174664626SKris Kennaway /* ssl/ssl_ciph.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 583b4e3dcbSSimon L. B. Nielsen /* ==================================================================== 59ed5d4f9aSSimon L. B. Nielsen * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60ed5d4f9aSSimon L. B. Nielsen * 61ed5d4f9aSSimon L. B. Nielsen * Redistribution and use in source and binary forms, with or without 62ed5d4f9aSSimon L. B. Nielsen * modification, are permitted provided that the following conditions 63ed5d4f9aSSimon L. B. Nielsen * are met: 64ed5d4f9aSSimon L. B. Nielsen * 65ed5d4f9aSSimon L. B. Nielsen * 1. Redistributions of source code must retain the above copyright 66ed5d4f9aSSimon L. B. Nielsen * notice, this list of conditions and the following disclaimer. 67ed5d4f9aSSimon L. B. Nielsen * 68ed5d4f9aSSimon L. B. Nielsen * 2. Redistributions in binary form must reproduce the above copyright 69ed5d4f9aSSimon L. B. Nielsen * notice, this list of conditions and the following disclaimer in 70ed5d4f9aSSimon L. B. Nielsen * the documentation and/or other materials provided with the 71ed5d4f9aSSimon L. B. Nielsen * distribution. 72ed5d4f9aSSimon L. B. Nielsen * 73ed5d4f9aSSimon L. B. Nielsen * 3. All advertising materials mentioning features or use of this 74ed5d4f9aSSimon L. B. Nielsen * software must display the following acknowledgment: 75ed5d4f9aSSimon L. B. Nielsen * "This product includes software developed by the OpenSSL Project 76ed5d4f9aSSimon L. B. Nielsen * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77ed5d4f9aSSimon L. B. Nielsen * 78ed5d4f9aSSimon L. B. Nielsen * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79ed5d4f9aSSimon L. B. Nielsen * endorse or promote products derived from this software without 80ed5d4f9aSSimon L. B. Nielsen * prior written permission. For written permission, please contact 81ed5d4f9aSSimon L. B. Nielsen * openssl-core@openssl.org. 82ed5d4f9aSSimon L. B. Nielsen * 83ed5d4f9aSSimon L. B. Nielsen * 5. Products derived from this software may not be called "OpenSSL" 84ed5d4f9aSSimon L. B. Nielsen * nor may "OpenSSL" appear in their names without prior written 85ed5d4f9aSSimon L. B. Nielsen * permission of the OpenSSL Project. 86ed5d4f9aSSimon L. B. Nielsen * 87ed5d4f9aSSimon L. B. Nielsen * 6. Redistributions of any form whatsoever must retain the following 88ed5d4f9aSSimon L. B. Nielsen * acknowledgment: 89ed5d4f9aSSimon L. B. Nielsen * "This product includes software developed by the OpenSSL Project 90ed5d4f9aSSimon L. B. Nielsen * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91ed5d4f9aSSimon L. B. Nielsen * 92ed5d4f9aSSimon L. B. Nielsen * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93ed5d4f9aSSimon L. B. Nielsen * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94ed5d4f9aSSimon L. B. Nielsen * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95ed5d4f9aSSimon L. B. Nielsen * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96ed5d4f9aSSimon L. B. Nielsen * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97ed5d4f9aSSimon L. B. Nielsen * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98ed5d4f9aSSimon L. B. Nielsen * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99ed5d4f9aSSimon L. B. Nielsen * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100ed5d4f9aSSimon L. B. Nielsen * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101ed5d4f9aSSimon L. B. Nielsen * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102ed5d4f9aSSimon L. B. Nielsen * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103ed5d4f9aSSimon L. B. Nielsen * OF THE POSSIBILITY OF SUCH DAMAGE. 104ed5d4f9aSSimon L. B. Nielsen * ==================================================================== 105ed5d4f9aSSimon L. B. Nielsen * 106ed5d4f9aSSimon L. B. Nielsen * This product includes cryptographic software written by Eric Young 107ed5d4f9aSSimon L. B. Nielsen * (eay@cryptsoft.com). This product includes software written by Tim 108ed5d4f9aSSimon L. B. Nielsen * Hudson (tjh@cryptsoft.com). 109ed5d4f9aSSimon L. B. Nielsen * 110ed5d4f9aSSimon L. B. Nielsen */ 111ed5d4f9aSSimon L. B. Nielsen /* ==================================================================== 1123b4e3dcbSSimon L. B. Nielsen * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 1133b4e3dcbSSimon L. B. Nielsen * ECC cipher suite support in OpenSSL originally developed by 1143b4e3dcbSSimon L. B. Nielsen * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 1153b4e3dcbSSimon L. B. Nielsen */ 11674664626SKris Kennaway #include <stdio.h> 11774664626SKris Kennaway #include <openssl/objects.h> 11874664626SKris Kennaway #include <openssl/comp.h> 11974664626SKris Kennaway #include "ssl_locl.h" 12074664626SKris Kennaway 12174664626SKris Kennaway #define SSL_ENC_DES_IDX 0 12274664626SKris Kennaway #define SSL_ENC_3DES_IDX 1 12374664626SKris Kennaway #define SSL_ENC_RC4_IDX 2 12474664626SKris Kennaway #define SSL_ENC_RC2_IDX 3 12574664626SKris Kennaway #define SSL_ENC_IDEA_IDX 4 12674664626SKris Kennaway #define SSL_ENC_eFZA_IDX 5 12774664626SKris Kennaway #define SSL_ENC_NULL_IDX 6 1285c87c606SMark Murray #define SSL_ENC_AES128_IDX 7 1295c87c606SMark Murray #define SSL_ENC_AES256_IDX 8 1305c87c606SMark Murray #define SSL_ENC_NUM_IDX 9 131ed5d4f9aSSimon L. B. Nielsen #define SSL_ENC_CAMELLIA128_IDX 9 132ed5d4f9aSSimon L. B. Nielsen #define SSL_ENC_CAMELLIA256_IDX 10 133ed5d4f9aSSimon L. B. Nielsen #undef SSL_ENC_NUM_IDX 134ed5d4f9aSSimon L. B. Nielsen #define SSL_ENC_NUM_IDX 11 135ed5d4f9aSSimon L. B. Nielsen 13674664626SKris Kennaway 13774664626SKris Kennaway static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 13874664626SKris Kennaway NULL,NULL,NULL,NULL,NULL,NULL, 13974664626SKris Kennaway }; 14074664626SKris Kennaway 1413b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_NULL_IDX 0 1423b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_ZLIB_IDX 1 1433b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_NUM_IDX 2 1443b4e3dcbSSimon L. B. Nielsen 14574664626SKris Kennaway static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 14674664626SKris Kennaway 14774664626SKris Kennaway #define SSL_MD_MD5_IDX 0 14874664626SKris Kennaway #define SSL_MD_SHA1_IDX 1 14974664626SKris Kennaway #define SSL_MD_NUM_IDX 2 15074664626SKris Kennaway static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 15174664626SKris Kennaway NULL,NULL, 15274664626SKris Kennaway }; 15374664626SKris Kennaway 15474664626SKris Kennaway #define CIPHER_ADD 1 15574664626SKris Kennaway #define CIPHER_KILL 2 15674664626SKris Kennaway #define CIPHER_DEL 3 15774664626SKris Kennaway #define CIPHER_ORD 4 158f579bf8eSKris Kennaway #define CIPHER_SPECIAL 5 15974664626SKris Kennaway 16074664626SKris Kennaway typedef struct cipher_order_st 16174664626SKris Kennaway { 16274664626SKris Kennaway SSL_CIPHER *cipher; 16374664626SKris Kennaway int active; 16474664626SKris Kennaway int dead; 16574664626SKris Kennaway struct cipher_order_st *next,*prev; 16674664626SKris Kennaway } CIPHER_ORDER; 16774664626SKris Kennaway 168f579bf8eSKris Kennaway static const SSL_CIPHER cipher_aliases[]={ 1695c87c606SMark Murray /* Don't include eNULL unless specifically enabled. */ 1703b4e3dcbSSimon L. B. Nielsen /* Don't include ECC in ALL because these ciphers are not yet official. */ 1713b4e3dcbSSimon L. B. Nielsen {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ 1723b4e3dcbSSimon L. B. Nielsen /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ 1735c87c606SMark Murray {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ 1745c87c606SMark Murray {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, 1755c87c606SMark Murray {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ 176f579bf8eSKris Kennaway {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, 177f579bf8eSKris Kennaway {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, 178f579bf8eSKris Kennaway {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, 179f579bf8eSKris Kennaway {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, 180f579bf8eSKris Kennaway {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, 181f579bf8eSKris Kennaway {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, 1823b4e3dcbSSimon L. B. Nielsen {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, 183f579bf8eSKris Kennaway {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, 1845c87c606SMark Murray {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ 185f579bf8eSKris Kennaway {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, 186f579bf8eSKris Kennaway {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, 187f579bf8eSKris Kennaway {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, 188f579bf8eSKris Kennaway {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, 189f579bf8eSKris Kennaway {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, 190f579bf8eSKris Kennaway {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, 19174664626SKris Kennaway 192f579bf8eSKris Kennaway {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, 193f579bf8eSKris Kennaway {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, 194f579bf8eSKris Kennaway {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, 195f579bf8eSKris Kennaway {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, 196ced566fdSJacques Vidrine #ifndef OPENSSL_NO_IDEA 197f579bf8eSKris Kennaway {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 198ced566fdSJacques Vidrine #endif 199f579bf8eSKris Kennaway {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 200f579bf8eSKris Kennaway {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 2015c87c606SMark Murray {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 202ed5d4f9aSSimon L. B. Nielsen {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, 20374664626SKris Kennaway 204f579bf8eSKris Kennaway {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, 205f579bf8eSKris Kennaway {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, 206f579bf8eSKris Kennaway {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, 20774664626SKris Kennaway 208f579bf8eSKris Kennaway {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, 2095c87c606SMark Murray {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 210f579bf8eSKris Kennaway {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 211f579bf8eSKris Kennaway {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 212f579bf8eSKris Kennaway {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, 21374664626SKris Kennaway 214f579bf8eSKris Kennaway {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, 215f579bf8eSKris Kennaway {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, 216f579bf8eSKris Kennaway {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, 217f579bf8eSKris Kennaway 218f579bf8eSKris Kennaway {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 219f579bf8eSKris Kennaway {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 220f579bf8eSKris Kennaway {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, 221f579bf8eSKris Kennaway {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, 222f579bf8eSKris Kennaway {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 223f579bf8eSKris Kennaway {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 224f579bf8eSKris Kennaway {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 22574664626SKris Kennaway }; 22674664626SKris Kennaway 2273b4e3dcbSSimon L. B. Nielsen void ssl_load_ciphers(void) 22874664626SKris Kennaway { 22974664626SKris Kennaway ssl_cipher_methods[SSL_ENC_DES_IDX]= 23074664626SKris Kennaway EVP_get_cipherbyname(SN_des_cbc); 23174664626SKris Kennaway ssl_cipher_methods[SSL_ENC_3DES_IDX]= 23274664626SKris Kennaway EVP_get_cipherbyname(SN_des_ede3_cbc); 23374664626SKris Kennaway ssl_cipher_methods[SSL_ENC_RC4_IDX]= 23474664626SKris Kennaway EVP_get_cipherbyname(SN_rc4); 23574664626SKris Kennaway ssl_cipher_methods[SSL_ENC_RC2_IDX]= 23674664626SKris Kennaway EVP_get_cipherbyname(SN_rc2_cbc); 237ced566fdSJacques Vidrine #ifndef OPENSSL_NO_IDEA 23874664626SKris Kennaway ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 23974664626SKris Kennaway EVP_get_cipherbyname(SN_idea_cbc); 240ced566fdSJacques Vidrine #else 241ced566fdSJacques Vidrine ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; 242ced566fdSJacques Vidrine #endif 2435c87c606SMark Murray ssl_cipher_methods[SSL_ENC_AES128_IDX]= 2445c87c606SMark Murray EVP_get_cipherbyname(SN_aes_128_cbc); 2455c87c606SMark Murray ssl_cipher_methods[SSL_ENC_AES256_IDX]= 2465c87c606SMark Murray EVP_get_cipherbyname(SN_aes_256_cbc); 247ed5d4f9aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= 248ed5d4f9aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_camellia_128_cbc); 249ed5d4f9aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 250ed5d4f9aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_camellia_256_cbc); 25174664626SKris Kennaway 25274664626SKris Kennaway ssl_digest_methods[SSL_MD_MD5_IDX]= 25374664626SKris Kennaway EVP_get_digestbyname(SN_md5); 25474664626SKris Kennaway ssl_digest_methods[SSL_MD_SHA1_IDX]= 25574664626SKris Kennaway EVP_get_digestbyname(SN_sha1); 25674664626SKris Kennaway } 25774664626SKris Kennaway 2583b4e3dcbSSimon L. B. Nielsen 2593b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 2603b4e3dcbSSimon L. B. Nielsen 2613b4e3dcbSSimon L. B. Nielsen static int sk_comp_cmp(const SSL_COMP * const *a, 2623b4e3dcbSSimon L. B. Nielsen const SSL_COMP * const *b) 2633b4e3dcbSSimon L. B. Nielsen { 2643b4e3dcbSSimon L. B. Nielsen return((*a)->id-(*b)->id); 2653b4e3dcbSSimon L. B. Nielsen } 2663b4e3dcbSSimon L. B. Nielsen 2673b4e3dcbSSimon L. B. Nielsen static void load_builtin_compressions(void) 2683b4e3dcbSSimon L. B. Nielsen { 269ed5d4f9aSSimon L. B. Nielsen int got_write_lock = 0; 2703b4e3dcbSSimon L. B. Nielsen 271ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_lock(CRYPTO_LOCK_SSL); 272ed5d4f9aSSimon L. B. Nielsen if (ssl_comp_methods == NULL) 273ed5d4f9aSSimon L. B. Nielsen { 274ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 2753b4e3dcbSSimon L. B. Nielsen CRYPTO_w_lock(CRYPTO_LOCK_SSL); 276ed5d4f9aSSimon L. B. Nielsen got_write_lock = 1; 277ed5d4f9aSSimon L. B. Nielsen 2783b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods == NULL) 2793b4e3dcbSSimon L. B. Nielsen { 2803b4e3dcbSSimon L. B. Nielsen SSL_COMP *comp = NULL; 2813b4e3dcbSSimon L. B. Nielsen 2823b4e3dcbSSimon L. B. Nielsen MemCheck_off(); 2833b4e3dcbSSimon L. B. Nielsen ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); 2843b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods != NULL) 2853b4e3dcbSSimon L. B. Nielsen { 2863b4e3dcbSSimon L. B. Nielsen comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 2873b4e3dcbSSimon L. B. Nielsen if (comp != NULL) 2883b4e3dcbSSimon L. B. Nielsen { 2893b4e3dcbSSimon L. B. Nielsen comp->method=COMP_zlib(); 2903b4e3dcbSSimon L. B. Nielsen if (comp->method 2913b4e3dcbSSimon L. B. Nielsen && comp->method->type == NID_undef) 2923b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 2933b4e3dcbSSimon L. B. Nielsen else 2943b4e3dcbSSimon L. B. Nielsen { 2953b4e3dcbSSimon L. B. Nielsen comp->id=SSL_COMP_ZLIB_IDX; 2963b4e3dcbSSimon L. B. Nielsen comp->name=comp->method->name; 2973b4e3dcbSSimon L. B. Nielsen sk_SSL_COMP_push(ssl_comp_methods,comp); 2983b4e3dcbSSimon L. B. Nielsen } 2993b4e3dcbSSimon L. B. Nielsen } 3003b4e3dcbSSimon L. B. Nielsen } 3013b4e3dcbSSimon L. B. Nielsen MemCheck_on(); 3023b4e3dcbSSimon L. B. Nielsen } 303ed5d4f9aSSimon L. B. Nielsen } 304ed5d4f9aSSimon L. B. Nielsen 305ed5d4f9aSSimon L. B. Nielsen if (got_write_lock) 3063b4e3dcbSSimon L. B. Nielsen CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 307ed5d4f9aSSimon L. B. Nielsen else 308ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 3093b4e3dcbSSimon L. B. Nielsen } 3103b4e3dcbSSimon L. B. Nielsen #endif 3113b4e3dcbSSimon L. B. Nielsen 3123b4e3dcbSSimon L. B. Nielsen int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 31374664626SKris Kennaway const EVP_MD **md, SSL_COMP **comp) 31474664626SKris Kennaway { 31574664626SKris Kennaway int i; 31674664626SKris Kennaway SSL_CIPHER *c; 31774664626SKris Kennaway 31874664626SKris Kennaway c=s->cipher; 31974664626SKris Kennaway if (c == NULL) return(0); 32074664626SKris Kennaway if (comp != NULL) 32174664626SKris Kennaway { 32274664626SKris Kennaway SSL_COMP ctmp; 3233b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 3243b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 3253b4e3dcbSSimon L. B. Nielsen #endif 32674664626SKris Kennaway 32774664626SKris Kennaway *comp=NULL; 32874664626SKris Kennaway ctmp.id=s->compress_meth; 