 0; 354 ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); 355 if (ameth) { 356 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 357 } 358 if (tmpeng) 359 ENGINE_finish(tmpeng); 360 return pkey_id; 361 } 362 363 #endif 364 365 void 366 ssl_load_ciphers(void) 367 { 368 ssl_cipher_methods[SSL_ENC_DES_IDX]= 369 EVP_get_cipherbyname(SN_des_cbc); 370 ssl_cipher_methods[SSL_ENC_3DES_IDX]= 371 EVP_get_cipherbyname(SN_des_ede3_cbc); 372 ssl_cipher_methods[SSL_ENC_RC4_IDX]= 373 EVP_get_cipherbyname(SN_rc4); 374 ssl_cipher_methods[SSL_ENC_RC2_IDX]= 375 EVP_get_cipherbyname(SN_rc2_cbc); 376 #ifndef OPENSSL_NO_IDEA 377 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 378 EVP_get_cipherbyname(SN_idea_cbc); 379 #else 380 ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; 381 #endif 382 ssl_cipher_methods[SSL_ENC_AES128_IDX]= 383 EVP_get_cipherbyname(SN_aes_128_cbc); 384 ssl_cipher_methods[SSL_ENC_AES256_IDX]= 385 EVP_get_cipherbyname(SN_aes_256_cbc); 386 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= 387 EVP_get_cipherbyname(SN_camellia_128_cbc); 388 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 389 EVP_get_cipherbyname(SN_camellia_256_cbc); 390 ssl_cipher_methods[SSL_ENC_GOST89_IDX]= 391 EVP_get_cipherbyname(SN_gost89_cnt); 392 ssl_cipher_methods[SSL_ENC_SEED_IDX]= 393 EVP_get_cipherbyname(SN_seed_cbc); 394 395 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= 396 EVP_get_cipherbyname(SN_aes_128_gcm); 397 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= 398 EVP_get_cipherbyname(SN_aes_256_gcm); 399 400 ssl_digest_methods[SSL_MD_MD5_IDX]= 401 EVP_get_digestbyname(SN_md5); 402 ssl_mac_secret_size[SSL_MD_MD5_IDX]= 403 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); 404 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); 405 ssl_digest_methods[SSL_MD_SHA1_IDX]= 406 EVP_get_digestbyname(SN_sha1); 407 ssl_mac_secret_size[SSL_MD_SHA1_IDX]= 408 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); 409 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); 410 ssl_digest_methods[SSL_MD_GOST94_IDX]= 411 EVP_get_digestbyname(SN_id_GostR3411_94); 412 if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { 413 ssl_mac_secret_size[SSL_MD_GOST94_IDX]= 414 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); 415 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); 416 } 417 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= 418 EVP_get_digestbyname(SN_id_Gost28147_89_MAC); 419 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); 420 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { 421 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; 422 } 423 424 ssl_digest_methods[SSL_MD_SHA256_IDX]= 425 EVP_get_digestbyname(SN_sha256); 426 ssl_mac_secret_size[SSL_MD_SHA256_IDX]= 427 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); 428 ssl_digest_methods[SSL_MD_SHA384_IDX]= 429 EVP_get_digestbyname(SN_sha384); 430 ssl_mac_secret_size[SSL_MD_SHA384_IDX]= 431 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 432 } 433 #ifndef OPENSSL_NO_COMP 434 435 static int 436 sk_comp_cmp(const SSL_COMP * const *a, 437 const SSL_COMP * const *b) 438 { 439 return ((*a)->id - (*b)->id); 440 } 441 442 static void 443 load_builtin_compressions(void) 444 { 445 int got_write_lock = 0; 446 447 CRYPTO_r_lock(CRYPTO_LOCK_SSL); 448 if (ssl_comp_methods == NULL) { 449 CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 450 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 451 got_write_lock = 1; 452 453 if (ssl_comp_methods == NULL) { 454 SSL_COMP *comp = NULL; 455 456 MemCheck_off(); 457 ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); 458 if (ssl_comp_methods != NULL) { 459 comp = malloc(sizeof(SSL_COMP)); 460 if (comp != NULL) { 461 comp->method = COMP_zlib(); 462 if (comp->method && 463 comp->method->type == NID_undef) 464 free(comp); 465 else { 466 comp->id = SSL_COMP_ZLIB_IDX; 467 comp->name = comp->method->name; 468 sk_SSL_COMP_push(ssl_comp_methods, comp); 469 } 470 } 471 sk_SSL_COMP_sort(ssl_comp_methods); 472 } 473 MemCheck_on(); 474 } 475 } 476 477 if (got_write_lock) 478 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 479 else 480 CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 481 } 482 #endif 483 484 int 485 ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 486 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) 487 { 488 int i; 489 const SSL_CIPHER *c; 490 491 c = s->cipher; 492 if (c == NULL) 493 return (0); 494 if (comp != NULL) { 495 SSL_COMP ctmp; 496 #ifndef OPENSSL_NO_COMP 497 load_builtin_compressions(); 498 #endif 499 500 *comp = NULL; 501 ctmp.id = s->compress_meth; 502 if (ssl_comp_methods != NULL) { 503 i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); 504 if (i >= 0) 505 *comp = sk_SSL_COMP_value(ssl_comp_methods, i); 