Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 433366587d6156c9660cc87a843e9dcef1a58917 / . / ssl / ssl_cipher.c
blob: 9c9a4413d55d7f803e3f1c6b91a980658c7bbb5d [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115/* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
David Benjamin9e4e01e2015-09-15 01:48:04 -0400[diff] [blame]141#include <openssl/ssl.h>
142
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]143#include <assert.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400[diff] [blame]144#include <stdio.h>
145#include <string.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]146
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]147#include <openssl/buf.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400[diff] [blame]148#include <openssl/err.h>
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]149#include <openssl/md5.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]150#include <openssl/mem.h>
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]151#include <openssl/sha.h>
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]152#include <openssl/stack.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]153
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame]154#include "internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]155
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]156
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]157/* kCiphers is an array of all supported ciphers, sorted by id. */
David Benjamin20c37312015-11-11 21:33:18 -0800[diff] [blame]158static const SSL_CIPHER kCiphers[] = {
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]159 /* The RSA ciphers */
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]160 /* Cipher 02 */
161 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]162 SSL3_TXT_RSA_NULL_SHA,
163 SSL3_CK_RSA_NULL_SHA,
164 SSL_kRSA,
165 SSL_aRSA,
166 SSL_eNULL,
167 SSL_SHA1,
168 SSL_HANDSHAKE_MAC_DEFAULT,
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]169 },
170
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]171 /* Cipher 04 */
172 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]173 SSL3_TXT_RSA_RC4_128_MD5,
174 SSL3_CK_RSA_RC4_128_MD5,
175 SSL_kRSA,
176 SSL_aRSA,
177 SSL_RC4,
178 SSL_MD5,
179 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]180 },
181
182 /* Cipher 05 */
183 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]184 SSL3_TXT_RSA_RC4_128_SHA,
185 SSL3_CK_RSA_RC4_128_SHA,
186 SSL_kRSA,
187 SSL_aRSA,
188 SSL_RC4,
189 SSL_SHA1,
190 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]191 },
192
193 /* Cipher 0A */
194 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]195 SSL3_TXT_RSA_DES_192_CBC3_SHA,
196 SSL3_CK_RSA_DES_192_CBC3_SHA,
197 SSL_kRSA,
198 SSL_aRSA,
199 SSL_3DES,
200 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]201 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]202 },
203
204
205 /* New AES ciphersuites */
206
207 /* Cipher 2F */
208 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]209 TLS1_TXT_RSA_WITH_AES_128_SHA,
210 TLS1_CK_RSA_WITH_AES_128_SHA,
211 SSL_kRSA,
212 SSL_aRSA,
213 SSL_AES128,
214 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]215 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]216 },
217
218 /* Cipher 33 */
219 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]220 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
221 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
222 SSL_kDHE,
223 SSL_aRSA,
224 SSL_AES128,
225 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]226 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]227 },
228
229 /* Cipher 35 */
230 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]231 TLS1_TXT_RSA_WITH_AES_256_SHA,
232 TLS1_CK_RSA_WITH_AES_256_SHA,
233 SSL_kRSA,
234 SSL_aRSA,
235 SSL_AES256,
236 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]237 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]238 },
239
240 /* Cipher 39 */
241 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]242 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
243 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
244 SSL_kDHE,
245 SSL_aRSA,
246 SSL_AES256,
247 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]248 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]249 },
250
251
252 /* TLS v1.2 ciphersuites */
253
254 /* Cipher 3C */
255 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]256 TLS1_TXT_RSA_WITH_AES_128_SHA256,
257 TLS1_CK_RSA_WITH_AES_128_SHA256,
258 SSL_kRSA,
259 SSL_aRSA,
260 SSL_AES128,
261 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]262 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]263 },
264
265 /* Cipher 3D */
266 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]267 TLS1_TXT_RSA_WITH_AES_256_SHA256,
268 TLS1_CK_RSA_WITH_AES_256_SHA256,
269 SSL_kRSA,
270 SSL_aRSA,
271 SSL_AES256,
272 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]273 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]274 },
275
276 /* Cipher 67 */
277 {
278 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]279 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
280 SSL_kDHE,
281 SSL_aRSA,
282 SSL_AES128,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]283 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]284 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]285 },
286
287 /* Cipher 6B */
288 {
289 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]290 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
291 SSL_kDHE,
292 SSL_aRSA,
293 SSL_AES256,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]294 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]295 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]296 },
297
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]298 /* PSK cipher suites. */
299
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]300 /* Cipher 8A */
301 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]302 TLS1_TXT_PSK_WITH_RC4_128_SHA,
303 TLS1_CK_PSK_WITH_RC4_128_SHA,
304 SSL_kPSK,
305 SSL_aPSK,
306 SSL_RC4,
307 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]308 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]309 },
310
311 /* Cipher 8C */
312 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]313 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
314 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
315 SSL_kPSK,
316 SSL_aPSK,
317 SSL_AES128,
318 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]319 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]320 },
321
322 /* Cipher 8D */
323 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]324 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
325 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
326 SSL_kPSK,
327 SSL_aPSK,
328 SSL_AES256,
329 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]330 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]331 },
332
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]333 /* GCM ciphersuites from RFC5288 */
334
335 /* Cipher 9C */
336 {
337 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]338 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
339 SSL_kRSA,
340 SSL_aRSA,
341 SSL_AES128GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]342 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]343 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]344 },
345
346 /* Cipher 9D */
347 {
348 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]349 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
350 SSL_kRSA,
351 SSL_aRSA,
