xref: /freebsd/crypto/openssl/ssl/ssl_ciph.c (revision 7aa383846770374466b1dcb2cefd71bde9acf463)
1 /* ssl/ssl_ciph.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 #include <stdio.h>
117 #include <openssl/objects.h>
118 #ifndef OPENSSL_NO_COMP
119 #include <openssl/comp.h>
120 #endif
121 
122 #include "ssl_locl.h"
123 
124 #define SSL_ENC_DES_IDX		0
125 #define SSL_ENC_3DES_IDX	1
126 #define SSL_ENC_RC4_IDX		2
127 #define SSL_ENC_RC2_IDX		3
128 #define SSL_ENC_IDEA_IDX	4
129 #define SSL_ENC_eFZA_IDX	5
130 #define SSL_ENC_NULL_IDX	6
131 #define SSL_ENC_AES128_IDX	7
132 #define SSL_ENC_AES256_IDX	8
133 #define SSL_ENC_CAMELLIA128_IDX	9
134 #define SSL_ENC_CAMELLIA256_IDX	10
135 #define SSL_ENC_SEED_IDX    	11
136 #define SSL_ENC_NUM_IDX		12
137 
138 
139 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
140 	NULL,NULL,NULL,NULL,NULL,NULL,
141 	};
142 
143 #define SSL_COMP_NULL_IDX	0
144 #define SSL_COMP_ZLIB_IDX	1
145 #define SSL_COMP_NUM_IDX	2
146 
147 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
148 
149 #define SSL_MD_MD5_IDX	0
150 #define SSL_MD_SHA1_IDX	1
151 #define SSL_MD_NUM_IDX	2
152 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
153 	NULL,NULL,
154 	};
155 
156 #define CIPHER_ADD	1
157 #define CIPHER_KILL	2
158 #define CIPHER_DEL	3
159 #define CIPHER_ORD	4
160 #define CIPHER_SPECIAL	5
161 
162 typedef struct cipher_order_st
163 	{
164 	SSL_CIPHER *cipher;
165 	int active;
166 	int dead;
167 	struct cipher_order_st *next,*prev;
168 	} CIPHER_ORDER;
169 
170 static const SSL_CIPHER cipher_aliases[]={
171 	/* Don't include eNULL unless specifically enabled. */
172 	/* Don't include ECC in ALL because these ciphers are not yet official. */
173 	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
174 	/* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
175 	{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
176 	{0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
177 	{0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
178 	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
179 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
180 	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
181 	{0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
182 	{0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
183 	{0,SSL_TXT_DH,	0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
184 	{0,SSL_TXT_ECC,	0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
185 	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
186 	{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
187 	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
188 	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
189 	{0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
190 	{0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
191 	{0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
192 	{0,SSL_TXT_DSS,	0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
193 
194 	{0,SSL_TXT_DES,	0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
195 	{0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
196 	{0,SSL_TXT_RC4,	0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
197 	{0,SSL_TXT_RC2,	0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
198 #ifndef OPENSSL_NO_IDEA
199 	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
200 #endif
201 	{0,SSL_TXT_SEED,0,SSL_SEED,  0,0,0,0,SSL_ENC_MASK,0},
202 	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
203 	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
204 	{0,SSL_TXT_AES,	0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
205 	{0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
206 
207 	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
208 	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
209 	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
210 
211 	{0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
212 	{0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
213 	{0,SSL_TXT_RSA,	0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
214 	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
215 	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
216 
217 	{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
218 	{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
219 	{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
220 
221 	{0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
222 	{0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
223 	{0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
224 	{0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
225 	{0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
226 	{0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
227 	{0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
228 	{0,SSL_TXT_FIPS,  0, 0,  SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
229 	};
230 