506 else 507 *comp = NULL; 508 } 509 } 510 511 if ((enc == NULL) || (md == NULL)) 512 return (0); 513 514 switch (c->algorithm_enc) { 515 case SSL_DES: 516 i = SSL_ENC_DES_IDX; 517 break; 518 case SSL_3DES: 519 i = SSL_ENC_3DES_IDX; 520 break; 521 case SSL_RC4: 522 i = SSL_ENC_RC4_IDX; 523 break; 524 case SSL_RC2: 525 i = SSL_ENC_RC2_IDX; 526 break; 527 case SSL_IDEA: 528 i = SSL_ENC_IDEA_IDX; 529 break; 530 case SSL_eNULL: 531 i = SSL_ENC_NULL_IDX; 532 break; 533 case SSL_AES128: 534 i = SSL_ENC_AES128_IDX; 535 break; 536 case SSL_AES256: 537 i = SSL_ENC_AES256_IDX; 538 break; 539 case SSL_CAMELLIA128: 540 i = SSL_ENC_CAMELLIA128_IDX; 541 break; 542 case SSL_CAMELLIA256: 543 i = SSL_ENC_CAMELLIA256_IDX; 544 break; 545 case SSL_eGOST2814789CNT: 546 i = SSL_ENC_GOST89_IDX; 547 break; 548 case SSL_SEED: 549 i = SSL_ENC_SEED_IDX; 550 break; 551 case SSL_AES128GCM: 552 i = SSL_ENC_AES128GCM_IDX; 553 break; 554 case SSL_AES256GCM: 555 i = SSL_ENC_AES256GCM_IDX; 556 break; 557 default: 558 i = -1; 559 break; 560 } 561 562 if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 563 *enc = NULL; 564 else { 565 if (i == SSL_ENC_NULL_IDX) 566 *enc = EVP_enc_null(); 567 else 568 *enc = ssl_cipher_methods[i]; 569 } 570 571 switch (c->algorithm_mac) { 572 case SSL_MD5: 573 i = SSL_MD_MD5_IDX; 574 break; 575 case SSL_SHA1: 576 i = SSL_MD_SHA1_IDX; 577 break; 578 case SSL_SHA256: 579 i = SSL_MD_SHA256_IDX; 580 break; 581 case SSL_SHA384: 582 i = SSL_MD_SHA384_IDX; 583 break; 584 case SSL_GOST94: 585 i = SSL_MD_GOST94_IDX; 586 break; 587 case SSL_GOST89MAC: 588 i = SSL_MD_GOST89MAC_IDX; 589 break; 590 default: 591 i = -1; 592 break; 593 } 594 if ((i < 0) || (i > SSL_MD_NUM_IDX)) { 595 *md = NULL; 596 597 if (mac_pkey_type != NULL) 598 *mac_pkey_type = NID_undef; 599 if (mac_secret_size != NULL) 600 *mac_secret_size = 0; 601 if (c->algorithm_mac == SSL_AEAD) 602 mac_pkey_type = NULL; 603 } else { 604 *md = ssl_digest_methods[i]; 605 if (mac_pkey_type != NULL) 606 *mac_pkey_type = ssl_mac_pkey_id[i]; 607 if (mac_secret_size != NULL) 608 *mac_secret_size = ssl_mac_secret_size[i]; 609 } 610 611 if ((*enc != NULL) && 612 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && 613 (!mac_pkey_type || *mac_pkey_type != NID_undef)) { 614 const EVP_CIPHER *evp; 615 616 if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || 617 s->ssl_version < TLS1_VERSION) 618 return 1; 619 620 if (c->algorithm_enc == SSL_RC4 && 621 c->algorithm_mac == SSL_MD5 && 622 (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) 623 *enc = evp, *md = NULL; 624 else if (c->algorithm_enc == SSL_AES128 && 625 c->algorithm_mac == SSL_SHA1 && 626 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) 627 *enc = evp, *md = NULL; 628 else if (c->algorithm_enc == SSL_AES256 && 629 c->algorithm_mac == SSL_SHA1 && 630 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) 631 *enc = evp, *md = NULL; 632 return (1); 633 } else 634 return (0); 635 } 636 637 int 638 ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 639 { 640 if (idx < 0 || idx >= SSL_MD_NUM_IDX) { 641 return 0; 642 } 643 *mask = ssl_handshake_digest_flag[idx]; 644 if (*mask) 645 *md = ssl_digest_methods[idx]; 646 else 647 *md = NULL; 648 return 1; 649 } 650 651 #define ITEM_SEP(a) \ 652 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 653 654 static void 655 ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 656 CIPHER_ORDER **tail) 657 { 658 if (curr == *tail) 659 return; 660 if (curr == *head) 661 *head = curr->next; 662 if (curr->prev != NULL) 663 curr->prev->next = curr->next; 664 if (curr->next != NULL) 665 curr->next->prev = curr->prev; 666 (*tail)->next = curr; 667 curr->prev= *tail; 668 curr->next = NULL; 669 *tail = curr; 670 } 671 672 static void 673 ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, 674 CIPHER_ORDER **tail) 675 { 676 if (curr == *head) 677 return; 678 if (curr == *tail) 679 *tail = curr->prev; 680 if (curr->next != NULL) 681 curr->next->prev = curr->prev; 682 if (curr->prev != NULL) 683 curr->prev->next = curr->next; 684 (*head)->prev = curr; 685 curr->next= *head; 686 curr->prev = NULL; 687 *head = curr; 688 } 689 690 static void 691 ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) 692 { 693 *mkey = 0; 694 *auth = 0; 695 *enc = 0; 696 *mac = 0; 697 *ssl = 0; 698 699 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */ 700 *auth |= SSL_aDH; 701 #ifdef OPENSSL_NO_DH 702 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH; 703 *auth |= SSL_aDH; 704 #endif 705 *mkey |= SSL_kKRB5; 706 *auth |= SSL_aKRB5; 707 #ifdef OPENSSL_NO_ECDSA 708 *auth |= SSL_aECDSA; 709 #endif 710 #ifdef OPENSSL_NO_ECDH 711 *mkey |= SSL_kECDHe|SSL_kECDHr; 712 *auth |= SSL_aECDH; 713 #endif 714 #ifdef OPENSSL_NO_PSK 715 *mkey |= SSL_kPSK; 716 *auth |= SSL_aPSK; 717 #endif 718 *mkey |= SSL_kSRP; 719 /* Check for presence of GOST 34.10 algorithms, and if they 720 * do not present, disable appropriate auth and key exchange */ 721 if (!get_optional_pkey_id("gost94")) { 722 *auth |= SSL_aGOST94; 723 } 724 if (!get_optional_pkey_id("gost2001")) { 725 *auth |= SSL_aGOST01; 726 } 727 /* Disable GOST key exchange if no GOST signature algs are available * */ 728 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { 729 *mkey |= SSL_kGOST; 730 } 731 #ifdef SSL_FORBID_ENULL 732 *enc |= SSL_eNULL; 733 #endif 734 735 736 737 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; 738 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; 739 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; 740 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; 741 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; 742 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; 743 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; 744 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; 745 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; 746 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; 747 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; 748 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; 749 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; 750 751 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; 752 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; 753 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; 754 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; 755 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; 756 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; 757 758 } 759 760 static void 761 ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 762 int num_of_ciphers, 763 unsigned long disabled_mkey, unsigned long disabled_auth, 764 unsigned long disabled_enc, unsigned long disabled_mac, 765 unsigned long disabled_ssl, 766 CIPHER_ORDER *co_list, 767 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 768 { 769 int i, co_list_num; 770 const SSL_CIPHER *c; 771 772 /* 773 * We have num_of_ciphers descriptions compiled in, depending on the 774 * method selected (SSLv2 and/or SSLv3, TLSv1 etc). 775 * These will later be sorted in a linked list with at most num 776 * entries. 777 */ 778 779 /* Get the initial list of ciphers */ 780 co_list_num = 0; /* actual count of ciphers */ 781 for (i = 0; i < num_of_ciphers; i++) { 782 c = ssl_method->get_cipher(i); 783 /* drop those that use any of that is not available */ 784 if ((c != NULL) && c->valid && 785 !(c->algorithm_mkey & disabled_mkey) && 786 !(c->algorithm_auth & disabled_auth) && 787 !(c->algorithm_enc & disabled_enc) && 788 !(c->algorithm_mac & disabled_mac) && 789 !(c->algorithm_ssl & disabled_ssl)) { 790 co_list[co_list_num].cipher = c; 791 co_list[co_list_num].next = NULL; 792 co_list[co_list_num].prev = NULL; 793 co_list[co_list_num].active = 0; 794 co_list_num++; 795 #ifdef KSSL_DEBUG 796 printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); 797 #endif /* KSSL_DEBUG */ 798 /* 799 if (!sk_push(ca_list,(char *)c)) goto err; 800 */ 801 } 802 } 803 804 /* 805 * Prepare linked list from list entries 806 */ 807 if (co_list_num > 0) { 808 co_list[0].prev = NULL; 809 810 if (co_list_num > 1) { 811 co_list[0].next = &co_list[1]; 812 813 for (i = 1; i < co_list_num - 1; i++) { 814 co_list[i].prev = &co_list[i - 1]; 815 co_list[i].next = &co_list[i + 1]; 816 } 817 818 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; 819 } 820 821 co_list[co_list_num - 1].next = NULL; 822 823 *head_p = &co_list[0]; 824 *tail_p = &co_list[co_list_num - 1]; 825 } 826 } 827 828 static void 829 ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, 830 unsigned long disabled_mkey, unsigned long disabled_auth, 831 unsigned long disabled_enc, unsigned long disabled_mac, 832 unsigned long disabled_ssl, CIPHER_ORDER *head) 833 { 834 CIPHER_ORDER *ciph_curr; 835 const SSL_CIPHER **ca_curr; 836 int i; 837 unsigned long mask_mkey = ~disabled_mkey; 838 unsigned long mask_auth = ~disabled_auth; 839 unsigned long mask_enc = ~disabled_enc; 840 unsigned long mask_mac = ~disabled_mac; 841 unsigned long mask_ssl = ~disabled_ssl; 842 843 /* 844 * First, add the real ciphers as already collected 845 */ 846 ciph_curr = head; 847 ca_curr = ca_list; 848 while (ciph_curr != NULL) { 849 *ca_curr = ciph_curr->cipher; 850 ca_curr++; 851 ciph_curr = ciph_curr->next; 852 } 853 854 /* 855 * Now we add the available ones from the cipher_aliases[] table. 856 * They represent either one or more algorithms, some of which 857 * in any affected category must be supported (set in enabled_mask), 858 * or represent a cipher strength value (will be added in any case because algorithms=0). 