174664626SKris Kennaway /* ssl/ssl_ciph.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 583b4e3dcbSSimon L. B. Nielsen /* ==================================================================== 591f13597dSJung-uk Kim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60ed5d4f9aSSimon L. B. Nielsen * 61ed5d4f9aSSimon L. B. Nielsen * Redistribution and use in source and binary forms, with or without 62ed5d4f9aSSimon L. B. Nielsen * modification, are permitted provided that the following conditions 63ed5d4f9aSSimon L. B. Nielsen * are met: 64ed5d4f9aSSimon L. B. Nielsen * 65ed5d4f9aSSimon L. B. Nielsen * 1. Redistributions of source code must retain the above copyright 66ed5d4f9aSSimon L. B. Nielsen * notice, this list of conditions and the following disclaimer. 67ed5d4f9aSSimon L. B. Nielsen * 68ed5d4f9aSSimon L. B. Nielsen * 2. Redistributions in binary form must reproduce the above copyright 69ed5d4f9aSSimon L. B. Nielsen * notice, this list of conditions and the following disclaimer in 70ed5d4f9aSSimon L. B. Nielsen * the documentation and/or other materials provided with the 71ed5d4f9aSSimon L. B. Nielsen * distribution. 72ed5d4f9aSSimon L. B. Nielsen * 73ed5d4f9aSSimon L. B. Nielsen * 3. All advertising materials mentioning features or use of this 74ed5d4f9aSSimon L. B. Nielsen * software must display the following acknowledgment: 75ed5d4f9aSSimon L. B. Nielsen * "This product includes software developed by the OpenSSL Project 76ed5d4f9aSSimon L. B. Nielsen * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77ed5d4f9aSSimon L. B. Nielsen * 78ed5d4f9aSSimon L. B. Nielsen * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79ed5d4f9aSSimon L. B. Nielsen * endorse or promote products derived from this software without 80ed5d4f9aSSimon L. B. Nielsen * prior written permission. For written permission, please contact 81ed5d4f9aSSimon L. B. Nielsen * openssl-core@openssl.org. 82ed5d4f9aSSimon L. B. Nielsen * 83ed5d4f9aSSimon L. B. Nielsen * 5. Products derived from this software may not be called "OpenSSL" 84ed5d4f9aSSimon L. B. Nielsen * nor may "OpenSSL" appear in their names without prior written 85ed5d4f9aSSimon L. B. Nielsen * permission of the OpenSSL Project. 86ed5d4f9aSSimon L. B. Nielsen * 87ed5d4f9aSSimon L. B. Nielsen * 6. Redistributions of any form whatsoever must retain the following 88ed5d4f9aSSimon L. B. Nielsen * acknowledgment: 89ed5d4f9aSSimon L. B. Nielsen * "This product includes software developed by the OpenSSL Project 90ed5d4f9aSSimon L. B. Nielsen * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91ed5d4f9aSSimon L. B. Nielsen * 92ed5d4f9aSSimon L. B. Nielsen * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93ed5d4f9aSSimon L. B. Nielsen * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94ed5d4f9aSSimon L. B. Nielsen * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95ed5d4f9aSSimon L. B. Nielsen * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96ed5d4f9aSSimon L. B. Nielsen * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97ed5d4f9aSSimon L. B. Nielsen * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98ed5d4f9aSSimon L. B. Nielsen * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99ed5d4f9aSSimon L. B. Nielsen * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100ed5d4f9aSSimon L. B. Nielsen * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101ed5d4f9aSSimon L. B. Nielsen * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102ed5d4f9aSSimon L. B. Nielsen * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103ed5d4f9aSSimon L. B. Nielsen * OF THE POSSIBILITY OF SUCH DAMAGE. 104ed5d4f9aSSimon L. B. Nielsen * ==================================================================== 105ed5d4f9aSSimon L. B. Nielsen * 106ed5d4f9aSSimon L. B. Nielsen * This product includes cryptographic software written by Eric Young 107ed5d4f9aSSimon L. B. Nielsen * (eay@cryptsoft.com). This product includes software written by Tim 108ed5d4f9aSSimon L. B. Nielsen * Hudson (tjh@cryptsoft.com). 109ed5d4f9aSSimon L. B. Nielsen * 110ed5d4f9aSSimon L. B. Nielsen */ 111ed5d4f9aSSimon L. B. Nielsen /* ==================================================================== 1123b4e3dcbSSimon L. B. Nielsen * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 1133b4e3dcbSSimon L. B. Nielsen * ECC cipher suite support in OpenSSL originally developed by 1143b4e3dcbSSimon L. B. Nielsen * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 1153b4e3dcbSSimon L. B. Nielsen */ 1161f13597dSJung-uk Kim /* ==================================================================== 1171f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 1181f13597dSJung-uk Kim * 1191f13597dSJung-uk Kim * The portions of the attached software ("Contribution") is developed by 1201f13597dSJung-uk Kim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 1211f13597dSJung-uk Kim * license. 1221f13597dSJung-uk Kim * 1231f13597dSJung-uk Kim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 1241f13597dSJung-uk Kim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 1251f13597dSJung-uk Kim * support (see RFC 4279) to OpenSSL. 1261f13597dSJung-uk Kim * 1271f13597dSJung-uk Kim * No patent licenses or other rights except those expressly stated in 1281f13597dSJung-uk Kim * the OpenSSL open source license shall be deemed granted or received 1291f13597dSJung-uk Kim * expressly, by implication, estoppel, or otherwise. 1301f13597dSJung-uk Kim * 1311f13597dSJung-uk Kim * No assurances are provided by Nokia that the Contribution does not 1321f13597dSJung-uk Kim * infringe the patent or other intellectual property rights of any third 1331f13597dSJung-uk Kim * party or that the license provides you with all the necessary rights 1341f13597dSJung-uk Kim * to make use of the Contribution. 1351f13597dSJung-uk Kim * 1361f13597dSJung-uk Kim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 1371f13597dSJung-uk Kim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 1381f13597dSJung-uk Kim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 1391f13597dSJung-uk Kim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 1401f13597dSJung-uk Kim * OTHERWISE. 1411f13597dSJung-uk Kim */ 1421f13597dSJung-uk Kim 14374664626SKris Kennaway #include <stdio.h> 14474664626SKris Kennaway #include <openssl/objects.h> 145db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 14674664626SKris Kennaway # include <openssl/comp.h> 147db522d3aSSimon L. B. Nielsen #endif 1481f13597dSJung-uk Kim #ifndef OPENSSL_NO_ENGINE 1491f13597dSJung-uk Kim # include <openssl/engine.h> 1501f13597dSJung-uk Kim #endif 15174664626SKris Kennaway #include "ssl_locl.h" 15274664626SKris Kennaway 15374664626SKris Kennaway #define SSL_ENC_DES_IDX 0 15474664626SKris Kennaway #define SSL_ENC_3DES_IDX 1 15574664626SKris Kennaway #define SSL_ENC_RC4_IDX 2 15674664626SKris Kennaway #define SSL_ENC_RC2_IDX 3 15774664626SKris Kennaway #define SSL_ENC_IDEA_IDX 4 1581f13597dSJung-uk Kim #define SSL_ENC_NULL_IDX 5 1591f13597dSJung-uk Kim #define SSL_ENC_AES128_IDX 6 1601f13597dSJung-uk Kim #define SSL_ENC_AES256_IDX 7 1611f13597dSJung-uk Kim #define SSL_ENC_CAMELLIA128_IDX 8 1621f13597dSJung-uk Kim #define SSL_ENC_CAMELLIA256_IDX 9 1631f13597dSJung-uk Kim #define SSL_ENC_GOST89_IDX 10 164db522d3aSSimon L. B. Nielsen #define SSL_ENC_SEED_IDX 11 1651f13597dSJung-uk Kim #define SSL_ENC_AES128GCM_IDX 12 1661f13597dSJung-uk Kim #define SSL_ENC_AES256GCM_IDX 13 1671f13597dSJung-uk Kim #define SSL_ENC_NUM_IDX 14 168ed5d4f9aSSimon L. B. Nielsen 16974664626SKris Kennaway static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { 170*6f9291ceSJung-uk Kim NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 171*6f9291ceSJung-uk Kim NULL, NULL 17274664626SKris Kennaway }; 17374664626SKris Kennaway 1743b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_NULL_IDX 0 1753b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_ZLIB_IDX 1 1763b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_NUM_IDX 2 1773b4e3dcbSSimon L. B. Nielsen 17874664626SKris Kennaway static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 17974664626SKris Kennaway 18074664626SKris Kennaway #define SSL_MD_MD5_IDX 0 18174664626SKris Kennaway #define SSL_MD_SHA1_IDX 1 1821f13597dSJung-uk Kim #define SSL_MD_GOST94_IDX 2 1831f13597dSJung-uk Kim #define SSL_MD_GOST89MAC_IDX 3 1841f13597dSJung-uk Kim #define SSL_MD_SHA256_IDX 4 1851f13597dSJung-uk Kim #define SSL_MD_SHA384_IDX 5 186*6f9291ceSJung-uk Kim /* 187*6f9291ceSJung-uk Kim * Constant SSL_MAX_DIGEST equal to size of digests array should be defined 188*6f9291ceSJung-uk Kim * in the ssl_locl.h 189*6f9291ceSJung-uk Kim */ 1901f13597dSJung-uk Kim #define SSL_MD_NUM_IDX SSL_MAX_DIGEST 19174664626SKris Kennaway static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { 1921f13597dSJung-uk Kim NULL, NULL, NULL, NULL, NULL, NULL 1931f13597dSJung-uk Kim }; 194*6f9291ceSJung-uk Kim 195*6f9291ceSJung-uk Kim /* 196*6f9291ceSJung-uk Kim * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation 197*6f9291ceSJung-uk Kim * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is 198*6f9291ceSJung-uk Kim * found 1991f13597dSJung-uk Kim */ 2001f13597dSJung-uk Kim static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { 2011f13597dSJung-uk Kim EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, 2021f13597dSJung-uk Kim EVP_PKEY_HMAC, EVP_PKEY_HMAC 2031f13597dSJung-uk Kim }; 2041f13597dSJung-uk Kim 2051f13597dSJung-uk Kim static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { 2061f13597dSJung-uk Kim 0, 0, 0, 0, 0, 0 2071f13597dSJung-uk Kim }; 2081f13597dSJung-uk Kim 2091f13597dSJung-uk Kim static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { 2101f13597dSJung-uk Kim SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, 2111f13597dSJung-uk Kim SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, 2121f13597dSJung-uk Kim SSL_HANDSHAKE_MAC_SHA384 21374664626SKris Kennaway }; 21474664626SKris Kennaway 21574664626SKris Kennaway #define CIPHER_ADD 1 21674664626SKris Kennaway #define CIPHER_KILL 2 21774664626SKris Kennaway #define CIPHER_DEL 3 21874664626SKris Kennaway #define CIPHER_ORD 4 219f579bf8eSKris Kennaway #define CIPHER_SPECIAL 5 22074664626SKris Kennaway 221*6f9291ceSJung-uk Kim typedef struct cipher_order_st { 2221f13597dSJung-uk Kim const SSL_CIPHER *cipher; 22374664626SKris Kennaway int active; 22474664626SKris Kennaway int dead; 22574664626SKris Kennaway struct cipher_order_st *next, *prev; 22674664626SKris Kennaway } CIPHER_ORDER; 22774664626SKris Kennaway 228f579bf8eSKris Kennaway static const SSL_CIPHER cipher_aliases[] = { 2291f13597dSJung-uk Kim /* "ALL" doesn't include eNULL (must be specifically enabled) */ 2301f13597dSJung-uk Kim {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0}, 2311f13597dSJung-uk Kim /* "COMPLEMENTOFALL" */ 2321f13597dSJung-uk Kim {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 23374664626SKris Kennaway 234*6f9291ceSJung-uk Kim /* 235*6f9291ceSJung-uk Kim * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in 236*6f9291ceSJung-uk Kim * ALL!) 237*6f9291ceSJung-uk Kim */ 238*6f9291ceSJung-uk Kim {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, 239*6f9291ceSJung-uk Kim SSL_EXP_MASK, 0, 0, 0}, 24074664626SKris Kennaway 241*6f9291ceSJung-uk Kim /* 242*6f9291ceSJung-uk Kim * key exchange aliases (some of those using only a single bit here 243*6f9291ceSJung-uk Kim * combine multiple key exchange algs according to the RFCs, e.g. kEDH 244*6f9291ceSJung-uk Kim * combines DHE_DSS and DHE_RSA) 245*6f9291ceSJung-uk Kim */ 2461f13597dSJung-uk Kim {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, 24774664626SKris Kennaway 248*6f9291ceSJung-uk Kim /* no such ciphersuites