231 void ssl_load_ciphers(void)
232 	{
233 	ssl_cipher_methods[SSL_ENC_DES_IDX]=
234 		EVP_get_cipherbyname(SN_des_cbc);
235 	ssl_cipher_methods[SSL_ENC_3DES_IDX]=
236 		EVP_get_cipherbyname(SN_des_ede3_cbc);
237 	ssl_cipher_methods[SSL_ENC_RC4_IDX]=
238 		EVP_get_cipherbyname(SN_rc4);
239 	ssl_cipher_methods[SSL_ENC_RC2_IDX]=
240 		EVP_get_cipherbyname(SN_rc2_cbc);
241 #ifndef OPENSSL_NO_IDEA
242 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
243 		EVP_get_cipherbyname(SN_idea_cbc);
244 #else
245 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
246 #endif
247 	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
248 	  EVP_get_cipherbyname(SN_aes_128_cbc);
249 	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
250 	  EVP_get_cipherbyname(SN_aes_256_cbc);
251 	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
252 	  EVP_get_cipherbyname(SN_camellia_128_cbc);
253 	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
254 	  EVP_get_cipherbyname(SN_camellia_256_cbc);
255 	ssl_cipher_methods[SSL_ENC_SEED_IDX]=
256 	  EVP_get_cipherbyname(SN_seed_cbc);
257 
258 	ssl_digest_methods[SSL_MD_MD5_IDX]=
259 		EVP_get_digestbyname(SN_md5);
260 	ssl_digest_methods[SSL_MD_SHA1_IDX]=
261 		EVP_get_digestbyname(SN_sha1);
262 	}
263 
264 
265 #ifndef OPENSSL_NO_COMP
266 
267 static int sk_comp_cmp(const SSL_COMP * const *a,
268 			const SSL_COMP * const *b)
269 	{
270 	return((*a)->id-(*b)->id);
271 	}
272 
273 static void load_builtin_compressions(void)
274 	{
275 	int got_write_lock = 0;
276 
277 	CRYPTO_r_lock(CRYPTO_LOCK_SSL);
278 	if (ssl_comp_methods == NULL)
279 		{
280 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
281 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
282 		got_write_lock = 1;
283 
284 		if (ssl_comp_methods == NULL)
285 			{
286 			SSL_COMP *comp = NULL;
287 
288 			MemCheck_off();
289 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
290 			if (ssl_comp_methods != NULL)
291 				{
292 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
293 				if (comp != NULL)
294 					{
295 					comp->method=COMP_zlib();
296 					if (comp->method
297 						&& comp->method->type == NID_undef)
298 						OPENSSL_free(comp);
299 					else
300 						{
301 						comp->id=SSL_COMP_ZLIB_IDX;
302 						comp->name=comp->method->name;
303 						sk_SSL_COMP_push(ssl_comp_methods,comp);
304 						}
305 					}
306 				}
307 			MemCheck_on();
308 			}
309 		}
310 
311 	if (got_write_lock)
312 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
313 	else
314 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
315 	}
316 #endif
317 
318 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
319 	     const EVP_MD **md, SSL_COMP **comp)
320 	{
321 	int i;
322 	SSL_CIPHER *c;
323 
324 	c=s->cipher;
325 	if (c == NULL) return(0);
326 	if (comp != NULL)
327 		{
328 		SSL_COMP ctmp;
329 #ifndef OPENSSL_NO_COMP
330 		load_builtin_compressions();
331 #endif
332 
333 		*comp=NULL;
334 		ctmp.id=s->compress_meth;
335 		if (ssl_comp_methods != NULL)
336 			{
337 			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
338 			if (i >= 0)
339 				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
340 			else
341 				*comp=NULL;
342 			}
343 		}
344 
345 	if ((enc == NULL) || (md == NULL)) return(0);
346 
347 	switch (c->algorithms & SSL_ENC_MASK)
348 		{
349 	case SSL_DES:
350 		i=SSL_ENC_DES_IDX;
351 		break;
352 	case SSL_3DES:
353 		i=SSL_ENC_3DES_IDX;
354 		break;
355 	case SSL_RC4:
356 		i=SSL_ENC_RC4_IDX;
357 		break;
358 	case SSL_RC2:
359 		i=SSL_ENC_RC2_IDX;
360 		break;
361 	case SSL_IDEA:
362 		i=SSL_ENC_IDEA_IDX;
363 		break;
364 	case SSL_eNULL:
365 		i=SSL_ENC_NULL_IDX;
366 		break;
367 	case SSL_AES:
368 		switch(c->alg_bits)
369 			{
370 		case 128: i=SSL_ENC_AES128_IDX; break;
371 		case 256: i=SSL_ENC_AES256_IDX; break;
372 		default: i=-1; break;
373 			}
374 		break;
375 	case SSL_CAMELLIA:
376 		switch(c->alg_bits)
377 			{
378 		case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
379 		case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
380 		default: i=-1; break;
381 			}
382 		break;
383 	case SSL_SEED:
384 		i=SSL_ENC_SEED_IDX;
385 		break;
386 
387 	default:
388 		i= -1;
389 		break;
390 		}
391 
392 	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
393 		*enc=NULL;
394 	else
395 		{
396 		if (i == SSL_ENC_NULL_IDX)
397 			*enc=EVP_enc_null();
398 		else
399 			*enc=ssl_cipher_methods[i];
400 		}
401 
402 	switch (c->algorithms & SSL_MAC_MASK)
403 		{
404 	case SSL_MD5:
405 		i=SSL_MD_MD5_IDX;
406 		break;
407 	case SSL_SHA1:
408 		i=SSL_MD_SHA1_IDX;
409 		break;
410 	default:
411 		i= -1;
412 		break;
413 		}
414 	if ((i < 0) || (i > SSL_MD_NUM_IDX))
415 		*md=NULL;
416 	else
417 		*md=ssl_digest_methods[i];
418 
419 	if ((*enc != NULL) && (*md != NULL))
420 		return(1);
421 	else
422 		return(0);
423 	}
424 
425 #define ITEM_SEP(a) \