3293b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods != NULL) 3303b4e3dcbSSimon L. B. Nielsen { 33174664626SKris Kennaway i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); 33274664626SKris Kennaway if (i >= 0) 33374664626SKris Kennaway *comp=sk_SSL_COMP_value(ssl_comp_methods,i); 33474664626SKris Kennaway else 33574664626SKris Kennaway *comp=NULL; 33674664626SKris Kennaway } 33774664626SKris Kennaway } 33874664626SKris Kennaway 33974664626SKris Kennaway if ((enc == NULL) || (md == NULL)) return(0); 34074664626SKris Kennaway 34174664626SKris Kennaway switch (c->algorithms & SSL_ENC_MASK) 34274664626SKris Kennaway { 34374664626SKris Kennaway case SSL_DES: 34474664626SKris Kennaway i=SSL_ENC_DES_IDX; 34574664626SKris Kennaway break; 34674664626SKris Kennaway case SSL_3DES: 34774664626SKris Kennaway i=SSL_ENC_3DES_IDX; 34874664626SKris Kennaway break; 34974664626SKris Kennaway case SSL_RC4: 35074664626SKris Kennaway i=SSL_ENC_RC4_IDX; 35174664626SKris Kennaway break; 35274664626SKris Kennaway case SSL_RC2: 35374664626SKris Kennaway i=SSL_ENC_RC2_IDX; 35474664626SKris Kennaway break; 35574664626SKris Kennaway case SSL_IDEA: 35674664626SKris Kennaway i=SSL_ENC_IDEA_IDX; 35774664626SKris Kennaway break; 35874664626SKris Kennaway case SSL_eNULL: 35974664626SKris Kennaway i=SSL_ENC_NULL_IDX; 36074664626SKris Kennaway break; 3615c87c606SMark Murray case SSL_AES: 3625c87c606SMark Murray switch(c->alg_bits) 3635c87c606SMark Murray { 3645c87c606SMark Murray case 128: i=SSL_ENC_AES128_IDX; break; 3655c87c606SMark Murray case 256: i=SSL_ENC_AES256_IDX; break; 3665c87c606SMark Murray default: i=-1; break; 3675c87c606SMark Murray } 3685c87c606SMark Murray break; 369ed5d4f9aSSimon L. B. Nielsen case SSL_CAMELLIA: 370ed5d4f9aSSimon L. B. Nielsen switch(c->alg_bits) 371ed5d4f9aSSimon L. B. Nielsen { 372ed5d4f9aSSimon L. B. Nielsen case 128: i=SSL_ENC_CAMELLIA128_IDX; break; 373ed5d4f9aSSimon L. B. Nielsen case 256: i=SSL_ENC_CAMELLIA256_IDX; break; 374ed5d4f9aSSimon L. B. Nielsen default: i=-1; break; 375ed5d4f9aSSimon L. B. Nielsen } 376ed5d4f9aSSimon L. B. Nielsen break; 377ed5d4f9aSSimon L. B. Nielsen 37874664626SKris Kennaway default: 37974664626SKris Kennaway i= -1; 38074664626SKris Kennaway break; 38174664626SKris Kennaway } 38274664626SKris Kennaway 38374664626SKris Kennaway if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 38474664626SKris Kennaway *enc=NULL; 38574664626SKris Kennaway else 38674664626SKris Kennaway { 38774664626SKris Kennaway if (i == SSL_ENC_NULL_IDX) 38874664626SKris Kennaway *enc=EVP_enc_null(); 38974664626SKris Kennaway else 39074664626SKris Kennaway *enc=ssl_cipher_methods[i]; 39174664626SKris Kennaway } 39274664626SKris Kennaway 39374664626SKris Kennaway switch (c->algorithms & SSL_MAC_MASK) 39474664626SKris Kennaway { 39574664626SKris Kennaway case SSL_MD5: 39674664626SKris Kennaway i=SSL_MD_MD5_IDX; 39774664626SKris Kennaway break; 39874664626SKris Kennaway case SSL_SHA1: 39974664626SKris Kennaway i=SSL_MD_SHA1_IDX; 40074664626SKris Kennaway break; 40174664626SKris Kennaway default: 40274664626SKris Kennaway i= -1; 40374664626SKris Kennaway break; 40474664626SKris Kennaway } 40574664626SKris Kennaway if ((i < 0) || (i > SSL_MD_NUM_IDX)) 40674664626SKris Kennaway *md=NULL; 40774664626SKris Kennaway else 40874664626SKris Kennaway *md=ssl_digest_methods[i]; 40974664626SKris Kennaway 41074664626SKris Kennaway if ((*enc != NULL) && (*md != NULL)) 41174664626SKris Kennaway return(1); 41274664626SKris Kennaway else 41374664626SKris Kennaway return(0); 41474664626SKris Kennaway } 41574664626SKris Kennaway 41674664626SKris Kennaway #define ITEM_SEP(a) \ 41774664626SKris Kennaway (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 41874664626SKris Kennaway 41974664626SKris Kennaway static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 42074664626SKris Kennaway CIPHER_ORDER **tail) 42174664626SKris Kennaway { 42274664626SKris Kennaway if (curr == *tail) return; 42374664626SKris Kennaway if (curr == *head) 42474664626SKris Kennaway *head=curr->next; 42574664626SKris Kennaway if (curr->prev != NULL) 42674664626SKris Kennaway curr->prev->next=curr->next; 42774664626SKris Kennaway if (curr->next != NULL) /* should always be true */ 42874664626SKris Kennaway curr->next->prev=curr->prev; 42974664626SKris Kennaway (*tail)->next=curr; 43074664626SKris Kennaway curr->prev= *tail; 43174664626SKris Kennaway curr->next=NULL; 43274664626SKris Kennaway *tail=curr; 43374664626SKris Kennaway } 43474664626SKris Kennaway 4355471f83eSSimon L. B. Nielsen struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, 4365471f83eSSimon L. B. Nielsen * where 128-bit and 256-bit algorithms simply will get 4375471f83eSSimon L. B. Nielsen * separate bits. */ 4385471f83eSSimon L. B. Nielsen unsigned long mask; /* everything except m256 */ 4395471f83eSSimon L. B. Nielsen unsigned long m256; /* applies to 256-bit algorithms only */ 4405471f83eSSimon L. B. Nielsen }; 4415471f83eSSimon L. B. Nielsen 4425471f83eSSimon L. B. Nielsen struct disabled_masks ssl_cipher_get_disabled(void) 44374664626SKris Kennaway { 444f579bf8eSKris Kennaway unsigned long mask; 4455471f83eSSimon L. B. Nielsen unsigned long m256; 4465471f83eSSimon L. B. Nielsen struct disabled_masks ret; 44774664626SKris Kennaway 44874664626SKris Kennaway mask = SSL_kFZA; 4495c87c606SMark Murray #ifdef OPENSSL_NO_RSA 45074664626SKris Kennaway mask |= SSL_aRSA|SSL_kRSA; 45174664626SKris Kennaway #endif 4525c87c606SMark Murray #ifdef OPENSSL_NO_DSA 45374664626SKris Kennaway mask |= SSL_aDSS; 45474664626SKris Kennaway #endif 4555c87c606SMark Murray #ifdef OPENSSL_NO_DH 45674664626SKris Kennaway mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; 45774664626SKris Kennaway #endif 4585c87c606SMark Murray #ifdef OPENSSL_NO_KRB5 4595c87c606SMark Murray mask |= SSL_kKRB5|SSL_aKRB5; 4605c87c606SMark Murray #endif 4613b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_ECDH 4623b4e3dcbSSimon L. B. Nielsen mask |= SSL_kECDH|SSL_kECDHE; 4633b4e3dcbSSimon L. B. Nielsen #endif 46474664626SKris Kennaway #ifdef SSL_FORBID_ENULL 46574664626SKris Kennaway mask |= SSL_eNULL; 46674664626SKris Kennaway #endif 46774664626SKris Kennaway 46874664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; 46974664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; 47074664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; 47174664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; 47274664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; 47374664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; 47474664626SKris Kennaway 47574664626SKris Kennaway mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; 47674664626SKris Kennaway mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; 47774664626SKris Kennaway 4785471f83eSSimon L. B. Nielsen /* finally consider algorithms where mask and m256 differ */ 4795471f83eSSimon L. B. Nielsen m256 = mask; 4805471f83eSSimon L. B. Nielsen mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; 4815471f83eSSimon L. B. Nielsen mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; 4825471f83eSSimon L. B. Nielsen m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0; 4835471f83eSSimon L. B. Nielsen m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0; 4845471f83eSSimon L. B. Nielsen 4855471f83eSSimon L. B. Nielsen ret.mask = mask; 4865471f83eSSimon L. B. Nielsen ret.m256 = m256; 4875471f83eSSimon L. B. Nielsen return ret; 488f579bf8eSKris Kennaway } 489f579bf8eSKris Kennaway 490f579bf8eSKris Kennaway static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 4915471f83eSSimon L. B. Nielsen int num_of_ciphers, unsigned long mask, unsigned long m256, 4925471f83eSSimon L. B. Nielsen CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 4935471f83eSSimon L. B. Nielsen CIPHER_ORDER **tail_p) 494f579bf8eSKris Kennaway { 495ced566fdSJacques Vidrine int i, co_list_num; 496f579bf8eSKris Kennaway SSL_CIPHER *c; 497f579bf8eSKris Kennaway 498f579bf8eSKris Kennaway /* 499f579bf8eSKris Kennaway * We have num_of_ciphers descriptions compiled in, depending on the 500f579bf8eSKris Kennaway * method selected (SSLv2 and/or SSLv3, TLSv1 etc). 501f579bf8eSKris Kennaway * These will later be sorted in a linked list with at most num 502f579bf8eSKris Kennaway * entries. 