352 SSL_AES256GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]353 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]354 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]355 },
356
357 /* Cipher 9E */
358 {
359 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]360 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
361 SSL_kDHE,
362 SSL_aRSA,
363 SSL_AES128GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]364 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]365 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]366 },
367
368 /* Cipher 9F */
369 {
370 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]371 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
372 SSL_kDHE,
373 SSL_aRSA,
374 SSL_AES256GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]375 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]376 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]377 },
378
379 /* Cipher C007 */
380 {
381 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]382 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
383 SSL_kECDHE,
384 SSL_aECDSA,
385 SSL_RC4,
386 SSL_SHA1,
387 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]388 },
389
390 /* Cipher C009 */
391 {
392 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]393 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
394 SSL_kECDHE,
395 SSL_aECDSA,
396 SSL_AES128,
397 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]398 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]399 },
400
401 /* Cipher C00A */
402 {
403 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]404 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
405 SSL_kECDHE,
406 SSL_aECDSA,
407 SSL_AES256,
408 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]409 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]410 },
411
412 /* Cipher C011 */
413 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]414 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
415 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
416 SSL_kECDHE,
417 SSL_aRSA,
418 SSL_RC4,
419 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]420 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]421 },
422
423 /* Cipher C013 */
424 {
425 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]426 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
427 SSL_kECDHE,
428 SSL_aRSA,
429 SSL_AES128,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]430 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]431 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]432 },
433
434 /* Cipher C014 */
435 {
436 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]437 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
438 SSL_kECDHE,
439 SSL_aRSA,
440 SSL_AES256,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]441 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]442 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]443 },
444
445
446 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
447
448 /* Cipher C023 */
449 {
450 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]451 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
452 SSL_kECDHE,
453 SSL_aECDSA,
454 SSL_AES128,
455 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]456 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]457 },
458
459 /* Cipher C024 */
460 {
461 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]462 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
463 SSL_kECDHE,
464 SSL_aECDSA,
465 SSL_AES256,
466 SSL_SHA384,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]467 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]468 },
469
470 /* Cipher C027 */
471 {
472 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]473 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
474 SSL_kECDHE,
475 SSL_aRSA,
476 SSL_AES128,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]477 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]478 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]479 },
480
481 /* Cipher C028 */
482 {
483 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]484 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
485 SSL_kECDHE,
486 SSL_aRSA,
487 SSL_AES256,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]488 SSL_SHA384,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]489 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]490 },
491
492
493 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
494
495 /* Cipher C02B */
496 {
497 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]498 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
499 SSL_kECDHE,
500 SSL_aECDSA,
501 SSL_AES128GCM,
502 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]503 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]504 },
505
506 /* Cipher C02C */
507 {
508 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]509 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
510 SSL_kECDHE,
511 SSL_aECDSA,
512 SSL_AES256GCM,
513 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]514 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]515 },
516
517 /* Cipher C02F */
518 {
519 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]520 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
521 SSL_kECDHE,
522 SSL_aRSA,
523 SSL_AES128GCM,
524 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]525 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]526 },
527
528 /* Cipher C030 */
529 {
530 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]531 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
532 SSL_kECDHE,
533 SSL_aRSA,
534 SSL_AES256GCM,
535 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]536 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]537 },
538
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]539 /* ECDHE-PSK cipher suites. */
540
541 /* Cipher C035 */
542 {
543 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
544 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]545 SSL_kECDHE,
546 SSL_aPSK,
547 SSL_AES128,
548 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]549 SSL_HANDSHAKE_MAC_DEFAULT,
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]550 },
551
552 /* Cipher C036 */
553 {
554 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
555 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]556 SSL_kECDHE,
557 SSL_aPSK,
558 SSL_AES256,
559 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]560 SSL_HANDSHAKE_MAC_DEFAULT,
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]561 },
562
563 /* ChaCha20-Poly1305 cipher suites. */
564
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]565#if !defined(BORINGSSL_ANDROID_SYSTEM)
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]566 {
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]567 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]568 TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
569 SSL_kECDHE,
570 SSL_aRSA,
571 SSL_CHACHA20POLY1305_OLD,
572 SSL_AEAD,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]573 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]574 },
575
576 {
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]577 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]578 TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
579 SSL_kECDHE,
580 SSL_aECDSA,
581 SSL_CHACHA20POLY1305_OLD,
582 SSL_AEAD,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]583 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]584 },
Adam Langleyd98dc132015-09-23 16:41:33 -0700[diff] [blame]585#endif