supported! */ 249*6f9291ceSJung-uk Kim {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 250*6f9291ceSJung-uk Kim /* no such ciphersuites supported! */ 251*6f9291ceSJung-uk Kim {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, 252*6f9291ceSJung-uk Kim /* no such ciphersuites supported! */ 253*6f9291ceSJung-uk Kim {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, 2541f13597dSJung-uk Kim {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, 255*6f9291ceSJung-uk Kim {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 256*6f9291ceSJung-uk Kim 0}, 25774664626SKris Kennaway 2581f13597dSJung-uk Kim {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, 259f579bf8eSKris Kennaway 2601f13597dSJung-uk Kim {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, 2611f13597dSJung-uk Kim {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 2621f13597dSJung-uk Kim {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, 2631f13597dSJung-uk Kim {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, 264*6f9291ceSJung-uk Kim {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0, 265*6f9291ceSJung-uk Kim 0, 0, 0}, 2661f13597dSJung-uk Kim 2671f13597dSJung-uk Kim {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, 2681f13597dSJung-uk Kim {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 2691f13597dSJung-uk Kim {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, 2701f13597dSJung-uk Kim 2711f13597dSJung-uk Kim /* server authentication aliases */ 2721f13597dSJung-uk Kim {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 2731f13597dSJung-uk Kim {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 2741f13597dSJung-uk Kim {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, 2751f13597dSJung-uk Kim {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 2761f13597dSJung-uk Kim {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 277*6f9291ceSJung-uk Kim /* no such ciphersuites supported! */ 278*6f9291ceSJung-uk Kim {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, 2791f13597dSJung-uk Kim {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, 2801f13597dSJung-uk Kim {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 2811f13597dSJung-uk Kim {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, 2821f13597dSJung-uk Kim {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 2831f13597dSJung-uk Kim {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, 2841f13597dSJung-uk Kim {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 2851f13597dSJung-uk Kim {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, 286a93cbc2bSJung-uk Kim {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0}, 2871f13597dSJung-uk Kim 2881f13597dSJung-uk Kim /* aliases combining key exchange and server authentication */ 2891f13597dSJung-uk Kim {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 2901f13597dSJung-uk Kim {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 2911f13597dSJung-uk Kim {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 2921f13597dSJung-uk Kim {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, 2931f13597dSJung-uk Kim {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, 2941f13597dSJung-uk Kim {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 2951f13597dSJung-uk Kim {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, 2961f13597dSJung-uk Kim {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, 2971f13597dSJung-uk Kim {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, 2981f13597dSJung-uk Kim 2991f13597dSJung-uk Kim /* symmetric encryption aliases */ 3001f13597dSJung-uk Kim {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, 3011f13597dSJung-uk Kim {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, 3021f13597dSJung-uk Kim {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, 3031f13597dSJung-uk Kim {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, 3041f13597dSJung-uk Kim {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, 3051f13597dSJung-uk Kim {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, 3061f13597dSJung-uk Kim {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, 307*6f9291ceSJung-uk Kim {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0, 308*6f9291ceSJung-uk Kim 0}, 309*6f9291ceSJung-uk Kim {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0, 310*6f9291ceSJung-uk Kim 0}, 3111f13597dSJung-uk Kim {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, 312*6f9291ceSJung-uk Kim {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0, 313*6f9291ceSJung-uk Kim 0, 0}, 3141f13597dSJung-uk Kim {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, 3151f13597dSJung-uk Kim {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, 316*6f9291ceSJung-uk Kim {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0, 317*6f9291ceSJung-uk Kim 0, 0, 0}, 3181f13597dSJung-uk Kim 3191f13597dSJung-uk Kim /* MAC aliases */ 3201f13597dSJung-uk Kim {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, 3211f13597dSJung-uk Kim {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 3221f13597dSJung-uk Kim {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, 3231f13597dSJung-uk Kim {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, 3241f13597dSJung-uk Kim {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, 3251f13597dSJung-uk Kim {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, 3261f13597dSJung-uk Kim {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, 3271f13597dSJung-uk Kim 3281f13597dSJung-uk Kim /* protocol version aliases */ 3291f13597dSJung-uk Kim {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, 3301f13597dSJung-uk Kim {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, 3311f13597dSJung-uk Kim {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, 33209286989SJung-uk Kim {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, 3331f13597dSJung-uk Kim 3341f13597dSJung-uk Kim /* export flag */ 3351f13597dSJung-uk Kim {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 3361f13597dSJung-uk Kim {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, 3371f13597dSJung-uk Kim 3381f13597dSJung-uk Kim /* strength classes */ 3391f13597dSJung-uk Kim {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, 3401f13597dSJung-uk Kim {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, 3411f13597dSJung-uk Kim {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, 3421f13597dSJung-uk Kim {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, 3431f13597dSJung-uk Kim {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, 3441f13597dSJung-uk Kim /* FIPS 140-2 approved ciphersuite */ 3451f13597dSJung-uk Kim {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, 34674664626SKris Kennaway }; 347*6f9291ceSJung-uk Kim 348*6f9291ceSJung-uk Kim /* 349*6f9291ceSJung-uk Kim * Search for public key algorithm with given name and return its pkey_id if 350*6f9291ceSJung-uk Kim * it is available. Otherwise return 0 3511f13597dSJung-uk Kim */ 3521f13597dSJung-uk Kim #ifdef OPENSSL_NO_ENGINE 3531f13597dSJung-uk Kim 3541f13597dSJung-uk Kim static int get_optional_pkey_id(const char *pkey_name) 3551f13597dSJung-uk Kim { 3561f13597dSJung-uk Kim const EVP_PKEY_ASN1_METHOD *ameth; 3571f13597dSJung-uk Kim int pkey_id = 0; 3581f13597dSJung-uk Kim ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); 359*6f9291ceSJung-uk Kim if (ameth) { 3601f13597dSJung-uk Kim EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 3611f13597dSJung-uk Kim } 3621f13597dSJung-uk Kim return pkey_id; 3631f13597dSJung-uk Kim } 3641f13597dSJung-uk Kim 3651f13597dSJung-uk Kim #else 3661f13597dSJung-uk Kim 3671f13597dSJung-uk Kim static int get_optional_pkey_id(const char *pkey_name) 3681f13597dSJung-uk Kim { 3691f13597dSJung-uk Kim const EVP_PKEY_ASN1_METHOD *ameth; 3701f13597dSJung-uk Kim ENGINE *tmpeng = NULL; 3711f13597dSJung-uk Kim int pkey_id = 0; 3721f13597dSJung-uk Kim ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); 373*6f9291ceSJung-uk Kim if (ameth) { 3741f13597dSJung-uk Kim EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); 3751f13597dSJung-uk Kim } 376*6f9291ceSJung-uk Kim if (tmpeng) 377*6f9291ceSJung-uk Kim ENGINE_finish(tmpeng); 3781f13597dSJung-uk Kim return pkey_id; 3791f13597dSJung-uk Kim } 3801f13597dSJung-uk Kim 3811f13597dSJung-uk Kim #endif 38274664626SKris Kennaway 3833b4e3dcbSSimon L. B. Nielsen void ssl_load_ciphers(void) 38474664626SKris Kennaway { 385*6f9291ceSJung-uk Kim ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc); 38674664626SKris Kennaway ssl_cipher_methods[SSL_ENC_3DES_IDX] = 38774664626SKris Kennaway EVP_get_cipherbyname(SN_des_ede3_cbc); 388*6f9291ceSJung-uk Kim ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4); 389*6f9291ceSJung-uk Kim ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc); 390ced566fdSJacques Vidrine #ifndef OPENSSL_NO_IDEA 391*6f9291ceSJung-uk Kim ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc); 392ced566fdSJacques Vidrine #else 393ced566fdSJacques Vidrine ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; 394ced566fdSJacques Vidrine #endif 3955c87c606SMark Murray ssl_cipher_methods[SSL_ENC_AES128_IDX] = 3965c87c606SMark Murray EVP_get_cipherbyname(SN_aes_128_cbc); 3975c87c606SMark Murray ssl_cipher_methods[SSL_ENC_AES256_IDX] = 3985c87c606SMark Murray EVP_get_cipherbyname(SN_aes_256_cbc); 399ed5d4f9aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] = 400ed5d4f9aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_camellia_128_cbc); 401ed5d4f9aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] = 402ed5d4f9aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_camellia_256_cbc); 4031f13597dSJung-uk Kim ssl_cipher_methods[SSL_ENC_GOST89_IDX] = 4041f13597dSJung-uk Kim EVP_get_cipherbyname(SN_gost89_cnt); 405*6f9291ceSJung-uk Kim ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc); 40674664626SKris Kennaway 4071f13597dSJung-uk Kim ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = 4081f13597dSJung-uk Kim EVP_get_cipherbyname(SN_aes_128_gcm); 4091f13597dSJung-uk Kim ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = 4101f13597dSJung-uk Kim EVP_get_cipherbyname(SN_aes_256_gcm); 4111f13597dSJung-uk Kim 412*6f9291ceSJung-uk Kim ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5); 4131f13597dSJung-uk Kim ssl_mac_secret_size[SSL_MD_MD5_IDX] = 4141f13597dSJung-uk Kim EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); 4151f13597dSJung-uk Kim OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); 416*6f9291ceSJung-uk Kim ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1); 4171f13597dSJung-uk Kim ssl_mac_secret_size[SSL_MD_SHA1_IDX] = 4181f13597dSJung-uk Kim EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); 4191f13597dSJung-uk Kim OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); 4201f13597dSJung-uk Kim ssl_digest_methods[SSL_MD_GOST94_IDX] = 4211f13597dSJung-uk Kim EVP_get_digestbyname(SN_id_GostR3411_94); 422*6f9291ceSJung-uk Kim if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { 4231f13597dSJung-uk Kim ssl_mac_secret_size[SSL_MD_GOST94_IDX] = 4241f13597dSJung-uk Kim EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); 4251f13597dSJung-uk Kim OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); 4261f13597dSJung-uk Kim } 4271f13597dSJung-uk Kim ssl_digest_methods[SSL_MD_GOST89MAC_IDX] = 4281f13597dSJung-uk Kim EVP_get_digestbyname(SN_id_Gost28147_89_MAC); 4291f13597dSJung-uk Kim ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); 4301f13597dSJung-uk Kim if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { 4311f13597dSJung-uk Kim ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; 43274664626SKris Kennaway } 43374664626SKris Kennaway 434*6f9291ceSJung-uk