503f579bf8eSKris Kennaway */ 50474664626SKris Kennaway 50574664626SKris Kennaway /* Get the initial list of ciphers */ 506ced566fdSJacques Vidrine co_list_num = 0; /* actual count of ciphers */ 507f579bf8eSKris Kennaway for (i = 0; i < num_of_ciphers; i++) 50874664626SKris Kennaway { 509f579bf8eSKris Kennaway c = ssl_method->get_cipher(i); 5105471f83eSSimon L. B. Nielsen #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) 51174664626SKris Kennaway /* drop those that use any of that is not available */ 5125471f83eSSimon L. B. Nielsen if ((c != NULL) && c->valid && !IS_MASKED(c)) 51374664626SKris Kennaway { 514ced566fdSJacques Vidrine co_list[co_list_num].cipher = c; 515ced566fdSJacques Vidrine co_list[co_list_num].next = NULL; 516ced566fdSJacques Vidrine co_list[co_list_num].prev = NULL; 517ced566fdSJacques Vidrine co_list[co_list_num].active = 0; 518ced566fdSJacques Vidrine co_list_num++; 5195c87c606SMark Murray #ifdef KSSL_DEBUG 5205c87c606SMark Murray printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 5215c87c606SMark Murray #endif /* KSSL_DEBUG */ 522f579bf8eSKris Kennaway /* 52374664626SKris Kennaway if (!sk_push(ca_list,(char *)c)) goto err; 524f579bf8eSKris Kennaway */ 52574664626SKris Kennaway } 52674664626SKris Kennaway } 52774664626SKris Kennaway 528f579bf8eSKris Kennaway /* 529f579bf8eSKris Kennaway * Prepare linked list from list entries 530f579bf8eSKris Kennaway */ 531ced566fdSJacques Vidrine for (i = 1; i < co_list_num - 1; i++) 53274664626SKris Kennaway { 533ced566fdSJacques Vidrine co_list[i].prev = &(co_list[i-1]); 534ced566fdSJacques Vidrine co_list[i].next = &(co_list[i+1]); 53574664626SKris Kennaway } 536ced566fdSJacques Vidrine if (co_list_num > 0) 53774664626SKris Kennaway { 538ced566fdSJacques Vidrine (*head_p) = &(co_list[0]); 539f579bf8eSKris Kennaway (*head_p)->prev = NULL; 540ced566fdSJacques Vidrine (*head_p)->next = &(co_list[1]); 541ced566fdSJacques Vidrine (*tail_p) = &(co_list[co_list_num - 1]); 542ced566fdSJacques Vidrine (*tail_p)->prev = &(co_list[co_list_num - 2]); 543f579bf8eSKris Kennaway (*tail_p)->next = NULL; 544f579bf8eSKris Kennaway } 54574664626SKris Kennaway } 54674664626SKris Kennaway 547f579bf8eSKris Kennaway static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, 548f579bf8eSKris Kennaway int num_of_group_aliases, unsigned long mask, 549f579bf8eSKris Kennaway CIPHER_ORDER *head) 55074664626SKris Kennaway { 551f579bf8eSKris Kennaway CIPHER_ORDER *ciph_curr; 552f579bf8eSKris Kennaway SSL_CIPHER **ca_curr; 553f579bf8eSKris Kennaway int i; 554f579bf8eSKris Kennaway 555f579bf8eSKris Kennaway /* 556f579bf8eSKris Kennaway * First, add the real ciphers as already collected 557f579bf8eSKris Kennaway */ 558f579bf8eSKris Kennaway ciph_curr = head; 559f579bf8eSKris Kennaway ca_curr = ca_list; 560f579bf8eSKris Kennaway while (ciph_curr != NULL) 561f579bf8eSKris Kennaway { 562f579bf8eSKris Kennaway *ca_curr = ciph_curr->cipher; 563f579bf8eSKris Kennaway ca_curr++; 564f579bf8eSKris Kennaway ciph_curr = ciph_curr->next; 56574664626SKris Kennaway } 56674664626SKris Kennaway 567f579bf8eSKris Kennaway /* 568f579bf8eSKris Kennaway * Now we add the available ones from the cipher_aliases[] table. 569f579bf8eSKris Kennaway * They represent either an algorithm, that must be fully 570f579bf8eSKris Kennaway * supported (not match any bit in mask) or represent a cipher 571f579bf8eSKris Kennaway * strength value (will be added in any case because algorithms=0). 572f579bf8eSKris Kennaway */ 573f579bf8eSKris Kennaway for (i = 0; i < num_of_group_aliases; i++) 57474664626SKris Kennaway { 575f579bf8eSKris Kennaway if ((i == 0) || /* always fetch "ALL" */ 576f579bf8eSKris Kennaway !(cipher_aliases[i].algorithms & mask)) 57774664626SKris Kennaway { 578f579bf8eSKris Kennaway *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 579f579bf8eSKris Kennaway ca_curr++; 58074664626SKris Kennaway } 581f579bf8eSKris Kennaway } 58274664626SKris Kennaway 583f579bf8eSKris Kennaway *ca_curr = NULL; /* end of list */ 584f579bf8eSKris Kennaway } 585f579bf8eSKris Kennaway 586ed5d4f9aSSimon L. B. Nielsen static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, 5873b4e3dcbSSimon L. B. Nielsen unsigned long algorithms, unsigned long mask, 588f579bf8eSKris Kennaway unsigned long algo_strength, unsigned long mask_strength, 589ced566fdSJacques Vidrine int rule, int strength_bits, CIPHER_ORDER *co_list, 590f579bf8eSKris Kennaway CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 59174664626SKris Kennaway { 592f579bf8eSKris Kennaway CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 593f579bf8eSKris Kennaway SSL_CIPHER *cp; 594f579bf8eSKris Kennaway unsigned long ma, ma_s; 595f579bf8eSKris Kennaway 596f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 597f579bf8eSKris Kennaway printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", 598f579bf8eSKris Kennaway rule, algorithms, mask, algo_strength, mask_strength, 599f579bf8eSKris Kennaway strength_bits); 60074664626SKris Kennaway #endif 60174664626SKris Kennaway 602f579bf8eSKris Kennaway curr = head = *head_p; 60374664626SKris Kennaway curr2 = head; 604f579bf8eSKris Kennaway tail2 = tail = *tail_p; 60574664626SKris Kennaway for (;;) 60674664626SKris Kennaway { 60774664626SKris Kennaway if ((curr == NULL) || (curr == tail2)) break; 60874664626SKris Kennaway curr = curr2; 60974664626SKris Kennaway curr2 = curr->next; 61074664626SKris Kennaway 61174664626SKris Kennaway cp = curr->cipher; 612f579bf8eSKris Kennaway 613ed5d4f9aSSimon L. B. Nielsen /* If explicit cipher suite, match only that one for its own protocol version. 614ed5d4f9aSSimon L. B. Nielsen * Usual selection criteria will be used for similar ciphersuites from other version! */ 6153b4e3dcbSSimon L. B. Nielsen 616ed5d4f9aSSimon L. B. Nielsen if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) 6173b4e3dcbSSimon L. B. Nielsen { 6183b4e3dcbSSimon L. B. Nielsen if (cp->id != cipher_id) 6193b4e3dcbSSimon L. B. Nielsen continue; 6203b4e3dcbSSimon L. B. Nielsen } 6213b4e3dcbSSimon L. B. Nielsen 622f579bf8eSKris Kennaway /* 623f579bf8eSKris Kennaway * Selection criteria is either the number of strength_bits 624f579bf8eSKris Kennaway * or the algorithm used. 625f579bf8eSKris Kennaway */ 6263b4e3dcbSSimon L. B. Nielsen else if (strength_bits == -1) 62774664626SKris Kennaway { 628f579bf8eSKris Kennaway ma = mask & cp->algorithms; 629f579bf8eSKris Kennaway ma_s = mask_strength & cp->algo_strength; 630f579bf8eSKris Kennaway 631f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 632f579bf8eSKris Kennaway printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); 633f579bf8eSKris Kennaway printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength); 634f579bf8eSKris Kennaway #endif 635f579bf8eSKris Kennaway /* 636f579bf8eSKris Kennaway * Select: if none of the mask bit was met from the 637f579bf8eSKris Kennaway * cipher or not all of the bits were met, the 638f579bf8eSKris Kennaway * selection does not apply. 639f579bf8eSKris Kennaway */ 640f579bf8eSKris Kennaway if (((ma == 0) && (ma_s == 0)) || 641f579bf8eSKris Kennaway ((ma & algorithms) != ma) || 642f579bf8eSKris Kennaway ((ma_s & algo_strength) != ma_s)) 643f579bf8eSKris Kennaway continue; /* does not apply */ 64474664626SKris Kennaway } 645f579bf8eSKris Kennaway else if (strength_bits != cp->strength_bits) 646f579bf8eSKris Kennaway continue; /* does not apply */ 647f579bf8eSKris Kennaway 648f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 649f579bf8eSKris Kennaway printf("Action = %d\n", rule); 650f579bf8eSKris Kennaway #endif 65174664626SKris Kennaway 65274664626SKris Kennaway /* add the cipher if it has not been added yet. */ 653f579bf8eSKris Kennaway if (rule == CIPHER_ADD) 65474664626SKris Kennaway { 65574664626SKris Kennaway if (!curr->active) 65674664626SKris Kennaway { 657ed5d4f9aSSimon L. B. Nielsen int add_this_cipher = 1; 658ed5d4f9aSSimon L. B. Nielsen 659ed5d4f9aSSimon L. B. Nielsen if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) 660ed5d4f9aSSimon L. B. Nielsen { 661ed5d4f9aSSimon L. B. Nielsen /* Make sure "ECCdraft" ciphersuites are activated only if 662ed5d4f9aSSimon L. B. Nielsen * *explicitly* requested, but not implicitly (such as 663ed5d4f9aSSimon L. B. Nielsen * as part of the "AES" alias). */ 664ed5d4f9aSSimon L. B. Nielsen 665ed5d4f9aSSimon L. B. Nielsen add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; 