1 /* ssl/ssl_ciph.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <openssl/objects.h> 61 #include <openssl/comp.h> 62 #include "ssl_locl.h" 63 64 #define SSL_ENC_DES_IDX 0 65 #define SSL_ENC_3DES_IDX 1 66 #define SSL_ENC_RC4_IDX 2 67 #define SSL_ENC_RC2_IDX 3 68 #define SSL_ENC_IDEA_IDX 4 69 #define SSL_ENC_eFZA_IDX 5 70 #define SSL_ENC_NULL_IDX 6 71 #define SSL_ENC_NUM_IDX 7 72 73 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 74 NULL,NULL,NULL,NULL,NULL,NULL, 75 }; 76 77 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 78 79 #define SSL_MD_MD5_IDX 0 80 #define SSL_MD_SHA1_IDX 1 81 #define SSL_MD_NUM_IDX 2 82 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 83 NULL,NULL, 84 }; 85 86 typedef struct cipher_sort_st 87 { 88 SSL_CIPHER *cipher; 89 int pref; 90 } CIPHER_SORT; 91 92 #define CIPHER_ADD 1 93 #define CIPHER_KILL 2 94 #define CIPHER_DEL 3 95 #define CIPHER_ORD 4 96 97 typedef struct cipher_choice_st 98 { 99 int type; 100 unsigned long algorithms; 101 unsigned long mask; 102 long top; 103 } CIPHER_CHOICE; 104 105 typedef struct cipher_order_st 106 { 107 SSL_CIPHER *cipher; 108 int active; 109 int dead; 110 struct cipher_order_st *next,*prev; 111 } CIPHER_ORDER; 112 113 static SSL_CIPHER cipher_aliases[]={ 114 /* Don't include eNULL unless specifically enabled */ 115 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */ 116 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK}, 117 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK}, 118 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK}, 119 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,SSL_MKEY_MASK}, 120 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,SSL_MKEY_MASK}, 121 {0,SSL_TXT_DH, 0,SSL_DH, 0,SSL_MKEY_MASK}, 122 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,SSL_MKEY_MASK|SSL_AUTH_MASK}, 123 124 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,SSL_AUTH_MASK}, 125 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,SSL_AUTH_MASK}, 126 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,SSL_AUTH_MASK}, 127 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK}, 128 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,SSL_AUTH_MASK}, 129 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,SSL_AUTH_MASK}, 130 131 {0,SSL_TXT_DES, 0,SSL_DES, 0,SSL_ENC_MASK}, 132 {0,SSL_TXT_3DES,0,SSL_3DES, 0,SSL_ENC_MASK}, 133 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,SSL_ENC_MASK}, 134 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,SSL_ENC_MASK}, 135 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,SSL_ENC_MASK}, 136 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK}, 137 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,SSL_ENC_MASK}, 138 139 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,SSL_MAC_MASK}, 140 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,SSL_MAC_MASK}, 141 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,SSL_MAC_MASK}, 142 143 {0,SSL_TXT_NULL,0,SSL_NULL, 0,SSL_ENC_MASK}, 144 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, 145 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, 146 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK}, 147 148 {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,SSL_EXP_MASK}, 149 {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,SSL_EXP_MASK}, 150 {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,SSL_EXP_MASK}, 151 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK}, 152 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK}, 153 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK}, 154 {0,SSL_TXT_LOW, 0,SSL_LOW, 0,SSL_STRONG_MASK}, 155 {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK}, 156 {0,SSL_TXT_HIGH, 