859 */ 860 for (i = 0; i < num_of_group_aliases; i++) { 861 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; 862 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; 863 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; 864 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; 865 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; 866 867 if (algorithm_mkey) 868 if ((algorithm_mkey & mask_mkey) == 0) 869 continue; 870 871 if (algorithm_auth) 872 if ((algorithm_auth & mask_auth) == 0) 873 continue; 874 875 if (algorithm_enc) 876 if ((algorithm_enc & mask_enc) == 0) 877 continue; 878 879 if (algorithm_mac) 880 if ((algorithm_mac & mask_mac) == 0) 881 continue; 882 883 if (algorithm_ssl) 884 if ((algorithm_ssl & mask_ssl) == 0) 885 continue; 886 887 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 888 ca_curr++; 889 } 890 891 *ca_curr = NULL; /* end of list */ 892 } 893 894 static void 895 ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey, 896 unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac, 897 unsigned long alg_ssl, unsigned long algo_strength, 898 int rule, int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 899 { 900 CIPHER_ORDER *head, *tail, *curr, *curr2, *last; 901 const SSL_CIPHER *cp; 902 int reverse = 0; 903 904 #ifdef CIPHER_DEBUG 905 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", 906 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); 907 #endif 908 909 if (rule == CIPHER_DEL) 910 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ 911 912 head = *head_p; 913 tail = *tail_p; 914 915 if (reverse) { 916 curr = tail; 917 last = head; 918 } else { 919 curr = head; 920 last = tail; 921 } 922 923 curr2 = curr; 924 for (;;) { 925 if ((curr == NULL) 926 || (curr == last)) break; 927 curr = curr2; 928 curr2 = reverse ? curr->prev : curr->next; 929 930 cp = curr->cipher; 931 932 /* 933 * Selection criteria is either the value of strength_bits 934 * or the algorithms used. 935 */ 936 if (strength_bits >= 0) { 937 if (strength_bits != cp->strength_bits) 938 continue; 939 } else { 940 #ifdef CIPHER_DEBUG 941 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); 942 #endif 943 944 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 945 continue; 946 if (alg_auth && !(alg_auth & cp->algorithm_auth)) 947 continue; 948 if (alg_enc && !(alg_enc & cp->algorithm_enc)) 949 continue; 950 if (alg_mac && !(alg_mac & cp->algorithm_mac)) 951 continue; 952 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 953 continue; 954 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) 955 continue; 956 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 957 continue; 958 } 959 960 #ifdef CIPHER_DEBUG 961 printf("Action = %d\n", rule); 962 #endif 963 964 /* add the cipher if it has not been added yet. */ 965 if (rule == CIPHER_ADD) { 966 /* reverse == 0 */ 967 if (!curr->active) { 968 ll_append_tail(&head, curr, &tail); 969 curr->active = 1; 970 } 971 } 972 /* Move the added cipher to this location */ 973 else if (rule == CIPHER_ORD) { 974 /* reverse == 0 */ 975 if (curr->active) { 976 ll_append_tail(&head, curr, &tail); 977 } 978 } else if (rule == CIPHER_DEL) { 979 /* reverse == 1 */ 980 if (curr->active) { 981 /* most recently deleted ciphersuites get best positions 982 * for any future CIPHER_ADD (note that the CIPHER_DEL loop 983 * works in reverse to maintain the order) */ 984 ll_append_head(&head, curr, &tail); 985 curr->active = 0; 986 } 987 } else if (rule == CIPHER_KILL) { 988 /* reverse == 0 */ 989 if (head == curr) 990 head = curr->next; 991 else 992 curr->prev->next = curr->next; 993 if (tail == curr) 994 tail = curr->prev; 995 curr->active = 0; 996 if (curr->next != NULL) 997 curr->next->prev = curr->prev; 998 if (curr->prev != NULL) 999 curr->prev->next = curr->next; 1000 curr->next = NULL; 1001 curr->prev = NULL; 1002 } 1003 } 1004 1005 *head_p = head; 1006 *tail_p = tail; 1007 } 1008 1009 static int 1010 ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 1011 { 1012 int max_strength_bits, i, *number_uses; 1013 CIPHER_ORDER *curr; 1014 1015 /* 1016 * This routine sorts the ciphers with descending strength. The sorting 1017 * must keep the pre-sorted sequence, so we apply the normal sorting 1018 * routine as '+' movement to the end of the list. 1019 */ 1020 max_strength_bits = 0; 1021 curr = *head_p; 1022 while (curr != NULL) { 1023 if (curr->active && 1024 (curr->cipher->strength_bits > max_strength_bits)) 1025 max_strength_bits = curr->cipher->strength_bits; 1026 curr = curr->next; 1027 } 1028 1029 number_uses = calloc((max_strength_bits + 1), sizeof(int)); 1030 if (!number_uses) { 1031 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); 1032 return (0); 1033 } 1034 1035 /* 1036 * Now find the strength_bits values actually used 1037 */ 1038 curr = *head_p; 1039 while (curr != NULL) { 1040 if (curr->active) 1041 number_uses[curr->cipher->strength_bits]++; 1042 curr = curr->next; 1043 } 1044 /* 1045 * Go through the list of used strength_bits values in descending 1046 * order. 