426 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
427 
428 static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
429 	     CIPHER_ORDER **tail)
430 	{
431 	if (curr == *tail) return;
432 	if (curr == *head)
433 		*head=curr->next;
434 	if (curr->prev != NULL)
435 		curr->prev->next=curr->next;
436 	if (curr->next != NULL) /* should always be true */
437 		curr->next->prev=curr->prev;
438 	(*tail)->next=curr;
439 	curr->prev= *tail;
440 	curr->next=NULL;
441 	*tail=curr;
442 	}
443 
444 struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
445                          * where 128-bit and 256-bit algorithms simply will get
446                          * separate bits. */
447   unsigned long mask; /* everything except m256 */
448   unsigned long m256; /* applies to 256-bit algorithms only */
449 };
450 
451 static struct disabled_masks ssl_cipher_get_disabled(void)
452 	{
453 	unsigned long mask;
454 	unsigned long m256;
455 	struct disabled_masks ret;
456 
457 	mask = SSL_kFZA;
458 #ifdef OPENSSL_NO_RSA
459 	mask |= SSL_aRSA|SSL_kRSA;
460 #endif
461 #ifdef OPENSSL_NO_DSA
462 	mask |= SSL_aDSS;
463 #endif
464 #ifdef OPENSSL_NO_DH
465 	mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
466 #endif
467 #ifdef OPENSSL_NO_KRB5
468 	mask |= SSL_kKRB5|SSL_aKRB5;
469 #endif
470 #ifdef OPENSSL_NO_ECDH
471 	mask |= SSL_kECDH|SSL_kECDHE;
472 #endif
473 #ifdef SSL_FORBID_ENULL
474 	mask |= SSL_eNULL;
475 #endif
476 
477 	mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
478 	mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
479 	mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
480 	mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
481 	mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
482 	mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
483 	mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
484 
485 	mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
486 	mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
487 
488 	/* finally consider algorithms where mask and m256 differ */
489 	m256 = mask;
490 	mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
491 	mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
492 	m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
493 	m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
494 
495 	ret.mask = mask;
496 	ret.m256 = m256;
497 	return ret;
498 	}
499 
500 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
501 		int num_of_ciphers, unsigned long mask, unsigned long m256,
502 		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
503 		CIPHER_ORDER **tail_p)
504 	{
505 	int i, co_list_num;
506 	SSL_CIPHER *c;
507 
508 	/*
509 	 * We have num_of_ciphers descriptions compiled in, depending on the
510 	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
511 	 * These will later be sorted in a linked list with at most num
512 	 * entries.
513 	 */
514 
515 	/* Get the initial list of ciphers */
516 	co_list_num = 0;	/* actual count of ciphers */
517 	for (i = 0; i < num_of_ciphers; i++)
518 		{
519 		c = ssl_method->get_cipher(i);
520 #define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
521 		/* drop those that use any of that is not available */
522 #ifdef OPENSSL_FIPS
523 		if ((c != NULL) && c->valid && !IS_MASKED(c)
524 			&& (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
525 #else
526 		if ((c != NULL) && c->valid && !IS_MASKED(c))
527 #endif
528 			{
529 			co_list[co_list_num].cipher = c;
530 			co_list[co_list_num].next = NULL;
531 			co_list[co_list_num].prev = NULL;
532 			co_list[co_list_num].active = 0;
533 			co_list_num++;
534 #ifdef KSSL_DEBUG
535 			printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
536 #endif	/* KSSL_DEBUG */
537 			/*
538 			if (!sk_push(ca_list,(char *)c)) goto err;
539 			*/
540 			}
541 		}
542 
543 	/*
544 	 * Prepare linked list from list entries
545 	 */
546 	for (i = 1; i < co_list_num - 1; i++)
547 		{
548 		co_list[i].prev = &(co_list[i-1]);
549 		co_list[i].next = &(co_list[i+1]);
550 		}
551 	if (co_list_num > 0)
552 		{
553 		(*head_p) = &(co_list[0]);
554 		(*head_p)->prev = NULL;
555 		(*head_p)->next = &(co_list[1]);
556 		(*tail_p) = &(co_list[co_list_num - 1]);
557 		(*tail_p)->prev = &(co_list[co_list_num - 2]);
558 		(*tail_p)->next = NULL;
559 		}
560 	}
561 
562 static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
563 			int num_of_group_aliases, unsigned long mask,
564 			CIPHER_ORDER *head)
565 	{
566 	CIPHER_ORDER *ciph_curr;
567 	SSL_CIPHER **ca_curr;
568 	int i;
569 
570 	/*
571 	 * First, add the real ciphers as already collected
572 	 */
573 	ciph_curr = head;
574 	ca_curr = ca_list;
575 	while (ciph_curr != NULL)
576 		{
577 		*ca_curr = ciph_curr->cipher;
578 		ca_curr++;
579 		ciph_curr = ciph_curr->next;
580 		}
581 
582 	/*
583 	 * Now we add the available ones from the cipher_aliases[] table.