0,SSL_HIGH, 0,SSL_STRONG_MASK}, 157 }; 158 159 static int init_ciphers=1; 160 static void load_ciphers(); 161 162 static int cmp_by_name(SSL_CIPHER **a, SSL_CIPHER **b) 163 { 164 return(strcmp((*a)->name,(*b)->name)); 165 } 166 167 static void load_ciphers(void) 168 { 169 init_ciphers=0; 170 ssl_cipher_methods[SSL_ENC_DES_IDX]= 171 EVP_get_cipherbyname(SN_des_cbc); 172 ssl_cipher_methods[SSL_ENC_3DES_IDX]= 173 EVP_get_cipherbyname(SN_des_ede3_cbc); 174 ssl_cipher_methods[SSL_ENC_RC4_IDX]= 175 EVP_get_cipherbyname(SN_rc4); 176 ssl_cipher_methods[SSL_ENC_RC2_IDX]= 177 EVP_get_cipherbyname(SN_rc2_cbc); 178 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 179 EVP_get_cipherbyname(SN_idea_cbc); 180 181 ssl_digest_methods[SSL_MD_MD5_IDX]= 182 EVP_get_digestbyname(SN_md5); 183 ssl_digest_methods[SSL_MD_SHA1_IDX]= 184 EVP_get_digestbyname(SN_sha1); 185 } 186 187 int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc, 188 const EVP_MD **md, SSL_COMP **comp) 189 { 190 int i; 191 SSL_CIPHER *c; 192 193 c=s->cipher; 194 if (c == NULL) return(0); 195 if (comp != NULL) 196 { 197 SSL_COMP ctmp; 198 199 if (s->compress_meth == 0) 200 *comp=NULL; 201 else if (ssl_comp_methods == NULL) 202 { 203 /* bad */ 204 *comp=NULL; 205 } 206 else 207 { 208 209 ctmp.id=s->compress_meth; 210 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); 211 if (i >= 0) 212 *comp=sk_SSL_COMP_value(ssl_comp_methods,i); 213 else 214 *comp=NULL; 215 } 216 } 217 218 if ((enc == NULL) || (md == NULL)) return(0); 219 220 switch (c->algorithms & SSL_ENC_MASK) 221 { 222 case SSL_DES: 223 i=SSL_ENC_DES_IDX; 224 break; 225 case SSL_3DES: 226 i=SSL_ENC_3DES_IDX; 227 break; 228 case SSL_RC4: 229 i=SSL_ENC_RC4_IDX; 230 break; 231 case SSL_RC2: 232 i=SSL_ENC_RC2_IDX; 233 break; 234 case SSL_IDEA: 235 i=SSL_ENC_IDEA_IDX; 236 break; 237 case SSL_eNULL: 238 i=SSL_ENC_NULL_IDX; 239 break; 240 default: 241 i= -1; 242 break; 243 } 244 245 if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 246 *enc=NULL; 247 else 248 { 249 if (i == SSL_ENC_NULL_IDX) 250 *enc=EVP_enc_null(); 251 else 252 *enc=ssl_cipher_methods[i]; 253 } 254 255 switch (c->algorithms & SSL_MAC_MASK) 256 { 257 case SSL_MD5: 258 i=SSL_MD_MD5_IDX; 259 break; 260 case SSL_SHA1: 261 i=SSL_MD_SHA1_IDX; 262 break; 263 default: 264 i= -1; 265 break; 266 } 267 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 268 *md=NULL; 269 else 270 *md=ssl_digest_methods[i]; 271 272 if ((*enc != NULL) && (*md != NULL)) 273 return(1); 274 else 275 return(0); 276 } 277 278 #define ITEM_SEP(a) \ 279 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 280 281 static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 282 CIPHER_ORDER **tail) 283 { 284 if (curr == *tail) return; 285 if (curr == *head) 286 *head=curr->next; 287 if (curr->prev != NULL) 288 curr->prev->next=curr->next; 289 if (curr->next != NULL) /* should always be true */ 290 curr->next->prev=curr->prev; 291 (*tail)->next=curr; 292 curr->prev= *tail; 293 curr->next=NULL; 294 *tail=curr; 295 } 296 297 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method, 298 STACK_OF(SSL_CIPHER) **cipher_list, 299 STACK_OF(SSL_CIPHER) **cipher_list_by_id, 300 char *str) 301 { 302 SSL_CIPHER *c; 303 char *l; 304 STACK_OF(SSL_CIPHER) *ret=NULL,*ok=NULL; 305 #define CL_BUF 40 306 char buf[CL_BUF]; 307 char *tmp_str=NULL; 308 unsigned long mask,algorithms,ma; 309 char *start; 310 int i,j,k,num=0,ch,multi; 311 unsigned long al; 312 STACK *ca_list=NULL; 313 int current_x,num_x; 314 CIPHER_CHOICE *ops=NULL; 315 CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2; 316 int list_num; 317 int type; 318 SSL_CIPHER c_tmp,*cp; 319 320 if (str == NULL) return(NULL); 321 322 if (strncmp(str,"DEFAULT",7) == 