1047 */ 1048 for (i = max_strength_bits; i >= 0; i--) 1049 if (number_uses[i] > 0) 1050 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); 1051 1052 free(number_uses); 1053 return (1); 1054 } 1055 1056 static int 1057 ssl_cipher_process_rulestr(const char *rule_str, 1058 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, 1059 const SSL_CIPHER **ca_list) 1060 { 1061 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; 1062 const char *l, *buf; 1063 int j, multi, found, rule, retval, ok, buflen; 1064 unsigned long cipher_id = 0; 1065 char ch; 1066 1067 retval = 1; 1068 l = rule_str; 1069 for (;;) { 1070 ch = *l; 1071 1072 if (ch == '\0') 1073 break; 1074 /* done */ 1075 if (ch == '-') 1076 { rule = CIPHER_DEL; 1077 l++; 1078 } else if (ch == '+') 1079 { rule = CIPHER_ORD; 1080 l++; 1081 } else if (ch == '!') 1082 { rule = CIPHER_KILL; 1083 l++; 1084 } else if (ch == '@') 1085 { rule = CIPHER_SPECIAL; 1086 l++; 1087 } else 1088 { rule = CIPHER_ADD; 1089 } 1090 1091 if (ITEM_SEP(ch)) { 1092 l++; 1093 continue; 1094 } 1095 1096 alg_mkey = 0; 1097 alg_auth = 0; 1098 alg_enc = 0; 1099 alg_mac = 0; 1100 alg_ssl = 0; 1101 algo_strength = 0; 1102 1103 for (;;) { 1104 ch = *l; 1105 buf = l; 1106 buflen = 0; 1107 while (((ch >= 'A') && (ch <= 'Z')) || 1108 ((ch >= '0') && (ch <= '9')) || 1109 ((ch >= 'a') && (ch <= 'z')) || 1110 (ch == '-') || (ch == '.')) 1111 { 1112 ch = *(++l); 1113 buflen++; 1114 } 1115 1116 if (buflen == 0) { 1117 /* 1118 * We hit something we cannot deal with, 1119 * it is no command or separator nor 1120 * alphanumeric, so we call this an error. 1121 */ 1122 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1123 SSL_R_INVALID_COMMAND); 1124 retval = found = 0; 1125 l++; 1126 break; 1127 } 1128 1129 if (rule == CIPHER_SPECIAL) { 1130 found = 0; /* unused -- avoid compiler warning */ 1131 break; /* special treatment */ 1132 } 1133 1134 /* check for multi-part specification */ 1135 if (ch == '+') { 1136 multi = 1; 1137 l++; 1138 } else 1139 multi = 0; 1140 1141 /* 1142 * Now search for the cipher alias in the ca_list. Be careful 1143 * with the strncmp, because the "buflen" limitation 1144 * will make the rule "ADH:SOME" and the cipher 1145 * "ADH-MY-CIPHER" look like a match for buflen=3. 1146 * So additionally check whether the cipher name found 1147 * has the correct length. We can save a strlen() call: 1148 * just checking for the '\0' at the right place is 1149 * sufficient, we have to strncmp() anyway. (We cannot 1150 * use strcmp(), because buf is not '\0' terminated.) 1151 */ 1152 j = found = 0; 1153 cipher_id = 0; 1154 while (ca_list[j]) { 1155 if (!strncmp(buf, ca_list[j]->name, buflen) && 1156 (ca_list[j]->name[buflen] == '\0')) { 1157 found = 1; 1158 break; 1159 } else 1160 j++; 1161 } 1162 1163 if (!found) 1164 break; /* ignore this entry */ 1165 1166 if (ca_list[j]->algorithm_mkey) { 1167 if (alg_mkey) { 1168 alg_mkey &= ca_list[j]->algorithm_mkey; 1169 if (!alg_mkey) { 1170 found = 0; 1171 break; 1172 } 1173 } else 1174 alg_mkey = ca_list[j]->algorithm_mkey; 1175 } 1176 1177 if (ca_list[j]->algorithm_auth) { 1178 if (alg_auth) { 1179 alg_auth &= ca_list[j]->algorithm_auth; 1180 if (!alg_auth) { 1181 found = 0; 1182 break; 1183 } 1184 } else 1185 alg_auth = ca_list[j]->algorithm_auth; 1186 } 1187 1188 if (ca_list[j]->algorithm_enc) { 1189 if (alg_enc) { 1190 alg_enc &= ca_list[j]->algorithm_enc; 1191 if (!alg_enc) { 1192 found = 0; 1193 break; 1194 } 1195 } else 1196 alg_enc = ca_list[j]->algorithm_enc; 1197 } 1198 1199 if (ca_list[j]->algorithm_mac) { 1200 if (alg_mac) { 1201 alg_mac &= ca_list[j]->algorithm_mac; 1202 if (!alg_mac) { 1203 found = 0; 1204 break; 1205 } 1206 } else 1207 alg_mac = ca_list[j]->algorithm_mac; 1208 } 1209 1210 if (ca_list[j]->algo_strength & SSL_EXP_MASK) { 1211 if (algo_strength & SSL_EXP_MASK) { 1212 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; 1213 if (!(algo_strength & SSL_EXP_MASK)) { 1214 found = 0; 1215 break; 1216 } 1217 } else 1218 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; 1219 } 1220 1221 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1222 if (algo_strength & SSL_STRONG_MASK) { 1223 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; 1224 if (!(algo_strength & SSL_STRONG_MASK)) { 1225 found = 0; 1226 break; 1227 } 1228 } else 1229 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; 1230 } 1231 1232 if (ca_list[j]->valid) { 1233 /* explicit ciphersuite found; its protocol version 1234 * does not become part of the search pattern!