584 	 * They represent either an algorithm, that must be fully
585 	 * supported (not match any bit in mask) or represent a cipher
586 	 * strength value (will be added in any case because algorithms=0).
587 	 */
588 	for (i = 0; i < num_of_group_aliases; i++)
589 		{
590 		if ((i == 0) ||		/* always fetch "ALL" */
591 		    !(cipher_aliases[i].algorithms & mask))
592 			{
593 			*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
594 			ca_curr++;
595 			}
596 		}
597 
598 	*ca_curr = NULL;	/* end of list */
599 	}
600 
601 static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
602 		unsigned long algorithms, unsigned long mask,
603 		unsigned long algo_strength, unsigned long mask_strength,
604 		int rule, int strength_bits, CIPHER_ORDER *co_list,
605 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
606 	{
607 	CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
608 	SSL_CIPHER *cp;
609 	unsigned long ma, ma_s;
610 
611 #ifdef CIPHER_DEBUG
612 	printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
613 		rule, algorithms, mask, algo_strength, mask_strength,
614 		strength_bits);
615 #endif
616 
617 	curr = head = *head_p;
618 	curr2 = head;
619 	tail2 = tail = *tail_p;
620 	for (;;)
621 		{
622 		if ((curr == NULL) || (curr == tail2)) break;
623 		curr = curr2;
624 		curr2 = curr->next;
625 
626 		cp = curr->cipher;
627 
628 		/* If explicit cipher suite, match only that one for its own protocol version.
629 		 * Usual selection criteria will be used for similar ciphersuites from other version! */
630 
631 		if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
632 			{
633 			if (cp->id != cipher_id)
634 				continue;
635 			}
636 
637 		/*
638 		 * Selection criteria is either the number of strength_bits
639 		 * or the algorithm used.
640 		 */
641 		else if (strength_bits == -1)
642 			{
643 			ma = mask & cp->algorithms;
644 			ma_s = mask_strength & cp->algo_strength;
645 
646 #ifdef CIPHER_DEBUG
647 			printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
648 			printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
649 #endif
650 			/*
651 			 * Select: if none of the mask bit was met from the
652 			 * cipher or not all of the bits were met, the
653 			 * selection does not apply.
654 			 */
655 			if (((ma == 0) && (ma_s == 0)) ||
656 			    ((ma & algorithms) != ma) ||
657 			    ((ma_s & algo_strength) != ma_s))
658 				continue; /* does not apply */
659 			}
660 		else if (strength_bits != cp->strength_bits)
661 			continue;	/* does not apply */
662 
663 #ifdef CIPHER_DEBUG
664 		printf("Action = %d\n", rule);
665 #endif
666 
667 		/* add the cipher if it has not been added yet. */
668 		if (rule == CIPHER_ADD)
669 			{
670 			if (!curr->active)
671 				{
672 				int add_this_cipher = 1;
673 
674 				if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
675 					{
676 					/* Make sure "ECCdraft" ciphersuites are activated only if
677 					 * *explicitly* requested, but not implicitly (such as
678 					 * as part of the "AES" alias). */
679 
680 					add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
681 					}
682 
683 				if (add_this_cipher)
684 					{
685 					ll_append_tail(&head, curr, &tail);
686 					curr->active = 1;
687 					}
688 				}
689 			}
690 		/* Move the added cipher to this location */
691 		else if (rule == CIPHER_ORD)
692 			{
693 			if (curr->active)
694 				{
695 				ll_append_tail(&head, curr, &tail);
696 				}
697 			}
698 		else if	(rule == CIPHER_DEL)
699 			curr->active = 0;
700 		else if (rule == CIPHER_KILL)
701 			{
702 			if (head == curr)
703 				head = curr->next;
704 			else
705 				curr->prev->next = curr->next;
706 			if (tail == curr)
707 				tail = curr->prev;
708 			curr->active = 0;
709 			if (curr->next != NULL)
710 				curr->next->prev = curr->prev;
711 			if (curr->prev != NULL)
712 				curr->prev->next = curr->next;
713 			curr->next = NULL;
714 			curr->prev = NULL;
715 			}
716 		}
717 
718 	*head_p = head;
719 	*tail_p = tail;
720 	}
721 
722 static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
723 				    CIPHER_ORDER **head_p,
724 				    CIPHER_ORDER **tail_p)
725 	{
726 	int max_strength_bits, i, *number_uses;
727 	CIPHER_ORDER *curr;
728 
729 	/*
730 	 * This routine sorts the ciphers with descending strength. The sorting
731 	 * must keep the pre-sorted sequence, so we apply the normal sorting
732 	 * routine as '+' movement to the end of the list.
