174664626SKris Kennaway /* ssl/ssl_ciph.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 583b4e3dcbSSimon L. B. Nielsen /* ==================================================================== 59ed5d4f9aSSimon L. B. Nielsen * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60ed5d4f9aSSimon L. B. Nielsen * 61ed5d4f9aSSimon L. B. Nielsen * Redistribution and use in source and binary forms, with or without 62ed5d4f9aSSimon L. B. Nielsen * modification, are permitted provided that the following conditions 63ed5d4f9aSSimon L. B. Nielsen * are met: 64ed5d4f9aSSimon L. B. Nielsen * 65ed5d4f9aSSimon L. B. Nielsen * 1. Redistributions of source code must retain the above copyright 66ed5d4f9aSSimon L. B. Nielsen * notice, this list of conditions and the following disclaimer. 67ed5d4f9aSSimon L. B. Nielsen * 68ed5d4f9aSSimon L. B. Nielsen * 2. Redistributions in binary form must reproduce the above copyright 69ed5d4f9aSSimon L. B. Nielsen * notice, this list of conditions and the following disclaimer in 70ed5d4f9aSSimon L. B. Nielsen * the documentation and/or other materials provided with the 71ed5d4f9aSSimon L. B. Nielsen * distribution. 72ed5d4f9aSSimon L. B. Nielsen * 73ed5d4f9aSSimon L. B. Nielsen * 3. All advertising materials mentioning features or use of this 74ed5d4f9aSSimon L. B. Nielsen * software must display the following acknowledgment: 75ed5d4f9aSSimon L. B. Nielsen * "This product includes software developed by the OpenSSL Project 76ed5d4f9aSSimon L. B. Nielsen * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77ed5d4f9aSSimon L. B. Nielsen * 78ed5d4f9aSSimon L. B. Nielsen * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79ed5d4f9aSSimon L. B. Nielsen * endorse or promote products derived from this software without 80ed5d4f9aSSimon L. B. Nielsen * prior written permission. For written permission, please contact 81ed5d4f9aSSimon L. B. Nielsen * openssl-core@openssl.org. 82ed5d4f9aSSimon L. B. Nielsen * 83ed5d4f9aSSimon L. B. Nielsen * 5. Products derived from this software may not be called "OpenSSL" 84ed5d4f9aSSimon L. B. Nielsen * nor may "OpenSSL" appear in their names without prior written 85ed5d4f9aSSimon L. B. Nielsen * permission of the OpenSSL Project. 86ed5d4f9aSSimon L. B. Nielsen * 87ed5d4f9aSSimon L. B. Nielsen * 6. Redistributions of any form whatsoever must retain the following 88ed5d4f9aSSimon L. B. Nielsen * acknowledgment: 89ed5d4f9aSSimon L. B. Nielsen * "This product includes software developed by the OpenSSL Project 90ed5d4f9aSSimon L. B. Nielsen * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91ed5d4f9aSSimon L. B. Nielsen * 92ed5d4f9aSSimon L. B. Nielsen * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93ed5d4f9aSSimon L. B. Nielsen * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94ed5d4f9aSSimon L. B. Nielsen * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95ed5d4f9aSSimon L. B. Nielsen * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96ed5d4f9aSSimon L. B. Nielsen * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97ed5d4f9aSSimon L. B. Nielsen * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98ed5d4f9aSSimon L. B. Nielsen * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99ed5d4f9aSSimon L. B. Nielsen * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100ed5d4f9aSSimon L. B. Nielsen * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101ed5d4f9aSSimon L. B. Nielsen * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102ed5d4f9aSSimon L. B. Nielsen * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103ed5d4f9aSSimon L. B. Nielsen * OF THE POSSIBILITY OF SUCH DAMAGE. 104ed5d4f9aSSimon L. B. Nielsen * ==================================================================== 105ed5d4f9aSSimon L. B. Nielsen * 106ed5d4f9aSSimon L. B. Nielsen * This product includes cryptographic software written by Eric Young 107ed5d4f9aSSimon L. B. Nielsen * (eay@cryptsoft.com). This product includes software written by Tim 108ed5d4f9aSSimon L. B. Nielsen * Hudson (tjh@cryptsoft.com). 109ed5d4f9aSSimon L. B. Nielsen * 110ed5d4f9aSSimon L. B. Nielsen */ 111ed5d4f9aSSimon L. B. Nielsen /* ==================================================================== 1123b4e3dcbSSimon L. B. Nielsen * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 1133b4e3dcbSSimon L. B. Nielsen * ECC cipher suite support in OpenSSL originally developed by 1143b4e3dcbSSimon L. B. Nielsen * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 1153b4e3dcbSSimon L. B. Nielsen */ 11674664626SKris Kennaway #include <stdio.h> 11774664626SKris Kennaway #include <openssl/objects.h> 118db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 11974664626SKris Kennaway #include <openssl/comp.h> 120db522d3aSSimon L. B. Nielsen #endif 121db522d3aSSimon L. B. Nielsen 12274664626SKris Kennaway #include "ssl_locl.h" 12374664626SKris Kennaway 12474664626SKris Kennaway #define SSL_ENC_DES_IDX 0 12574664626SKris Kennaway #define SSL_ENC_3DES_IDX 1 12674664626SKris Kennaway #define SSL_ENC_RC4_IDX 2 12774664626SKris Kennaway #define SSL_ENC_RC2_IDX 3 12874664626SKris Kennaway #define SSL_ENC_IDEA_IDX 4 12974664626SKris Kennaway #define SSL_ENC_eFZA_IDX 5 13074664626SKris Kennaway #define SSL_ENC_NULL_IDX 6 1315c87c606SMark Murray #define SSL_ENC_AES128_IDX 7 1325c87c606SMark Murray #define SSL_ENC_AES256_IDX 8 133ed5d4f9aSSimon L. B. Nielsen #define SSL_ENC_CAMELLIA128_IDX 9 134ed5d4f9aSSimon L. B. Nielsen #define SSL_ENC_CAMELLIA256_IDX 10 135db522d3aSSimon L. B. Nielsen #define SSL_ENC_SEED_IDX 11 136db522d3aSSimon L. B. Nielsen #define SSL_ENC_NUM_IDX 12 137ed5d4f9aSSimon L. B. Nielsen 13874664626SKris Kennaway 13974664626SKris Kennaway static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 14074664626SKris Kennaway NULL,NULL,NULL,NULL,NULL,NULL, 14174664626SKris Kennaway }; 14274664626SKris Kennaway 1433b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_NULL_IDX 0 1443b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_ZLIB_IDX 1 1453b4e3dcbSSimon L. B. Nielsen #define SSL_COMP_NUM_IDX 2 1463b4e3dcbSSimon L. B. Nielsen 14774664626SKris Kennaway static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 14874664626SKris Kennaway 14974664626SKris Kennaway #define SSL_MD_MD5_IDX 0 15074664626SKris Kennaway #define SSL_MD_SHA1_IDX 1 15174664626SKris Kennaway #define SSL_MD_NUM_IDX 2 15274664626SKris Kennaway static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 15374664626SKris Kennaway NULL,NULL, 15474664626SKris Kennaway }; 15574664626SKris Kennaway 15674664626SKris Kennaway #define CIPHER_ADD 1 15774664626SKris Kennaway #define CIPHER_KILL 2 15874664626SKris Kennaway #define CIPHER_DEL 3 15974664626SKris Kennaway #define CIPHER_ORD 4 160f579bf8eSKris Kennaway #define CIPHER_SPECIAL 5 16174664626SKris Kennaway 16274664626SKris Kennaway typedef struct cipher_order_st 16374664626SKris Kennaway { 16474664626SKris Kennaway SSL_CIPHER *cipher; 16574664626SKris Kennaway int active; 16674664626SKris Kennaway int dead; 16774664626SKris Kennaway struct cipher_order_st *next,*prev; 16874664626SKris Kennaway } CIPHER_ORDER; 16974664626SKris Kennaway 170f579bf8eSKris Kennaway static const SSL_CIPHER cipher_aliases[]={ 1715c87c606SMark Murray /* Don't include eNULL unless specifically enabled. */ 1723b4e3dcbSSimon L. B. Nielsen /* Don't include ECC in ALL because these ciphers are not yet official. */ 1733b4e3dcbSSimon L. B. Nielsen {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ 1743b4e3dcbSSimon L. B. Nielsen /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ 1755c87c606SMark Murray {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ 1765c87c606SMark Murray {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, 1775c87c606SMark Murray {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ 178f579bf8eSKris Kennaway {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, 179f579bf8eSKris Kennaway {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, 180f579bf8eSKris Kennaway {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, 181f579bf8eSKris Kennaway {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, 182f579bf8eSKris Kennaway {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, 183f579bf8eSKris Kennaway {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, 1843b4e3dcbSSimon L. B. Nielsen {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, 185f579bf8eSKris Kennaway {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, 1865c87c606SMark Murray {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ 187f579bf8eSKris Kennaway {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, 188f579bf8eSKris Kennaway {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, 189f579bf8eSKris Kennaway {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, 190f579bf8eSKris Kennaway {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, 191f579bf8eSKris Kennaway {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, 192f579bf8eSKris Kennaway {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, 19374664626SKris Kennaway 194f579bf8eSKris Kennaway {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, 195f579bf8eSKris Kennaway {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, 196f579bf8eSKris Kennaway {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, 197f579bf8eSKris Kennaway {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, 198ced566fdSJacques Vidrine #ifndef OPENSSL_NO_IDEA 199f579bf8eSKris Kennaway {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 200ced566fdSJacques Vidrine #endif 201db522d3aSSimon L. B. Nielsen {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0}, 202f579bf8eSKris Kennaway {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 203f579bf8eSKris Kennaway {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 2045c87c606SMark Murray {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 205ed5d4f9aSSimon L. B. Nielsen {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, 20674664626SKris Kennaway 207f579bf8eSKris Kennaway {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, 208f579bf8eSKris Kennaway {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, 209f579bf8eSKris Kennaway {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, 21074664626SKris Kennaway 211f579bf8eSKris Kennaway {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, 2125c87c606SMark Murray {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 213f579bf8eSKris Kennaway {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 214f579bf8eSKris Kennaway {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 215f579bf8eSKris Kennaway {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, 21674664626SKris Kennaway 217f579bf8eSKris Kennaway {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, 218f579bf8eSKris Kennaway {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, 219f579bf8eSKris Kennaway {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, 220f579bf8eSKris Kennaway 221f579bf8eSKris Kennaway {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 222f579bf8eSKris Kennaway {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 223f579bf8eSKris Kennaway {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, 224f579bf8eSKris Kennaway {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, 225f579bf8eSKris Kennaway {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 226f579bf8eSKris Kennaway {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 227f579bf8eSKris Kennaway {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 228db522d3aSSimon L. B. Nielsen {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, 22974664626SKris Kennaway }; 23074664626SKris Kennaway 2313b4e3dcbSSimon L. B. Nielsen void ssl_load_ciphers(void) 23274664626SKris Kennaway { 23374664626SKris Kennaway ssl_cipher_methods[SSL_ENC_DES_IDX]= 23474664626SKris Kennaway EVP_get_cipherbyname(SN_des_cbc); 23574664626SKris Kennaway ssl_cipher_methods[SSL_ENC_3DES_IDX]= 23674664626SKris Kennaway EVP_get_cipherbyname(SN_des_ede3_cbc); 23774664626SKris Kennaway ssl_cipher_methods[SSL_ENC_RC4_IDX]= 23874664626SKris Kennaway EVP_get_cipherbyname(SN_rc4); 23974664626SKris Kennaway ssl_cipher_methods[SSL_ENC_RC2_IDX]= 24074664626SKris Kennaway EVP_get_cipherbyname(SN_rc2_cbc); 241ced566fdSJacques Vidrine #ifndef OPENSSL_NO_IDEA 24274664626SKris Kennaway ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 24374664626SKris Kennaway EVP_get_cipherbyname(SN_idea_cbc); 244ced566fdSJacques Vidrine #else 245ced566fdSJacques Vidrine ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; 246ced566fdSJacques Vidrine #endif 2475c87c606SMark Murray ssl_cipher_methods[SSL_ENC_AES128_IDX]= 2485c87c606SMark Murray EVP_get_cipherbyname(SN_aes_128_cbc); 2495c87c606SMark Murray ssl_cipher_methods[SSL_ENC_AES256_IDX]= 2505c87c606SMark Murray EVP_get_cipherbyname(SN_aes_256_cbc); 251ed5d4f9aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= 252ed5d4f9aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_camellia_128_cbc); 253ed5d4f9aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 254ed5d4f9aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_camellia_256_cbc); 255db522d3aSSimon L. B. Nielsen ssl_cipher_methods[SSL_ENC_SEED_IDX]= 256db522d3aSSimon L. B. Nielsen EVP_get_cipherbyname(SN_seed_cbc); 25774664626SKris Kennaway 25874664626SKris Kennaway ssl_digest_methods[SSL_MD_MD5_IDX]= 25974664626SKris Kennaway EVP_get_digestbyname(SN_md5); 26074664626SKris Kennaway ssl_digest_methods[SSL_MD_SHA1_IDX]= 26174664626SKris Kennaway EVP_get_digestbyname(SN_sha1); 26274664626SKris Kennaway } 26374664626SKris Kennaway 2643b4e3dcbSSimon L. B. Nielsen 2653b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 2663b4e3dcbSSimon L. B. Nielsen 2673b4e3dcbSSimon L. B. Nielsen static int sk_comp_cmp(const SSL_COMP * const *a, 2683b4e3dcbSSimon L. B. Nielsen const SSL_COMP * const *b) 2693b4e3dcbSSimon L. B. Nielsen { 2703b4e3dcbSSimon L. B. Nielsen return((*a)->id-(*b)->id); 2713b4e3dcbSSimon L. B. Nielsen } 2723b4e3dcbSSimon L. B. Nielsen 2733b4e3dcbSSimon L. B. Nielsen static void load_builtin_compressions(void) 2743b4e3dcbSSimon L. B. Nielsen { 275ed5d4f9aSSimon L. B. Nielsen int got_write_lock = 0; 2763b4e3dcbSSimon L. B. Nielsen 277ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_lock(CRYPTO_LOCK_SSL); 278ed5d4f9aSSimon L. B. Nielsen if (ssl_comp_methods == NULL) 279ed5d4f9aSSimon L. B. Nielsen { 280ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 2813b4e3dcbSSimon L. B. Nielsen CRYPTO_w_lock(CRYPTO_LOCK_SSL); 282ed5d4f9aSSimon L. B. Nielsen got_write_lock = 1; 283ed5d4f9aSSimon L. B. Nielsen 2843b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods == NULL) 2853b4e3dcbSSimon L. B. Nielsen { 2863b4e3dcbSSimon L. B. Nielsen SSL_COMP *comp = NULL; 2873b4e3dcbSSimon L. B. Nielsen 2883b4e3dcbSSimon L. B. Nielsen MemCheck_off(); 2893b4e3dcbSSimon L. B. Nielsen ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); 2903b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods != NULL) 2913b4e3dcbSSimon L. B. Nielsen { 2923b4e3dcbSSimon L. B. Nielsen comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 2933b4e3dcbSSimon L. B. Nielsen if (comp != NULL) 2943b4e3dcbSSimon L. B. Nielsen { 2953b4e3dcbSSimon L. B. Nielsen comp->method=COMP_zlib(); 2963b4e3dcbSSimon L. B. Nielsen if (comp->method 2973b4e3dcbSSimon L. B. Nielsen && comp->method->type == NID_undef) 2983b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 2993b4e3dcbSSimon L. B. Nielsen else 3003b4e3dcbSSimon L. B. Nielsen { 3013b4e3dcbSSimon L. B. Nielsen comp->id=SSL_COMP_ZLIB_IDX; 3023b4e3dcbSSimon L. B. Nielsen comp->name=comp->method->name; 3033b4e3dcbSSimon L. B. Nielsen sk_SSL_COMP_push(ssl_comp_methods,comp); 3043b4e3dcbSSimon L. B. Nielsen } 3053b4e3dcbSSimon L. B. Nielsen } 3063b4e3dcbSSimon L. B. Nielsen } 3073b4e3dcbSSimon L. B. Nielsen MemCheck_on(); 3083b4e3dcbSSimon L. B. Nielsen } 309ed5d4f9aSSimon L. B. Nielsen } 310ed5d4f9aSSimon L. B. Nielsen 311ed5d4f9aSSimon L. B. Nielsen if (got_write_lock) 3123b4e3dcbSSimon L. B. Nielsen CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 313ed5d4f9aSSimon L. B. Nielsen else 314ed5d4f9aSSimon L. B. Nielsen CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 3153b4e3dcbSSimon L. B. Nielsen } 3163b4e3dcbSSimon L. B. Nielsen #endif 3173b4e3dcbSSimon L. B. Nielsen 3183b4e3dcbSSimon L. B. Nielsen int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 31974664626SKris Kennaway const EVP_MD **md, SSL_COMP **comp) 32074664626SKris Kennaway { 32174664626SKris Kennaway int i; 32274664626SKris Kennaway SSL_CIPHER *c; 32374664626SKris Kennaway 32474664626SKris Kennaway c=s->cipher; 32574664626SKris Kennaway if (c == NULL) return(0); 32674664626SKris Kennaway if (comp != NULL) 32774664626SKris Kennaway { 32874664626SKris Kennaway SSL_COMP ctmp; 3293b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP 3303b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 3313b4e3dcbSSimon L. B. Nielsen #endif 33274664626SKris Kennaway 33374664626SKris