0) 323 { 324 i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST); 325 if ((tmp_str=Malloc(i)) == NULL) 326 { 327 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 328 goto err; 329 } 330 strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST); 331 strcat(tmp_str,":"); 332 strcat(tmp_str,&(str[7])); 333 str=tmp_str; 334 } 335 if (init_ciphers) load_ciphers(); 336 337 num=ssl_method->num_ciphers(); 338 339 if ((ret=sk_SSL_CIPHER_new(NULL)) == NULL) goto err; 340 if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err; 341 342 mask =SSL_kFZA; 343 #ifdef NO_RSA 344 mask|=SSL_aRSA|SSL_kRSA; 345 #endif 346 #ifdef NO_DSA 347 mask|=SSL_aDSS; 348 #endif 349 #ifdef NO_DH 350 mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; 351 #endif 352 353 #ifdef SSL_FORBID_ENULL 354 mask|=SSL_eNULL; 355 #endif 356 357 mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0; 358 mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0; 359 mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0; 360 mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0; 361 mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0; 362 mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0; 363 364 mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0; 365 mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0; 366 367 if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL) 368 goto err; 369 370 /* Get the initial list of ciphers */ 371 list_num=0; 372 for (i=0; i<num; i++) 373 { 374 c=ssl_method->get_cipher((unsigned int)i); 375 /* drop those that use any of that is not available */ 376 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 377 { 378 list[list_num].cipher=c; 379 list[list_num].next=NULL; 380 list[list_num].prev=NULL; 381 list[list_num].active=0; 382 list_num++; 383 if (!sk_push(ca_list,(char *)c)) goto err; 384 } 385 } 386 387 for (i=1; i<list_num-1; i++) 388 { 389 list[i].prev= &(list[i-1]); 390 list[i].next= &(list[i+1]); 391 } 392 if (list_num > 0) 393 { 394 head= &(list[0]); 395 head->prev=NULL; 396 head->next= &(list[1]); 397 tail= &(list[list_num-1]); 398 tail->prev= &(list[list_num-2]); 399 tail->next=NULL; 400 } 401 402 /* special case */ 403 cipher_aliases[0].algorithms &= ~mask; 404 405 /* get the aliases */ 406 k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER); 407 for (j=0; j<k; j++) 408 { 409 al=cipher_aliases[j].algorithms; 410 /* Drop those that are not relevent */ 411 if ((al & mask) == al) continue; 412 if (!sk_push(ca_list,(char *)&(cipher_aliases[j]))) goto err; 413 } 414 415 /* ca_list now holds a 'stack' of SSL_CIPHERS, some real, some 416 * 'aliases' */ 417 418 /* how many parameters are there? */ 419 num=1; 420 for (l=str; *l; l++) 421 if (ITEM_SEP(*l)) 422 num++; 423 ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num); 424 if (ops == NULL) goto err; 425 memset(ops,0,sizeof(CIPHER_CHOICE)*num); 426 427 /* we now parse the input string and create our operations */ 428 l=str; 429 i=0; 430 current_x=0; 431 432 for (;;) 433 { 434 ch= *l; 435 436 if (ch == '\0') break; 437 438 if (ch == '-') 439 { j=CIPHER_DEL; l++; } 440 else if (ch == '+') 441 { j=CIPHER_ORD; l++; } 442 else if (ch == '!') 