733 	 */
734 	max_strength_bits = 0;
735 	curr = *head_p;
736 	while (curr != NULL)
737 		{
738 		if (curr->active &&
739 		    (curr->cipher->strength_bits > max_strength_bits))
740 		    max_strength_bits = curr->cipher->strength_bits;
741 		curr = curr->next;
742 		}
743 
744 	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
745 	if (!number_uses)
746 	{
747 		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
748 		return(0);
749 	}
750 	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
751 
752 	/*
753 	 * Now find the strength_bits values actually used
754 	 */
755 	curr = *head_p;
756 	while (curr != NULL)
757 		{
758 		if (curr->active)
759 			number_uses[curr->cipher->strength_bits]++;
760 		curr = curr->next;
761 		}
762 	/*
763 	 * Go through the list of used strength_bits values in descending
764 	 * order.
765 	 */
766 	for (i = max_strength_bits; i >= 0; i--)
767 		if (number_uses[i] > 0)
768 			ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
769 					co_list, head_p, tail_p);
770 
771 	OPENSSL_free(number_uses);
772 	return(1);
773 	}
774 
775 static int ssl_cipher_process_rulestr(const char *rule_str,
776 		CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
777 		CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
778 	{
779 	unsigned long algorithms, mask, algo_strength, mask_strength;
780 	const char *l, *start, *buf;
781 	int j, multi, found, rule, retval, ok, buflen;
782 	unsigned long cipher_id = 0, ssl_version = 0;
783 	char ch;
784 
785 	retval = 1;
786 	l = rule_str;
787 	for (;;)
788 		{
789 		ch = *l;
790 
791 		if (ch == '\0')
792 			break;		/* done */
793 		if (ch == '-')
794 			{ rule = CIPHER_DEL; l++; }
795 		else if (ch == '+')
796 			{ rule = CIPHER_ORD; l++; }
797 		else if (ch == '!')
798 			{ rule = CIPHER_KILL; l++; }
799 		else if (ch == '@')
800 			{ rule = CIPHER_SPECIAL; l++; }
801 		else
802 			{ rule = CIPHER_ADD; }
803 
804 		if (ITEM_SEP(ch))
805 			{
806 			l++;
807 			continue;
808 			}
809 
810 		algorithms = mask = algo_strength = mask_strength = 0;
811 
812 		start=l;
813 		for (;;)
814 			{
815 			ch = *l;
816 			buf = l;
817 			buflen = 0;
818 #ifndef CHARSET_EBCDIC
819 			while (	((ch >= 'A') && (ch <= 'Z')) ||
820 				((ch >= '0') && (ch <= '9')) ||
821 				((ch >= 'a') && (ch <= 'z')) ||
822 				 (ch == '-'))
823 #else
824 			while (	isalnum(ch) || (ch == '-'))
825 #endif
826 				 {
827 				 ch = *(++l);
828 				 buflen++;
829 				 }
830 
831 			if (buflen == 0)
832 				{
833 				/*
834 				 * We hit something we cannot deal with,
835 				 * it is no command or separator nor
836 				 * alphanumeric, so we call this an error.
837 				 */
838 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
839 				       SSL_R_INVALID_COMMAND);
840 				retval = found = 0;
841 				l++;
842 				break;
843 				}
844 
845 			if (rule == CIPHER_SPECIAL)
846 				{
847 				found = 0; /* unused -- avoid compiler warning */
848 				break;	/* special treatment */
849 				}
850 
851 			/* check for multi-part specification */
852 			if (ch == '+')
853 				{
854 				multi=1;
855 				l++;
856 				}
857 			else
858 				multi=0;
859 
860 			/*
861 			 * Now search for the cipher alias in the ca_list. Be careful
862 			 * with the strncmp, because the "buflen" limitation
863 			 * will make the rule "ADH:SOME" and the cipher
864 			 * "ADH-MY-CIPHER" look like a match for buflen=3.
865 			 * So additionally check whether the cipher name found
866 			 * has the correct length. We can save a strlen() call:
867 			 * just checking for the '\0' at the right place is
868 			 * sufficient, we have to strncmp() anyway. (We cannot
869 			 * use strcmp(), because buf is not '\0' terminated.)