Kennaway *comp=NULL; 33474664626SKris Kennaway ctmp.id=s->compress_meth; 3353b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods != NULL) 3363b4e3dcbSSimon L. B. Nielsen { 33774664626SKris Kennaway i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); 33874664626SKris Kennaway if (i >= 0) 33974664626SKris Kennaway *comp=sk_SSL_COMP_value(ssl_comp_methods,i); 34074664626SKris Kennaway else 34174664626SKris Kennaway *comp=NULL; 34274664626SKris Kennaway } 34374664626SKris Kennaway } 34474664626SKris Kennaway 34574664626SKris Kennaway if ((enc == NULL) || (md == NULL)) return(0); 34674664626SKris Kennaway 34774664626SKris Kennaway switch (c->algorithms & SSL_ENC_MASK) 34874664626SKris Kennaway { 34974664626SKris Kennaway case SSL_DES: 35074664626SKris Kennaway i=SSL_ENC_DES_IDX; 35174664626SKris Kennaway break; 35274664626SKris Kennaway case SSL_3DES: 35374664626SKris Kennaway i=SSL_ENC_3DES_IDX; 35474664626SKris Kennaway break; 35574664626SKris Kennaway case SSL_RC4: 35674664626SKris Kennaway i=SSL_ENC_RC4_IDX; 35774664626SKris Kennaway break; 35874664626SKris Kennaway case SSL_RC2: 35974664626SKris Kennaway i=SSL_ENC_RC2_IDX; 36074664626SKris Kennaway break; 36174664626SKris Kennaway case SSL_IDEA: 36274664626SKris Kennaway i=SSL_ENC_IDEA_IDX; 36374664626SKris Kennaway break; 36474664626SKris Kennaway case SSL_eNULL: 36574664626SKris Kennaway i=SSL_ENC_NULL_IDX; 36674664626SKris Kennaway break; 3675c87c606SMark Murray case SSL_AES: 3685c87c606SMark Murray switch(c->alg_bits) 3695c87c606SMark Murray { 3705c87c606SMark Murray case 128: i=SSL_ENC_AES128_IDX; break; 3715c87c606SMark Murray case 256: i=SSL_ENC_AES256_IDX; break; 3725c87c606SMark Murray default: i=-1; break; 3735c87c606SMark Murray } 3745c87c606SMark Murray break; 375ed5d4f9aSSimon L. B. Nielsen case SSL_CAMELLIA: 376ed5d4f9aSSimon L. B. Nielsen switch(c->alg_bits) 377ed5d4f9aSSimon L. B. Nielsen { 378ed5d4f9aSSimon L. B. Nielsen case 128: i=SSL_ENC_CAMELLIA128_IDX; break; 379ed5d4f9aSSimon L. B. Nielsen case 256: i=SSL_ENC_CAMELLIA256_IDX; break; 380ed5d4f9aSSimon L. B. Nielsen default: i=-1; break; 381ed5d4f9aSSimon L. B. Nielsen } 382ed5d4f9aSSimon L. B. Nielsen break; 383db522d3aSSimon L. B. Nielsen case SSL_SEED: 384db522d3aSSimon L. B. Nielsen i=SSL_ENC_SEED_IDX; 385db522d3aSSimon L. B. Nielsen break; 386ed5d4f9aSSimon L. B. Nielsen 38774664626SKris Kennaway default: 38874664626SKris Kennaway i= -1; 38974664626SKris Kennaway break; 39074664626SKris Kennaway } 39174664626SKris Kennaway 39274664626SKris Kennaway if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 39374664626SKris Kennaway *enc=NULL; 39474664626SKris Kennaway else 39574664626SKris Kennaway { 39674664626SKris Kennaway if (i == SSL_ENC_NULL_IDX) 39774664626SKris Kennaway *enc=EVP_enc_null(); 39874664626SKris Kennaway else 39974664626SKris Kennaway *enc=ssl_cipher_methods[i]; 40074664626SKris Kennaway } 40174664626SKris Kennaway 40274664626SKris Kennaway switch (c->algorithms & SSL_MAC_MASK) 40374664626SKris Kennaway { 40474664626SKris Kennaway case SSL_MD5: 40574664626SKris Kennaway i=SSL_MD_MD5_IDX; 40674664626SKris Kennaway break; 40774664626SKris Kennaway case SSL_SHA1: 40874664626SKris Kennaway i=SSL_MD_SHA1_IDX; 40974664626SKris Kennaway break; 41074664626SKris Kennaway default: 41174664626SKris Kennaway i= -1; 41274664626SKris Kennaway break; 41374664626SKris Kennaway } 41474664626SKris Kennaway if ((i < 0) || (i > SSL_MD_NUM_IDX)) 41574664626SKris Kennaway *md=NULL; 41674664626SKris Kennaway else 41774664626SKris Kennaway *md=ssl_digest_methods[i]; 41874664626SKris Kennaway 41974664626SKris Kennaway if ((*enc != NULL) && (*md != NULL)) 42074664626SKris Kennaway return(1); 42174664626SKris Kennaway else 42274664626SKris Kennaway return(0); 42374664626SKris Kennaway } 42474664626SKris Kennaway 42574664626SKris Kennaway #define ITEM_SEP(a) \ 42674664626SKris Kennaway (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 42774664626SKris Kennaway 42874664626SKris Kennaway static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 42974664626SKris Kennaway CIPHER_ORDER **tail) 43074664626SKris Kennaway { 43174664626SKris Kennaway if (curr == *tail) return; 43274664626SKris Kennaway if (curr == *head) 43374664626SKris Kennaway *head=curr->next; 43474664626SKris Kennaway if (curr->prev != NULL) 43574664626SKris Kennaway curr->prev->next=curr->next; 43674664626SKris Kennaway if (curr->next != NULL) /* should always be true */ 43774664626SKris Kennaway curr->next->prev=curr->prev; 43874664626SKris Kennaway (*tail)->next=curr; 43974664626SKris Kennaway curr->prev= *tail; 44074664626SKris Kennaway curr->next=NULL; 44174664626SKris Kennaway *tail=curr; 44274664626SKris Kennaway } 44374664626SKris Kennaway 4445471f83eSSimon L. B. Nielsen struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, 4455471f83eSSimon L. B. Nielsen * where 128-bit and 256-bit algorithms simply will get 4465471f83eSSimon L. B. Nielsen * separate bits. */ 4475471f83eSSimon L. B. Nielsen unsigned long mask; /* everything except m256 */ 4485471f83eSSimon L. B. Nielsen unsigned long m256; /* applies to 256-bit algorithms only */ 4495471f83eSSimon L. B. Nielsen }; 4505471f83eSSimon L. B. Nielsen 451db522d3aSSimon L. B. Nielsen static struct disabled_masks ssl_cipher_get_disabled(void) 45274664626SKris Kennaway { 453f579bf8eSKris Kennaway unsigned long mask; 4545471f83eSSimon L. B. Nielsen unsigned long m256; 4555471f83eSSimon L. B. Nielsen struct disabled_masks ret; 45674664626SKris Kennaway 45774664626SKris Kennaway mask = SSL_kFZA; 4585c87c606SMark Murray #ifdef OPENSSL_NO_RSA 45974664626SKris Kennaway mask |= SSL_aRSA|SSL_kRSA; 46074664626SKris Kennaway #endif 4615c87c606SMark Murray #ifdef OPENSSL_NO_DSA 46274664626SKris Kennaway mask |= SSL_aDSS; 46374664626SKris Kennaway #endif 4645c87c606SMark Murray #ifdef OPENSSL_NO_DH 46574664626SKris Kennaway mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; 46674664626SKris Kennaway #endif 4675c87c606SMark Murray #ifdef OPENSSL_NO_KRB5 4685c87c606SMark Murray mask |= SSL_kKRB5|SSL_aKRB5; 4695c87c606SMark Murray #endif 4703b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_ECDH 4713b4e3dcbSSimon L. B. Nielsen mask |= SSL_kECDH|SSL_kECDHE; 4723b4e3dcbSSimon L. B. Nielsen #endif 47374664626SKris Kennaway #ifdef SSL_FORBID_ENULL 47474664626SKris Kennaway mask |= SSL_eNULL; 47574664626SKris Kennaway #endif 47674664626SKris Kennaway 47774664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; 47874664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; 47974664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; 48074664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; 48174664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; 48274664626SKris Kennaway mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; 483db522d3aSSimon L. B. Nielsen mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; 48474664626SKris Kennaway 48574664626SKris Kennaway mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; 48674664626SKris Kennaway mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; 48774664626SKris Kennaway 4885471f83eSSimon L. B. Nielsen /* finally consider algorithms where mask and m256 differ */ 4895471f83eSSimon L. B. Nielsen m256 = mask; 4905471f83eSSimon L. B. Nielsen mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; 4915471f83eSSimon L. B. Nielsen mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; 4925471f83eSSimon L. B. Nielsen m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0; 4935471f83eSSimon L. B. Nielsen m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0; 4945471f83eSSimon L. B. Nielsen 4955471f83eSSimon L. B. Nielsen ret.mask = mask; 4965471f83eSSimon L. B. Nielsen ret.m256 = m256; 4975471f83eSSimon L. B. Nielsen return ret; 498f579bf8eSKris Kennaway } 499f579bf8eSKris Kennaway 500f579bf8eSKris Kennaway static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 5015471f83eSSimon L. B. Nielsen int num_of_ciphers, unsigned long mask, unsigned long m256, 5025471f83eSSimon L. B. Nielsen CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 5035471f83eSSimon L. B. Nielsen CIPHER_ORDER **tail_p) 504f579bf8eSKris Kennaway { 505ced566fdSJacques Vidrine int i, co_list_num; 506f579bf8eSKris Kennaway SSL_CIPHER *c; 507f579bf8eSKris Kennaway 508f579bf8eSKris Kennaway /* 509f579bf8eSKris Kennaway * We have num_of_ciphers descriptions compiled in, depending on the 510f579bf8eSKris Kennaway * method selected (SSLv2 and/or SSLv3, TLSv1 etc). 