Kim ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256); 4351f13597dSJung-uk Kim ssl_mac_secret_size[SSL_MD_SHA256_IDX] = 4361f13597dSJung-uk Kim EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); 437*6f9291ceSJung-uk Kim ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384); 4381f13597dSJung-uk Kim ssl_mac_secret_size[SSL_MD_SHA384_IDX] = 4391f13597dSJung-uk Kim EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 4401f13597dSJung-uk Kim } 441*6f9291ceSJung-uk Kim 4423b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 4433b4e3dcbSSimon L. B. Nielsen 444*6f9291ceSJung-uk Kim static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) 4453b4e3dcbSSimon L. B. Nielsen { 4463b4e3dcbSSimon L. B. Nielsen return ((*a)->id - (*b)->id); 4473b4e3dcbSSimon L. B. Nielsen } 4483b4e3dcbSSimon L. B. Nielsen 4493b4e3dcbSSimon L. B. Nielsen static void load_builtin_compressions(void) 4503b4e3dcbSSimon L. B. Nielsen { 451ed5d4f9aSSimon L. B. Nielsen int got_write_lock = 0; 4523b4e3dcbSSimon L. B. Nielsen 453ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_lock(CRYPTO_LOCK_SSL); 454*6f9291ceSJung-uk Kim if (ssl_comp_methods == NULL) { 455ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 4563b4e3dcbSSimon L. B. Nielsen CRYPTO_w_lock(CRYPTO_LOCK_SSL); 457ed5d4f9aSSimon L. B. Nielsen got_write_lock = 1; 458ed5d4f9aSSimon L. B. Nielsen 459*6f9291ceSJung-uk Kim if (ssl_comp_methods == NULL) { 4603b4e3dcbSSimon L. B. Nielsen SSL_COMP *comp = NULL; 4613b4e3dcbSSimon L. B. Nielsen 4623b4e3dcbSSimon L. B. Nielsen MemCheck_off(); 4633b4e3dcbSSimon L. B. Nielsen ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); 464*6f9291ceSJung-uk Kim if (ssl_comp_methods != NULL) { 4653b4e3dcbSSimon L. B. Nielsen comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 466*6f9291ceSJung-uk Kim if (comp != NULL) { 4673b4e3dcbSSimon L. B. Nielsen comp->method = COMP_zlib(); 468*6f9291ceSJung-uk Kim if (comp->method && comp->method->type == NID_undef) 4693b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 470*6f9291ceSJung-uk Kim else { 4713b4e3dcbSSimon L. B. Nielsen comp->id = SSL_COMP_ZLIB_IDX; 4723b4e3dcbSSimon L. B. Nielsen comp->name = comp->method->name; 4733b4e3dcbSSimon L. B. Nielsen sk_SSL_COMP_push(ssl_comp_methods, comp); 4743b4e3dcbSSimon L. B. Nielsen } 4753b4e3dcbSSimon L. B. Nielsen } 47612de4ed2SJung-uk Kim sk_SSL_COMP_sort(ssl_comp_methods); 4773b4e3dcbSSimon L. B. Nielsen } 4783b4e3dcbSSimon L. B. Nielsen MemCheck_on(); 4793b4e3dcbSSimon L. B. Nielsen } 480ed5d4f9aSSimon L. B. Nielsen } 481ed5d4f9aSSimon L. B. Nielsen 482ed5d4f9aSSimon L. B. Nielsen if (got_write_lock) 4833b4e3dcbSSimon L. B. Nielsen CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 484ed5d4f9aSSimon L. B. Nielsen else 485ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 4863b4e3dcbSSimon L. B. Nielsen } 4873b4e3dcbSSimon L. B. Nielsen #endif 4883b4e3dcbSSimon L. B. Nielsen 4893b4e3dcbSSimon L. B. Nielsen int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 490*6f9291ceSJung-uk Kim const EVP_MD **md, int *mac_pkey_type, 491*6f9291ceSJung-uk Kim int *mac_secret_size, SSL_COMP **comp) 49274664626SKris Kennaway { 49374664626SKris Kennaway int i; 4941f13597dSJung-uk Kim const SSL_CIPHER *c; 49574664626SKris Kennaway 49674664626SKris Kennaway c = s->cipher; 497*6f9291ceSJung-uk Kim if (c == NULL) 498*6f9291ceSJung-uk Kim return (0); 499*6f9291ceSJung-uk Kim if (comp != NULL) { 50074664626SKris Kennaway SSL_COMP ctmp; 5013b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 5023b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 5033b4e3dcbSSimon L. B. Nielsen #endif 50474664626SKris Kennaway 50574664626SKris Kennaway *comp = NULL; 50674664626SKris Kennaway ctmp.id = s->compress_meth; 507*6f9291ceSJung-uk Kim if (ssl_comp_methods != NULL) { 50874664626SKris Kennaway i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); 50974664626SKris Kennaway if (i >= 0) 51074664626SKris Kennaway *comp = sk_SSL_COMP_value(ssl_comp_methods, i); 51174664626SKris Kennaway else 51274664626SKris Kennaway *comp = NULL; 51374664626SKris Kennaway } 51474664626SKris Kennaway } 51574664626SKris Kennaway 516*6f9291ceSJung-uk Kim if ((enc == NULL) || (md == NULL)) 517*6f9291ceSJung-uk Kim return (0); 51874664626SKris Kennaway 519*6f9291ceSJung-uk Kim switch (c->algorithm_enc) { 52074664626SKris Kennaway case SSL_DES: 52174664626SKris Kennaway i = SSL_ENC_DES_IDX; 52274664626SKris Kennaway break; 52374664626SKris Kennaway case SSL_3DES: 52474664626SKris Kennaway i = SSL_ENC_3DES_IDX; 52574664626SKris Kennaway break; 52674664626SKris Kennaway case SSL_RC4: 52774664626SKris Kennaway i = SSL_ENC_RC4_IDX; 52874664626SKris Kennaway break; 52974664626SKris Kennaway case SSL_RC2: 53074664626SKris Kennaway i = SSL_ENC_RC2_IDX; 53174664626SKris Kennaway break; 53274664626SKris Kennaway case SSL_IDEA: 53374664626SKris Kennaway i = SSL_ENC_IDEA_IDX; 53474664626SKris Kennaway break; 53574664626SKris Kennaway case SSL_eNULL: 53674664626SKris Kennaway i = SSL_ENC_NULL_IDX; 53774664626SKris Kennaway break; 5381f13597dSJung-uk Kim case SSL_AES128: 5391f13597dSJung-uk Kim i = SSL_ENC_AES128_IDX; 5405c87c606SMark Murray break; 5411f13597dSJung-uk Kim case SSL_AES256: 5421f13597dSJung-uk Kim i = SSL_ENC_AES256_IDX; 5431f13597dSJung-uk Kim break; 5441f13597dSJung-uk Kim case SSL_CAMELLIA128: 5451f13597dSJung-uk Kim i = SSL_ENC_CAMELLIA128_IDX; 5461f13597dSJung-uk Kim break; 5471f13597dSJung-uk Kim case SSL_CAMELLIA256: 5481f13597dSJung-uk Kim i = SSL_ENC_CAMELLIA256_IDX; 5491f13597dSJung-uk Kim break; 5501f13597dSJung-uk Kim case SSL_eGOST2814789CNT: 5511f13597dSJung-uk Kim i = SSL_ENC_GOST89_IDX; 552ed5d4f9aSSimon L. B. Nielsen break; 553db522d3aSSimon L. B. Nielsen case SSL_SEED: 554db522d3aSSimon L. B. Nielsen i = SSL_ENC_SEED_IDX; 555db522d3aSSimon L. B. Nielsen break; 5561f13597dSJung-uk Kim case SSL_AES128GCM: 5571f13597dSJung-uk Kim i = SSL_ENC_AES128GCM_IDX; 5581f13597dSJung-uk Kim break; 5591f13597dSJung-uk Kim case SSL_AES256GCM: 5601f13597dSJung-uk Kim i = SSL_ENC_AES256GCM_IDX; 5611f13597dSJung-uk Kim break; 56274664626SKris Kennaway default: 56374664626SKris Kennaway i = -1; 56474664626SKris Kennaway break; 56574664626SKris Kennaway } 56674664626SKris Kennaway 567a93cbc2bSJung-uk Kim if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) 56874664626SKris Kennaway *enc = NULL; 569*6f9291ceSJung-uk Kim else { 57074664626SKris Kennaway if (i == SSL_ENC_NULL_IDX) 57174664626SKris Kennaway *enc = EVP_enc_null(); 57274664626SKris Kennaway else 57374664626SKris Kennaway *enc = ssl_cipher_methods[i]; 57474664626SKris Kennaway } 57574664626SKris Kennaway 576*6f9291ceSJung-uk Kim switch (c->algorithm_mac) { 57774664626SKris Kennaway case SSL_MD5: 57874664626SKris Kennaway i = SSL_MD_MD5_IDX; 57974664626SKris Kennaway break; 58074664626SKris Kennaway case SSL_SHA1: 58174664626SKris Kennaway i = SSL_MD_SHA1_IDX; 58274664626SKris Kennaway break; 5831f13597dSJung-uk Kim case SSL_SHA256: 5841f13597dSJung-uk Kim i = SSL_MD_SHA256_IDX; 5851f13597dSJung-uk Kim break; 5861f13597dSJung-uk Kim case SSL_SHA384: 5871f13597dSJung-uk Kim i = SSL_MD_SHA384_IDX; 5881f13597dSJung-uk Kim break; 5891f13597dSJung-uk Kim case SSL_GOST94: 5901f13597dSJung-uk Kim i = SSL_MD_GOST94_IDX; 5911f13597dSJung-uk Kim break; 5921f13597dSJung-uk Kim case SSL_GOST89MAC: 5931f13597dSJung-uk Kim i = SSL_MD_GOST89MAC_IDX; 5941f13597dSJung-uk Kim break; 59574664626SKris Kennaway default: 59674664626SKris Kennaway i = -1; 59774664626SKris Kennaway break; 59874664626SKris Kennaway } 599*6f9291ceSJung-uk Kim if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { 60074664626SKris Kennaway *md = NULL; 601*6f9291ceSJung-uk Kim if (mac_pkey_type != NULL) 602*6f9291ceSJung-uk Kim *mac_pkey_type = NID_undef; 603*6f9291ceSJung-uk Kim if (mac_secret_size != NULL) 604*6f9291ceSJung-uk Kim *mac_secret_size = 0; 6051f13597dSJung-uk Kim if (c->algorithm_mac == SSL_AEAD) 6061f13597dSJung-uk Kim mac_pkey_type = NULL; 607*6f9291ceSJung-uk Kim } else { 60874664626SKris Kennaway *md = ssl_digest_methods[i]; 609*6f9291ceSJung-uk Kim if (mac_pkey_type != NULL) 610*6f9291ceSJung-uk Kim *mac_pkey_type = ssl_mac_pkey_id[i]; 611*6f9291ceSJung-uk Kim if (mac_secret_size != NULL) 612*6f9291ceSJung-uk Kim *mac_secret_size = ssl_mac_secret_size[i]; 6131f13597dSJung-uk Kim } 61474664626SKris Kennaway 6151f13597dSJung-uk Kim if ((*enc != NULL) && 616*6f9291ceSJung-uk Kim (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) 617*6f9291ceSJung-uk Kim && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { 6181f13597dSJung-uk Kim const EVP_CIPHER *evp; 6191f13597dSJung-uk Kim 6201f13597dSJung-uk Kim if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || 6211f13597dSJung-uk Kim s->ssl_version < TLS1_VERSION) 6221f13597dSJung-uk Kim return 1; 6231f13597dSJung-uk Kim 6241f13597dSJung-uk Kim #ifdef OPENSSL_FIPS 6251f13597dSJung-uk Kim if (FIPS_mode()) 6261f13597dSJung-uk Kim return 1; 6271f13597dSJung-uk Kim #endif 6281f13597dSJung-uk Kim 6291f13597dSJung-uk Kim if (c->algorithm_enc == SSL_RC4 && 6301f13597dSJung-uk Kim c->algorithm_mac == SSL_MD5 && 6311f13597dSJung-uk Kim (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) 6321f13597dSJung-uk Kim *enc = evp, *md = NULL; 6331f13597dSJung-uk Kim else if (c->algorithm_enc == SSL_AES128 && 6341f13597dSJung-uk Kim c->algorithm_mac == SSL_SHA1 && 6351f13597dSJung-uk Kim (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) 6361f13597dSJung-uk Kim *enc = evp, *md = NULL; 6371f13597dSJung-uk Kim else if (c->algorithm_enc == SSL_AES256 && 6381f13597dSJung-uk Kim c->algorithm_mac == SSL_SHA1 && 6391f13597dSJung-uk Kim (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) 6401f13597dSJung-uk Kim *enc = evp, *md = NULL; 64174664626SKris Kennaway return (1); 642*6f9291ceSJung-uk Kim } else 64374664626SKris Kennaway return (0); 64474664626SKris Kennaway } 64574664626SKris Kennaway 6461f13597dSJung-uk Kim int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 6471f13597dSJung-uk Kim { 648*6f9291ceSJung-uk Kim if (idx < 0 || idx >= SSL_MD_NUM_IDX) { 6491f13597dSJung-uk Kim return 0; 6501f13597dSJung-uk Kim } 6511f13597dSJung-uk Kim *mask = ssl_handshake_digest_flag[idx]; 6521f13597dSJung-uk Kim if (*mask) 6531f13597dSJung-uk Kim *md = ssl_digest_methods[idx]; 6541f13597dSJung-uk Kim else 6551f13597dSJung-uk Kim *md = NULL; 6561f13597dSJung-uk Kim return 1; 6571f13597dSJung-uk Kim } 6581f13597dSJung-uk Kim 65974664626SKris Kennaway #define ITEM_SEP(a) \ 66074664626SKris Kennaway (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 66174664626SKris Kennaway 66274664626SKris Kennaway static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 66374664626SKris Kennaway CIPHER_ORDER **tail) 66474664626SKris Kennaway { 665*6f9291ceSJung-uk Kim if (curr == *tail) 666*6f9291ceSJung-uk Kim return; 66774664626SKris Kennaway if (curr == *head) 66874664626SKris Kennaway *head = curr->next; 66974664626SKris Kennaway if (curr->prev != NULL) 67074664626SKris Kennaway curr->prev->next = curr->next; 6711f13597dSJung-uk Kim if (curr->next != NULL) 67274664626SKris Kennaway curr->next->prev = curr->prev; 67374664626SKris Kennaway (*tail)->next = curr; 67474664626SKris Kennaway curr->prev = *tail; 67574664626SKris Kennaway curr->next = NULL; 67674664626SKris Kennaway *tail = curr; 67774664626SKris Kennaway } 67874664626SKris Kennaway 6791f13597dSJung-uk Kim static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, 6801f13597dSJung-uk Kim CIPHER_ORDER **tail) 68174664626SKris Kennaway { 682*6f9291ceSJung-uk Kim if (curr == *head) 683*6f9291ceSJung-uk Kim return; 6841f13597dSJung-uk Kim if (curr == *tail) 6851f13597dSJung-uk Kim *tail = curr->prev; 6861f13597dSJung-uk