870 			 */
871 			 j = found = 0;
872 			 cipher_id = 0;
873 			 ssl_version = 0;
874 			 while (ca_list[j])
875 				{
876 				if (!strncmp(buf, ca_list[j]->name, buflen) &&
877 				    (ca_list[j]->name[buflen] == '\0'))
878 					{
879 					found = 1;
880 					break;
881 					}
882 				else
883 					j++;
884 				}
885 			if (!found)
886 				break;	/* ignore this entry */
887 
888 			/* New algorithms:
889 			 *  1 - any old restrictions apply outside new mask
890 			 *  2 - any new restrictions apply outside old mask
891 			 *  3 - enforce old & new where masks intersect
892 			 */
893 			algorithms = (algorithms & ~ca_list[j]->mask) |		/* 1 */
894 			             (ca_list[j]->algorithms & ~mask) |		/* 2 */
895 			             (algorithms & ca_list[j]->algorithms);	/* 3 */
896 			mask |= ca_list[j]->mask;
897 			algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
898 			                (ca_list[j]->algo_strength & ~mask_strength) |
899 			                (algo_strength & ca_list[j]->algo_strength);
900 			mask_strength |= ca_list[j]->mask_strength;
901 
902 			/* explicit ciphersuite found */
903 			if (ca_list[j]->valid)
904 				{
905 				cipher_id = ca_list[j]->id;
906 				ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
907 				break;
908 				}
909 
910 			if (!multi) break;
911 			}
912 
913 		/*
914 		 * Ok, we have the rule, now apply it
915 		 */
916 		if (rule == CIPHER_SPECIAL)
917 			{	/* special command */
918 			ok = 0;
919 			if ((buflen == 8) &&
920 				!strncmp(buf, "STRENGTH", 8))
921 				ok = ssl_cipher_strength_sort(co_list,
922 					head_p, tail_p);
923 			else
924 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
925 					SSL_R_INVALID_COMMAND);
926 			if (ok == 0)
927 				retval = 0;
928 			/*
929 			 * We do not support any "multi" options
930 			 * together with "@", so throw away the
931 			 * rest of the command, if any left, until
932 			 * end or ':' is found.
933 			 */
934 			while ((*l != '\0') && !ITEM_SEP(*l))
935 				l++;
936 			}
937 		else if (found)
938 			{
939 			ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
940 				algo_strength, mask_strength, rule, -1,
941 				co_list, head_p, tail_p);
942 			}
943 		else
944 			{
945 			while ((*l != '\0') && !ITEM_SEP(*l))
946 				l++;
947 			}
948 		if (*l == '\0') break; /* done */
949 		}
950 
951 	return(retval);
952 	}
953 
954 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
955 		STACK_OF(SSL_CIPHER) **cipher_list,
956 		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
957 		const char *rule_str)
958 	{
959 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
960 	unsigned long disabled_mask;
961 	unsigned long disabled_m256;
962 	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
963 	const char *rule_p;
964 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
965 	SSL_CIPHER **ca_list = NULL;
966 
967 	/*
968 	 * Return with error if nothing to do.
969 	 */
970 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
971 		return NULL;
972 
973 	/*
974 	 * To reduce the work to do we only want to process the compiled
975 	 * in algorithms, so we first get the mask of disabled ciphers.
976 	 */
977 	{
978 		struct disabled_masks d;
979 		d = ssl_cipher_get_disabled();
980 		disabled_mask = d.mask;
981 		disabled_m256 = d.m256;
982 	}
983 
984 	/*
985 	 * Now we have to collect the available ciphers from the compiled
986 	 * in ciphers. We cannot get more than the number compiled in, so
987 	 * it is used for allocation.
988 	 */
989 	num_of_ciphers = ssl_method->num_ciphers();
990 #ifdef KSSL_DEBUG
991 	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
992 #endif    /* KSSL_DEBUG */
993 	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
994 	if (co_list == NULL)
995 		{
996 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
997 		return(NULL);	/* Failure */
998 		}
999 
1000 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
1001 				   disabled_m256, co_list, &head, &tail);
1002 
1003 	/*
1004 	 * We also need cipher aliases for selecting based on the rule_str.
1005 	 * There might be two types of entries in the rule_str: 1) names
1006 	 * of ciphers themselves 2) aliases for groups of ciphers.
1007 	 * For 1) we need the available ciphers and for 2) the cipher
1008 	 * groups of cipher_aliases added together in one list (otherwise
1009 	 * we would be happy with just the cipher_aliases table).
1010 	 */
1011 	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1012 	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1013 	ca_list =
1014 		(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1015 	if (ca_list == NULL)
1016 		{
1017 		OPENSSL_free(co_list);
1018 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1019 		return(NULL);	/* Failure */
1020 		}
1021 	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1022 				   (disabled_mask & disabled_m256), head);
1023 
1024 	/*
1025 	 * If the rule_string begins with DEFAULT, apply the default rule
1026 	 * before using the (possibly available) additional rules.
1027 	 */
1028 	ok = 1;
1029 	rule_p = rule_str;
1030 	if (strncmp(rule_str,"DEFAULT",7) == 0)
1031 		{
1032 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1033 			co_list, &head, &tail, ca_list);
1034 		rule_p += 7;
1035 		if (*rule_p == ':')
1036 			rule_p++;
1037 		}
1038 
1039 	if (ok && (strlen(rule_p) > 0))
1040 		ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
1041 						ca_list);
1042 
1043 	OPENSSL_free(ca_list);	/* Not needed anymore */
1044 
1045 	if (!ok)
1046 		{	/* Rule processing failure */
1047 		OPENSSL_free(co_list);
1048 		return(NULL);
1049 		}
1050 	/*
1051 	 * Allocate new "cipherstack" for the result, return with error
1052 	 * if we cannot get one.