511f579bf8eSKris Kennaway * These will later be sorted in a linked list with at most num 512f579bf8eSKris Kennaway * entries. 513f579bf8eSKris Kennaway */ 51474664626SKris Kennaway 51574664626SKris Kennaway /* Get the initial list of ciphers */ 516ced566fdSJacques Vidrine co_list_num = 0; /* actual count of ciphers */ 517f579bf8eSKris Kennaway for (i = 0; i < num_of_ciphers; i++) 51874664626SKris Kennaway { 519f579bf8eSKris Kennaway c = ssl_method->get_cipher(i); 5205471f83eSSimon L. B. Nielsen #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) 52174664626SKris Kennaway /* drop those that use any of that is not available */ 522db522d3aSSimon L. B. Nielsen #ifdef OPENSSL_FIPS 523db522d3aSSimon L. B. Nielsen if ((c != NULL) && c->valid && !IS_MASKED(c) 524db522d3aSSimon L. B. Nielsen && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) 525db522d3aSSimon L. B. Nielsen #else 5265471f83eSSimon L. B. Nielsen if ((c != NULL) && c->valid && !IS_MASKED(c)) 527db522d3aSSimon L. B. Nielsen #endif 52874664626SKris Kennaway { 529ced566fdSJacques Vidrine co_list[co_list_num].cipher = c; 530ced566fdSJacques Vidrine co_list[co_list_num].next = NULL; 531ced566fdSJacques Vidrine co_list[co_list_num].prev = NULL; 532ced566fdSJacques Vidrine co_list[co_list_num].active = 0; 533ced566fdSJacques Vidrine co_list_num++; 5345c87c606SMark Murray #ifdef KSSL_DEBUG 5355c87c606SMark Murray printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 5365c87c606SMark Murray #endif /* KSSL_DEBUG */ 537f579bf8eSKris Kennaway /* 53874664626SKris Kennaway if (!sk_push(ca_list,(char *)c)) goto err; 539f579bf8eSKris Kennaway */ 54074664626SKris Kennaway } 54174664626SKris Kennaway } 54274664626SKris Kennaway 543f579bf8eSKris Kennaway /* 544f579bf8eSKris Kennaway * Prepare linked list from list entries 545f579bf8eSKris Kennaway */ 546ced566fdSJacques Vidrine for (i = 1; i < co_list_num - 1; i++) 54774664626SKris Kennaway { 548ced566fdSJacques Vidrine co_list[i].prev = &(co_list[i-1]); 549ced566fdSJacques Vidrine co_list[i].next = &(co_list[i+1]); 55074664626SKris Kennaway } 551ced566fdSJacques Vidrine if (co_list_num > 0) 55274664626SKris Kennaway { 553ced566fdSJacques Vidrine (*head_p) = &(co_list[0]); 554f579bf8eSKris Kennaway (*head_p)->prev = NULL; 555ced566fdSJacques Vidrine (*head_p)->next = &(co_list[1]); 556ced566fdSJacques Vidrine (*tail_p) = &(co_list[co_list_num - 1]); 557ced566fdSJacques Vidrine (*tail_p)->prev = &(co_list[co_list_num - 2]); 558f579bf8eSKris Kennaway (*tail_p)->next = NULL; 559f579bf8eSKris Kennaway } 56074664626SKris Kennaway } 56174664626SKris Kennaway 562f579bf8eSKris Kennaway static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, 563f579bf8eSKris Kennaway int num_of_group_aliases, unsigned long mask, 564f579bf8eSKris Kennaway CIPHER_ORDER *head) 56574664626SKris Kennaway { 566f579bf8eSKris Kennaway CIPHER_ORDER *ciph_curr; 567f579bf8eSKris Kennaway SSL_CIPHER **ca_curr; 568f579bf8eSKris Kennaway int i; 569f579bf8eSKris Kennaway 570f579bf8eSKris Kennaway /* 571f579bf8eSKris Kennaway * First, add the real ciphers as already collected 572f579bf8eSKris Kennaway */ 573f579bf8eSKris Kennaway ciph_curr = head; 574f579bf8eSKris Kennaway ca_curr = ca_list; 575f579bf8eSKris Kennaway while (ciph_curr != NULL) 576f579bf8eSKris Kennaway { 577f579bf8eSKris Kennaway *ca_curr = ciph_curr->cipher; 578f579bf8eSKris Kennaway ca_curr++; 579f579bf8eSKris Kennaway ciph_curr = ciph_curr->next; 58074664626SKris Kennaway } 58174664626SKris Kennaway 582f579bf8eSKris Kennaway /* 583f579bf8eSKris Kennaway * Now we add the available ones from the cipher_aliases[] table. 584f579bf8eSKris Kennaway * They represent either an algorithm, that must be fully 585f579bf8eSKris Kennaway * supported (not match any bit in mask) or represent a cipher 586f579bf8eSKris Kennaway * strength value (will be added in any case because algorithms=0). 587f579bf8eSKris Kennaway */ 588f579bf8eSKris Kennaway for (i = 0; i < num_of_group_aliases; i++) 58974664626SKris Kennaway { 590f579bf8eSKris Kennaway if ((i == 0) || /* always fetch "ALL" */ 591f579bf8eSKris Kennaway !(cipher_aliases[i].algorithms & mask)) 59274664626SKris Kennaway { 593f579bf8eSKris Kennaway *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 594f579bf8eSKris Kennaway ca_curr++; 59574664626SKris Kennaway } 596f579bf8eSKris Kennaway } 59774664626SKris Kennaway 598f579bf8eSKris Kennaway *ca_curr = NULL; /* end of list */ 599f579bf8eSKris Kennaway } 600f579bf8eSKris Kennaway 601ed5d4f9aSSimon L. B. Nielsen static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, 6023b4e3dcbSSimon L. B. Nielsen unsigned long algorithms, unsigned long mask, 603f579bf8eSKris Kennaway unsigned long algo_strength, unsigned long mask_strength, 604ced566fdSJacques Vidrine int rule, int strength_bits, CIPHER_ORDER *co_list, 605f579bf8eSKris Kennaway CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 60674664626SKris Kennaway { 607f579bf8eSKris Kennaway CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 608f579bf8eSKris Kennaway SSL_CIPHER *cp; 609f579bf8eSKris Kennaway unsigned long ma, ma_s; 610f579bf8eSKris Kennaway 611f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 612f579bf8eSKris Kennaway printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", 613f579bf8eSKris Kennaway rule, algorithms, mask, algo_strength, mask_strength, 614f579bf8eSKris Kennaway strength_bits); 61574664626SKris Kennaway #endif 61674664626SKris Kennaway 617f579bf8eSKris Kennaway curr = head = *head_p; 61874664626SKris Kennaway curr2 = head; 619f579bf8eSKris Kennaway tail2 = tail = *tail_p; 62074664626SKris Kennaway for (;;) 62174664626SKris Kennaway { 62274664626SKris Kennaway if ((curr == NULL) || (curr == tail2)) break; 62374664626SKris Kennaway curr = curr2; 62474664626SKris Kennaway curr2 = curr->next; 62574664626SKris Kennaway 62674664626SKris Kennaway cp = curr->cipher; 627f579bf8eSKris Kennaway 628ed5d4f9aSSimon L. B. Nielsen /* If explicit cipher suite, match only that one for its own protocol version. 629ed5d4f9aSSimon L. B. Nielsen * Usual selection criteria will be used for similar ciphersuites from other version! */ 6303b4e3dcbSSimon L. B. Nielsen 631ed5d4f9aSSimon L. B. Nielsen if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) 6323b4e3dcbSSimon L. B. Nielsen { 6333b4e3dcbSSimon L. B. Nielsen if (cp->id != cipher_id) 6343b4e3dcbSSimon L. B. Nielsen continue; 6353b4e3dcbSSimon L. B. Nielsen } 6363b4e3dcbSSimon L. B. Nielsen 637f579bf8eSKris Kennaway /* 638f579bf8eSKris Kennaway * Selection criteria is either the number of strength_bits 639f579bf8eSKris Kennaway * or the algorithm used. 640f579bf8eSKris Kennaway */ 6413b4e3dcbSSimon L. B. Nielsen else if (strength_bits == -1) 64274664626SKris Kennaway { 643f579bf8eSKris Kennaway ma = mask & cp->algorithms; 644f579bf8eSKris Kennaway ma_s = mask_strength & cp->algo_strength; 645f579bf8eSKris Kennaway 646f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 647f579bf8eSKris Kennaway printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); 648f579bf8eSKris Kennaway printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength); 649f579bf8eSKris Kennaway #endif 650f579bf8eSKris Kennaway /* 651f579bf8eSKris Kennaway * Select: if none of the mask bit was met from the 652f579bf8eSKris Kennaway * cipher or not all of the bits were met, the 653f579bf8eSKris Kennaway * selection does not apply. 