Kim if (curr->next != NULL) 6871f13597dSJung-uk Kim curr->next->prev = curr->prev; 6881f13597dSJung-uk Kim if (curr->prev != NULL) 6891f13597dSJung-uk Kim curr->prev->next = curr->next; 6901f13597dSJung-uk Kim (*head)->prev = curr; 6911f13597dSJung-uk Kim curr->next = *head; 6921f13597dSJung-uk Kim curr->prev = NULL; 6931f13597dSJung-uk Kim *head = curr; 6941f13597dSJung-uk Kim } 69574664626SKris Kennaway 696*6f9291ceSJung-uk Kim static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, 697*6f9291ceSJung-uk Kim unsigned long *enc, unsigned long *mac, 698*6f9291ceSJung-uk Kim unsigned long *ssl) 6991f13597dSJung-uk Kim { 7001f13597dSJung-uk Kim *mkey = 0; 7011f13597dSJung-uk Kim *auth = 0; 7021f13597dSJung-uk Kim *enc = 0; 7031f13597dSJung-uk Kim *mac = 0; 7041f13597dSJung-uk Kim *ssl = 0; 7051f13597dSJung-uk Kim 7065c87c606SMark Murray #ifdef OPENSSL_NO_RSA 7071f13597dSJung-uk Kim *mkey |= SSL_kRSA; 7081f13597dSJung-uk Kim *auth |= SSL_aRSA; 70974664626SKris Kennaway #endif 7105c87c606SMark Murray #ifdef OPENSSL_NO_DSA 7111f13597dSJung-uk Kim *auth |= SSL_aDSS; 71274664626SKris Kennaway #endif 7131f13597dSJung-uk Kim *mkey |= SSL_kDHr | SSL_kDHd; /* no such ciphersuites supported! */ 7141f13597dSJung-uk Kim *auth |= SSL_aDH; 7155c87c606SMark Murray #ifdef OPENSSL_NO_DH 7161f13597dSJung-uk Kim *mkey |= SSL_kDHr | SSL_kDHd | SSL_kEDH; 7171f13597dSJung-uk Kim *auth |= SSL_aDH; 71874664626SKris Kennaway #endif 7195c87c606SMark Murray #ifdef OPENSSL_NO_KRB5 7201f13597dSJung-uk Kim *mkey |= SSL_kKRB5; 7211f13597dSJung-uk Kim *auth |= SSL_aKRB5; 7221f13597dSJung-uk Kim #endif 7231f13597dSJung-uk Kim #ifdef OPENSSL_NO_ECDSA 7241f13597dSJung-uk Kim *auth |= SSL_aECDSA; 7255c87c606SMark Murray #endif 7263b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_ECDH 7271f13597dSJung-uk Kim *mkey |= SSL_kECDHe | SSL_kECDHr; 7281f13597dSJung-uk Kim *auth |= SSL_aECDH; 7293b4e3dcbSSimon L. B. Nielsen #endif 7301f13597dSJung-uk Kim #ifdef OPENSSL_NO_PSK 7311f13597dSJung-uk Kim *mkey |= SSL_kPSK; 7321f13597dSJung-uk Kim *auth |= SSL_aPSK; 7331f13597dSJung-uk Kim #endif 7341f13597dSJung-uk Kim #ifdef OPENSSL_NO_SRP 7351f13597dSJung-uk Kim *mkey |= SSL_kSRP; 7361f13597dSJung-uk Kim #endif 737*6f9291ceSJung-uk Kim /* 738*6f9291ceSJung-uk Kim * Check for presence of GOST 34.10 algorithms, and if they do not 739*6f9291ceSJung-uk Kim * present, disable appropriate auth and key exchange 740*6f9291ceSJung-uk Kim */ 7411f13597dSJung-uk Kim if (!get_optional_pkey_id("gost94")) { 7421f13597dSJung-uk Kim *auth |= SSL_aGOST94; 7431f13597dSJung-uk Kim } 7441f13597dSJung-uk Kim if (!get_optional_pkey_id("gost2001")) { 7451f13597dSJung-uk Kim *auth |= SSL_aGOST01; 7461f13597dSJung-uk Kim } 747*6f9291ceSJung-uk Kim /* 748*6f9291ceSJung-uk Kim * Disable GOST key exchange if no GOST signature algs are available * 749*6f9291ceSJung-uk Kim */ 7501f13597dSJung-uk Kim if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) { 7511f13597dSJung-uk Kim *mkey |= SSL_kGOST; 7521f13597dSJung-uk Kim } 75374664626SKris Kennaway #ifdef SSL_FORBID_ENULL 7541f13597dSJung-uk Kim *enc |= SSL_eNULL; 75574664626SKris Kennaway #endif 75674664626SKris Kennaway 7571f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0; 7581f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; 7591f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0; 7601f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0; 7611f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; 7621f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; 7631f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; 764*6f9291ceSJung-uk Kim *enc |= 765*6f9291ceSJung-uk Kim (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == 766*6f9291ceSJung-uk Kim NULL) ? SSL_AES128GCM : 0; 767*6f9291ceSJung-uk Kim *enc |= 768*6f9291ceSJung-uk Kim (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == 769*6f9291ceSJung-uk Kim NULL) ? SSL_AES256GCM : 0; 770*6f9291ceSJung-uk Kim *enc |= 771*6f9291ceSJung-uk Kim (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == 772*6f9291ceSJung-uk Kim NULL) ? SSL_CAMELLIA128 : 0; 773*6f9291ceSJung-uk Kim *enc |= 774*6f9291ceSJung-uk Kim (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == 775*6f9291ceSJung-uk Kim NULL) ? SSL_CAMELLIA256 : 0; 776*6f9291ceSJung-uk Kim *enc |= 777*6f9291ceSJung-uk Kim (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == 778*6f9291ceSJung-uk Kim NULL) ? SSL_eGOST2814789CNT : 0; 7791f13597dSJung-uk Kim *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; 7805471f83eSSimon L. B. Nielsen 7811f13597dSJung-uk Kim *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0; 7821f13597dSJung-uk Kim *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; 7831f13597dSJung-uk Kim *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; 7841f13597dSJung-uk Kim *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; 7851f13597dSJung-uk Kim *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; 786*6f9291ceSJung-uk Kim *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL 787*6f9291ceSJung-uk Kim || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] == 788*6f9291ceSJung-uk Kim NID_undef) ? SSL_GOST89MAC : 0; 7891f13597dSJung-uk Kim 790f579bf8eSKris Kennaway } 791f579bf8eSKris Kennaway 792f579bf8eSKris Kennaway static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 7931f13597dSJung-uk Kim int num_of_ciphers, 794*6f9291ceSJung-uk Kim unsigned long disabled_mkey, 795*6f9291ceSJung-uk Kim unsigned long disabled_auth, 796*6f9291ceSJung-uk Kim unsigned long disabled_enc, 797*6f9291ceSJung-uk Kim unsigned long disabled_mac, 7981f13597dSJung-uk Kim unsigned long disabled_ssl, 7991f13597dSJung-uk Kim CIPHER_ORDER *co_list, 800*6f9291ceSJung-uk Kim CIPHER_ORDER **head_p, 801*6f9291ceSJung-uk Kim CIPHER_ORDER **tail_p) 802f579bf8eSKris Kennaway { 803ced566fdSJacques Vidrine int i, co_list_num; 8041f13597dSJung-uk Kim const SSL_CIPHER *c; 805f579bf8eSKris Kennaway 806f579bf8eSKris Kennaway /* 807f579bf8eSKris Kennaway * We have num_of_ciphers descriptions compiled in, depending on the 808f579bf8eSKris Kennaway * method selected (SSLv2 and/or SSLv3, TLSv1 etc). 809f579bf8eSKris Kennaway * These will later be sorted in a linked list with at most num 810f579bf8eSKris Kennaway * entries. 811f579bf8eSKris Kennaway */ 81274664626SKris Kennaway 81374664626SKris Kennaway /* Get the initial list of ciphers */ 814ced566fdSJacques Vidrine co_list_num = 0; /* actual count of ciphers */ 815*6f9291ceSJung-uk Kim for (i = 0; i < num_of_ciphers; i++) { 816f579bf8eSKris Kennaway c = ssl_method->get_cipher(i); 81774664626SKris Kennaway /* drop those that use any of that is not available */ 8181f13597dSJung-uk Kim if ((c != NULL) && c->valid && 819db522d3aSSimon L. B. Nielsen #ifdef OPENSSL_FIPS 8201f13597dSJung-uk Kim (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && 821db522d3aSSimon L. B. Nielsen #endif 8221f13597dSJung-uk Kim !(c->algorithm_mkey & disabled_mkey) && 8231f13597dSJung-uk Kim !(c->algorithm_auth & disabled_auth) && 8241f13597dSJung-uk Kim !(c->algorithm_enc & disabled_enc) && 8251f13597dSJung-uk Kim !(c->algorithm_mac & disabled_mac) && 826*6f9291ceSJung-uk Kim !(c->algorithm_ssl & disabled_ssl)) { 827ced566fdSJacques Vidrine co_list[co_list_num].cipher = c; 828ced566fdSJacques Vidrine co_list[co_list_num].next = NULL; 829ced566fdSJacques Vidrine co_list[co_list_num].prev = NULL; 830ced566fdSJacques Vidrine co_list[co_list_num].active = 0; 831ced566fdSJacques Vidrine co_list_num++; 8325c87c606SMark Murray #ifdef KSSL_DEBUG 833*6f9291ceSJung-uk Kim fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id, 834*6f9291ceSJung-uk Kim c->algorithm_mkey, c->algorithm_auth); 8355c87c606SMark Murray #endif /* KSSL_DEBUG */ 836f579bf8eSKris Kennaway /* 837*6f9291ceSJung-uk Kim * if (!sk_push(ca_list,(char *)c)) goto err; 838f579bf8eSKris Kennaway */ 83974664626SKris Kennaway } 84074664626SKris Kennaway } 84174664626SKris Kennaway 842f579bf8eSKris Kennaway /* 843f579bf8eSKris Kennaway * Prepare linked list from list entries 844f579bf8eSKris Kennaway */ 845*6f9291ceSJung-uk Kim if (co_list_num > 0) { 8461f13597dSJung-uk Kim co_list[0].prev = NULL; 8471f13597dSJung-uk Kim 848*6f9291ceSJung-uk Kim if (co_list_num > 1) { 8491f13597dSJung-uk Kim co_list[0].next = &co_list[1]; 8501f13597dSJung-uk Kim 851*6f9291ceSJung-uk Kim for (i = 1; i < co_list_num - 1; i++) { 8521f13597dSJung-uk Kim co_list[i].prev = &co_list[i - 1]; 8531f13597dSJung-uk Kim co_list[i].next = &co_list[i + 1]; 8541f13597dSJung-uk Kim } 8551f13597dSJung-uk Kim 8561f13597dSJung-uk Kim co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; 8571f13597dSJung-uk Kim } 8581f13597dSJung-uk Kim 8591f13597dSJung-uk Kim co_list[co_list_num - 1].next = NULL; 8601f13597dSJung-uk Kim 8611f13597dSJung-uk Kim *head_p = &co_list[0]; 8621f13597dSJung-uk Kim *tail_p = &co_list[co_list_num - 1]; 863f579bf8eSKris Kennaway } 86474664626SKris Kennaway } 86574664626SKris Kennaway 8661f13597dSJung-uk Kim static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, 8671f13597dSJung-uk Kim int num_of_group_aliases, 868*6f9291ceSJung-uk Kim unsigned long disabled_mkey, 869*6f9291ceSJung-uk Kim unsigned long disabled_auth, 870*6f9291ceSJung-uk Kim unsigned long disabled_enc, 871*6f9291ceSJung-uk Kim unsigned long disabled_mac, 8721f13597dSJung-uk Kim unsigned long disabled_ssl, 873f579bf8eSKris Kennaway CIPHER_ORDER *head) 87474664626SKris Kennaway { 875f579bf8eSKris Kennaway CIPHER_ORDER *ciph_curr; 8761f13597dSJung-uk Kim const SSL_CIPHER **ca_curr; 877f579bf8eSKris Kennaway int i; 8781f13597dSJung-uk Kim unsigned long mask_mkey = ~disabled_mkey; 8791f13597dSJung-uk Kim unsigned long mask_auth = ~disabled_auth; 8801f13597dSJung-uk Kim unsigned long mask_enc = ~disabled_enc; 8811f13597dSJung-uk Kim unsigned long mask_mac = ~disabled_mac; 8821f13597dSJung-uk Kim unsigned long mask_ssl = ~disabled_ssl; 883f579bf8eSKris Kennaway 884f579bf8eSKris Kennaway /* 885f579bf8eSKris Kennaway * First, add the real ciphers as already collected 886f579bf8eSKris Kennaway */ 887f579bf8eSKris Kennaway ciph_curr = head; 888f579bf8eSKris Kennaway ca_curr = ca_list; 889*6f9291ceSJung-uk Kim while (ciph_curr != NULL) { 890f579bf8eSKris Kennaway *ca_curr = ciph_curr->cipher; 891f579bf8eSKris Kennaway ca_curr++; 892f579bf8eSKris Kennaway ciph_curr = ciph_curr->next; 89374664626SKris Kennaway } 89474664626SKris Kennaway 895f579bf8eSKris Kennaway /* 896f579bf8eSKris Kennaway * Now we add the available ones from the cipher_aliases[] table. 8971f13597dSJung-uk Kim * They represent either one or more algorithms, some of which 8981f13597dSJung-uk Kim * in any affected category must be supported (set in enabled_mask), 8991f13597dSJung-uk Kim * or represent a cipher strength value (will be added in any case because algorithms=0). 