1053 	 */
1054 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1055 		{
1056 		OPENSSL_free(co_list);
1057 		return(NULL);
1058 		}
1059 
1060 	/*
1061 	 * The cipher selection for the list is done. The ciphers are added
1062 	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1063 	 */
1064 	for (curr = head; curr != NULL; curr = curr->next)
1065 		{
1066 #ifdef OPENSSL_FIPS
1067 		if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1068 #else
1069 		if (curr->active)
1070 #endif
1071 			{
1072 			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1073 #ifdef CIPHER_DEBUG
1074 			printf("<%s>\n",curr->cipher->name);
1075 #endif
1076 			}
1077 		}
1078 	OPENSSL_free(co_list);	/* Not needed any longer */
1079 
1080 	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1081 	if (tmp_cipher_list == NULL)
1082 		{
1083 		sk_SSL_CIPHER_free(cipherstack);
1084 		return NULL;
1085 		}
1086 	if (*cipher_list != NULL)
1087 		sk_SSL_CIPHER_free(*cipher_list);
1088 	*cipher_list = cipherstack;
1089 	if (*cipher_list_by_id != NULL)
1090 		sk_SSL_CIPHER_free(*cipher_list_by_id);
1091 	*cipher_list_by_id = tmp_cipher_list;
1092 	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1093 
1094 	sk_SSL_CIPHER_sort(*cipher_list_by_id);
1095 	return(cipherstack);
1096 	}
1097 
1098 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1099 	{
1100 	int is_export,pkl,kl;
1101 	const char *ver,*exp_str;
1102 	const char *kx,*au,*enc,*mac;
1103 	unsigned long alg,alg2,alg_s;
1104 #ifdef KSSL_DEBUG
1105 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
1106 #else
1107 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1108 #endif /* KSSL_DEBUG */
1109 
1110 	alg=cipher->algorithms;
1111 	alg_s=cipher->algo_strength;
1112 	alg2=cipher->algorithm2;
1113 
1114 	is_export=SSL_C_IS_EXPORT(cipher);
1115 	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1116 	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1117 	exp_str=is_export?" export":"";
1118 
1119 	if (alg & SSL_SSLV2)
1120 		ver="SSLv2";
1121 	else if (alg & SSL_SSLV3)
1122 		ver="SSLv3";
1123 	else
1124 		ver="unknown";
1125 
1126 	switch (alg&SSL_MKEY_MASK)
1127 		{
1128 	case SSL_kRSA:
1129 		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1130 		break;
1131 	case SSL_kDHr:
1132 		kx="DH/RSA";
1133 		break;
1134 	case SSL_kDHd:
1135 		kx="DH/DSS";
1136 		break;
1137         case SSL_kKRB5:         /* VRS */
1138         case SSL_KRB5:          /* VRS */
1139             kx="KRB5";
1140             break;
1141 	case SSL_kFZA:
1142 		kx="Fortezza";
1143 		break;
1144 	case SSL_kEDH:
1145 		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1146 		break;
1147 	case SSL_kECDH:
1148 	case SSL_kECDHE:
1149 		kx=is_export?"ECDH(<=163)":"ECDH";
1150 		break;
1151 	default:
1152 		kx="unknown";
1153 		}
1154 
1155 	switch (alg&SSL_AUTH_MASK)
1156 		{
1157 	case SSL_aRSA:
1158 		au="RSA";
1159 		break;
1160 	case SSL_aDSS:
1161 		au="DSS";
1162 		break;
1163 	case SSL_aDH:
1164 		au="DH";
1165 		break;
1166         case SSL_aKRB5:         /* VRS */
1167         case SSL_KRB5:          /* VRS */
1168             au="KRB5";
1169             break;
1170 	case SSL_aFZA:
1171 	case SSL_aNULL:
1172 		au="None";
1173 		break;
1174 	case SSL_aECDSA:
1175 		au="ECDSA";
1176 		break;
1177 	default:
1178 		au="unknown";
1179 		break;
1180 		}
1181 
1182 	switch (alg&SSL_ENC_MASK)
1183 		{
1184 	case SSL_DES:
1185 		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1186 		break;
1187 	case SSL_3DES:
1188 		enc="3DES(168)";
1189 		break;
1190 	case SSL_RC4:
1191 		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1192 		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1193 		break;
1194 	case SSL_RC2:
1195 		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1196 		break;
1197 	case SSL_IDEA:
1198 		enc="IDEA(128)";
1199 		break;
1200 	case SSL_eFZA:
1201 		enc="Fortezza";
1202 		break;
1203 	case SSL_eNULL:
1204 		enc="None";
1205 		break;
1206 	case SSL_AES:
1207 		switch(cipher->strength_bits)
1208 			{
1209 		case 128: enc="AES(128)"; break;
1210 		case 192: enc="AES(192)"; break;
1211 		case 256: enc="AES(256)"; break;