654f579bf8eSKris Kennaway */ 655f579bf8eSKris Kennaway if (((ma == 0) && (ma_s == 0)) || 656f579bf8eSKris Kennaway ((ma & algorithms) != ma) || 657f579bf8eSKris Kennaway ((ma_s & algo_strength) != ma_s)) 658f579bf8eSKris Kennaway continue; /* does not apply */ 65974664626SKris Kennaway } 660f579bf8eSKris Kennaway else if (strength_bits != cp->strength_bits) 661f579bf8eSKris Kennaway continue; /* does not apply */ 662f579bf8eSKris Kennaway 663f579bf8eSKris Kennaway #ifdef CIPHER_DEBUG 664f579bf8eSKris Kennaway printf("Action = %d\n", rule); 665f579bf8eSKris Kennaway #endif 66674664626SKris Kennaway 66774664626SKris Kennaway /* add the cipher if it has not been added yet. */ 668f579bf8eSKris Kennaway if (rule == CIPHER_ADD) 66974664626SKris Kennaway { 67074664626SKris Kennaway if (!curr->active) 67174664626SKris Kennaway { 672ed5d4f9aSSimon L. B. Nielsen int add_this_cipher = 1; 673ed5d4f9aSSimon L. B. Nielsen 674ed5d4f9aSSimon L. B. Nielsen if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) 675ed5d4f9aSSimon L. B. Nielsen { 676ed5d4f9aSSimon L. B. Nielsen /* Make sure "ECCdraft" ciphersuites are activated only if 677ed5d4f9aSSimon L. B. Nielsen * *explicitly* requested, but not implicitly (such as 678ed5d4f9aSSimon L. B. Nielsen * as part of the "AES" alias). */ 679ed5d4f9aSSimon L. B. Nielsen 680ed5d4f9aSSimon L. B. Nielsen add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; 681ed5d4f9aSSimon L. B. Nielsen } 682ed5d4f9aSSimon L. B. Nielsen 683ed5d4f9aSSimon L. B. Nielsen if (add_this_cipher) 684ed5d4f9aSSimon L. B. Nielsen { 68574664626SKris Kennaway ll_append_tail(&head, curr, &tail); 68674664626SKris Kennaway curr->active = 1; 68774664626SKris Kennaway } 68874664626SKris Kennaway } 689ed5d4f9aSSimon L. B. Nielsen } 69074664626SKris Kennaway /* Move the added cipher to this location */ 691f579bf8eSKris Kennaway else if (rule == CIPHER_ORD) 69274664626SKris Kennaway { 69374664626SKris Kennaway if (curr->active) 69474664626SKris Kennaway { 69574664626SKris Kennaway ll_append_tail(&head, curr, &tail); 69674664626SKris Kennaway } 69774664626SKris Kennaway } 698f579bf8eSKris Kennaway else if (rule == CIPHER_DEL) 69974664626SKris Kennaway curr->active = 0; 700f579bf8eSKris Kennaway else if (rule == CIPHER_KILL) 70174664626SKris Kennaway { 70274664626SKris Kennaway if (head == curr) 70374664626SKris Kennaway head = curr->next; 70474664626SKris Kennaway else 70574664626SKris Kennaway curr->prev->next = curr->next; 70674664626SKris Kennaway if (tail == curr) 70774664626SKris Kennaway tail = curr->prev; 70874664626SKris Kennaway curr->active = 0; 70974664626SKris Kennaway if (curr->next != NULL) 71074664626SKris Kennaway curr->next->prev = curr->prev; 71174664626SKris Kennaway if (curr->prev != NULL) 71274664626SKris Kennaway curr->prev->next = curr->next; 71374664626SKris Kennaway curr->next = NULL; 71474664626SKris Kennaway curr->prev = NULL; 71574664626SKris Kennaway } 71674664626SKris Kennaway } 717f579bf8eSKris Kennaway 718f579bf8eSKris Kennaway *head_p = head; 719f579bf8eSKris Kennaway *tail_p = tail; 72074664626SKris Kennaway } 72174664626SKris Kennaway 722ced566fdSJacques Vidrine static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, 723ced566fdSJacques Vidrine CIPHER_ORDER **head_p, 724f579bf8eSKris Kennaway CIPHER_ORDER **tail_p) 725f579bf8eSKris Kennaway { 726f579bf8eSKris Kennaway int max_strength_bits, i, *number_uses; 727f579bf8eSKris Kennaway CIPHER_ORDER *curr; 728f579bf8eSKris Kennaway 729f579bf8eSKris Kennaway /* 730f579bf8eSKris Kennaway * This routine sorts the ciphers with descending strength. The sorting 731f579bf8eSKris Kennaway * must keep the pre-sorted sequence, so we apply the normal sorting 732f579bf8eSKris Kennaway * routine as '+' movement to the end of the list. 733f579bf8eSKris Kennaway */ 734f579bf8eSKris Kennaway max_strength_bits = 0; 735f579bf8eSKris Kennaway curr = *head_p; 736f579bf8eSKris Kennaway while (curr != NULL) 737f579bf8eSKris Kennaway { 738f579bf8eSKris Kennaway if (curr->active && 739f579bf8eSKris Kennaway (curr->cipher->strength_bits > max_strength_bits)) 740f579bf8eSKris Kennaway max_strength_bits = curr->cipher->strength_bits; 741f579bf8eSKris Kennaway curr = curr->next; 742f579bf8eSKris Kennaway } 743f579bf8eSKris Kennaway 744ddd58736SKris Kennaway number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 745f579bf8eSKris Kennaway if (!number_uses) 746f579bf8eSKris Kennaway { 747f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); 748f579bf8eSKris Kennaway return(0); 749f579bf8eSKris Kennaway } 750f579bf8eSKris Kennaway memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 751f579bf8eSKris Kennaway 752f579bf8eSKris Kennaway /* 753f579bf8eSKris Kennaway * Now find the strength_bits values actually used 754f579bf8eSKris Kennaway */ 755f579bf8eSKris Kennaway curr = *head_p; 756f579bf8eSKris Kennaway while (curr != NULL) 757f579bf8eSKris Kennaway { 758f579bf8eSKris Kennaway if (curr->active) 759f579bf8eSKris Kennaway number_uses[curr->cipher->strength_bits]++; 760f579bf8eSKris Kennaway curr = curr->next; 761f579bf8eSKris Kennaway } 762f579bf8eSKris Kennaway /* 763f579bf8eSKris Kennaway * Go through the list of used strength_bits values in descending 764f579bf8eSKris Kennaway * order. 765f579bf8eSKris Kennaway */ 766f579bf8eSKris Kennaway for (i = max_strength_bits; i >= 0; i--) 767f579bf8eSKris Kennaway if (number_uses[i] > 0) 768ed5d4f9aSSimon L. B. Nielsen ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 769ced566fdSJacques Vidrine co_list, head_p, tail_p); 770f579bf8eSKris Kennaway 771ddd58736SKris Kennaway OPENSSL_free(number_uses); 772f579bf8eSKris Kennaway return(1); 773f579bf8eSKris Kennaway } 774f579bf8eSKris Kennaway 775f579bf8eSKris Kennaway static int ssl_cipher_process_rulestr(const char *rule_str, 776ced566fdSJacques Vidrine CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 777f579bf8eSKris Kennaway CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 778f579bf8eSKris Kennaway { 779f579bf8eSKris Kennaway unsigned long algorithms, mask, algo_strength, mask_strength; 780f579bf8eSKris Kennaway const char *l, *start, *buf; 781f579bf8eSKris Kennaway int j, multi, found, rule, retval, ok, buflen; 782ed5d4f9aSSimon L. B. Nielsen unsigned long cipher_id = 0, ssl_version = 0; 783f579bf8eSKris Kennaway char ch; 784f579bf8eSKris Kennaway 785f579bf8eSKris Kennaway retval = 1; 786f579bf8eSKris Kennaway l = rule_str; 787f579bf8eSKris Kennaway for (;;) 788f579bf8eSKris Kennaway { 789f579bf8eSKris Kennaway ch = *l; 790f579bf8eSKris Kennaway 791f579bf8eSKris Kennaway if (ch == '\0') 792f579bf8eSKris Kennaway break; /* done */ 793f579bf8eSKris Kennaway if (ch == '-') 794f579bf8eSKris Kennaway { rule = CIPHER_DEL; l++; } 795f579bf8eSKris Kennaway else if (ch == '+') 796f579bf8eSKris Kennaway { rule = CIPHER_ORD; l++; } 797f579bf8eSKris Kennaway else if (ch == '!') 798f579bf8eSKris Kennaway { rule = CIPHER_KILL; l++; } 799f579bf8eSKris Kennaway else if (ch == '@') 800f579bf8eSKris Kennaway { rule = CIPHER_SPECIAL; l++; } 801f579bf8eSKris Kennaway else 802f579bf8eSKris Kennaway { rule = CIPHER_ADD; } 803f579bf8eSKris Kennaway 804f579bf8eSKris Kennaway if (ITEM_SEP(ch)) 805f579bf8eSKris Kennaway { 806f579bf8eSKris Kennaway l++; 807f579bf8eSKris Kennaway continue; 808f579bf8eSKris Kennaway } 809f579bf8eSKris Kennaway 810f579bf8eSKris Kennaway algorithms = mask = algo_strength = mask_strength = 0; 811f579bf8eSKris Kennaway 812f579bf8eSKris Kennaway start=l; 813f579bf8eSKris Kennaway for (;;) 814f579bf8eSKris Kennaway { 815f579bf8eSKris Kennaway ch = *l; 816f579bf8eSKris Kennaway buf = l; 817f579bf8eSKris Kennaway buflen = 0; 818f579bf8eSKris Kennaway #ifndef CHARSET_EBCDIC 819f579bf8eSKris Kennaway while ( ((ch >= 'A') && (ch <= 'Z')) || 820f579bf8eSKris Kennaway ((ch >= '0') && (ch <= '9')) || 821f579bf8eSKris Kennaway ((ch >= 'a') && (ch <= 'z')) || 822f579bf8eSKris Kennaway (ch == '-')) 823f579bf8eSKris Kennaway #else 824f579bf8eSKris Kennaway while ( isalnum(ch) || (ch == '-')) 825f579bf8eSKris Kennaway #endif 826f579bf8eSKris Kennaway { 827f579bf8eSKris Kennaway ch = *(++l); 828f579bf8eSKris Kennaway buflen++; 829f579bf8eSKris Kennaway } 830f579bf8eSKris Kennaway 831f579bf8eSKris Kennaway if (buflen == 0) 832f579bf8eSKris Kennaway { 833f579bf8eSKris Kennaway /* 834f579bf8eSKris Kennaway * We hit something we cannot deal with, 835f579bf8eSKris Kennaway * it is no command or separator nor 836f579bf8eSKris Kennaway * alphanumeric, so we call this an error. 837f579bf8eSKris Kennaway */ 838f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 839f579bf8eSKris Kennaway SSL_R_INVALID_COMMAND); 840f579bf8eSKris Kennaway retval = found = 0; 841f579bf8eSKris Kennaway l++; 842f579bf8eSKris Kennaway break; 843f579bf8eSKris Kennaway } 844f579bf8eSKris Kennaway 845f579bf8eSKris Kennaway if (rule == CIPHER_SPECIAL) 846f579bf8eSKris Kennaway { 847f579bf8eSKris Kennaway found = 0; /* unused -- avoid compiler warning */ 848f579bf8eSKris Kennaway break; /* special treatment */ 849f579bf8eSKris Kennaway } 850f579bf8eSKris Kennaway 851f579bf8eSKris Kennaway /* check for multi-part specification */ 852f579bf8eSKris Kennaway if (ch == '+') 853f579bf8eSKris Kennaway { 854f579bf8eSKris Kennaway multi=1; 855f579bf8eSKris Kennaway l++; 856f579bf8eSKris Kennaway } 857f579bf8eSKris Kennaway else 858f579bf8eSKris Kennaway multi=0; 859f579bf8eSKris Kennaway 860f579bf8eSKris Kennaway /* 861f579bf8eSKris Kennaway * Now search for the cipher alias in the ca_list. Be careful 862f579bf8eSKris Kennaway * with the strncmp, because the "buflen" limitation 863f579bf8eSKris Kennaway * will make the rule "ADH:SOME" and the cipher 864f579bf8eSKris Kennaway * "ADH-MY-CIPHER" look like a match for buflen=3. 