900f579bf8eSKris Kennaway */ 901*6f9291ceSJung-uk Kim for (i = 0; i < num_of_group_aliases; i++) { 9021f13597dSJung-uk Kim unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; 9031f13597dSJung-uk Kim unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; 9041f13597dSJung-uk Kim unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; 9051f13597dSJung-uk Kim unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; 9061f13597dSJung-uk Kim unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; 9071f13597dSJung-uk Kim 9081f13597dSJung-uk Kim if (algorithm_mkey) 9091f13597dSJung-uk Kim if ((algorithm_mkey & mask_mkey) == 0) 9101f13597dSJung-uk Kim continue; 9111f13597dSJung-uk Kim 9121f13597dSJung-uk Kim if (algorithm_auth) 9131f13597dSJung-uk Kim if ((algorithm_auth & mask_auth) == 0) 9141f13597dSJung-uk Kim continue; 9151f13597dSJung-uk Kim 9161f13597dSJung-uk Kim if (algorithm_enc) 9171f13597dSJung-uk Kim if ((algorithm_enc & mask_enc) == 0) 9181f13597dSJung-uk Kim continue; 9191f13597dSJung-uk Kim 9201f13597dSJung-uk Kim if (algorithm_mac) 9211f13597dSJung-uk Kim if ((algorithm_mac & mask_mac) == 0) 9221f13597dSJung-uk Kim continue; 9231f13597dSJung-uk Kim 9241f13597dSJung-uk Kim if (algorithm_ssl) 9251f13597dSJung-uk Kim if ((algorithm_ssl & mask_ssl) == 0) 9261f13597dSJung-uk Kim continue; 9271f13597dSJung-uk Kim 928f579bf8eSKris Kennaway *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 929f579bf8eSKris Kennaway ca_curr++; 93074664626SKris Kennaway } 93174664626SKris Kennaway 932f579bf8eSKris Kennaway *ca_curr = NULL; /* end of list */ 933f579bf8eSKris Kennaway } 934f579bf8eSKris Kennaway 9351f13597dSJung-uk Kim static void ssl_cipher_apply_rule(unsigned long cipher_id, 936*6f9291ceSJung-uk Kim unsigned long alg_mkey, 937*6f9291ceSJung-uk Kim unsigned long alg_auth, 938*6f9291ceSJung-uk Kim unsigned long alg_enc, 939*6f9291ceSJung-uk Kim unsigned long alg_mac, 9401f13597dSJung-uk Kim unsigned long alg_ssl, 941*6f9291ceSJung-uk Kim unsigned long algo_strength, int rule, 942*6f9291ceSJung-uk Kim int strength_bits, CIPHER_ORDER **head_p, 943*6f9291ceSJung-uk Kim CIPHER_ORDER **tail_p) 94474664626SKris Kennaway { 945a93cbc2bSJung-uk Kim CIPHER_ORDER *head, *tail, *curr, *next, *last; 9461f13597dSJung-uk Kim const SSL_CIPHER *cp; 9471f13597dSJung-uk Kim int reverse = 0; 948f579bf8eSKris Kennaway 949f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 950*6f9291ceSJung-uk Kim fprintf(stderr, 951*6f9291ceSJung-uk Kim "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", 952*6f9291ceSJung-uk Kim rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, 953*6f9291ceSJung-uk Kim algo_strength, strength_bits); 95474664626SKris Kennaway #endif 95574664626SKris Kennaway 9561f13597dSJung-uk Kim if (rule == CIPHER_DEL) 957*6f9291ceSJung-uk Kim reverse = 1; /* needed to maintain sorting between 958*6f9291ceSJung-uk Kim * currently deleted ciphers */ 9591f13597dSJung-uk Kim 9601f13597dSJung-uk Kim head = *head_p; 9611f13597dSJung-uk Kim tail = *tail_p; 9621f13597dSJung-uk Kim 963*6f9291ceSJung-uk Kim if (reverse) { 964a93cbc2bSJung-uk Kim next = tail; 9651f13597dSJung-uk Kim last = head; 966*6f9291ceSJung-uk Kim } else { 967a93cbc2bSJung-uk Kim next = head; 9681f13597dSJung-uk Kim last = tail; 9691f13597dSJung-uk Kim } 9701f13597dSJung-uk Kim 971a93cbc2bSJung-uk Kim curr = NULL; 972*6f9291ceSJung-uk Kim for (;;) { 973*6f9291ceSJung-uk Kim if (curr == last) 974*6f9291ceSJung-uk Kim break; 975a93cbc2bSJung-uk Kim 976a93cbc2bSJung-uk Kim curr = next; 977a93cbc2bSJung-uk Kim 978*6f9291ceSJung-uk Kim if (curr == NULL) 979*6f9291ceSJung-uk Kim break; 980a93cbc2bSJung-uk Kim 981a93cbc2bSJung-uk Kim next = reverse ? curr->prev : curr->next; 98274664626SKris Kennaway 98374664626SKris Kennaway cp = curr->cipher; 984f579bf8eSKris Kennaway 9851f13597dSJung-uk Kim /* 9861f13597dSJung-uk Kim * Selection criteria is either the value of strength_bits 9871f13597dSJung-uk Kim * or the algorithms used. 9881f13597dSJung-uk Kim */ 989*6f9291ceSJung-uk Kim if (strength_bits >= 0) { 9901f13597dSJung-uk Kim if (strength_bits != cp->strength_bits) 9913b4e3dcbSSimon L. B. Nielsen continue; 992*6f9291ceSJung-uk Kim } else { 993f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 994*6f9291ceSJung-uk Kim fprintf(stderr, 995*6f9291ceSJung-uk Kim "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", 996*6f9291ceSJung-uk Kim cp->name, cp->algorithm_mkey, cp->algorithm_auth, 997*6f9291ceSJung-uk Kim cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, 998*6f9291ceSJung-uk Kim cp->algo_strength); 999f579bf8eSKris Kennaway #endif 1000*6f9291ceSJung-uk Kim if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) 1001*6f9291ceSJung-uk Kim goto ok; 1002*6f9291ceSJung-uk Kim if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) 1003*6f9291ceSJung-uk Kim goto ok; 10041f13597dSJung-uk Kim if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 10051f13597dSJung-uk Kim continue; 10061f13597dSJung-uk Kim if (alg_auth && !(alg_auth & cp->algorithm_auth)) 10071f13597dSJung-uk Kim continue; 10081f13597dSJung-uk Kim if (alg_enc && !(alg_enc & cp->algorithm_enc)) 10091f13597dSJung-uk Kim continue; 10101f13597dSJung-uk Kim if (alg_mac && !(alg_mac & cp->algorithm_mac)) 10111f13597dSJung-uk Kim continue; 10121f13597dSJung-uk Kim if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) 10131f13597dSJung-uk Kim continue; 1014*6f9291ceSJung-uk Kim if ((algo_strength & SSL_EXP_MASK) 1015*6f9291ceSJung-uk Kim && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) 10161f13597dSJung-uk Kim continue; 1017*6f9291ceSJung-uk Kim if ((algo_strength & SSL_STRONG_MASK) 1018*6f9291ceSJung-uk Kim && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 10191f13597dSJung-uk Kim continue; 102074664626SKris Kennaway } 1021f579bf8eSKris Kennaway 1022*6f9291ceSJung-uk Kim ok: 1023*6f9291ceSJung-uk Kim 1024f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 1025751d2991SJung-uk Kim fprintf(stderr, "Action = %d\n", rule); 1026f579bf8eSKris Kennaway #endif 102774664626SKris Kennaway 102874664626SKris Kennaway /* add the cipher if it has not been added yet. */ 1029*6f9291ceSJung-uk Kim if (rule == CIPHER_ADD) { 10301f13597dSJung-uk Kim /* reverse == 0 */ 1031*6f9291ceSJung-uk Kim if (!curr->active) { 103274664626SKris Kennaway ll_append_tail(&head, curr, &tail); 103374664626SKris Kennaway curr->active = 1; 103474664626SKris Kennaway } 103574664626SKris Kennaway } 103674664626SKris Kennaway /* Move the added cipher to this location */ 1037*6f9291ceSJung-uk Kim else if (rule == CIPHER_ORD) { 10381f13597dSJung-uk Kim /* reverse == 0 */ 1039*6f9291ceSJung-uk Kim if (curr->active) { 104074664626SKris Kennaway ll_append_tail(&head, curr, &tail); 104174664626SKris Kennaway } 1042*6f9291ceSJung-uk Kim } else if (rule == CIPHER_DEL) { 10431f13597dSJung-uk Kim /* reverse == 1 */ 1044*6f9291ceSJung-uk Kim if (curr->active) { 1045*6f9291ceSJung-uk Kim /* 1046*6f9291ceSJung-uk Kim * most recently deleted ciphersuites get best positions for 1047*6f9291ceSJung-uk Kim * any future CIPHER_ADD (note that the CIPHER_DEL loop works 1048*6f9291ceSJung-uk Kim * in reverse to maintain the order) 1049*6f9291ceSJung-uk Kim */ 10501f13597dSJung-uk Kim ll_append_head(&head, curr, &tail); 105174664626SKris Kennaway curr->active = 0; 10521f13597dSJung-uk Kim } 1053*6f9291ceSJung-uk Kim } else if (rule == CIPHER_KILL) { 10541f13597dSJung-uk Kim /* reverse == 0 */ 105574664626SKris Kennaway if (head == curr) 105674664626SKris Kennaway head = curr->next; 105774664626SKris Kennaway else 105874664626SKris Kennaway curr->prev->next = curr->next; 105974664626SKris Kennaway if (tail == curr) 106074664626SKris Kennaway tail = curr->prev; 106174664626SKris Kennaway curr->active = 0; 106274664626SKris Kennaway if (curr->next != NULL) 106374664626SKris Kennaway curr->next->prev = curr->prev; 106474664626SKris Kennaway if (curr->prev != NULL) 106574664626SKris Kennaway curr->prev->next = curr->next; 106674664626SKris Kennaway curr->next = NULL; 106774664626SKris Kennaway curr->prev = NULL; 106874664626SKris Kennaway } 106974664626SKris Kennaway } 1070f579bf8eSKris Kennaway 1071f579bf8eSKris Kennaway *head_p = head; 1072f579bf8eSKris Kennaway *tail_p = tail; 107374664626SKris Kennaway } 107474664626SKris Kennaway 10751f13597dSJung-uk Kim static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, 1076f579bf8eSKris Kennaway CIPHER_ORDER **tail_p) 1077f579bf8eSKris Kennaway { 1078f579bf8eSKris Kennaway int max_strength_bits, i, *number_uses; 1079f579bf8eSKris Kennaway CIPHER_ORDER *curr; 1080f579bf8eSKris Kennaway 1081f579bf8eSKris Kennaway /* 1082f579bf8eSKris Kennaway * This routine sorts the ciphers with descending strength. The sorting 1083f579bf8eSKris Kennaway * must keep the pre-sorted sequence, so we apply the normal sorting 1084f579bf8eSKris Kennaway * routine as '+' movement to the end of the list. 1085f579bf8eSKris Kennaway */ 1086f579bf8eSKris Kennaway max_strength_bits = 0; 1087f579bf8eSKris Kennaway curr = *head_p; 1088*6f9291ceSJung-uk Kim while (curr != NULL) { 1089*6f9291ceSJung-uk Kim if (curr->active && (curr->cipher->strength_bits > max_strength_bits)) 1090f579bf8eSKris Kennaway max_strength_bits = curr->cipher->strength_bits; 1091f579bf8eSKris Kennaway curr = curr->next; 1092f579bf8eSKris Kennaway } 1093f579bf8eSKris Kennaway 1094ddd58736SKris Kennaway number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 1095*6f9291ceSJung-uk Kim if (!number_uses) { 1096f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); 1097f579bf8eSKris Kennaway return (0); 1098f579bf8eSKris Kennaway } 1099f579bf8eSKris Kennaway memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 1100f579bf8eSKris Kennaway 1101f579bf8eSKris Kennaway /* 1102f579bf8eSKris Kennaway * Now find the strength_bits values actually used 1103f579bf8eSKris Kennaway */ 1104f579bf8eSKris Kennaway curr = *head_p; 1105*6f9291ceSJung-uk Kim while (curr != NULL) { 1106f579bf8eSKris Kennaway if (curr->active) 1107f579bf8eSKris Kennaway number_uses[curr->cipher->strength_bits]++; 1108f579bf8eSKris Kennaway curr = curr->next; 1109f579bf8eSKris Kennaway } 1110f579bf8eSKris Kennaway /* 1111f579bf8eSKris Kennaway * Go through the list of used strength_bits values in descending 1112f579bf8eSKris Kennaway * order. 1113f579bf8eSKris Kennaway */ 1114f579bf8eSKris Kennaway for (i = max_strength_bits; i >= 0; i--) 1115f579bf8eSKris Kennaway if (number_uses[i] > 0) 1116*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, 1117*6f9291ceSJung-uk Kim tail_p); 1118f579bf8eSKris Kennaway 1119ddd58736SKris Kennaway OPENSSL_free(number_uses); 1120f579bf8eSKris Kennaway return (1); 1121f579bf8eSKris Kennaway } 1122f579bf8eSKris Kennaway 1123f579bf8eSKris Kennaway static int ssl_cipher_process_rulestr(const char *rule_str, 1124*6f9291ceSJung-uk Kim CIPHER_ORDER **head_p, 1125*6f9291ceSJung-uk Kim CIPHER_ORDER **tail_p, 11261f13597dSJung-uk Kim const SSL_CIPHER **ca_list) 1127f579bf8eSKris Kennaway { 1128*6f9291ceSJung-uk Kim unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, 1129*6f9291ceSJung-uk Kim algo_strength; 1130a3ddd25aSSimon L. B. Nielsen const char *l, *buf; 1131f579bf8eSKris Kennaway int j, multi, found, rule, retval, ok, buflen; 11321f13597dSJung-uk Kim unsigned long cipher_id = 0; 1133f579bf8eSKris Kennaway char ch; 1134f579bf8eSKris Kennaway 1135f579bf8eSKris Kennaway retval = 1; 1136f579bf8eSKris Kennaway l = rule_str; 1137*6f9291ceSJung-uk Kim for (;;) { 1138f579bf8eSKris Kennaway ch = *l; 1139f579bf8eSKris Kennaway 1140f579bf8eSKris Kennaway if (ch == '\0') 1141f579bf8eSKris Kennaway break; /* done */ 1142*6f9291ceSJung-uk Kim if (ch == '-') { 1143*6f9291ceSJung-uk Kim rule = CIPHER_DEL; 1144*6f9291ceSJung-uk Kim l++; 1145*6f9291ceSJung-uk Kim } else if (ch == '+') { 1146*6f9291ceSJung-uk Kim rule = CIPHER_ORD; 1147*6f9291ceSJung-uk Kim l++; 1148*6f9291ceSJung-uk Kim } else if (ch == '!') { 1149*6f9291ceSJung-uk Kim rule = CIPHER_KILL; 1150*6f9291ceSJung-uk Kim l++; 1151*6f9291ceSJung-uk Kim } else if (ch == '@') { 1152*6f9291ceSJung-uk Kim rule = CIPHER_SPECIAL; 1153*6f9291ceSJung-uk Kim l++; 1154*6f9291ceSJung-uk Kim } else { 1155*6f9291ceSJung-uk Kim rule = CIPHER_ADD; 1156*6f9291ceSJung-uk Kim } 1157f579bf8eSKris Kennaway 1158*6f9291ceSJung-uk Kim if (ITEM_SEP(ch)) { 1159f579bf8eSKris Kennaway l++; 1160f579bf8eSKris Kennaway continue; 1161f579bf8eSKris Kennaway } 1162f579bf8eSKris Kennaway 11631f13597dSJung-uk Kim alg_mkey = 0; 11641f13597dSJung-uk Kim alg_auth = 0; 11651f13597dSJung-uk Kim alg_enc = 0; 11661f13597dSJung-uk Kim alg_mac = 0; 11671f13597dSJung-uk Kim alg_ssl = 0; 11681f13597dSJung-uk Kim algo_strength = 0; 1169f579bf8eSKris Kennaway 1170*6f9291ceSJung-uk Kim for (;;) { 1171f579bf8eSKris Kennaway ch = *l; 1172f579bf8eSKris Kennaway buf = l; 1173f579bf8eSKris Kennaway buflen = 0; 1174f579bf8eSKris Kennaway #ifndef CHARSET_EBCDIC 1175f579bf8eSKris Kennaway while (((ch >= 'A') && (ch <= 'Z')) || 1176f579bf8eSKris Kennaway ((ch >= '0') && (ch <= '9')) || 1177*6f9291ceSJung-uk Kim ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) 1178f579bf8eSKris Kennaway #else 117909286989SJung-uk Kim while (isalnum(ch) || (ch == '-') || (ch == '.')) 