1212 		default: enc="AES(?""?""?)"; break;
1213 			}
1214 		break;
1215 	case SSL_CAMELLIA:
1216 		switch(cipher->strength_bits)
1217 			{
1218 		case 128: enc="Camellia(128)"; break;
1219 		case 256: enc="Camellia(256)"; break;
1220 		default: enc="Camellia(?""?""?)"; break;
1221 			}
1222 		break;
1223 	case SSL_SEED:
1224 		enc="SEED(128)";
1225 		break;
1226 
1227 	default:
1228 		enc="unknown";
1229 		break;
1230 		}
1231 
1232 	switch (alg&SSL_MAC_MASK)
1233 		{
1234 	case SSL_MD5:
1235 		mac="MD5";
1236 		break;
1237 	case SSL_SHA1:
1238 		mac="SHA1";
1239 		break;
1240 	default:
1241 		mac="unknown";
1242 		break;
1243 		}
1244 
1245 	if (buf == NULL)
1246 		{
1247 		len=128;
1248 		buf=OPENSSL_malloc(len);
1249 		if (buf == NULL) return("OPENSSL_malloc Error");
1250 		}
1251 	else if (len < 128)
1252 		return("Buffer too small");
1253 
1254 #ifdef KSSL_DEBUG
1255 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1256 #else
1257 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1258 #endif /* KSSL_DEBUG */
1259 	return(buf);
1260 	}
1261 
1262 char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1263 	{
1264 	int i;
1265 
1266 	if (c == NULL) return("(NONE)");
1267 	i=(int)(c->id>>24L);
1268 	if (i == 3)
1269 		return("TLSv1/SSLv3");
1270 	else if (i == 2)
1271 		return("SSLv2");
1272 	else
1273 		return("unknown");
1274 	}
1275 
1276 /* return the actual cipher being used */
1277 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1278 	{
1279 	if (c != NULL)
1280 		return(c->name);
1281 	return("(NONE)");
1282 	}
1283 
1284 /* number of bits for symmetric cipher */
1285 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1286 	{
1287 	int ret=0;
1288 
1289 	if (c != NULL)
1290 		{
1291 		if (alg_bits != NULL) *alg_bits = c->alg_bits;
1292 		ret = c->strength_bits;
1293 		}
1294 	return(ret);
1295 	}
1296 
1297 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1298 	{
1299 	SSL_COMP *ctmp;
1300 	int i,nn;
1301 
1302 	if ((n == 0) || (sk == NULL)) return(NULL);
1303 	nn=sk_SSL_COMP_num(sk);
1304 	for (i=0; i<nn; i++)
1305 		{
1306 		ctmp=sk_SSL_COMP_value(sk,i);
1307 		if (ctmp->id == n)
1308 			return(ctmp);
1309 		}
1310 	return(NULL);
1311 	}
1312 
1313 #ifdef OPENSSL_NO_COMP
1314 void *SSL_COMP_get_compression_methods(void)
1315 	{
1316 	return NULL;
1317 	}
1318 int SSL_COMP_add_compression_method(int id, void *cm)
1319 	{
1320 	return 1;
1321 	}
1322 
1323 const char *SSL_COMP_get_name(const void *comp)
1324 	{
1325 	return NULL;
1326 	}
1327 #else
1328 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1329 	{
1330 	load_builtin_compressions();
1331 	return(ssl_comp_methods);
1332 	}
1333 
1334 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1335 	{
1336 	SSL_COMP *comp;
1337 
1338         if (cm == NULL || cm->type == NID_undef)
1339                 return 1;
1340 
1341 	/* According to draft-ietf-tls-compression-04.txt, the
1342 	   compression number ranges should be the following:
1343 
1344 	   0 to 63:    methods defined by the IETF
1345 	   64 to 192:  external party methods assigned by IANA
1346 	   193 to 255: reserved for private use */
1347 	if (id < 193 || id > 255)
1348 		{
1349 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1350 		return 0;
1351 		}
1352 
1353 	MemCheck_off();
1354 	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1355 	comp->id=id;
1356 	comp->method=cm;
1357 	load_builtin_compressions();
1358 	if (ssl_comp_methods
1359 		&& sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1360 		{
1361 		OPENSSL_free(comp);
1362 		MemCheck_on();
1363 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1364 		return(1);
1365 		}
1366 	else if ((ssl_comp_methods == NULL)
1367 		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
1368 		{
1369 		OPENSSL_free(comp);
1370 		MemCheck_on();
1371 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1372 		return(1);
1373 		}
1374 	else
1375 		{
1376 		MemCheck_on();
1377 		return(0);
1378 		}
1379 	}
1380 
1381 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1382 	{
1383 	if (comp)
1384 		return comp->name;
1385 	return NULL;
1386 	}
1387 
1388 #endif
1389