865f579bf8eSKris Kennaway * So additionally check whether the cipher name found 866f579bf8eSKris Kennaway * has the correct length. We can save a strlen() call: 867f579bf8eSKris Kennaway * just checking for the '\0' at the right place is 86850ef0093SJacques Vidrine * sufficient, we have to strncmp() anyway. (We cannot 86950ef0093SJacques Vidrine * use strcmp(), because buf is not '\0' terminated.) 870f579bf8eSKris Kennaway */ 871f579bf8eSKris Kennaway j = found = 0; 8723b4e3dcbSSimon L. B. Nielsen cipher_id = 0; 873ed5d4f9aSSimon L. B. Nielsen ssl_version = 0; 874f579bf8eSKris Kennaway while (ca_list[j]) 875f579bf8eSKris Kennaway { 87650ef0093SJacques Vidrine if (!strncmp(buf, ca_list[j]->name, buflen) && 87750ef0093SJacques Vidrine (ca_list[j]->name[buflen] == '\0')) 878f579bf8eSKris Kennaway { 879f579bf8eSKris Kennaway found = 1; 880f579bf8eSKris Kennaway break; 881f579bf8eSKris Kennaway } 882f579bf8eSKris Kennaway else 883f579bf8eSKris Kennaway j++; 884f579bf8eSKris Kennaway } 885f579bf8eSKris Kennaway if (!found) 886f579bf8eSKris Kennaway break; /* ignore this entry */ 887f579bf8eSKris Kennaway 8883b4e3dcbSSimon L. B. Nielsen /* New algorithms: 8893b4e3dcbSSimon L. B. Nielsen * 1 - any old restrictions apply outside new mask 8903b4e3dcbSSimon L. B. Nielsen * 2 - any new restrictions apply outside old mask 8913b4e3dcbSSimon L. B. Nielsen * 3 - enforce old & new where masks intersect 8923b4e3dcbSSimon L. B. Nielsen */ 8933b4e3dcbSSimon L. B. Nielsen algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */ 8943b4e3dcbSSimon L. B. Nielsen (ca_list[j]->algorithms & ~mask) | /* 2 */ 8953b4e3dcbSSimon L. B. Nielsen (algorithms & ca_list[j]->algorithms); /* 3 */ 896f579bf8eSKris Kennaway mask |= ca_list[j]->mask; 8973b4e3dcbSSimon L. B. Nielsen algo_strength = (algo_strength & ~ca_list[j]->mask_strength) | 8983b4e3dcbSSimon L. B. Nielsen (ca_list[j]->algo_strength & ~mask_strength) | 8993b4e3dcbSSimon L. B. Nielsen (algo_strength & ca_list[j]->algo_strength); 900f579bf8eSKris Kennaway mask_strength |= ca_list[j]->mask_strength; 901f579bf8eSKris Kennaway 902ed5d4f9aSSimon L. B. Nielsen /* explicit ciphersuite found */ 903ed5d4f9aSSimon L. B. Nielsen if (ca_list[j]->valid) 904ed5d4f9aSSimon L. B. Nielsen { 905ed5d4f9aSSimon L. B. Nielsen cipher_id = ca_list[j]->id; 906ed5d4f9aSSimon L. B. Nielsen ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; 907ed5d4f9aSSimon L. B. Nielsen break; 908ed5d4f9aSSimon L. B. Nielsen } 909ed5d4f9aSSimon L. B. Nielsen 910f579bf8eSKris Kennaway if (!multi) break; 911f579bf8eSKris Kennaway } 912f579bf8eSKris Kennaway 913f579bf8eSKris Kennaway /* 914f579bf8eSKris Kennaway * Ok, we have the rule, now apply it 915f579bf8eSKris Kennaway */ 916f579bf8eSKris Kennaway if (rule == CIPHER_SPECIAL) 917f579bf8eSKris Kennaway { /* special command */ 918f579bf8eSKris Kennaway ok = 0; 919f579bf8eSKris Kennaway if ((buflen == 8) && 920f579bf8eSKris Kennaway !strncmp(buf, "STRENGTH", 8)) 921ced566fdSJacques Vidrine ok = ssl_cipher_strength_sort(co_list, 922f579bf8eSKris Kennaway head_p, tail_p); 923f579bf8eSKris Kennaway else 924f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 925f579bf8eSKris Kennaway SSL_R_INVALID_COMMAND); 926f579bf8eSKris Kennaway if (ok == 0) 927f579bf8eSKris Kennaway retval = 0; 928f579bf8eSKris Kennaway /* 929f579bf8eSKris Kennaway * We do not support any "multi" options 930f579bf8eSKris Kennaway * together with "@", so throw away the 931f579bf8eSKris Kennaway * rest of the command, if any left, until 932f579bf8eSKris Kennaway * end or ':' is found. 933f579bf8eSKris Kennaway */ 9345471f83eSSimon L. B. Nielsen while ((*l != '\0') && !ITEM_SEP(*l)) 935f579bf8eSKris Kennaway l++; 936f579bf8eSKris Kennaway } 937f579bf8eSKris Kennaway else if (found) 938f579bf8eSKris Kennaway { 939ed5d4f9aSSimon L. B. Nielsen ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, 940f579bf8eSKris Kennaway algo_strength, mask_strength, rule, -1, 941ced566fdSJacques Vidrine co_list, head_p, tail_p); 942f579bf8eSKris Kennaway } 943f579bf8eSKris Kennaway else 944f579bf8eSKris Kennaway { 9455471f83eSSimon L. B. Nielsen while ((*l != '\0') && !ITEM_SEP(*l)) 946f579bf8eSKris Kennaway l++; 947f579bf8eSKris Kennaway } 948f579bf8eSKris Kennaway if (*l == '\0') break; /* done */ 949f579bf8eSKris Kennaway } 950f579bf8eSKris Kennaway 951f579bf8eSKris Kennaway return(retval); 952f579bf8eSKris Kennaway } 953f579bf8eSKris Kennaway 954f579bf8eSKris Kennaway STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, 955f579bf8eSKris Kennaway STACK_OF(SSL_CIPHER) **cipher_list, 956f579bf8eSKris Kennaway STACK_OF(SSL_CIPHER) **cipher_list_by_id, 957f579bf8eSKris Kennaway const char *rule_str) 958f579bf8eSKris Kennaway { 959f579bf8eSKris Kennaway int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 960f579bf8eSKris Kennaway unsigned long disabled_mask; 9615471f83eSSimon L. B. Nielsen unsigned long disabled_m256; 9623b4e3dcbSSimon L. B. Nielsen STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 963f579bf8eSKris Kennaway const char *rule_p; 964ced566fdSJacques Vidrine CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 965f579bf8eSKris Kennaway SSL_CIPHER **ca_list = NULL; 966f579bf8eSKris Kennaway 967f579bf8eSKris Kennaway /* 968f579bf8eSKris Kennaway * Return with error if nothing to do. 969f579bf8eSKris Kennaway */ 9703b4e3dcbSSimon L. B. Nielsen if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 9713b4e3dcbSSimon L. B. Nielsen return NULL; 972f579bf8eSKris Kennaway 973f579bf8eSKris Kennaway /* 974f579bf8eSKris Kennaway * To reduce the work to do we only want to process the compiled 975f579bf8eSKris Kennaway * in algorithms, so we first get the mask of disabled ciphers. 976f579bf8eSKris Kennaway */ 9775471f83eSSimon L. B. Nielsen { 9785471f83eSSimon L. B. Nielsen struct disabled_masks d; 9795471f83eSSimon L. B. Nielsen d = ssl_cipher_get_disabled(); 9805471f83eSSimon L. B. Nielsen disabled_mask = d.mask; 9815471f83eSSimon L. B. Nielsen disabled_m256 = d.m256; 9825471f83eSSimon L. B. Nielsen } 983f579bf8eSKris Kennaway 984f579bf8eSKris Kennaway /* 985f579bf8eSKris Kennaway * Now we have to collect the available ciphers from the compiled 986f579bf8eSKris Kennaway * in ciphers. We cannot get more than the number compiled in, so 987f579bf8eSKris Kennaway * it is used for allocation. 988f579bf8eSKris Kennaway */ 989f579bf8eSKris Kennaway num_of_ciphers = ssl_method->num_ciphers(); 9905c87c606SMark Murray #ifdef KSSL_DEBUG 9915c87c606SMark Murray printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 9925c87c606SMark Murray #endif /* KSSL_DEBUG */ 993ced566fdSJacques Vidrine co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 994ced566fdSJacques Vidrine if (co_list == NULL) 995f579bf8eSKris Kennaway { 996f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 997f579bf8eSKris Kennaway return(NULL); /* Failure */ 998f579bf8eSKris Kennaway } 999f579bf8eSKris Kennaway 1000f579bf8eSKris Kennaway ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 10015471f83eSSimon L. B. Nielsen disabled_m256, co_list, &head, &tail); 1002f579bf8eSKris Kennaway 1003f579bf8eSKris Kennaway /* 1004f579bf8eSKris Kennaway * We also need cipher aliases for selecting based on the rule_str. 1005f579bf8eSKris Kennaway * There might be two types of entries in the rule_str: 1) names 1006f579bf8eSKris Kennaway * of ciphers themselves 2) aliases for groups of ciphers. 1007f579bf8eSKris Kennaway * For 1) we need the available ciphers and for 2) the cipher 1008f579bf8eSKris Kennaway * groups of cipher_aliases added together in one list (otherwise 1009f579bf8eSKris Kennaway * we would be happy with just the cipher_aliases table). 1010f579bf8eSKris Kennaway */ 1011f579bf8eSKris Kennaway num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1012f579bf8eSKris Kennaway num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1013f579bf8eSKris Kennaway ca_list = 1014ddd58736SKris Kennaway (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1015f579bf8eSKris Kennaway if (ca_list == NULL) 1016f579bf8eSKris Kennaway { 1017ced566fdSJacques Vidrine OPENSSL_free(co_list); 1018f579bf8eSKris Kennaway SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 1019f579bf8eSKris Kennaway return(NULL); /* Failure */ 1020f579bf8eSKris Kennaway } 10215471f83eSSimon L. B. Nielsen ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 10225471f83eSSimon L. B. Nielsen (disabled_mask & disabled_m256), head); 1023f579bf8eSKris Kennaway 1024f579bf8eSKris Kennaway /* 1025f579bf8eSKris Kennaway * If the rule_string begins with DEFAULT, apply the default rule 1026f579bf8eSKris Kennaway * before using the (possibly available) additional rules. 