1180f579bf8eSKris Kennaway #endif 1181f579bf8eSKris Kennaway { 1182f579bf8eSKris Kennaway ch = *(++l); 1183f579bf8eSKris Kennaway buflen++; 1184f579bf8eSKris Kennaway } 1185f579bf8eSKris Kennaway 1186*6f9291ceSJung-uk Kim if (buflen == 0) { 1187f579bf8eSKris Kennaway /* 1188f579bf8eSKris Kennaway * We hit something we cannot deal with, 1189f579bf8eSKris Kennaway * it is no command or separator nor 1190f579bf8eSKris Kennaway * alphanumeric, so we call this an error. 1191f579bf8eSKris Kennaway */ 1192f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1193f579bf8eSKris Kennaway SSL_R_INVALID_COMMAND); 1194f579bf8eSKris Kennaway retval = found = 0; 1195f579bf8eSKris Kennaway l++; 1196f579bf8eSKris Kennaway break; 1197f579bf8eSKris Kennaway } 1198f579bf8eSKris Kennaway 1199*6f9291ceSJung-uk Kim if (rule == CIPHER_SPECIAL) { 1200f579bf8eSKris Kennaway found = 0; /* unused -- avoid compiler warning */ 1201f579bf8eSKris Kennaway break; /* special treatment */ 1202f579bf8eSKris Kennaway } 1203f579bf8eSKris Kennaway 1204f579bf8eSKris Kennaway /* check for multi-part specification */ 1205*6f9291ceSJung-uk Kim if (ch == '+') { 1206f579bf8eSKris Kennaway multi = 1; 1207f579bf8eSKris Kennaway l++; 1208*6f9291ceSJung-uk Kim } else 1209f579bf8eSKris Kennaway multi = 0; 1210f579bf8eSKris Kennaway 1211f579bf8eSKris Kennaway /* 1212f579bf8eSKris Kennaway * Now search for the cipher alias in the ca_list. Be careful 1213f579bf8eSKris Kennaway * with the strncmp, because the "buflen" limitation 1214f579bf8eSKris Kennaway * will make the rule "ADH:SOME" and the cipher 1215f579bf8eSKris Kennaway * "ADH-MY-CIPHER" look like a match for buflen=3. 1216f579bf8eSKris Kennaway * So additionally check whether the cipher name found 1217f579bf8eSKris Kennaway * has the correct length. We can save a strlen() call: 1218f579bf8eSKris Kennaway * just checking for the '\0' at the right place is 121950ef0093SJacques Vidrine * sufficient, we have to strncmp() anyway. (We cannot 122050ef0093SJacques Vidrine * use strcmp(), because buf is not '\0' terminated.) 1221f579bf8eSKris Kennaway */ 1222f579bf8eSKris Kennaway j = found = 0; 12233b4e3dcbSSimon L. B. Nielsen cipher_id = 0; 1224*6f9291ceSJung-uk Kim while (ca_list[j]) { 122550ef0093SJacques Vidrine if (!strncmp(buf, ca_list[j]->name, buflen) && 1226*6f9291ceSJung-uk Kim (ca_list[j]->name[buflen] == '\0')) { 1227f579bf8eSKris Kennaway found = 1; 1228f579bf8eSKris Kennaway break; 1229*6f9291ceSJung-uk Kim } else 1230f579bf8eSKris Kennaway j++; 1231f579bf8eSKris Kennaway } 12321f13597dSJung-uk Kim 1233f579bf8eSKris Kennaway if (!found) 1234f579bf8eSKris Kennaway break; /* ignore this entry */ 1235f579bf8eSKris Kennaway 1236*6f9291ceSJung-uk Kim if (ca_list[j]->algorithm_mkey) { 1237*6f9291ceSJung-uk Kim if (alg_mkey) { 12381f13597dSJung-uk Kim alg_mkey &= ca_list[j]->algorithm_mkey; 1239*6f9291ceSJung-uk Kim if (!alg_mkey) { 1240*6f9291ceSJung-uk Kim found = 0; 1241*6f9291ceSJung-uk Kim break; 12421f13597dSJung-uk Kim } 1243*6f9291ceSJung-uk Kim } else 12441f13597dSJung-uk Kim alg_mkey = ca_list[j]->algorithm_mkey; 12451f13597dSJung-uk Kim } 1246f579bf8eSKris Kennaway 1247*6f9291ceSJung-uk Kim if (ca_list[j]->algorithm_auth) { 1248*6f9291ceSJung-uk Kim if (alg_auth) { 12491f13597dSJung-uk Kim alg_auth &= ca_list[j]->algorithm_auth; 1250*6f9291ceSJung-uk Kim if (!alg_auth) { 1251*6f9291ceSJung-uk Kim found = 0; 1252*6f9291ceSJung-uk Kim break; 12531f13597dSJung-uk Kim } 1254*6f9291ceSJung-uk Kim } else 12551f13597dSJung-uk Kim alg_auth = ca_list[j]->algorithm_auth; 12561f13597dSJung-uk Kim } 12571f13597dSJung-uk Kim 1258*6f9291ceSJung-uk Kim if (ca_list[j]->algorithm_enc) { 1259*6f9291ceSJung-uk Kim if (alg_enc) { 12601f13597dSJung-uk Kim alg_enc &= ca_list[j]->algorithm_enc; 1261*6f9291ceSJung-uk Kim if (!alg_enc) { 1262*6f9291ceSJung-uk Kim found = 0; 1263*6f9291ceSJung-uk Kim break; 12641f13597dSJung-uk Kim } 1265*6f9291ceSJung-uk Kim } else 12661f13597dSJung-uk Kim alg_enc = ca_list[j]->algorithm_enc; 12671f13597dSJung-uk Kim } 12681f13597dSJung-uk Kim 1269*6f9291ceSJung-uk Kim if (ca_list[j]->algorithm_mac) { 1270*6f9291ceSJung-uk Kim if (alg_mac) { 12711f13597dSJung-uk Kim alg_mac &= ca_list[j]->algorithm_mac; 1272*6f9291ceSJung-uk Kim if (!alg_mac) { 1273*6f9291ceSJung-uk Kim found = 0; 1274*6f9291ceSJung-uk Kim break; 12751f13597dSJung-uk Kim } 1276*6f9291ceSJung-uk Kim } else 12771f13597dSJung-uk Kim alg_mac = ca_list[j]->algorithm_mac; 12781f13597dSJung-uk Kim } 12791f13597dSJung-uk Kim 1280*6f9291ceSJung-uk Kim if (ca_list[j]->algo_strength & SSL_EXP_MASK) { 1281*6f9291ceSJung-uk Kim if (algo_strength & SSL_EXP_MASK) { 1282*6f9291ceSJung-uk Kim algo_strength &= 1283*6f9291ceSJung-uk Kim (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1284*6f9291ceSJung-uk Kim ~SSL_EXP_MASK; 1285*6f9291ceSJung-uk Kim if (!(algo_strength & SSL_EXP_MASK)) { 1286*6f9291ceSJung-uk Kim found = 0; 1287*6f9291ceSJung-uk Kim break; 12881f13597dSJung-uk Kim } 1289*6f9291ceSJung-uk Kim } else 12901f13597dSJung-uk Kim algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; 12911f13597dSJung-uk Kim } 12921f13597dSJung-uk Kim 1293*6f9291ceSJung-uk Kim if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { 1294*6f9291ceSJung-uk Kim if (algo_strength & SSL_STRONG_MASK) { 1295*6f9291ceSJung-uk Kim algo_strength &= 1296*6f9291ceSJung-uk Kim (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1297*6f9291ceSJung-uk Kim ~SSL_STRONG_MASK; 1298*6f9291ceSJung-uk Kim if (!(algo_strength & SSL_STRONG_MASK)) { 1299*6f9291ceSJung-uk Kim found = 0; 1300*6f9291ceSJung-uk Kim break; 13011f13597dSJung-uk Kim } 1302*6f9291ceSJung-uk Kim } else 1303*6f9291ceSJung-uk Kim algo_strength |= 1304*6f9291ceSJung-uk Kim ca_list[j]->algo_strength & SSL_STRONG_MASK; 13051f13597dSJung-uk Kim } 13061f13597dSJung-uk Kim 1307*6f9291ceSJung-uk Kim if (ca_list[j]->valid) { 1308*6f9291ceSJung-uk Kim /* 1309*6f9291ceSJung-uk Kim * explicit ciphersuite found; its protocol version does not 1310*6f9291ceSJung-uk Kim * become part of the search pattern! 1311*6f9291ceSJung-uk Kim */ 13121f13597dSJung-uk Kim 1313ed5d4f9aSSimon L. B. Nielsen cipher_id = ca_list[j]->id; 1314*6f9291ceSJung-uk Kim } else { 1315*6f9291ceSJung-uk Kim /* 1316*6f9291ceSJung-uk Kim * not an explicit ciphersuite; only in this case, the 1317*6f9291ceSJung-uk Kim * protocol version is considered part of the search pattern 1318*6f9291ceSJung-uk Kim */ 13191f13597dSJung-uk Kim 1320*6f9291ceSJung-uk Kim if (ca_list[j]->algorithm_ssl) { 1321*6f9291ceSJung-uk Kim if (alg_ssl) { 13221f13597dSJung-uk Kim alg_ssl &= ca_list[j]->algorithm_ssl; 1323*6f9291ceSJung-uk Kim if (!alg_ssl) { 1324*6f9291ceSJung-uk Kim found = 0; 1325*6f9291ceSJung-uk Kim break; 13261f13597dSJung-uk Kim } 1327*6f9291ceSJung-uk Kim } else 13281f13597dSJung-uk Kim alg_ssl = ca_list[j]->algorithm_ssl; 13291f13597dSJung-uk Kim } 1330ed5d4f9aSSimon L. B. Nielsen } 1331ed5d4f9aSSimon L. B. Nielsen 1332*6f9291ceSJung-uk Kim if (!multi) 1333*6f9291ceSJung-uk Kim break; 1334f579bf8eSKris Kennaway } 1335f579bf8eSKris Kennaway 1336f579bf8eSKris Kennaway /* 1337f579bf8eSKris Kennaway * Ok, we have the rule, now apply it 1338f579bf8eSKris Kennaway */ 1339*6f9291ceSJung-uk Kim if (rule == CIPHER_SPECIAL) { /* special command */ 1340f579bf8eSKris Kennaway ok = 0; 1341*6f9291ceSJung-uk Kim if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) 13421f13597dSJung-uk Kim ok = ssl_cipher_strength_sort(head_p, tail_p); 1343f579bf8eSKris Kennaway else 1344f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1345f579bf8eSKris Kennaway SSL_R_INVALID_COMMAND); 1346f579bf8eSKris Kennaway if (ok == 0) 1347f579bf8eSKris Kennaway retval = 0; 1348f579bf8eSKris Kennaway /* 1349f579bf8eSKris Kennaway * We do not support any "multi" options 1350f579bf8eSKris Kennaway * together with "@", so throw away the 1351f579bf8eSKris Kennaway * rest of the command, if any left, until 1352f579bf8eSKris Kennaway * end or ':' is found. 1353f579bf8eSKris Kennaway */ 13545471f83eSSimon L. B. Nielsen while ((*l != '\0') && !ITEM_SEP(*l)) 1355f579bf8eSKris Kennaway l++; 1356*6f9291ceSJung-uk Kim } else if (found) { 13571f13597dSJung-uk Kim ssl_cipher_apply_rule(cipher_id, 1358*6f9291ceSJung-uk Kim alg_mkey, alg_auth, alg_enc, alg_mac, 1359*6f9291ceSJung-uk Kim alg_ssl, algo_strength, rule, -1, head_p, 1360*6f9291ceSJung-uk Kim tail_p); 1361*6f9291ceSJung-uk Kim } else { 13625471f83eSSimon L. B. Nielsen while ((*l != '\0') && !ITEM_SEP(*l)) 1363f579bf8eSKris Kennaway l++; 1364f579bf8eSKris Kennaway } 1365*6f9291ceSJung-uk Kim if (*l == '\0') 1366*6f9291ceSJung-uk Kim break; /* done */ 1367f579bf8eSKris Kennaway } 1368f579bf8eSKris Kennaway 1369f579bf8eSKris Kennaway return (retval); 1370f579bf8eSKris Kennaway } 1371f579bf8eSKris Kennaway 1372*6f9291ceSJung-uk Kim STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) 1373*6f9291ceSJung-uk Kim **cipher_list, STACK_OF(SSL_CIPHER) 1374*6f9291ceSJung-uk Kim **cipher_list_by_id, 1375f579bf8eSKris Kennaway const char *rule_str) 1376f579bf8eSKris Kennaway { 1377f579bf8eSKris Kennaway int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1378*6f9291ceSJung-uk Kim unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, 1379*6f9291ceSJung-uk Kim disabled_ssl; 13803b4e3dcbSSimon L. B. Nielsen STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1381f579bf8eSKris Kennaway const char *rule_p; 1382ced566fdSJacques Vidrine CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 13831f13597dSJung-uk Kim const SSL_CIPHER **ca_list = NULL; 1384f579bf8eSKris Kennaway 1385f579bf8eSKris Kennaway /* 1386f579bf8eSKris Kennaway * Return with error if nothing to do. 1387f579bf8eSKris Kennaway */ 13883b4e3dcbSSimon L. B. Nielsen if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 13893b4e3dcbSSimon L. B. Nielsen return NULL; 1390f579bf8eSKris Kennaway 1391f579bf8eSKris Kennaway /* 1392f579bf8eSKris Kennaway * To reduce the work to do we only want to process the compiled 1393f579bf8eSKris Kennaway * in algorithms, so we first get the mask of disabled ciphers. 1394f579bf8eSKris Kennaway */ 1395*6f9291ceSJung-uk Kim ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, 1396*6f9291ceSJung-uk Kim &disabled_mac, &disabled_ssl); 1397f579bf8eSKris Kennaway 1398f579bf8eSKris Kennaway /* 1399f579bf8eSKris Kennaway * Now we have to collect the available ciphers from the compiled 1400f579bf8eSKris Kennaway * in ciphers. We cannot get more than the number compiled in, so 1401f579bf8eSKris Kennaway * it is used for allocation. 