666ed5d4f9aSSimon L. B. Nielsen } 667ed5d4f9aSSimon L. B. Nielsen 668ed5d4f9aSSimon L. B. Nielsen if (add_this_cipher) 669ed5d4f9aSSimon L. B. Nielsen { 67074664626SKris Kennaway ll_append_tail(&head, curr, &tail); 67174664626SKris Kennaway curr->active = 1; 67274664626SKris Kennaway } 67374664626SKris Kennaway } 674ed5d4f9aSSimon L. B. Nielsen } 67574664626SKris Kennaway /* Move the added cipher to this location */ 676f579bf8eSKris Kennaway else if (rule == CIPHER_ORD) 67774664626SKris Kennaway { 67874664626SKris Kennaway if (curr->active) 67974664626SKris Kennaway { 68074664626SKris Kennaway ll_append_tail(&head, curr, &tail); 68174664626SKris Kennaway } 68274664626SKris Kennaway } 683f579bf8eSKris Kennaway else if (rule == CIPHER_DEL) 68474664626SKris Kennaway curr->active = 0; 685f579bf8eSKris Kennaway else if (rule == CIPHER_KILL) 68674664626SKris Kennaway { 68774664626SKris Kennaway if (head == curr) 68874664626SKris Kennaway head = curr->next; 68974664626SKris Kennaway else 69074664626SKris Kennaway curr->prev->next = curr->next; 69174664626SKris Kennaway if (tail == curr) 69274664626SKris Kennaway tail = curr->prev; 69374664626SKris Kennaway curr->active = 0; 69474664626SKris Kennaway if (curr->next != NULL) 69574664626SKris Kennaway curr->next->prev = curr->prev; 69674664626SKris Kennaway if (curr->prev != NULL) 69774664626SKris Kennaway curr->prev->next = curr->next; 69874664626SKris Kennaway curr->next = NULL; 69974664626SKris Kennaway curr->prev = NULL; 70074664626SKris Kennaway } 70174664626SKris Kennaway } 702f579bf8eSKris Kennaway 703f579bf8eSKris Kennaway *head_p = head; 704f579bf8eSKris Kennaway *tail_p = tail; 70574664626SKris Kennaway } 70674664626SKris Kennaway 707ced566fdSJacques Vidrine static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, 708ced566fdSJacques Vidrine CIPHER_ORDER **head_p, 709f579bf8eSKris Kennaway CIPHER_ORDER **tail_p) 710f579bf8eSKris Kennaway { 711f579bf8eSKris Kennaway int max_strength_bits, i, *number_uses; 712f579bf8eSKris Kennaway CIPHER_ORDER *curr; 713f579bf8eSKris Kennaway 714f579bf8eSKris Kennaway /* 715f579bf8eSKris Kennaway * This routine sorts the ciphers with descending strength. The sorting 716f579bf8eSKris Kennaway * must keep the pre-sorted sequence, so we apply the normal sorting 717f579bf8eSKris Kennaway * routine as '+' movement to the end of the list. 718f579bf8eSKris Kennaway */ 719f579bf8eSKris Kennaway max_strength_bits = 0; 720f579bf8eSKris Kennaway curr = *head_p; 721f579bf8eSKris Kennaway while (curr != NULL) 722f579bf8eSKris Kennaway { 723f579bf8eSKris Kennaway if (curr->active && 724f579bf8eSKris Kennaway (curr->cipher->strength_bits > max_strength_bits)) 725f579bf8eSKris Kennaway max_strength_bits = curr->cipher->strength_bits; 726f579bf8eSKris Kennaway curr = curr->next; 727f579bf8eSKris Kennaway } 728f579bf8eSKris Kennaway 729ddd58736SKris Kennaway number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 730f579bf8eSKris Kennaway if (!number_uses) 731f579bf8eSKris Kennaway { 732f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); 733f579bf8eSKris Kennaway return(0); 734f579bf8eSKris Kennaway } 735f579bf8eSKris Kennaway memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 736f579bf8eSKris Kennaway 737f579bf8eSKris Kennaway /* 738f579bf8eSKris Kennaway * Now find the strength_bits values actually used 739f579bf8eSKris Kennaway */ 740f579bf8eSKris Kennaway curr = *head_p; 741f579bf8eSKris Kennaway while (curr != NULL) 742f579bf8eSKris Kennaway { 743f579bf8eSKris Kennaway if (curr->active) 744f579bf8eSKris Kennaway number_uses[curr->cipher->strength_bits]++; 745f579bf8eSKris Kennaway curr = curr->next; 746f579bf8eSKris Kennaway } 747f579bf8eSKris Kennaway /* 748f579bf8eSKris Kennaway * Go through the list of used strength_bits values in descending 749f579bf8eSKris Kennaway * order. 750f579bf8eSKris Kennaway */ 751f579bf8eSKris Kennaway for (i = max_strength_bits; i >= 0; i--) 752f579bf8eSKris Kennaway if (number_uses[i] > 0) 753ed5d4f9aSSimon L. B. Nielsen ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 754ced566fdSJacques Vidrine co_list, head_p, tail_p); 755f579bf8eSKris Kennaway 756ddd58736SKris Kennaway OPENSSL_free(number_uses); 757f579bf8eSKris Kennaway return(1); 758f579bf8eSKris Kennaway } 759f579bf8eSKris Kennaway 760f579bf8eSKris Kennaway static int ssl_cipher_process_rulestr(const char *rule_str, 761ced566fdSJacques Vidrine CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 762f579bf8eSKris Kennaway CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 763f579bf8eSKris Kennaway { 764f579bf8eSKris Kennaway unsigned long algorithms, mask, algo_strength, mask_strength; 765f579bf8eSKris Kennaway const char *l, *start, *buf; 766f579bf8eSKris Kennaway int j, multi, found, rule, retval, ok, buflen; 767ed5d4f9aSSimon L. B. Nielsen unsigned long cipher_id = 0, ssl_version = 0; 768f579bf8eSKris Kennaway char ch; 769f579bf8eSKris Kennaway 770f579bf8eSKris Kennaway retval = 1; 771f579bf8eSKris Kennaway l = rule_str; 772f579bf8eSKris Kennaway for (;;) 773f579bf8eSKris Kennaway { 774f579bf8eSKris Kennaway ch = *l; 775f579bf8eSKris Kennaway 776f579bf8eSKris Kennaway if (ch == '\0') 777f579bf8eSKris Kennaway break; /* done */ 778f579bf8eSKris Kennaway if (ch == '-') 779f579bf8eSKris Kennaway { rule = CIPHER_DEL; l++; } 780f579bf8eSKris Kennaway else if (ch == '+') 781f579bf8eSKris Kennaway { rule = CIPHER_ORD; l++; } 782f579bf8eSKris Kennaway else if (ch == '!') 783f579bf8eSKris Kennaway { rule = CIPHER_KILL; l++; } 784f579bf8eSKris Kennaway else if (ch == '@') 785f579bf8eSKris Kennaway { rule = CIPHER_SPECIAL; l++; } 786f579bf8eSKris Kennaway else 787f579bf8eSKris Kennaway { rule = CIPHER_ADD; } 788f579bf8eSKris Kennaway 789f579bf8eSKris Kennaway if (ITEM_SEP(ch)) 790f579bf8eSKris Kennaway { 791f579bf8eSKris Kennaway l++; 792f579bf8eSKris Kennaway continue; 793f579bf8eSKris Kennaway } 794f579bf8eSKris Kennaway 795f579bf8eSKris Kennaway algorithms = mask = algo_strength = mask_strength = 0; 796f579bf8eSKris Kennaway 797f579bf8eSKris Kennaway start=l; 798f579bf8eSKris Kennaway for (;;) 799f579bf8eSKris Kennaway { 800f579bf8eSKris Kennaway ch = *l; 801f579bf8eSKris Kennaway buf = l; 802f579bf8eSKris Kennaway buflen = 0; 803f579bf8eSKris Kennaway #ifndef CHARSET_EBCDIC 804f579bf8eSKris Kennaway while ( ((ch >= 'A') && (ch <= 'Z')) || 805f579bf8eSKris Kennaway ((ch >= '0') && (ch <= '9')) || 806f579bf8eSKris Kennaway ((ch >= 'a') && (ch <= 'z')) || 807f579bf8eSKris Kennaway (ch == '-')) 808f579bf8eSKris Kennaway #else 809f579bf8eSKris Kennaway while ( isalnum(ch) || (ch == '-')) 810f579bf8eSKris Kennaway #endif 811f579bf8eSKris Kennaway { 812f579bf8eSKris Kennaway ch = *(++l); 813f579bf8eSKris Kennaway buflen++; 814f579bf8eSKris Kennaway } 815f579bf8eSKris Kennaway 816f579bf8eSKris Kennaway if (buflen == 0) 817f579bf8eSKris Kennaway { 818f579bf8eSKris Kennaway /* 819f579bf8eSKris Kennaway * We hit something we cannot deal with, 820f579bf8eSKris Kennaway * it is no command or separator nor 821f579bf8eSKris Kennaway * alphanumeric, so we call this an error. 822f579bf8eSKris Kennaway */ 823f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 824f579bf8eSKris Kennaway SSL_R_INVALID_COMMAND); 825f579bf8eSKris Kennaway retval = found = 0; 826f579bf8eSKris Kennaway l++; 827f579bf8eSKris Kennaway break; 828f579bf8eSKris Kennaway } 829f579bf8eSKris Kennaway 830f579bf8eSKris Kennaway if (rule == CIPHER_SPECIAL) 831f579bf8eSKris Kennaway { 832f579bf8eSKris Kennaway found = 0; /* unused -- avoid compiler warning */ 833f579bf8eSKris Kennaway break; /* special treatment */ 834f579bf8eSKris Kennaway } 835f579bf8eSKris Kennaway 836f579bf8eSKris Kennaway /* check for multi-part specification */ 837f579bf8eSKris Kennaway if (ch == '+') 838f579bf8eSKris Kennaway { 839f579bf8eSKris Kennaway multi=1; 840f579bf8eSKris Kennaway l++; 841f579bf8eSKris Kennaway } 842f579bf8eSKris Kennaway else 843f579bf8eSKris Kennaway multi=0; 844f579bf8eSKris Kennaway 845f579bf8eSKris Kennaway /* 846f579bf8eSKris Kennaway * Now search for the cipher alias in the ca_list. Be careful 847f579bf8eSKris Kennaway * with the strncmp, because the "buflen" limitation 848f579bf8eSKris Kennaway * will make the rule "ADH:SOME" and the cipher 849f579bf8eSKris Kennaway * "ADH-MY-CIPHER" look like a match for buflen=3. 