1027f579bf8eSKris Kennaway */ 1028f579bf8eSKris Kennaway ok = 1; 1029f579bf8eSKris Kennaway rule_p = rule_str; 1030f579bf8eSKris Kennaway if (strncmp(rule_str,"DEFAULT",7) == 0) 1031f579bf8eSKris Kennaway { 1032f579bf8eSKris Kennaway ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1033ced566fdSJacques Vidrine co_list, &head, &tail, ca_list); 1034f579bf8eSKris Kennaway rule_p += 7; 1035f579bf8eSKris Kennaway if (*rule_p == ':') 1036f579bf8eSKris Kennaway rule_p++; 1037f579bf8eSKris Kennaway } 1038f579bf8eSKris Kennaway 1039f579bf8eSKris Kennaway if (ok && (strlen(rule_p) > 0)) 1040ced566fdSJacques Vidrine ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, 1041f579bf8eSKris Kennaway ca_list); 1042f579bf8eSKris Kennaway 1043ddd58736SKris Kennaway OPENSSL_free(ca_list); /* Not needed anymore */ 1044f579bf8eSKris Kennaway 1045f579bf8eSKris Kennaway if (!ok) 1046f579bf8eSKris Kennaway { /* Rule processing failure */ 1047ced566fdSJacques Vidrine OPENSSL_free(co_list); 1048f579bf8eSKris Kennaway return(NULL); 1049f579bf8eSKris Kennaway } 1050f579bf8eSKris Kennaway /* 1051f579bf8eSKris Kennaway * Allocate new "cipherstack" for the result, return with error 1052f579bf8eSKris Kennaway * if we cannot get one. 1053f579bf8eSKris Kennaway */ 1054ddd58736SKris Kennaway if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 1055f579bf8eSKris Kennaway { 1056ced566fdSJacques Vidrine OPENSSL_free(co_list); 1057f579bf8eSKris Kennaway return(NULL); 1058f579bf8eSKris Kennaway } 1059f579bf8eSKris Kennaway 1060f579bf8eSKris Kennaway /* 1061f579bf8eSKris Kennaway * The cipher selection for the list is done. The ciphers are added 1062f579bf8eSKris Kennaway * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1063f579bf8eSKris Kennaway */ 106474664626SKris Kennaway for (curr = head; curr != NULL; curr = curr->next) 106574664626SKris Kennaway { 1066db522d3aSSimon L. B. Nielsen #ifdef OPENSSL_FIPS 1067db522d3aSSimon L. B. Nielsen if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) 1068db522d3aSSimon L. B. Nielsen #else 106974664626SKris Kennaway if (curr->active) 1070db522d3aSSimon L. B. Nielsen #endif 107174664626SKris Kennaway { 1072f579bf8eSKris Kennaway sk_SSL_CIPHER_push(cipherstack, curr->cipher); 107374664626SKris Kennaway #ifdef CIPHER_DEBUG 107474664626SKris Kennaway printf("<%s>\n",curr->cipher->name); 107574664626SKris Kennaway #endif 107674664626SKris Kennaway } 107774664626SKris Kennaway } 1078ced566fdSJacques Vidrine OPENSSL_free(co_list); /* Not needed any longer */ 107974664626SKris Kennaway 10803b4e3dcbSSimon L. B. Nielsen tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 10813b4e3dcbSSimon L. B. Nielsen if (tmp_cipher_list == NULL) 108274664626SKris Kennaway { 10833b4e3dcbSSimon L. B. Nielsen sk_SSL_CIPHER_free(cipherstack); 10843b4e3dcbSSimon L. B. Nielsen return NULL; 10853b4e3dcbSSimon L. B. Nielsen } 108674664626SKris Kennaway if (*cipher_list != NULL) 108774664626SKris Kennaway sk_SSL_CIPHER_free(*cipher_list); 1088f579bf8eSKris Kennaway *cipher_list = cipherstack; 108974664626SKris Kennaway if (*cipher_list_by_id != NULL) 109074664626SKris Kennaway sk_SSL_CIPHER_free(*cipher_list_by_id); 10913b4e3dcbSSimon L. B. Nielsen *cipher_list_by_id = tmp_cipher_list; 1092db522d3aSSimon L. B. Nielsen (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 109374664626SKris Kennaway 1094f579bf8eSKris Kennaway return(cipherstack); 109574664626SKris Kennaway } 109674664626SKris Kennaway 109774664626SKris Kennaway char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 109874664626SKris Kennaway { 109974664626SKris Kennaway int is_export,pkl,kl; 11003b4e3dcbSSimon L. B. Nielsen const char *ver,*exp_str; 11013b4e3dcbSSimon L. B. Nielsen const char *kx,*au,*enc,*mac; 1102f579bf8eSKris Kennaway unsigned long alg,alg2,alg_s; 11035c87c606SMark Murray #ifdef KSSL_DEBUG 11043b4e3dcbSSimon L. B. Nielsen static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; 11055c87c606SMark Murray #else 11063b4e3dcbSSimon L. B. Nielsen static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 11075c87c606SMark Murray #endif /* KSSL_DEBUG */ 110874664626SKris Kennaway 110974664626SKris Kennaway alg=cipher->algorithms; 1110f579bf8eSKris Kennaway alg_s=cipher->algo_strength; 111174664626SKris Kennaway alg2=cipher->algorithm2; 111274664626SKris Kennaway 1113f579bf8eSKris Kennaway is_export=SSL_C_IS_EXPORT(cipher); 1114f579bf8eSKris Kennaway pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 1115f579bf8eSKris Kennaway kl=SSL_C_EXPORT_KEYLENGTH(cipher); 1116ced566fdSJacques Vidrine exp_str=is_export?" export":""; 111774664626SKris Kennaway 111874664626SKris Kennaway if (alg & SSL_SSLV2) 111974664626SKris Kennaway ver="SSLv2"; 112074664626SKris Kennaway else if (alg & SSL_SSLV3) 112174664626SKris Kennaway ver="SSLv3"; 112274664626SKris Kennaway else 112374664626SKris Kennaway ver="unknown"; 112474664626SKris Kennaway 112574664626SKris Kennaway switch (alg&SSL_MKEY_MASK) 112674664626SKris Kennaway { 112774664626SKris Kennaway case SSL_kRSA: 112874664626SKris Kennaway kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 112974664626SKris Kennaway break; 113074664626SKris Kennaway case SSL_kDHr: 113174664626SKris Kennaway kx="DH/RSA"; 113274664626SKris Kennaway break; 113374664626SKris Kennaway case SSL_kDHd: 113474664626SKris Kennaway kx="DH/DSS"; 113574664626SKris Kennaway break; 11365c87c606SMark Murray case SSL_kKRB5: /* VRS */ 11375c87c606SMark Murray case SSL_KRB5: /* VRS */ 11385c87c606SMark Murray kx="KRB5"; 11395c87c606SMark Murray break; 114074664626SKris Kennaway case SSL_kFZA: 114174664626SKris Kennaway kx="Fortezza"; 114274664626SKris Kennaway break; 114374664626SKris Kennaway case SSL_kEDH: 114474664626SKris Kennaway kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 114574664626SKris Kennaway break; 11463b4e3dcbSSimon L. B. Nielsen case SSL_kECDH: 11473b4e3dcbSSimon L. B. Nielsen case SSL_kECDHE: 11483b4e3dcbSSimon L. B. Nielsen kx=is_export?"ECDH(<=163)":"ECDH"; 11493b4e3dcbSSimon L. B. Nielsen break; 115074664626SKris Kennaway default: 115174664626SKris Kennaway kx="unknown"; 115274664626SKris Kennaway } 115374664626SKris Kennaway 115474664626SKris Kennaway switch (alg&SSL_AUTH_MASK) 115574664626SKris Kennaway { 115674664626SKris Kennaway case SSL_aRSA: 115774664626SKris Kennaway au="RSA"; 115874664626SKris Kennaway break; 115974664626SKris Kennaway case SSL_aDSS: 116074664626SKris Kennaway au="DSS"; 116174664626SKris Kennaway break; 116274664626SKris Kennaway case SSL_aDH: 116374664626SKris Kennaway au="DH"; 116474664626SKris Kennaway break; 11655c87c606SMark Murray case SSL_aKRB5: /* VRS */ 11665c87c606SMark Murray case SSL_KRB5: /* VRS */ 11675c87c606SMark Murray au="KRB5"; 11685c87c606SMark Murray break; 116974664626SKris Kennaway case SSL_aFZA: 117074664626SKris Kennaway case SSL_aNULL: 117174664626SKris Kennaway au="None"; 117274664626SKris Kennaway break; 11733b4e3dcbSSimon L. B. Nielsen case SSL_aECDSA: 11743b4e3dcbSSimon L. B. Nielsen au="ECDSA"; 11753b4e3dcbSSimon L. B. Nielsen break; 117674664626SKris Kennaway default: 117774664626SKris Kennaway au="unknown"; 117874664626SKris Kennaway break; 117974664626SKris Kennaway } 118074664626SKris Kennaway 118174664626SKris Kennaway switch (alg&SSL_ENC_MASK) 118274664626SKris Kennaway { 118374664626SKris Kennaway case SSL_DES: 118474664626SKris Kennaway enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 118574664626SKris Kennaway break; 118674664626SKris Kennaway case SSL_3DES: 118774664626SKris Kennaway enc="3DES(168)"; 118874664626SKris Kennaway break; 118974664626SKris Kennaway case SSL_RC4: 119074664626SKris Kennaway enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 119174664626SKris Kennaway :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); 119274664626SKris Kennaway break; 119374664626SKris Kennaway case SSL_RC2: 119474664626SKris Kennaway enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 119574664626SKris Kennaway break; 119674664626SKris Kennaway case SSL_IDEA: 119774664626SKris Kennaway enc="IDEA(128)"; 119874664626SKris Kennaway break; 119974664626SKris Kennaway case SSL_eFZA: 120074664626SKris Kennaway enc="Fortezza"; 120174664626SKris Kennaway break; 120274664626SKris Kennaway case SSL_eNULL: 120374664626SKris Kennaway enc="None"; 120474664626SKris Kennaway break; 12055c87c606SMark Murray case SSL_AES: 12065c87c606SMark Murray switch(cipher->strength_bits) 12075c87c606SMark Murray { 12085c87c606SMark Murray case 128: enc="AES(128)"; break; 12095c87c606SMark Murray case 192: enc="AES(192)"; break; 12105c87c606SMark Murray case 256: enc="AES(256)"; break; 12115c87c606SMark Murray default: enc="AES(?""