443 { j=CIPHER_KILL; l++; } 444 else 445 { j=CIPHER_ADD; } 446 447 if (ITEM_SEP(ch)) 448 { 449 l++; 450 continue; 451 } 452 ops[current_x].type=j; 453 ops[current_x].algorithms=0; 454 ops[current_x].mask=0; 455 456 start=l; 457 for (;;) 458 { 459 ch= *l; 460 i=0; 461 #ifndef CHARSET_EBCDIC 462 while ( ((ch >= 'A') && (ch <= 'Z')) || 463 ((ch >= '0') && (ch <= '9')) || 464 ((ch >= 'a') && (ch <= 'z')) || 465 (ch == '-')) 466 #else 467 while ( isalnum(ch) || (ch == '-')) 468 #endif 469 { 470 buf[i]=ch; 471 ch= *(++l); 472 i++; 473 if (i >= (CL_BUF-2)) break; 474 } 475 buf[i]='\0'; 476 477 /* check for multi-part specification */ 478 if (ch == '+') 479 { 480 multi=1; 481 l++; 482 } 483 else 484 multi=0; 485 486 c_tmp.name=buf; 487 j=sk_find(ca_list,(char *)&c_tmp); 488 if (j < 0) 489 goto end_loop; 490 491 cp=(SSL_CIPHER *)sk_value(ca_list,j); 492 ops[current_x].algorithms|=cp->algorithms; 493 /* We add the SSL_SSL_MASK so we can match the 494 * SSLv2 and SSLv3 versions of RC4-MD5 */ 495 ops[current_x].mask|=cp->mask; 496 if (!multi) break; 497 } 498 current_x++; 499 if (ch == '\0') break; 500 end_loop: 501 /* Make sure we scan until the next valid start point */ 502 while ((*l != '\0') && ITEM_SEP(*l)) 503 l++; 504 } 505 506 num_x=current_x; 507 current_x=0; 508 509 /* We will now process the list of ciphers, once for each category, to 510 * decide what we should do with it. */ 511 for (j=0; j<num_x; j++) 512 { 513 algorithms=ops[j].algorithms; 514 type=ops[j].type; 515 mask=ops[j].mask; 516 517 curr=head; 518 curr2=head; 519 tail2=tail; 520 for (;;) 521 { 522 if ((curr == NULL) || (curr == tail2)) break; 523 curr=curr2; 524 curr2=curr->next; 525 526 cp=curr->cipher; 527 ma=mask & cp->algorithms; 528 if ((ma == 0) || ((ma & algorithms) != ma)) 529 { 530 /* does not apply */ 531 continue; 532 } 533 534 /* add the cipher if it has not been added yet. */ 535 if (type == CIPHER_ADD) 536 { 537 if (!curr->active) 538 { 539 ll_append_tail(&head,curr,&tail); 540 curr->active=1; 541 } 542 } 543 /* Move the added cipher to this location */ 544 else if (type == CIPHER_ORD) 545 { 546 if (curr->active) 547 { 548 ll_append_tail(&head,curr,&tail); 549 } 550 } 551 else if (type == CIPHER_DEL) 552 curr->active=0; 553 if (type == CIPHER_KILL) 554 { 555 if (head == curr) 556 head=curr->next; 557 else 558 curr->prev->next=curr->next; 559 if (tail == curr) 560 tail=curr->prev; 561 curr->active=0; 562 if (curr->next != NULL) 563 curr->next->prev=curr->prev; 564 if (curr->prev != NULL) 565 curr->prev->next=curr->next; 566 curr->next=NULL; 567 curr->prev=NULL; 568 } 569 } 570 } 571 572 for (curr=head; curr != NULL; curr=curr->next) 573 { 574 if (curr->active) 575 { 576 sk_SSL_CIPHER_push(ret,curr->cipher); 577 #ifdef CIPHER_DEBUG 578 printf("<%s>\n",curr->cipher->name); 579 #endif 580 } 581 } 582 583 if (cipher_list != NULL) 584 { 585 if (*cipher_list != NULL) 586 sk_SSL_CIPHER_free(*cipher_list); 587 *cipher_list=ret; 588 } 589 590 if (cipher_list_by_id != NULL) 591 { 592 if (*cipher_list_by_id != NULL) 593 sk_SSL_CIPHER_free(*cipher_list_by_id); 594 *cipher_list_by_id=sk_SSL_CIPHER_dup(ret); 595 } 596 597 if ( (cipher_list_by_id == NULL) || 598 (*cipher_list_by_id == NULL) || 599 (cipher_list == NULL) || 600 (*cipher_list == NULL)) 601 goto err; 602 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 603 604 ok=ret; 605 ret=NULL; 606 err: 607 if (tmp_str) Free(tmp_str); 608 if (ops != NULL) Free(ops); 609 if (ret != NULL) sk_SSL_CIPHER_free(ret); 610 if (ca_list != NULL) sk_free(ca_list); 611 if (list != NULL) Free(list); 612 return(ok); 613 } 614 615 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 616 { 617 int is_export,pkl,kl; 618 char *ver,*exp; 619 char *kx,*au,*enc,*mac; 620 unsigned long alg,alg2; 621 static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 622 623 alg=cipher->algorithms; 624 alg2=cipher->algorithm2; 625 626 is_export=SSL_IS_EXPORT(alg); 627 pkl=SSL_EXPORT_PKEYLENGTH(alg); 628 kl=SSL_EXPORT_KEYLENGTH(alg); 629 exp=is_export?" export":""; 630 631 if (alg & SSL_SSLV2) 632 ver="SSLv2"; 633 else if (alg & SSL_SSLV3) 634 ver="SSLv3"; 635 else 636 ver="unknown"; 637 638 switch (alg&SSL_MKEY_MASK) 639 { 640 case SSL_kRSA: 641 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 