850f579bf8eSKris Kennaway * So additionally check whether the cipher name found 851f579bf8eSKris Kennaway * has the correct length. We can save a strlen() call: 852f579bf8eSKris Kennaway * just checking for the '\0' at the right place is 85350ef0093SJacques Vidrine * sufficient, we have to strncmp() anyway. (We cannot 85450ef0093SJacques Vidrine * use strcmp(), because buf is not '\0' terminated.) 855f579bf8eSKris Kennaway */ 856f579bf8eSKris Kennaway j = found = 0; 8573b4e3dcbSSimon L. B. Nielsen cipher_id = 0; 858ed5d4f9aSSimon L. B. Nielsen ssl_version = 0; 859f579bf8eSKris Kennaway while (ca_list[j]) 860f579bf8eSKris Kennaway { 86150ef0093SJacques Vidrine if (!strncmp(buf, ca_list[j]->name, buflen) && 86250ef0093SJacques Vidrine (ca_list[j]->name[buflen] == '\0')) 863f579bf8eSKris Kennaway { 864f579bf8eSKris Kennaway found = 1; 865f579bf8eSKris Kennaway break; 866f579bf8eSKris Kennaway } 867f579bf8eSKris Kennaway else 868f579bf8eSKris Kennaway j++; 869f579bf8eSKris Kennaway } 870f579bf8eSKris Kennaway if (!found) 871f579bf8eSKris Kennaway break; /* ignore this entry */ 872f579bf8eSKris Kennaway 8733b4e3dcbSSimon L. B. Nielsen /* New algorithms: 8743b4e3dcbSSimon L. B. Nielsen * 1 - any old restrictions apply outside new mask 8753b4e3dcbSSimon L. B. Nielsen * 2 - any new restrictions apply outside old mask 8763b4e3dcbSSimon L. B. Nielsen * 3 - enforce old & new where masks intersect 8773b4e3dcbSSimon L. B. Nielsen */ 8783b4e3dcbSSimon L. B. Nielsen algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */ 8793b4e3dcbSSimon L. B. Nielsen (ca_list[j]->algorithms & ~mask) | /* 2 */ 8803b4e3dcbSSimon L. B. Nielsen (algorithms & ca_list[j]->algorithms); /* 3 */ 881f579bf8eSKris Kennaway mask |= ca_list[j]->mask; 8823b4e3dcbSSimon L. B. Nielsen algo_strength = (algo_strength & ~ca_list[j]->mask_strength) | 8833b4e3dcbSSimon L. B. Nielsen (ca_list[j]->algo_strength & ~mask_strength) | 8843b4e3dcbSSimon L. B. Nielsen (algo_strength & ca_list[j]->algo_strength); 885f579bf8eSKris Kennaway mask_strength |= ca_list[j]->mask_strength; 886f579bf8eSKris Kennaway 887ed5d4f9aSSimon L. B. Nielsen /* explicit ciphersuite found */ 888ed5d4f9aSSimon L. B. Nielsen if (ca_list[j]->valid) 889ed5d4f9aSSimon L. B. Nielsen { 890ed5d4f9aSSimon L. B. Nielsen cipher_id = ca_list[j]->id; 891ed5d4f9aSSimon L. B. Nielsen ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; 892ed5d4f9aSSimon L. B. Nielsen break; 893ed5d4f9aSSimon L. B. Nielsen } 894ed5d4f9aSSimon L. B. Nielsen 895f579bf8eSKris Kennaway if (!multi) break; 896f579bf8eSKris Kennaway } 897f579bf8eSKris Kennaway 898f579bf8eSKris Kennaway /* 899f579bf8eSKris Kennaway * Ok, we have the rule, now apply it 900f579bf8eSKris Kennaway */ 901f579bf8eSKris Kennaway if (rule == CIPHER_SPECIAL) 902f579bf8eSKris Kennaway { /* special command */ 903f579bf8eSKris Kennaway ok = 0; 904f579bf8eSKris Kennaway if ((buflen == 8) && 905f579bf8eSKris Kennaway !strncmp(buf, "STRENGTH", 8)) 906ced566fdSJacques Vidrine ok = ssl_cipher_strength_sort(co_list, 907f579bf8eSKris Kennaway head_p, tail_p); 908f579bf8eSKris Kennaway else 909f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 910f579bf8eSKris Kennaway SSL_R_INVALID_COMMAND); 911f579bf8eSKris Kennaway if (ok == 0) 912f579bf8eSKris Kennaway retval = 0; 913f579bf8eSKris Kennaway /* 914f579bf8eSKris Kennaway * We do not support any "multi" options 915f579bf8eSKris Kennaway * together with "@", so throw away the 916f579bf8eSKris Kennaway * rest of the command, if any left, until 917f579bf8eSKris Kennaway * end or ':' is found. 918f579bf8eSKris Kennaway */ 9195471f83eSSimon L. B. Nielsen while ((*l != '\0') && !ITEM_SEP(*l)) 920f579bf8eSKris Kennaway l++; 921f579bf8eSKris Kennaway } 922f579bf8eSKris Kennaway else if (found) 923f579bf8eSKris Kennaway { 924ed5d4f9aSSimon L. B. Nielsen ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, 925f579bf8eSKris Kennaway algo_strength, mask_strength, rule, -1, 926ced566fdSJacques Vidrine co_list, head_p, tail_p); 927f579bf8eSKris Kennaway } 928f579bf8eSKris Kennaway else 929f579bf8eSKris Kennaway { 9305471f83eSSimon L. B. Nielsen while ((*l != '\0') && !ITEM_SEP(*l)) 931f579bf8eSKris Kennaway l++; 932f579bf8eSKris Kennaway } 933f579bf8eSKris Kennaway if (*l == '\0') break; /* done */ 934f579bf8eSKris Kennaway } 935f579bf8eSKris Kennaway 936f579bf8eSKris Kennaway return(retval); 937f579bf8eSKris Kennaway } 938f579bf8eSKris Kennaway 939f579bf8eSKris Kennaway STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, 940f579bf8eSKris Kennaway STACK_OF(SSL_CIPHER) **cipher_list, 941f579bf8eSKris Kennaway STACK_OF(SSL_CIPHER) **cipher_list_by_id, 942f579bf8eSKris Kennaway const char *rule_str) 943f579bf8eSKris Kennaway { 944f579bf8eSKris Kennaway int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 945f579bf8eSKris Kennaway unsigned long disabled_mask; 9465471f83eSSimon L. B. Nielsen unsigned long disabled_m256; 9473b4e3dcbSSimon L. B. Nielsen STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 948f579bf8eSKris Kennaway const char *rule_p; 949ced566fdSJacques Vidrine CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 950f579bf8eSKris Kennaway SSL_CIPHER **ca_list = NULL; 951f579bf8eSKris Kennaway 952f579bf8eSKris Kennaway /* 953f579bf8eSKris Kennaway * Return with error if nothing to do. 954f579bf8eSKris Kennaway */ 9553b4e3dcbSSimon L. B. Nielsen if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 9563b4e3dcbSSimon L. B. Nielsen return NULL; 957f579bf8eSKris Kennaway 958f579bf8eSKris Kennaway /* 959f579bf8eSKris Kennaway * To reduce the work to do we only want to process the compiled 960f579bf8eSKris Kennaway * in algorithms, so we first get the mask of disabled ciphers. 961f579bf8eSKris Kennaway */ 9625471f83eSSimon L. B. Nielsen { 9635471f83eSSimon L. B. Nielsen struct disabled_masks d; 9645471f83eSSimon L. B. Nielsen d = ssl_cipher_get_disabled(); 9655471f83eSSimon L. B. Nielsen disabled_mask = d.mask; 9665471f83eSSimon L. B. Nielsen disabled_m256 = d.m256; 9675471f83eSSimon L. B. Nielsen } 968f579bf8eSKris Kennaway 969f579bf8eSKris Kennaway /* 970f579bf8eSKris Kennaway * Now we have to collect the available ciphers from the compiled 971f579bf8eSKris Kennaway * in ciphers. We cannot get more than the number compiled in, so 972f579bf8eSKris Kennaway * it is used for allocation. 973f579bf8eSKris Kennaway */ 974f579bf8eSKris Kennaway num_of_ciphers = ssl_method->num_ciphers(); 9755c87c606SMark Murray #ifdef KSSL_DEBUG 9765c87c606SMark Murray printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 9775c87c606SMark Murray #endif /* KSSL_DEBUG */ 978ced566fdSJacques Vidrine co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 979ced566fdSJacques Vidrine if (co_list == NULL) 980f579bf8eSKris Kennaway { 981f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 982f579bf8eSKris Kennaway return(NULL); /* Failure */ 983f579bf8eSKris Kennaway } 984f579bf8eSKris Kennaway 985f579bf8eSKris Kennaway ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 9865471f83eSSimon L. B. Nielsen disabled_m256, co_list, &head, &tail); 987f579bf8eSKris Kennaway 988f579bf8eSKris Kennaway /* 989f579bf8eSKris Kennaway * We also need cipher aliases for selecting based on the rule_str. 990f579bf8eSKris Kennaway * There might be two types of entries in the rule_str: 1) names 991f579bf8eSKris Kennaway * of ciphers themselves 2) aliases for groups of ciphers. 992f579bf8eSKris Kennaway * For 1) we need the available ciphers and for 2) the cipher 993f579bf8eSKris Kennaway * groups of cipher_aliases added together in one list (otherwise 994f579bf8eSKris Kennaway * we would be happy with just the cipher_aliases table). 995f579bf8eSKris Kennaway */ 996f579bf8eSKris Kennaway num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 997f579bf8eSKris Kennaway num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 998f579bf8eSKris Kennaway ca_list = 999ddd58736SKris Kennaway (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1000f579bf8eSKris Kennaway if (ca_list == NULL) 1001f579bf8eSKris Kennaway { 1002ced566fdSJacques Vidrine OPENSSL_free(co_list); 1003f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 1004f579bf8eSKris Kennaway return(NULL); /* Failure */ 1005f579bf8eSKris Kennaway } 10065471f83eSSimon L. B. Nielsen ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 10075471f83eSSimon L. B. Nielsen (disabled_mask & disabled_m256), head); 1008f579bf8eSKris Kennaway 1009f579bf8eSKris Kennaway /* 1010f579bf8eSKris Kennaway * If the rule_string begins with DEFAULT, apply the default rule 1011f579bf8eSKris Kennaway * before using the (possibly available) additional rules. 