1402f579bf8eSKris Kennaway */ 1403f579bf8eSKris Kennaway num_of_ciphers = ssl_method->num_ciphers(); 14045c87c606SMark Murray #ifdef KSSL_DEBUG 1405*6f9291ceSJung-uk Kim fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", 1406*6f9291ceSJung-uk Kim num_of_ciphers); 14075c87c606SMark Murray #endif /* KSSL_DEBUG */ 1408*6f9291ceSJung-uk Kim co_list = 1409*6f9291ceSJung-uk Kim (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 1410*6f9291ceSJung-uk Kim if (co_list == NULL) { 1411f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1412f579bf8eSKris Kennaway return (NULL); /* Failure */ 1413f579bf8eSKris Kennaway } 1414f579bf8eSKris Kennaway 14151f13597dSJung-uk Kim ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1416*6f9291ceSJung-uk Kim disabled_mkey, disabled_auth, disabled_enc, 1417*6f9291ceSJung-uk Kim disabled_mac, disabled_ssl, co_list, &head, 1418*6f9291ceSJung-uk Kim &tail); 14191f13597dSJung-uk Kim 14201f13597dSJung-uk Kim /* Now arrange all ciphers by preference: */ 14211f13597dSJung-uk Kim 1422*6f9291ceSJung-uk Kim /* 1423*6f9291ceSJung-uk Kim * Everything else being equal, prefer ephemeral ECDH over other key 1424*6f9291ceSJung-uk Kim * exchange mechanisms 1425*6f9291ceSJung-uk Kim */ 1426*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, 1427*6f9291ceSJung-uk Kim &tail); 1428*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, 1429*6f9291ceSJung-uk Kim &tail); 14301f13597dSJung-uk Kim 14311f13597dSJung-uk Kim /* AES is our preferred symmetric cipher */ 1432*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, 1433*6f9291ceSJung-uk Kim &tail); 14341f13597dSJung-uk Kim 14351f13597dSJung-uk Kim /* Temporarily enable everything else for sorting */ 14361f13597dSJung-uk Kim ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 14371f13597dSJung-uk Kim 14381f13597dSJung-uk Kim /* Low priority for MD5 */ 1439*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, 1440*6f9291ceSJung-uk Kim &tail); 14411f13597dSJung-uk Kim 1442*6f9291ceSJung-uk Kim /* 1443*6f9291ceSJung-uk Kim * Move anonymous ciphers to the end. Usually, these will remain 1444*6f9291ceSJung-uk Kim * disabled. (For applications that allow them, they aren't too bad, but 1445*6f9291ceSJung-uk Kim * we prefer authenticated ciphers.) 1446*6f9291ceSJung-uk Kim */ 1447*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1448*6f9291ceSJung-uk Kim &tail); 14491f13597dSJung-uk Kim 14501f13597dSJung-uk Kim /* Move ciphers without forward secrecy to the end */ 1451*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1452*6f9291ceSJung-uk Kim &tail); 1453*6f9291ceSJung-uk Kim /* 1454*6f9291ceSJung-uk Kim * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, 1455*6f9291ceSJung-uk Kim * &head, &tail); 1456*6f9291ceSJung-uk Kim */ 1457*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1458*6f9291ceSJung-uk Kim &tail); 1459*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1460*6f9291ceSJung-uk Kim &tail); 1461*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, 1462*6f9291ceSJung-uk Kim &tail); 14631f13597dSJung-uk Kim 14641f13597dSJung-uk Kim /* RC4 is sort-of broken -- move the the end */ 1465*6f9291ceSJung-uk Kim ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, 1466*6f9291ceSJung-uk Kim &tail); 14671f13597dSJung-uk Kim 1468*6f9291ceSJung-uk Kim /* 1469*6f9291ceSJung-uk Kim * Now sort by symmetric encryption strength. The above ordering remains 1470*6f9291ceSJung-uk Kim * in force within each class 1471*6f9291ceSJung-uk Kim */ 1472*6f9291ceSJung-uk Kim if (!ssl_cipher_strength_sort(&head, &tail)) { 14731f13597dSJung-uk Kim OPENSSL_free(co_list); 14741f13597dSJung-uk Kim return NULL; 14751f13597dSJung-uk Kim } 14761f13597dSJung-uk Kim 14771f13597dSJung-uk Kim /* Now disable everything (maintaining the ordering!) */ 14781f13597dSJung-uk Kim ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 14791f13597dSJung-uk Kim 1480f579bf8eSKris Kennaway /* 1481f579bf8eSKris Kennaway * We also need cipher aliases for selecting based on the rule_str. 1482f579bf8eSKris Kennaway * There might be two types of entries in the rule_str: 1) names 1483f579bf8eSKris Kennaway * of ciphers themselves 2) aliases for groups of ciphers. 1484f579bf8eSKris Kennaway * For 1) we need the available ciphers and for 2) the cipher 1485f579bf8eSKris Kennaway * groups of cipher_aliases added together in one list (otherwise 1486f579bf8eSKris Kennaway * we would be happy with just the cipher_aliases table). 1487f579bf8eSKris Kennaway */ 1488f579bf8eSKris Kennaway num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1489f579bf8eSKris Kennaway num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 14901f13597dSJung-uk Kim ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1491*6f9291ceSJung-uk Kim if (ca_list == NULL) { 1492ced566fdSJacques Vidrine OPENSSL_free(co_list); 1493f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); 1494f579bf8eSKris Kennaway return (NULL); /* Failure */ 1495f579bf8eSKris Kennaway } 14965471f83eSSimon L. B. Nielsen ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 14971f13597dSJung-uk Kim disabled_mkey, disabled_auth, disabled_enc, 14981f13597dSJung-uk Kim disabled_mac, disabled_ssl, head); 1499f579bf8eSKris Kennaway 1500f579bf8eSKris Kennaway /* 1501f579bf8eSKris Kennaway * If the rule_string begins with DEFAULT, apply the default rule 1502f579bf8eSKris Kennaway * before using the (possibly available) additional rules. 1503f579bf8eSKris Kennaway */ 1504f579bf8eSKris Kennaway ok = 1; 1505f579bf8eSKris Kennaway rule_p = rule_str; 1506*6f9291ceSJung-uk Kim if (strncmp(rule_str, "DEFAULT", 7) == 0) { 1507f579bf8eSKris Kennaway ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 15081f13597dSJung-uk Kim &head, &tail, ca_list); 1509f579bf8eSKris Kennaway rule_p += 7; 1510f579bf8eSKris Kennaway if (*rule_p == ':') 1511f579bf8eSKris Kennaway rule_p++; 1512f579bf8eSKris Kennaway } 1513f579bf8eSKris Kennaway 1514f579bf8eSKris Kennaway if (ok && (strlen(rule_p) > 0)) 15151f13597dSJung-uk Kim ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); 1516f579bf8eSKris Kennaway 15171f13597dSJung-uk Kim OPENSSL_free((void *)ca_list); /* Not needed anymore */ 1518f579bf8eSKris Kennaway 1519*6f9291ceSJung-uk Kim if (!ok) { /* Rule processing failure */ 1520ced566fdSJacques Vidrine OPENSSL_free(co_list); 1521f579bf8eSKris Kennaway return (NULL); 1522f579bf8eSKris Kennaway } 15231f13597dSJung-uk Kim 1524f579bf8eSKris Kennaway /* 1525f579bf8eSKris Kennaway * Allocate new "cipherstack" for the result, return with error 1526f579bf8eSKris Kennaway * if we cannot get one. 1527f579bf8eSKris Kennaway */ 1528*6f9291ceSJung-uk Kim if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { 1529ced566fdSJacques Vidrine OPENSSL_free(co_list); 1530f579bf8eSKris Kennaway return (NULL); 1531f579bf8eSKris Kennaway } 1532f579bf8eSKris Kennaway 1533f579bf8eSKris Kennaway /* 1534f579bf8eSKris Kennaway * The cipher selection for the list is done. The ciphers are added 1535f579bf8eSKris Kennaway * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1536f579bf8eSKris Kennaway */ 1537*6f9291ceSJung-uk Kim for (curr = head; curr != NULL; curr = curr->next) { 1538db522d3aSSimon L. B. Nielsen #ifdef OPENSSL_FIPS 1539*6f9291ceSJung-uk Kim if (curr->active 1540*6f9291ceSJung-uk Kim && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) 1541db522d3aSSimon L. B. Nielsen #else 154274664626SKris Kennaway if (curr->active) 1543db522d3aSSimon L. B. Nielsen #endif 154474664626SKris Kennaway { 1545f579bf8eSKris Kennaway sk_SSL_CIPHER_push(cipherstack, curr->cipher); 154674664626SKris Kennaway #ifdef CIPHER_DEBUG 1547751d2991SJung-uk Kim fprintf(stderr, "<%s>\n", curr->cipher->name); 154874664626SKris Kennaway #endif 154974664626SKris Kennaway } 155074664626SKris Kennaway } 1551ced566fdSJacques Vidrine OPENSSL_free(co_list); /* Not needed any longer */ 155274664626SKris Kennaway 15533b4e3dcbSSimon L. B. Nielsen tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 1554*6f9291ceSJung-uk Kim if (tmp_cipher_list == NULL) { 15553b4e3dcbSSimon L. B. Nielsen sk_SSL_CIPHER_free(cipherstack); 15563b4e3dcbSSimon L. B. Nielsen return NULL; 15573b4e3dcbSSimon L. B. Nielsen } 155874664626SKris Kennaway if (*cipher_list != NULL) 155974664626SKris Kennaway sk_SSL_CIPHER_free(*cipher_list); 1560f579bf8eSKris Kennaway *cipher_list = cipherstack; 156174664626SKris Kennaway if (*cipher_list_by_id != NULL) 156274664626SKris Kennaway sk_SSL_CIPHER_free(*cipher_list_by_id); 15633b4e3dcbSSimon L. B. Nielsen *cipher_list_by_id = tmp_cipher_list; 1564*6f9291ceSJung-uk Kim (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, 1565*6f9291ceSJung-uk Kim ssl_cipher_ptr_id_cmp); 156674664626SKris Kennaway 15676a599222SSimon L. B. Nielsen sk_SSL_CIPHER_sort(*cipher_list_by_id); 1568f579bf8eSKris Kennaway return (cipherstack); 156974664626SKris Kennaway } 157074664626SKris Kennaway 15716a599222SSimon L. B. Nielsen char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 157274664626SKris Kennaway { 157374664626SKris Kennaway int is_export, pkl, kl; 15743b4e3dcbSSimon L. B. Nielsen const char *ver, *exp_str; 15753b4e3dcbSSimon L. B. Nielsen const char *kx, *au, *enc, *mac; 15761f13597dSJung-uk Kim unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; 15775c87c606SMark Murray #ifdef KSSL_DEBUG 1578*6f9291ceSJung-uk Kim static const char *format = 1579*6f9291ceSJung-uk Kim "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 15805c87c606SMark Murray #else 1581*6f9291ceSJung-uk Kim static const char *format = 1582*6f9291ceSJung-uk Kim "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 15835c87c606SMark Murray #endif /* KSSL_DEBUG */ 158474664626SKris Kennaway 15851f13597dSJung-uk Kim alg_mkey = cipher->algorithm_mkey; 15861f13597dSJung-uk Kim alg_auth = cipher->algorithm_auth; 15871f13597dSJung-uk Kim alg_enc = cipher->algorithm_enc; 15881f13597dSJung-uk Kim alg_mac = cipher->algorithm_mac; 15891f13597dSJung-uk Kim alg_ssl = cipher->algorithm_ssl; 15901f13597dSJung-uk Kim 159174664626SKris Kennaway alg2 = cipher->algorithm2; 159274664626SKris Kennaway 1593f579bf8eSKris Kennaway is_export = SSL_C_IS_EXPORT(cipher); 1594f579bf8eSKris Kennaway pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); 1595f579bf8eSKris Kennaway kl = SSL_C_EXPORT_KEYLENGTH(cipher); 1596ced566fdSJacques Vidrine exp_str = is_export ? " export" : ""; 159774664626SKris Kennaway 15981f13597dSJung-uk Kim if (alg_ssl & SSL_SSLV2) 159974664626SKris Kennaway ver = "SSLv2"; 16001f13597dSJung-uk Kim else if (alg_ssl & SSL_SSLV3) 160174664626SKris Kennaway ver = "SSLv3"; 16021f13597dSJung-uk Kim else if (alg_ssl & SSL_TLSV1_2) 16031f13597dSJung-uk Kim ver = "TLSv1.2"; 160474664626SKris Kennaway else 160574664626SKris Kennaway ver = "unknown"; 160674664626SKris Kennaway 1607*6f9291ceSJung-uk Kim switch (alg_mkey) { 160874664626SKris Kennaway case SSL_kRSA: 160974664626SKris Kennaway kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA"; 161074664626SKris Kennaway break; 161174664626SKris Kennaway case SSL_kDHr: 161274664626SKris Kennaway kx = "DH/RSA"; 161374664626SKris Kennaway break; 161474664626SKris Kennaway case SSL_kDHd: 161574664626SKris Kennaway kx = "DH/DSS"; 161674664626SKris Kennaway break; 16171f13597dSJung-uk Kim case SSL_kKRB5: 16185c87c606SMark Murray kx = "KRB5"; 16195c87c606SMark Murray break; 162074664626SKris Kennaway case SSL_kEDH: 162174664626SKris Kennaway kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; 162274664626SKris Kennaway break; 16231f13597dSJung-uk Kim case SSL_kECDHr: 16241f13597dSJung-uk Kim kx = "ECDH/RSA"; 16251f13597dSJung-uk Kim break; 16261f13597dSJung-uk Kim case SSL_kECDHe: 16271f13597dSJung-uk Kim kx = "ECDH/ECDSA"; 16281f13597dSJung-uk Kim break; 16291f13597dSJung-uk Kim case SSL_kEECDH: 16301f13597dSJung-uk Kim kx = "ECDH"; 16311f13597dSJung-uk Kim break; 16321f13597dSJung-uk Kim case SSL_kPSK: 16331f13597dSJung-uk Kim kx = "PSK"; 16341f13597dSJung-uk Kim break; 16351f13597dSJung-uk Kim case SSL_kSRP: 16361f13597dSJung-uk Kim kx = "SRP"; 16373b4e3dcbSSimon L. B. Nielsen break; 1638a93cbc2bSJung-uk Kim case SSL_kGOST: 1639a93cbc2bSJung-uk Kim kx = "GOST"; 1640a93cbc2bSJung-uk Kim break; 164174664626SKris Kennaway default: 164274664626SKris Kennaway kx = "unknown"; 164374664626SKris Kennaway } 164474664626SKris Kennaway 1645*6f9291ceSJung-uk