642 break; 643 case SSL_kDHr: 644 kx="DH/RSA"; 645 break; 646 case SSL_kDHd: 647 kx="DH/DSS"; 648 break; 649 case SSL_kFZA: 650 kx="Fortezza"; 651 break; 652 case SSL_kEDH: 653 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 654 break; 655 default: 656 kx="unknown"; 657 } 658 659 switch (alg&SSL_AUTH_MASK) 660 { 661 case SSL_aRSA: 662 au="RSA"; 663 break; 664 case SSL_aDSS: 665 au="DSS"; 666 break; 667 case SSL_aDH: 668 au="DH"; 669 break; 670 case SSL_aFZA: 671 case SSL_aNULL: 672 au="None"; 673 break; 674 default: 675 au="unknown"; 676 break; 677 } 678 679 switch (alg&SSL_ENC_MASK) 680 { 681 case SSL_DES: 682 enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 683 break; 684 case SSL_3DES: 685 enc="3DES(168)"; 686 break; 687 case SSL_RC4: 688 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 689 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); 690 break; 691 case SSL_RC2: 692 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 693 break; 694 case SSL_IDEA: 695 enc="IDEA(128)"; 696 break; 697 case SSL_eFZA: 698 enc="Fortezza"; 699 break; 700 case SSL_eNULL: 701 enc="None"; 702 break; 703 default: 704 enc="unknown"; 705 break; 706 } 707 708 switch (alg&SSL_MAC_MASK) 709 { 710 case SSL_MD5: 711 mac="MD5"; 712 break; 713 case SSL_SHA1: 714 mac="SHA1"; 715 break; 716 default: 717 mac="unknown"; 718 break; 719 } 720 721 if (buf == NULL) 722 { 723 buf=Malloc(128); 724 if (buf == NULL) return("Malloc Error"); 725 } 726 else if (len < 128) 727 return("Buffer too small"); 728 729 sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp); 730 return(buf); 731 } 732 733 char *SSL_CIPHER_get_version(SSL_CIPHER *c) 734 { 735 int i; 736 737 if (c == NULL) return("(NONE)"); 738 i=(int)(c->id>>24L); 739 if (i == 3) 740 return("TLSv1/SSLv3"); 741 else if (i == 2) 742 return("SSLv2"); 743 else 744 return("unknown"); 745 } 746 747 /* return the actual cipher being used */ 748 const char *SSL_CIPHER_get_name(SSL_CIPHER *c) 749 { 750 if (c != NULL) 751 return(c->name); 752 return("(NONE)"); 753 } 754 755 /* number of bits for symetric cipher */ 756 int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) 757 { 758 int ret=0,a=0; 759 const EVP_CIPHER *enc; 760 const EVP_MD *md; 761 SSL_SESSION ss; 762 763 if (c != NULL) 764 { 765 ss.cipher=c; 766 if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL)) 767 return(0); 768 769 a=EVP_CIPHER_key_length(enc)*8; 770 771 if (SSL_C_IS_EXPORT(c)) 772 { 773 ret=SSL_C_EXPORT_KEYLENGTH(c)*8; 774 } 775 else 776 { 777 if (c->algorithm2 & SSL2_CF_8_BYTE_ENC) 778 ret=64; 779 else 780 ret=a; 781 } 782 } 783 784 if (alg_bits != NULL) *alg_bits=a; 785 786 return(ret); 787 } 788 789 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 790 { 791 SSL_COMP *ctmp; 792 int i,nn; 793 794 if ((n == 0) || (sk == NULL)) return(NULL); 795 nn=sk_SSL_COMP_num(sk); 796 for (i=0; i<nn; i++) 797 { 798 ctmp=sk_SSL_COMP_value(sk,i); 799 if (ctmp->id == n) 800 return(ctmp); 801 } 802 return(NULL); 803 } 804 805 static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b) 806 { 807 return((*a)->id-(*b)->id); 808 } 809 810 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 811 { 812 return(ssl_comp_methods); 813 } 814 815 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 816 { 817 SSL_COMP *comp; 818 STACK_OF(SSL_COMP) *sk; 819 820 comp=(SSL_COMP *)Malloc(sizeof(SSL_COMP)); 821 comp->id=id; 822 comp->method=cm; 823 if (ssl_comp_methods == NULL) 824 sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); 825 else 826 sk=ssl_comp_methods; 827 if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp)) 828 { 829 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 830 return(0); 831 } 832 else 833 return(1); 834 } 835 836