1012f579bf8eSKris Kennaway */ 1013f579bf8eSKris Kennaway ok = 1; 1014f579bf8eSKris Kennaway rule_p = rule_str; 1015f579bf8eSKris Kennaway if (strncmp(rule_str,"DEFAULT",7) == 0) 1016f579bf8eSKris Kennaway { 1017f579bf8eSKris Kennaway ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1018ced566fdSJacques Vidrine co_list, &head, &tail, ca_list); 1019f579bf8eSKris Kennaway rule_p += 7; 1020f579bf8eSKris Kennaway if (*rule_p == ':') 1021f579bf8eSKris Kennaway rule_p++; 1022f579bf8eSKris Kennaway } 1023f579bf8eSKris Kennaway 1024f579bf8eSKris Kennaway if (ok && (strlen(rule_p) > 0)) 1025ced566fdSJacques Vidrine ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, 1026f579bf8eSKris Kennaway ca_list); 1027f579bf8eSKris Kennaway 1028ddd58736SKris Kennaway OPENSSL_free(ca_list); /* Not needed anymore */ 1029f579bf8eSKris Kennaway 1030f579bf8eSKris Kennaway if (!ok) 1031f579bf8eSKris Kennaway { /* Rule processing failure */ 1032ced566fdSJacques Vidrine OPENSSL_free(co_list); 1033f579bf8eSKris Kennaway return(NULL); 1034f579bf8eSKris Kennaway } 1035f579bf8eSKris Kennaway /* 1036f579bf8eSKris Kennaway * Allocate new "cipherstack" for the result, return with error 1037f579bf8eSKris Kennaway * if we cannot get one. 1038f579bf8eSKris Kennaway */ 1039ddd58736SKris Kennaway if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 1040f579bf8eSKris Kennaway { 1041ced566fdSJacques Vidrine OPENSSL_free(co_list); 1042f579bf8eSKris Kennaway return(NULL); 1043f579bf8eSKris Kennaway } 1044f579bf8eSKris Kennaway 1045f579bf8eSKris Kennaway /* 1046f579bf8eSKris Kennaway * The cipher selection for the list is done. The ciphers are added 1047f579bf8eSKris Kennaway * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1048f579bf8eSKris Kennaway */ 104974664626SKris Kennaway for (curr = head; curr != NULL; curr = curr->next) 105074664626SKris Kennaway { 105174664626SKris Kennaway if (curr->active) 105274664626SKris Kennaway { 1053f579bf8eSKris Kennaway sk_SSL_CIPHER_push(cipherstack, curr->cipher); 105474664626SKris Kennaway #ifdef CIPHER_DEBUG 105574664626SKris Kennaway printf("<%s>\n",curr->cipher->name); 105674664626SKris Kennaway #endif 105774664626SKris Kennaway } 105874664626SKris Kennaway } 1059ced566fdSJacques Vidrine OPENSSL_free(co_list); /* Not needed any longer */ 106074664626SKris Kennaway 10613b4e3dcbSSimon L. B. Nielsen tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 10623b4e3dcbSSimon L. B. Nielsen if (tmp_cipher_list == NULL) 106374664626SKris Kennaway { 10643b4e3dcbSSimon L. B. Nielsen sk_SSL_CIPHER_free(cipherstack); 10653b4e3dcbSSimon L. B. Nielsen return NULL; 10663b4e3dcbSSimon L. B. Nielsen } 106774664626SKris Kennaway if (*cipher_list != NULL) 106874664626SKris Kennaway sk_SSL_CIPHER_free(*cipher_list); 1069f579bf8eSKris Kennaway *cipher_list = cipherstack; 107074664626SKris Kennaway if (*cipher_list_by_id != NULL) 107174664626SKris Kennaway sk_SSL_CIPHER_free(*cipher_list_by_id); 10723b4e3dcbSSimon L. B. Nielsen *cipher_list_by_id = tmp_cipher_list; 107374664626SKris Kennaway sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 107474664626SKris Kennaway 1075f579bf8eSKris Kennaway return(cipherstack); 107674664626SKris Kennaway } 107774664626SKris Kennaway 107874664626SKris Kennaway char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 107974664626SKris Kennaway { 108074664626SKris Kennaway int is_export,pkl,kl; 10813b4e3dcbSSimon L. B. Nielsen const char *ver,*exp_str; 10823b4e3dcbSSimon L. B. Nielsen const char *kx,*au,*enc,*mac; 1083f579bf8eSKris Kennaway unsigned long alg,alg2,alg_s; 10845c87c606SMark Murray #ifdef KSSL_DEBUG 10853b4e3dcbSSimon L. B. Nielsen static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; 10865c87c606SMark Murray #else 10873b4e3dcbSSimon L. B. Nielsen static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 10885c87c606SMark Murray #endif /* KSSL_DEBUG */ 108974664626SKris Kennaway 109074664626SKris Kennaway alg=cipher->algorithms; 1091f579bf8eSKris Kennaway alg_s=cipher->algo_strength; 109274664626SKris Kennaway alg2=cipher->algorithm2; 109374664626SKris Kennaway 1094f579bf8eSKris Kennaway is_export=SSL_C_IS_EXPORT(cipher); 1095f579bf8eSKris Kennaway pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 1096f579bf8eSKris Kennaway kl=SSL_C_EXPORT_KEYLENGTH(cipher); 1097ced566fdSJacques Vidrine exp_str=is_export?" export":""; 109874664626SKris Kennaway 109974664626SKris Kennaway if (alg & SSL_SSLV2) 110074664626SKris Kennaway ver="SSLv2"; 110174664626SKris Kennaway else if (alg & SSL_SSLV3) 110274664626SKris Kennaway ver="SSLv3"; 110374664626SKris Kennaway else 110474664626SKris Kennaway ver="unknown"; 110574664626SKris Kennaway 110674664626SKris Kennaway switch (alg&SSL_MKEY_MASK) 110774664626SKris Kennaway { 110874664626SKris Kennaway case SSL_kRSA: 110974664626SKris Kennaway kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 111074664626SKris Kennaway break; 111174664626SKris Kennaway case SSL_kDHr: 111274664626SKris Kennaway kx="DH/RSA"; 111374664626SKris Kennaway break; 111474664626SKris Kennaway case SSL_kDHd: 111574664626SKris Kennaway kx="DH/DSS"; 111674664626SKris Kennaway break; 11175c87c606SMark Murray case SSL_kKRB5: /* VRS */ 11185c87c606SMark Murray case SSL_KRB5: /* VRS */ 11195c87c606SMark Murray kx="KRB5"; 11205c87c606SMark Murray break; 112174664626SKris Kennaway case SSL_kFZA: 112274664626SKris Kennaway kx="Fortezza"; 112374664626SKris Kennaway break; 112474664626SKris Kennaway case SSL_kEDH: 112574664626SKris Kennaway kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 112674664626SKris Kennaway break; 11273b4e3dcbSSimon L. B. Nielsen case SSL_kECDH: 11283b4e3dcbSSimon L. B. Nielsen case SSL_kECDHE: 11293b4e3dcbSSimon L. B. Nielsen kx=is_export?"ECDH(<=163)":"ECDH"; 11303b4e3dcbSSimon L. B. Nielsen break; 113174664626SKris Kennaway default: 113274664626SKris Kennaway kx="unknown"; 113374664626SKris Kennaway } 113474664626SKris Kennaway 113574664626SKris Kennaway switch (alg&SSL_AUTH_MASK) 113674664626SKris Kennaway { 113774664626SKris Kennaway case SSL_aRSA: 113874664626SKris Kennaway au="RSA"; 113974664626SKris Kennaway break; 114074664626SKris Kennaway case SSL_aDSS: 114174664626SKris Kennaway au="DSS"; 114274664626SKris Kennaway break; 114374664626SKris Kennaway case SSL_aDH: 114474664626SKris Kennaway au="DH"; 114574664626SKris Kennaway break; 11465c87c606SMark Murray case SSL_aKRB5: /* VRS */ 11475c87c606SMark Murray case SSL_KRB5: /* VRS */ 11485c87c606SMark Murray au="KRB5"; 11495c87c606SMark Murray break; 115074664626SKris Kennaway case SSL_aFZA: 115174664626SKris Kennaway case SSL_aNULL: 115274664626SKris Kennaway au="None"; 115374664626SKris Kennaway break; 11543b4e3dcbSSimon L. B. Nielsen case SSL_aECDSA: 11553b4e3dcbSSimon L. B. Nielsen au="ECDSA"; 11563b4e3dcbSSimon L. B. Nielsen break; 115774664626SKris Kennaway default: 115874664626SKris Kennaway au="unknown"; 115974664626SKris Kennaway break; 116074664626SKris Kennaway } 116174664626SKris Kennaway 116274664626SKris Kennaway switch (alg&SSL_ENC_MASK) 116374664626SKris Kennaway { 116474664626SKris Kennaway case SSL_DES: 116574664626SKris Kennaway enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 116674664626SKris Kennaway break; 116774664626SKris Kennaway case SSL_3DES: 116874664626SKris Kennaway enc="3DES(168)"; 116974664626SKris Kennaway break; 117074664626SKris Kennaway case SSL_RC4: 117174664626SKris Kennaway enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 117274664626SKris Kennaway :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); 117374664626SKris Kennaway break; 117474664626SKris Kennaway case SSL_RC2: 117574664626SKris Kennaway enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 117674664626SKris Kennaway break; 117774664626SKris Kennaway case SSL_IDEA: 117874664626SKris Kennaway enc="IDEA(128)"; 117974664626SKris Kennaway break; 118074664626SKris Kennaway case SSL_eFZA: 118174664626SKris Kennaway enc="Fortezza"; 118274664626SKris Kennaway break; 118374664626SKris Kennaway case SSL_eNULL: 118474664626SKris Kennaway enc="None"; 118574664626SKris Kennaway break; 11865c87c606SMark Murray case SSL_AES: 11875c87c606SMark Murray switch(cipher->strength_bits) 11885c87c606SMark Murray { 11895c87c606SMark Murray case 128: enc="AES(128)"; break; 11905c87c606SMark Murray case 192: enc="AES(192)"; break; 11915c87c606SMark Murray case 256: enc="AES(256)"; break; 11925c87c606SMark Murray default: enc="AES(?""