Kim switch (alg_auth) { 164674664626SKris Kennaway case SSL_aRSA: 164774664626SKris Kennaway au = "RSA"; 164874664626SKris Kennaway break; 164974664626SKris Kennaway case SSL_aDSS: 165074664626SKris Kennaway au = "DSS"; 165174664626SKris Kennaway break; 165274664626SKris Kennaway case SSL_aDH: 165374664626SKris Kennaway au = "DH"; 165474664626SKris Kennaway break; 16551f13597dSJung-uk Kim case SSL_aKRB5: 16565c87c606SMark Murray au = "KRB5"; 16575c87c606SMark Murray break; 16581f13597dSJung-uk Kim case SSL_aECDH: 16591f13597dSJung-uk Kim au = "ECDH"; 16601f13597dSJung-uk Kim break; 166174664626SKris Kennaway case SSL_aNULL: 166274664626SKris Kennaway au = "None"; 166374664626SKris Kennaway break; 16643b4e3dcbSSimon L. B. Nielsen case SSL_aECDSA: 16653b4e3dcbSSimon L. B. Nielsen au = "ECDSA"; 16663b4e3dcbSSimon L. B. Nielsen break; 16671f13597dSJung-uk Kim case SSL_aPSK: 16681f13597dSJung-uk Kim au = "PSK"; 16691f13597dSJung-uk Kim break; 1670a93cbc2bSJung-uk Kim case SSL_aSRP: 1671a93cbc2bSJung-uk Kim au = "SRP"; 1672a93cbc2bSJung-uk Kim break; 1673a93cbc2bSJung-uk Kim case SSL_aGOST94: 1674a93cbc2bSJung-uk Kim au = "GOST94"; 1675a93cbc2bSJung-uk Kim break; 1676a93cbc2bSJung-uk Kim case SSL_aGOST01: 1677a93cbc2bSJung-uk Kim au = "GOST01"; 1678a93cbc2bSJung-uk Kim break; 167974664626SKris Kennaway default: 168074664626SKris Kennaway au = "unknown"; 168174664626SKris Kennaway break; 168274664626SKris Kennaway } 168374664626SKris Kennaway 1684*6f9291ceSJung-uk Kim switch (alg_enc) { 168574664626SKris Kennaway case SSL_DES: 168674664626SKris Kennaway enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)"; 168774664626SKris Kennaway break; 168874664626SKris Kennaway case SSL_3DES: 168974664626SKris Kennaway enc = "3DES(168)"; 169074664626SKris Kennaway break; 169174664626SKris Kennaway case SSL_RC4: 169274664626SKris Kennaway enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)") 169374664626SKris Kennaway : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)"); 169474664626SKris Kennaway break; 169574664626SKris Kennaway case SSL_RC2: 169674664626SKris Kennaway enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)"; 169774664626SKris Kennaway break; 169874664626SKris Kennaway case SSL_IDEA: 169974664626SKris Kennaway enc = "IDEA(128)"; 170074664626SKris Kennaway break; 170174664626SKris Kennaway case SSL_eNULL: 170274664626SKris Kennaway enc = "None"; 170374664626SKris Kennaway break; 17041f13597dSJung-uk Kim case SSL_AES128: 17051f13597dSJung-uk Kim enc = "AES(128)"; 17065c87c606SMark Murray break; 17071f13597dSJung-uk Kim case SSL_AES256: 17081f13597dSJung-uk Kim enc = "AES(256)"; 17091f13597dSJung-uk Kim break; 17101f13597dSJung-uk Kim case SSL_AES128GCM: 17111f13597dSJung-uk Kim enc = "AESGCM(128)"; 17121f13597dSJung-uk Kim break; 17131f13597dSJung-uk Kim case SSL_AES256GCM: 17141f13597dSJung-uk Kim enc = "AESGCM(256)"; 17151f13597dSJung-uk Kim break; 17161f13597dSJung-uk Kim case SSL_CAMELLIA128: 17171f13597dSJung-uk Kim enc = "Camellia(128)"; 17181f13597dSJung-uk Kim break; 17191f13597dSJung-uk Kim case SSL_CAMELLIA256: 17201f13597dSJung-uk Kim enc = "Camellia(256)"; 1721ed5d4f9aSSimon L. B. Nielsen break; 1722db522d3aSSimon L. B. Nielsen case SSL_SEED: 1723db522d3aSSimon L. B. Nielsen enc = "SEED(128)"; 1724db522d3aSSimon L. B. Nielsen break; 1725a93cbc2bSJung-uk Kim case SSL_eGOST2814789CNT: 1726a93cbc2bSJung-uk Kim enc = "GOST89(256)"; 1727a93cbc2bSJung-uk Kim break; 172874664626SKris Kennaway default: 172974664626SKris Kennaway enc = "unknown"; 173074664626SKris Kennaway break; 173174664626SKris Kennaway } 173274664626SKris Kennaway 1733*6f9291ceSJung-uk Kim switch (alg_mac) { 173474664626SKris Kennaway case SSL_MD5: 173574664626SKris Kennaway mac = "MD5"; 173674664626SKris Kennaway break; 173774664626SKris Kennaway case SSL_SHA1: 173874664626SKris Kennaway mac = "SHA1"; 173974664626SKris Kennaway break; 17401f13597dSJung-uk Kim case SSL_SHA256: 17411f13597dSJung-uk Kim mac = "SHA256"; 17421f13597dSJung-uk Kim break; 17431f13597dSJung-uk Kim case SSL_SHA384: 17441f13597dSJung-uk Kim mac = "SHA384"; 17451f13597dSJung-uk Kim break; 17461f13597dSJung-uk Kim case SSL_AEAD: 17471f13597dSJung-uk Kim mac = "AEAD"; 17481f13597dSJung-uk Kim break; 1749a93cbc2bSJung-uk Kim case SSL_GOST89MAC: 1750a93cbc2bSJung-uk Kim mac = "GOST89"; 1751a93cbc2bSJung-uk Kim break; 1752a93cbc2bSJung-uk Kim case SSL_GOST94: 1753a93cbc2bSJung-uk Kim mac = "GOST94"; 1754a93cbc2bSJung-uk Kim break; 175574664626SKris Kennaway default: 175674664626SKris Kennaway mac = "unknown"; 175774664626SKris Kennaway break; 175874664626SKris Kennaway } 175974664626SKris Kennaway 1760*6f9291ceSJung-uk Kim if (buf == NULL) { 1761ddd58736SKris Kennaway len = 128; 1762ddd58736SKris Kennaway buf = OPENSSL_malloc(len); 1763*6f9291ceSJung-uk Kim if (buf == NULL) 1764*6f9291ceSJung-uk Kim return ("OPENSSL_malloc Error"); 1765*6f9291ceSJung-uk Kim } else if (len < 128) 176674664626SKris Kennaway return ("Buffer too small"); 176774664626SKris Kennaway 17685c87c606SMark Murray #ifdef KSSL_DEBUG 1769*6f9291ceSJung-uk Kim BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, 1770*6f9291ceSJung-uk Kim exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); 17715c87c606SMark Murray #else 1772*6f9291ceSJung-uk Kim BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, 1773*6f9291ceSJung-uk Kim exp_str); 17745c87c606SMark Murray #endif /* KSSL_DEBUG */ 177574664626SKris Kennaway return (buf); 177674664626SKris Kennaway } 177774664626SKris Kennaway 17783b4e3dcbSSimon L. B. Nielsen char *SSL_CIPHER_get_version(const SSL_CIPHER *c) 177974664626SKris Kennaway { 178074664626SKris Kennaway int i; 178174664626SKris Kennaway 1782*6f9291ceSJung-uk Kim if (c == NULL) 1783*6f9291ceSJung-uk Kim return ("(NONE)"); 178474664626SKris Kennaway i = (int)(c->id >> 24L); 178574664626SKris Kennaway if (i == 3) 178674664626SKris Kennaway return ("TLSv1/SSLv3"); 178774664626SKris Kennaway else if (i == 2) 178874664626SKris Kennaway return ("SSLv2"); 178974664626SKris Kennaway else 179074664626SKris Kennaway return ("unknown"); 179174664626SKris Kennaway } 179274664626SKris Kennaway 179374664626SKris Kennaway /* return the actual cipher being used */ 17943b4e3dcbSSimon L. B. Nielsen const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 179574664626SKris Kennaway { 179674664626SKris Kennaway if (c != NULL) 179774664626SKris Kennaway return (c->name); 179874664626SKris Kennaway return ("(NONE)"); 179974664626SKris Kennaway } 180074664626SKris Kennaway 1801f579bf8eSKris Kennaway /* number of bits for symmetric cipher */ 18023b4e3dcbSSimon L. B. Nielsen int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 180374664626SKris Kennaway { 1804f579bf8eSKris Kennaway int ret = 0; 180574664626SKris Kennaway 1806*6f9291ceSJung-uk Kim if (c != NULL) { 1807*6f9291ceSJung-uk Kim if (alg_bits != NULL) 1808*6f9291ceSJung-uk Kim *alg_bits = c->alg_bits; 1809f579bf8eSKris Kennaway ret = c->strength_bits; 181074664626SKris Kennaway } 181174664626SKris Kennaway return (ret); 181274664626SKris Kennaway } 181374664626SKris Kennaway 18141f13597dSJung-uk Kim unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) 18151f13597dSJung-uk Kim { 18161f13597dSJung-uk Kim return c->id; 18171f13597dSJung-uk Kim } 18181f13597dSJung-uk Kim 181974664626SKris Kennaway SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 182074664626SKris Kennaway { 182174664626SKris Kennaway SSL_COMP *ctmp; 182274664626SKris Kennaway int i, nn; 182374664626SKris Kennaway 1824*6f9291ceSJung-uk Kim if ((n == 0) || (sk == NULL)) 1825*6f9291ceSJung-uk Kim return (NULL); 182674664626SKris Kennaway nn = sk_SSL_COMP_num(sk); 1827*6f9291ceSJung-uk Kim for (i = 0; i < nn; i++) { 182874664626SKris Kennaway ctmp = sk_SSL_COMP_value(sk, i); 182974664626SKris Kennaway if (ctmp->id == n) 183074664626SKris Kennaway return (ctmp); 183174664626SKris Kennaway } 183274664626SKris Kennaway return (NULL); 183374664626SKris Kennaway } 183474664626SKris Kennaway 18353b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_COMP 18363b4e3dcbSSimon L. B. Nielsen void *SSL_COMP_get_compression_methods(void) 183774664626SKris Kennaway { 18383b4e3dcbSSimon L. B. Nielsen return NULL; 18393b4e3dcbSSimon L. B. Nielsen } 1840*6f9291ceSJung-uk Kim 18413b4e3dcbSSimon L. B. Nielsen int SSL_COMP_add_compression_method(int id, void *cm) 18423b4e3dcbSSimon L. B. Nielsen { 18433b4e3dcbSSimon L. B. Nielsen return 1; 184474664626SKris Kennaway } 184574664626SKris Kennaway 18463b4e3dcbSSimon L. B. Nielsen const char *SSL_COMP_get_name(const void *comp) 18473b4e3dcbSSimon L. B. Nielsen { 18483b4e3dcbSSimon L. B. Nielsen return NULL; 18493b4e3dcbSSimon L. B. Nielsen } 18503b4e3dcbSSimon L. B. Nielsen #else 185174664626SKris Kennaway STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 185274664626SKris Kennaway { 18533b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 185474664626SKris Kennaway return (ssl_comp_methods); 185574664626SKris Kennaway } 185674664626SKris Kennaway 185774664626SKris Kennaway int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 185874664626SKris Kennaway { 185974664626SKris Kennaway SSL_COMP *comp; 186074664626SKris Kennaway 18615c87c606SMark Murray if (cm == NULL || cm->type == NID_undef) 18625c87c606SMark Murray return 1; 18635c87c606SMark Murray 1864*6f9291ceSJung-uk Kim /*- 1865*6f9291ceSJung-uk Kim * According to draft-ietf-tls-compression-04.txt, the 1866*6f9291ceSJung-uk Kim * compression number ranges should be the following: 1867*6f9291ceSJung-uk Kim * 1868*6f9291ceSJung-uk Kim * 0 to 63: methods defined by the IETF 1869*6f9291ceSJung-uk Kim * 64 to 192: external party methods assigned by IANA 1870*6f9291ceSJung-uk Kim * 193 to 255: reserved for private use 1871*6f9291ceSJung-uk Kim */ 1872*6f9291ceSJung-uk Kim if (id < 193 || id > 255) { 1873*6f9291ceSJung-uk Kim SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 1874*6f9291ceSJung-uk Kim SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); 18753b4e3dcbSSimon L. B. Nielsen return 0; 18763b4e3dcbSSimon L. B. Nielsen } 18773b4e3dcbSSimon L. B. Nielsen 18785c87c606SMark Murray MemCheck_off(); 1879ddd58736SKris Kennaway comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 188074664626SKris Kennaway comp->id = id; 188174664626SKris Kennaway comp->method = cm; 18823b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 1883*6f9291ceSJung-uk Kim if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { 18843b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 18853b4e3dcbSSimon L. B. Nielsen MemCheck_on(); 1886*6f9291ceSJung-uk Kim SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 1887*6f9291ceSJung-uk Kim SSL_R_DUPLICATE_COMPRESSION_ID); 18883b4e3dcbSSimon L. B. Nielsen return (1); 1889*6f9291ceSJung-uk Kim } else if ((ssl_comp_methods == NULL) 1890*6f9291ceSJung-uk Kim || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { 18913b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 18925c87c606SMark Murray MemCheck_on(); 189374664626SKris Kennaway SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); 1894ced566fdSJacques Vidrine return (1); 1895*6f9291ceSJung-uk Kim } else { 18965c87c606SMark Murray MemCheck_on(); 1897ced566fdSJacques Vidrine return (0); 189874664626SKris Kennaway } 18995c87c606SMark Murray } 19003b4e3dcbSSimon L. B. Nielsen 19013b4e3dcbSSimon L. B. Nielsen const char *SSL_COMP_get_name(const COMP_METHOD *comp) 19023b4e3dcbSSimon L. B. Nielsen { 19033b4e3dcbSSimon L. B. Nielsen if (comp) 19043b4e3dcbSSimon L. B. Nielsen return comp->name; 19053b4e3dcbSSimon L. B. Nielsen return NULL; 19063b4e3dcbSSimon L. B. Nielsen } 19073b4e3dcbSSimon L. B. Nielsen 19083b4e3dcbSSimon L. B. Nielsen #endif 1909