*/ 1235 1236 cipher_id = ca_list[j]->id; 1237 } else { 1238 /* not an explicit ciphersuite; only in this case, the 1239 * protocol version is considered part of the search pattern */ 1240 1241 if (ca_list[j]->algorithm_ssl) { 1242 if (alg_ssl) { 1243 alg_ssl &= ca_list[j]->algorithm_ssl; 1244 if (!alg_ssl) { 1245 found = 0; 1246 break; 1247 } 1248 } else 1249 alg_ssl = ca_list[j]->algorithm_ssl; 1250 } 1251 } 1252 1253 if (!multi) 1254 break; 1255 } 1256 1257 /* 1258 * Ok, we have the rule, now apply it 1259 */ 1260 if (rule == CIPHER_SPECIAL) 1261 { /* special command */ 1262 ok = 0; 1263 if ((buflen == 8) && 1264 !strncmp(buf, "STRENGTH", 8)) 1265 ok = ssl_cipher_strength_sort(head_p, tail_p); 1266 else 1267 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1268 SSL_R_INVALID_COMMAND); 1269 if (ok == 0) 1270 retval = 0; 1271 /* 1272 * We do not support any "multi" options 1273 * together with "@", so throw away the 1274 * rest of the command, if any left, until 1275 * end or ':' is found. 1276 */ 1277 while ((*l != '\0') && !ITEM_SEP(*l)) 1278 l++; 1279 } else if (found) { 1280 ssl_cipher_apply_rule(cipher_id, 1281 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, 1282 rule, -1, head_p, tail_p); 1283 } else { 1284 while ((*l != '\0') && !ITEM_SEP(*l)) 1285 l++; 1286 } 1287 if (*l == '\0') break; /* done */ 1288 } 1289 1290 return (retval); 1291 } 1292 1293 STACK_OF(SSL_CIPHER) * 1294 ssl_create_cipher_list(const SSL_METHOD *ssl_method, 1295 STACK_OF(SSL_CIPHER) **cipher_list, 1296 STACK_OF(SSL_CIPHER) **cipher_list_by_id, 1297 const char *rule_str) 1298 { 1299 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1300 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; 1301 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1302 const char *rule_p; 1303 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 1304 const SSL_CIPHER **ca_list = NULL; 1305 1306 /* 1307 * Return with error if nothing to do. 1308 */ 1309 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 1310 return NULL; 1311 1312 /* 1313 * To reduce the work to do we only want to process the compiled 1314 * in algorithms, so we first get the mask of disabled ciphers. 1315 */ 1316 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); 1317 1318 /* 1319 * Now we have to collect the available ciphers from the compiled 1320 * in ciphers. We cannot get more than the number compiled in, so 1321 * it is used for allocation. 1322 */ 1323 num_of_ciphers = ssl_method->num_ciphers(); 1324 #ifdef KSSL_DEBUG 1325 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 1326 #endif /* KSSL_DEBUG */ 1327 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); 1328 if (co_list == NULL) { 1329 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1330 return(NULL); /* Failure */ 1331 } 1332 1333 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1334 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, 1335 co_list, &head, &tail); 1336 1337 1338 /* Now arrange all ciphers by preference: */ 1339 1340 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ 1341 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1342 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1343 1344 /* AES is our preferred symmetric cipher */ 1345 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1346 1347 /* Temporarily enable everything else for sorting */ 1348 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1349 1350 /* Low priority for MD5 */ 1351 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); 1352 1353 /* Move anonymous ciphers to the end. Usually, these will remain disabled. 1354 * (For applications that allow them, they aren't too bad, but we prefer 1355 * authenticated ciphers.) */ 1356 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1357 1358 /* Move ciphers without forward secrecy to the end */ 1359 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1360 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ 1361 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1362 ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1363 ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1364 1365 /* RC4 is sort-of broken -- move the the end */ 1366 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1367 1368 /* Now sort by symmetric encryption strength. The above ordering remains 1369 * in force within each class */ 1370 if (!ssl_cipher_strength_sort(&head, &tail)) { 1371 free(co_list); 1372 return NULL; 1373 } 1374 1375 /* Now disable everything (maintaining the ordering!) */ 1376 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1377 1378 1379 /* 1380 * We also need cipher aliases for selecting based on the rule_str. 1381 * There might be two types of entries in the rule_str: 1) names 1382 * of ciphers themselves 2) aliases for groups of ciphers. 