?""?)"; break; 11935c87c606SMark Murray } 11945c87c606SMark Murray break; 1195ed5d4f9aSSimon L. B. Nielsen case SSL_CAMELLIA: 1196ed5d4f9aSSimon L. B. Nielsen switch(cipher->strength_bits) 1197ed5d4f9aSSimon L. B. Nielsen { 1198ed5d4f9aSSimon L. B. Nielsen case 128: enc="Camellia(128)"; break; 1199ed5d4f9aSSimon L. B. Nielsen case 256: enc="Camellia(256)"; break; 1200ed5d4f9aSSimon L. B. Nielsen default: enc="Camellia(?""?""?)"; break; 1201ed5d4f9aSSimon L. B. Nielsen } 1202ed5d4f9aSSimon L. B. Nielsen break; 1203ed5d4f9aSSimon L. B. Nielsen 120474664626SKris Kennaway default: 120574664626SKris Kennaway enc="unknown"; 120674664626SKris Kennaway break; 120774664626SKris Kennaway } 120874664626SKris Kennaway 120974664626SKris Kennaway switch (alg&SSL_MAC_MASK) 121074664626SKris Kennaway { 121174664626SKris Kennaway case SSL_MD5: 121274664626SKris Kennaway mac="MD5"; 121374664626SKris Kennaway break; 121474664626SKris Kennaway case SSL_SHA1: 121574664626SKris Kennaway mac="SHA1"; 121674664626SKris Kennaway break; 121774664626SKris Kennaway default: 121874664626SKris Kennaway mac="unknown"; 121974664626SKris Kennaway break; 122074664626SKris Kennaway } 122174664626SKris Kennaway 122274664626SKris Kennaway if (buf == NULL) 122374664626SKris Kennaway { 1224ddd58736SKris Kennaway len=128; 1225ddd58736SKris Kennaway buf=OPENSSL_malloc(len); 1226ddd58736SKris Kennaway if (buf == NULL) return("OPENSSL_malloc Error"); 122774664626SKris Kennaway } 122874664626SKris Kennaway else if (len < 128) 122974664626SKris Kennaway return("Buffer too small"); 123074664626SKris Kennaway 12315c87c606SMark Murray #ifdef KSSL_DEBUG 1232ced566fdSJacques Vidrine BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); 12335c87c606SMark Murray #else 1234ced566fdSJacques Vidrine BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 12355c87c606SMark Murray #endif /* KSSL_DEBUG */ 123674664626SKris Kennaway return(buf); 123774664626SKris Kennaway } 123874664626SKris Kennaway 12393b4e3dcbSSimon L. B. Nielsen char *SSL_CIPHER_get_version(const SSL_CIPHER *c) 124074664626SKris Kennaway { 124174664626SKris Kennaway int i; 124274664626SKris Kennaway 124374664626SKris Kennaway if (c == NULL) return("(NONE)"); 124474664626SKris Kennaway i=(int)(c->id>>24L); 124574664626SKris Kennaway if (i == 3) 124674664626SKris Kennaway return("TLSv1/SSLv3"); 124774664626SKris Kennaway else if (i == 2) 124874664626SKris Kennaway return("SSLv2"); 124974664626SKris Kennaway else 125074664626SKris Kennaway return("unknown"); 125174664626SKris Kennaway } 125274664626SKris Kennaway 125374664626SKris Kennaway /* return the actual cipher being used */ 12543b4e3dcbSSimon L. B. Nielsen const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 125574664626SKris Kennaway { 125674664626SKris Kennaway if (c != NULL) 125774664626SKris Kennaway return(c->name); 125874664626SKris Kennaway return("(NONE)"); 125974664626SKris Kennaway } 126074664626SKris Kennaway 1261f579bf8eSKris Kennaway /* number of bits for symmetric cipher */ 12623b4e3dcbSSimon L. B. Nielsen int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 126374664626SKris Kennaway { 1264f579bf8eSKris Kennaway int ret=0; 126574664626SKris Kennaway 126674664626SKris Kennaway if (c != NULL) 126774664626SKris Kennaway { 1268f579bf8eSKris Kennaway if (alg_bits != NULL) *alg_bits = c->alg_bits; 1269f579bf8eSKris Kennaway ret = c->strength_bits; 127074664626SKris Kennaway } 127174664626SKris Kennaway return(ret); 127274664626SKris Kennaway } 127374664626SKris Kennaway 127474664626SKris Kennaway SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 127574664626SKris Kennaway { 127674664626SKris Kennaway SSL_COMP *ctmp; 127774664626SKris Kennaway int i,nn; 127874664626SKris Kennaway 127974664626SKris Kennaway if ((n == 0) || (sk == NULL)) return(NULL); 128074664626SKris Kennaway nn=sk_SSL_COMP_num(sk); 128174664626SKris Kennaway for (i=0; i<nn; i++) 128274664626SKris Kennaway { 128374664626SKris Kennaway ctmp=sk_SSL_COMP_value(sk,i); 128474664626SKris Kennaway if (ctmp->id == n) 128574664626SKris Kennaway return(ctmp); 128674664626SKris Kennaway } 128774664626SKris Kennaway return(NULL); 128874664626SKris Kennaway } 128974664626SKris Kennaway 12903b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_COMP 12913b4e3dcbSSimon L. B. Nielsen void *SSL_COMP_get_compression_methods(void) 129274664626SKris Kennaway { 12933b4e3dcbSSimon L. B. Nielsen return NULL; 12943b4e3dcbSSimon L. B. Nielsen } 12953b4e3dcbSSimon L. B. Nielsen int SSL_COMP_add_compression_method(int id, void *cm) 12963b4e3dcbSSimon L. B. Nielsen { 12973b4e3dcbSSimon L. B. Nielsen return 1; 129874664626SKris Kennaway } 129974664626SKris Kennaway 13003b4e3dcbSSimon L. B. Nielsen const char *SSL_COMP_get_name(const void *comp) 13013b4e3dcbSSimon L. B. Nielsen { 13023b4e3dcbSSimon L. B. Nielsen return NULL; 13033b4e3dcbSSimon L. B. Nielsen } 13043b4e3dcbSSimon L. B. Nielsen #else 130574664626SKris Kennaway STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 130674664626SKris Kennaway { 13073b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 130874664626SKris Kennaway return(ssl_comp_methods); 130974664626SKris Kennaway } 131074664626SKris Kennaway 131174664626SKris Kennaway int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 131274664626SKris Kennaway { 131374664626SKris Kennaway SSL_COMP *comp; 131474664626SKris Kennaway 13155c87c606SMark Murray if (cm == NULL || cm->type == NID_undef) 13165c87c606SMark Murray return 1; 13175c87c606SMark Murray 13183b4e3dcbSSimon L. B. Nielsen /* According to draft-ietf-tls-compression-04.txt, the 13193b4e3dcbSSimon L. B. Nielsen compression number ranges should be the following: 13203b4e3dcbSSimon L. B. Nielsen 13213b4e3dcbSSimon L. B. Nielsen 0 to 63: methods defined by the IETF 13223b4e3dcbSSimon L. B. Nielsen 64 to 192: external party methods assigned by IANA 13233b4e3dcbSSimon L. B. Nielsen 193 to 255: reserved for private use */ 13243b4e3dcbSSimon L. B. Nielsen if (id < 193 || id > 255) 13253b4e3dcbSSimon L. B. Nielsen { 13263b4e3dcbSSimon L. B. Nielsen SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); 13273b4e3dcbSSimon L. B. Nielsen return 0; 13283b4e3dcbSSimon L. B. Nielsen } 13293b4e3dcbSSimon L. B. Nielsen 13305c87c606SMark Murray MemCheck_off(); 1331ddd58736SKris Kennaway comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 133274664626SKris Kennaway comp->id=id; 133374664626SKris Kennaway comp->method=cm; 13343b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 13353b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods 13363b4e3dcbSSimon L. B. Nielsen && !sk_SSL_COMP_find(ssl_comp_methods,comp)) 133774664626SKris Kennaway { 13383b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 13393b4e3dcbSSimon L. B. Nielsen MemCheck_on(); 13403b4e3dcbSSimon L. B. Nielsen SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); 13413b4e3dcbSSimon L. B. Nielsen return(1); 13423b4e3dcbSSimon L. B. Nielsen } 13433b4e3dcbSSimon L. B. Nielsen else if ((ssl_comp_methods == NULL) 13443b4e3dcbSSimon L. B. Nielsen || !sk_SSL_COMP_push(ssl_comp_methods,comp)) 13453b4e3dcbSSimon L. B. Nielsen { 13463b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 13475c87c606SMark Murray MemCheck_on(); 134874664626SKris Kennaway SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1349ced566fdSJacques Vidrine return(1); 135074664626SKris Kennaway } 135174664626SKris Kennaway else 13525c87c606SMark Murray { 13535c87c606SMark Murray MemCheck_on(); 1354ced566fdSJacques Vidrine return(0); 135574664626SKris Kennaway } 13565c87c606SMark Murray } 13573b4e3dcbSSimon L. B. Nielsen 13583b4e3dcbSSimon L. B. Nielsen const char *SSL_COMP_get_name(const COMP_METHOD *comp) 13593b4e3dcbSSimon L. B. Nielsen { 13603b4e3dcbSSimon L. B. Nielsen if (comp) 13613b4e3dcbSSimon L. B. Nielsen return comp->name; 13623b4e3dcbSSimon L. B. Nielsen return NULL; 13633b4e3dcbSSimon L. B. Nielsen } 13643b4e3dcbSSimon L. B. Nielsen 13653b4e3dcbSSimon L. B. Nielsen #endif 1366