?""?)"; break; 12125c87c606SMark Murray } 12135c87c606SMark Murray break; 1214ed5d4f9aSSimon L. B. Nielsen case SSL_CAMELLIA: 1215ed5d4f9aSSimon L. B. Nielsen switch(cipher->strength_bits) 1216ed5d4f9aSSimon L. B. Nielsen { 1217ed5d4f9aSSimon L. B. Nielsen case 128: enc="Camellia(128)"; break; 1218ed5d4f9aSSimon L. B. Nielsen case 256: enc="Camellia(256)"; break; 1219ed5d4f9aSSimon L. B. Nielsen default: enc="Camellia(?""?""?)"; break; 1220ed5d4f9aSSimon L. B. Nielsen } 1221ed5d4f9aSSimon L. B. Nielsen break; 1222db522d3aSSimon L. B. Nielsen case SSL_SEED: 1223db522d3aSSimon L. B. Nielsen enc="SEED(128)"; 1224db522d3aSSimon L. B. Nielsen break; 1225ed5d4f9aSSimon L. B. Nielsen 122674664626SKris Kennaway default: 122774664626SKris Kennaway enc="unknown"; 122874664626SKris Kennaway break; 122974664626SKris Kennaway } 123074664626SKris Kennaway 123174664626SKris Kennaway switch (alg&SSL_MAC_MASK) 123274664626SKris Kennaway { 123374664626SKris Kennaway case SSL_MD5: 123474664626SKris Kennaway mac="MD5"; 123574664626SKris Kennaway break; 123674664626SKris Kennaway case SSL_SHA1: 123774664626SKris Kennaway mac="SHA1"; 123874664626SKris Kennaway break; 123974664626SKris Kennaway default: 124074664626SKris Kennaway mac="unknown"; 124174664626SKris Kennaway break; 124274664626SKris Kennaway } 124374664626SKris Kennaway 124474664626SKris Kennaway if (buf == NULL) 124574664626SKris Kennaway { 1246ddd58736SKris Kennaway len=128; 1247ddd58736SKris Kennaway buf=OPENSSL_malloc(len); 1248ddd58736SKris Kennaway if (buf == NULL) return("OPENSSL_malloc Error"); 124974664626SKris Kennaway } 125074664626SKris Kennaway else if (len < 128) 125174664626SKris Kennaway return("Buffer too small"); 125274664626SKris Kennaway 12535c87c606SMark Murray #ifdef KSSL_DEBUG 1254ced566fdSJacques Vidrine BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); 12555c87c606SMark Murray #else 1256ced566fdSJacques Vidrine BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 12575c87c606SMark Murray #endif /* KSSL_DEBUG */ 125874664626SKris Kennaway return(buf); 125974664626SKris Kennaway } 126074664626SKris Kennaway 12613b4e3dcbSSimon L. B. Nielsen char *SSL_CIPHER_get_version(const SSL_CIPHER *c) 126274664626SKris Kennaway { 126374664626SKris Kennaway int i; 126474664626SKris Kennaway 126574664626SKris Kennaway if (c == NULL) return("(NONE)"); 126674664626SKris Kennaway i=(int)(c->id>>24L); 126774664626SKris Kennaway if (i == 3) 126874664626SKris Kennaway return("TLSv1/SSLv3"); 126974664626SKris Kennaway else if (i == 2) 127074664626SKris Kennaway return("SSLv2"); 127174664626SKris Kennaway else 127274664626SKris Kennaway return("unknown"); 127374664626SKris Kennaway } 127474664626SKris Kennaway 127574664626SKris Kennaway /* return the actual cipher being used */ 12763b4e3dcbSSimon L. B. Nielsen const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 127774664626SKris Kennaway { 127874664626SKris Kennaway if (c != NULL) 127974664626SKris Kennaway return(c->name); 128074664626SKris Kennaway return("(NONE)"); 128174664626SKris Kennaway } 128274664626SKris Kennaway 1283f579bf8eSKris Kennaway /* number of bits for symmetric cipher */ 12843b4e3dcbSSimon L. B. Nielsen int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 128574664626SKris Kennaway { 1286f579bf8eSKris Kennaway int ret=0; 128774664626SKris Kennaway 128874664626SKris Kennaway if (c != NULL) 128974664626SKris Kennaway { 1290f579bf8eSKris Kennaway if (alg_bits != NULL) *alg_bits = c->alg_bits; 1291f579bf8eSKris Kennaway ret = c->strength_bits; 129274664626SKris Kennaway } 129374664626SKris Kennaway return(ret); 129474664626SKris Kennaway } 129574664626SKris Kennaway 129674664626SKris Kennaway SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 129774664626SKris Kennaway { 129874664626SKris Kennaway SSL_COMP *ctmp; 129974664626SKris Kennaway int i,nn; 130074664626SKris Kennaway 130174664626SKris Kennaway if ((n == 0) || (sk == NULL)) return(NULL); 130274664626SKris Kennaway nn=sk_SSL_COMP_num(sk); 130374664626SKris Kennaway for (i=0; i<nn; i++) 130474664626SKris Kennaway { 130574664626SKris Kennaway ctmp=sk_SSL_COMP_value(sk,i); 130674664626SKris Kennaway if (ctmp->id == n) 130774664626SKris Kennaway return(ctmp); 130874664626SKris Kennaway } 130974664626SKris Kennaway return(NULL); 131074664626SKris Kennaway } 131174664626SKris Kennaway 13123b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_COMP 13133b4e3dcbSSimon L. B. Nielsen void *SSL_COMP_get_compression_methods(void) 131474664626SKris Kennaway { 13153b4e3dcbSSimon L. B. Nielsen return NULL; 13163b4e3dcbSSimon L. B. Nielsen } 13173b4e3dcbSSimon L. B. Nielsen int SSL_COMP_add_compression_method(int id, void *cm) 13183b4e3dcbSSimon L. B. Nielsen { 13193b4e3dcbSSimon L. B. Nielsen return 1; 132074664626SKris Kennaway } 132174664626SKris Kennaway 13223b4e3dcbSSimon L. B. Nielsen const char *SSL_COMP_get_name(const void *comp) 13233b4e3dcbSSimon L. B. Nielsen { 13243b4e3dcbSSimon L. B. Nielsen return NULL; 13253b4e3dcbSSimon L. B. Nielsen } 13263b4e3dcbSSimon L. B. Nielsen #else 132774664626SKris Kennaway STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 132874664626SKris Kennaway { 13293b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 133074664626SKris Kennaway return(ssl_comp_methods); 133174664626SKris Kennaway } 133274664626SKris Kennaway 133374664626SKris Kennaway int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 133474664626SKris Kennaway { 133574664626SKris Kennaway SSL_COMP *comp; 133674664626SKris Kennaway 13375c87c606SMark Murray if (cm == NULL || cm->type == NID_undef) 13385c87c606SMark Murray return 1; 13395c87c606SMark Murray 13403b4e3dcbSSimon L. B. Nielsen /* According to draft-ietf-tls-compression-04.txt, the 13413b4e3dcbSSimon L. B. Nielsen compression number ranges should be the following: 13423b4e3dcbSSimon L. B. Nielsen 13433b4e3dcbSSimon L. B. Nielsen 0 to 63: methods defined by the IETF 13443b4e3dcbSSimon L. B. Nielsen 64 to 192: external party methods assigned by IANA 13453b4e3dcbSSimon L. B. Nielsen 193 to 255: reserved for private use */ 13463b4e3dcbSSimon L. B. Nielsen if (id < 193 || id > 255) 13473b4e3dcbSSimon L. B. Nielsen { 13483b4e3dcbSSimon L. B. Nielsen SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); 13493b4e3dcbSSimon L. B. Nielsen return 0; 13503b4e3dcbSSimon L. B. Nielsen } 13513b4e3dcbSSimon L. B. Nielsen 13525c87c606SMark Murray MemCheck_off(); 1353ddd58736SKris Kennaway comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 135474664626SKris Kennaway comp->id=id; 135574664626SKris Kennaway comp->method=cm; 13563b4e3dcbSSimon L. B. Nielsen load_builtin_compressions(); 13573b4e3dcbSSimon L. B. Nielsen if (ssl_comp_methods 1358db522d3aSSimon L. B. Nielsen && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) 135974664626SKris Kennaway { 13603b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 13613b4e3dcbSSimon L. B. Nielsen MemCheck_on(); 13623b4e3dcbSSimon L. B. Nielsen SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); 13633b4e3dcbSSimon L. B. Nielsen return(1); 13643b4e3dcbSSimon L. B. Nielsen } 13653b4e3dcbSSimon L. B. Nielsen else if ((ssl_comp_methods == NULL) 13663b4e3dcbSSimon L. B. Nielsen || !sk_SSL_COMP_push(ssl_comp_methods,comp)) 13673b4e3dcbSSimon L. B. Nielsen { 13683b4e3dcbSSimon L. B. Nielsen OPENSSL_free(comp); 13695c87c606SMark Murray MemCheck_on(); 137074664626SKris Kennaway SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1371ced566fdSJacques Vidrine return(1); 137274664626SKris Kennaway } 137374664626SKris Kennaway else 13745c87c606SMark Murray { 13755c87c606SMark Murray MemCheck_on(); 1376ced566fdSJacques Vidrine return(0); 137774664626SKris Kennaway } 13785c87c606SMark Murray } 13793b4e3dcbSSimon L. B. Nielsen 13803b4e3dcbSSimon L. B. Nielsen const char *SSL_COMP_get_name(const COMP_METHOD *comp) 13813b4e3dcbSSimon L. B. Nielsen { 13823b4e3dcbSSimon L. B. Nielsen if (comp) 13833b4e3dcbSSimon L. B. Nielsen return comp->name; 13843b4e3dcbSSimon L. B. Nielsen return NULL; 13853b4e3dcbSSimon L. B. Nielsen } 13863b4e3dcbSSimon L. B. Nielsen 13873b4e3dcbSSimon L. B. Nielsen #endif 1388