1383 * For 1) we need the available ciphers and for 2) the cipher 1384 * groups of cipher_aliases added together in one list (otherwise 1385 * we would be happy with just the cipher_aliases table). 1386 */ 1387 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1388 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1389 ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *)); 1390 if (ca_list == NULL) { 1391 free(co_list); 1392 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1393 return(NULL); /* Failure */ 1394 } 1395 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1396 disabled_mkey, disabled_auth, disabled_enc, 1397 disabled_mac, disabled_ssl, head); 1398 1399 /* 1400 * If the rule_string begins with DEFAULT, apply the default rule 1401 * before using the (possibly available) additional rules. 1402 */ 1403 ok = 1; 1404 rule_p = rule_str; 1405 if (strncmp(rule_str, "DEFAULT", 7) == 0) { 1406 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1407 &head, &tail, ca_list); 1408 rule_p += 7; 1409 if (*rule_p == ':') 1410 rule_p++; 1411 } 1412 1413 if (ok && (strlen(rule_p) > 0)) 1414 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); 1415 1416 free((void *)ca_list); /* Not needed anymore */ 1417 1418 if (!ok) 1419 { /* Rule processing failure */ 1420 free(co_list); 1421 return (NULL); 1422 } 1423 1424 /* 1425 * Allocate new "cipherstack" for the result, return with error 1426 * if we cannot get one. 1427 */ 1428 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { 1429 free(co_list); 1430 return (NULL); 1431 } 1432 1433 /* 1434 * The cipher selection for the list is done. The ciphers are added 1435 * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1436 */ 1437 for (curr = head; curr != NULL; curr = curr->next) { 1438 if (curr->active) { 1439 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1440 #ifdef CIPHER_DEBUG 1441 printf("<%s>\n", curr->cipher->name); 1442 #endif 1443 } 1444 } 1445 free(co_list); /* Not needed any longer */ 1446 1447 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 1448 if (tmp_cipher_list == NULL) { 1449 sk_SSL_CIPHER_free(cipherstack); 1450 return NULL; 1451 } 1452 if (*cipher_list != NULL) 1453 sk_SSL_CIPHER_free(*cipher_list); 1454 *cipher_list = cipherstack; 1455 if (*cipher_list_by_id != NULL) 1456 sk_SSL_CIPHER_free(*cipher_list_by_id); 1457 *cipher_list_by_id = tmp_cipher_list; 1458 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); 1459 1460 sk_SSL_CIPHER_sort(*cipher_list_by_id); 1461 return (cipherstack); 1462 } 1463 1464 char * 1465 SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1466 { 1467 int is_export, pkl, kl, l; 1468 const char *ver, *exp_str; 1469 const char *kx, *au, *enc, *mac; 1470 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 1471 #ifdef KSSL_DEBUG 1472 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 1473 #else 1474 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1475 #endif /* KSSL_DEBUG */ 1476 1477 alg_mkey = cipher->algorithm_mkey; 1478 alg_auth = cipher->algorithm_auth; 1479 alg_enc = cipher->algorithm_enc; 1480 alg_mac = cipher->algorithm_mac; 1481 alg_ssl = cipher->algorithm_ssl; 1482 1483 alg2 = cipher->algorithm2; 1484 1485 is_export = SSL_C_IS_EXPORT(cipher); 1486 pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); 1487 kl = SSL_C_EXPORT_KEYLENGTH(cipher); 1488 exp_str = is_export?" export":""; 1489 1490 if (alg_ssl & SSL_SSLV2) 1491 ver="SSLv2"; 1492 else if (alg_ssl & SSL_SSLV3) 1493 ver="SSLv3"; 1494 else if (alg_ssl & SSL_TLSV1_2) 1495 ver="TLSv1.2"; 1496 else 1497 ver="unknown"; 1498 1499 switch (alg_mkey) { 1500 case SSL_kRSA: 1501 kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1502 break; 1503 case SSL_kDHr: 1504 kx="DH/RSA"; 1505 break; 1506 case SSL_kDHd: 1507 kx="DH/DSS"; 1508 break; 1509 case SSL_kKRB5: 1510 kx="KRB5"; 1511 break; 1512 case SSL_kEDH: 1513 kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1514 break; 1515 case SSL_kECDHr: 1516 kx="ECDH/RSA"; 1517 break; 1518 case SSL_kECDHe: 1519 kx="ECDH/ECDSA"; 1520 break; 1521 case SSL_kEECDH: 1522 kx="ECDH"; 1523 break; 1524 case SSL_kPSK: 1525 kx="PSK"; 1526 break; 1527 case SSL_kSRP: 1528 kx="SRP"; 1529 break; 1530 default: 1531 kx="unknown"; 1532 } 1533 1534 switch (alg_auth) { 1535 case SSL_aRSA: 1536 au="RSA"; 1537 break; 1538 case SSL_aDSS: 1539 au="DSS"; 1540 break; 1541 case SSL_aDH: 1542 au="DH"; 1543 break; 1544 case SSL_aKRB5: 1545 au="KRB5"; 1546 break; 1547 case SSL_aECDH: 1548 au="ECDH"; 1549 break; 1550 case SSL_aNULL: 1551 au="None"; 1552 break; 1553 case SSL_aECDSA: 1554 au="ECDSA"; 1555 break; 1556 case SSL_aPSK: 1557 au="PSK"; 1558 break; 1559 default: 1560 au="unknown"; 1561 break; 1562 } 1563 1564 switch (alg_enc) { 1565 case SSL_DES: 1566 enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; 1567 break; 1568 case SSL_3DES: 1569 enc="3DES(168)"; 1570 break; 1571 case SSL_RC4: 1572 enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 1573 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); 1574 break; 1575 case SSL_RC2: 1576 enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 1577 break; 1578 case SSL_IDEA: 1579 enc="IDEA(128)"; 1580 break; 1581 case SSL_eNULL: 1582 enc="None"; 1583 break; 1584 case SSL_AES128: 1585 enc="AES(128)"; 1586 break; 1587 case SSL_AES256: 1588 enc="AES(256)"; 1589 break; 1590 case SSL_AES128GCM: 1591 enc="AESGCM(128)"; 1592 break; 1593 case SSL_AES256GCM: 1594 enc="AESGCM(256)"; 1595 break; 1596 case SSL_CAMELLIA128: 1597 enc="Camellia(128)"; 1598 break; 1599 case SSL_CAMELLIA256: 1600 enc="Camellia(256)"; 1601 break; 1602 case SSL_SEED: 1603 enc="SEED(128)"; 1604 break; 1605 default: 1606 enc="unknown"; 1607 break; 1608 } 1609 1610 switch (alg_mac) { 1611 case SSL_MD5: 1612 mac="MD5"; 1613 break; 1614 case SSL_SHA1: 1615 mac="SHA1"; 1616 break; 1617 case SSL_SHA256: 1618 mac="SHA256"; 1619 break; 1620 case SSL_SHA384: 1621 mac="SHA384"; 1622 break; 1623 case SSL_AEAD: 1624 mac="AEAD"; 1625 break; 1626 default: 1627 mac="unknown"; 1628 break; 1629 } 1630 1631 if (buf == NULL) { 1632 len = 128; 1633 buf = malloc(len); 1634 if (buf == NULL) 1635 return("malloc Error"); 1636 } else if (len < 128) 1637 return("Buffer too small"); 1638 1639 #ifdef KSSL_DEBUG 1640 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); 1641 #else 1642 l = snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); 1643 #endif /* KSSL_DEBUG */ 1644 if (l >= len || l == -1) 1645 return("Buffer too small"); 1646 else 1647 return (buf); 1648 } 1649 1650 char * 1651 SSL_CIPHER_get_version(const SSL_CIPHER *c) 1652 { 1653 int i; 1654 1655 if (c == NULL) 1656 return("(NONE)"); 1657 i = (int)(c->id >> 24L); 1658 if (i == 3) 1659 return("TLSv1/SSLv3"); 1660 else if (i == 2) 1661 return("SSLv2"); 1662 else 1663 return("unknown"); 1664 } 1665 1666 /* return the actual cipher being used */ 1667 const char * 1668 SSL_CIPHER_get_name(const SSL_CIPHER *c) 1669 { 1670 if (c != NULL) 1671 return (c->name); 1672 return("(NONE)"); 1673 } 1674 1675 /* number of bits for symmetric cipher */ 1676 int 1677 SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 1678 { 1679 int ret = 0; 1680 1681 if (c != NULL) { 1682 if (alg_bits != NULL) 1683 *alg_bits = c->alg_bits; 1684 ret = c->strength_bits; 1685 } 1686 return (ret); 1687 } 1688 1689 unsigned long 1690 SSL_CIPHER_get_id(const SSL_CIPHER *c) 1691 { 1692 return c->id; 1693 } 1694 1695 SSL_COMP * 1696 ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 1697 { 1698 SSL_COMP *ctmp; 1699 int i, nn; 1700 1701 if ((n == 0) 1702 || (sk == NULL)) return (NULL); 1703 nn = sk_SSL_COMP_num(sk); 1704 for (i = 0; i < nn; i++) { 1705 ctmp = sk_SSL_COMP_value(sk, i); 1706 if (ctmp->id == n) 1707 return (ctmp); 1708 } 1709 return (NULL); 1710 } 1711 1712 #ifdef OPENSSL_NO_COMP 1713 void * 1714 SSL_COMP_get_compression_methods(void) 1715 { 1716 return NULL; 1717 } 1718 1719 int 1720 SSL_COMP_add_compression_method(int id, void *cm) 1721 { 1722 return 1; 1723 } 1724 1725 const char * 1726 SSL_COMP_get_name(const void *comp) 1727 { 1728 return NULL; 1729 } 1730 #else 1731 STACK_OF(SSL_COMP) * 1732 SSL_COMP_get_compression_methods(void) 1733 { 1734 load_builtin_compressions(); 1735 return (ssl_comp_methods); 1736 } 1737 1738 int 1739 SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 1740 { 1741 SSL_COMP *comp; 1742 1743 if (cm == NULL || cm->type == NID_undef) 1744 return 1; 1745 1746 /* According to draft-ietf-tls-compression-04.txt, the 1747 compression number ranges should be the following: 1748 1749 0 to 63: methods defined by the IETF 1750 64 to 192: external party methods assigned by IANA 1751 193 to 255: reserved for private use */ 1752 if (id < 193 || id > 255) { 1753 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); 1754 return 0; 1755 } 1756 1757 MemCheck_off(); 1758 comp = malloc(sizeof(SSL_COMP)); 1759 comp->id = id; 1760 comp->method = cm; 1761 load_builtin_compressions(); 1762 if (ssl_comp_methods && 1763 sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { 1764 free(comp); 1765 MemCheck_on(); 1766 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); 1767 return (1); 1768 } else if ((ssl_comp_methods == NULL) || 1769 !sk_SSL_COMP_push(ssl_comp_methods, comp)) { 1770 free(comp); 1771 MemCheck_on(); 1772 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); 1773 return (1); 1774 } else { 1775 MemCheck_on(); 1776 return (0); 1777 } 1778 } 1779 1780 const char * 1781 SSL_COMP_get_name(const COMP_METHOD *comp) 1782 { 1783 if (comp) 1784 return comp->name; 1785 return NULL; 1786 } 1787 1788 #endif 1789