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]586
587 /* Cipher CCA8 */
588 {
589 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
590 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
591 SSL_kECDHE,
592 SSL_aRSA,
593 SSL_CHACHA20POLY1305,
594 SSL_AEAD,
595 SSL_HANDSHAKE_MAC_SHA256,
596 },
597
598 /* Cipher CCA9 */
599 {
600 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
601 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
602 SSL_kECDHE,
603 SSL_aECDSA,
604 SSL_CHACHA20POLY1305,
605 SSL_AEAD,
606 SSL_HANDSHAKE_MAC_SHA256,
607 },
608
609 /* Cipher CCAB */
610 {
611 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
612 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
613 SSL_kECDHE,
614 SSL_aPSK,
615 SSL_CHACHA20POLY1305,
616 SSL_AEAD,
617 SSL_HANDSHAKE_MAC_SHA256,
618 },
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]619};
620
621static const size_t kCiphersLen = sizeof(kCiphers) / sizeof(kCiphers[0]);
622
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]623#define CIPHER_ADD 1
624#define CIPHER_KILL 2
625#define CIPHER_DEL 3
626#define CIPHER_ORD 4
627#define CIPHER_SPECIAL 5
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]628
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]629typedef struct cipher_order_st {
630 const SSL_CIPHER *cipher;
631 int active;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]632 int in_group;
633 struct cipher_order_st *next, *prev;
634} CIPHER_ORDER;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]635
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]636typedef struct cipher_alias_st {
637 /* name is the name of the cipher alias. */
638 const char *name;
639
640 /* The following fields are bitmasks for the corresponding fields on
641 * |SSL_CIPHER|. A cipher matches a cipher alias iff, for each bitmask, the
642 * bit corresponding to the cipher's value is set to 1. If any bitmask is
643 * all zeroes, the alias matches nothing. Use |~0u| for the default value. */
644 uint32_t algorithm_mkey;
645 uint32_t algorithm_auth;
646 uint32_t algorithm_enc;
647 uint32_t algorithm_mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]648
649 /* min_version, if non-zero, matches all ciphers which were added in that
650 * particular protocol version. */
651 uint16_t min_version;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]652} CIPHER_ALIAS;
653
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]654static const CIPHER_ALIAS kCipherAliases[] = {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]655 /* "ALL" doesn't include eNULL (must be specifically enabled) */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]656 {"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]657
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]658 /* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]659
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]660 /* key exchange aliases
661 * (some of those using only a single bit here combine
662 * multiple key exchange algs according to the RFCs,
663 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]664 {"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]665
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]666 {"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
667 {"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
668 {"DH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]669
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]670 {"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
671 {"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
672 {"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]673
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]674 {"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]675
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]676 /* server authentication aliases */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]677 {"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
678 {"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
679 {"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
680 {"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]681
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]682 /* aliases combining key exchange and server authentication */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]683 {"DHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
684 {"EDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
685 {"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
686 {"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
687 {"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
688 {"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]690 /* symmetric encryption aliases */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]691 {"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0},
692 {"RC4", ~0u, ~0u, SSL_RC4, ~0u, 0},
693 {"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0},
694 {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
695 {"AES", ~0u, ~0u, SSL_AES, ~0u, 0},
696 {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, 0},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]697 {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_OLD, ~0u,
698 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]699
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]700 /* MAC aliases */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]701 {"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
702 {"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
703 {"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
704 {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
705 {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]706
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]707 /* Legacy protocol minimum version aliases. "TLSv1" is intentionally the
708 * same as "SSLv3". */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]709 {"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
710 {"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
711 {"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]712
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]713 /* Legacy strength classes. */
714 {"MEDIUM", ~0u, ~0u, SSL_RC4, ~0u, 0},
715 {"HIGH", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
716 {"FIPS", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]717};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]718
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]719static const size_t kCipherAliasesLen =
720 sizeof(kCipherAliases) / sizeof(kCipherAliases[0]);
721
722static int ssl_cipher_id_cmp(const void *in_a, const void *in_b) {
723 const SSL_CIPHER *a = in_a;
724 const SSL_CIPHER *b = in_b;
725
726 if (a->id > b->id) {
727 return 1;
728 } else if (a->id < b->id) {
729 return -1;
730 } else {
731 return 0;
732 }
733}
734
735static int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **a, const SSL_CIPHER **b) {
736 return ssl_cipher_id_cmp(*a, *b);
737}
738
739const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
740 SSL_CIPHER c;
741
742 c.id = 0x03000000L | value;
743 return bsearch(&c, kCiphers, kCiphersLen, sizeof(SSL_CIPHER),
744 ssl_cipher_id_cmp);
745}
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]746
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]747int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
748 size_t *out_mac_secret_len,
749 size_t *out_fixed_iv_len,
750 const SSL_CIPHER *cipher, uint16_t version) {
751 *out_aead = NULL;
752 *out_mac_secret_len = 0;
753 *out_fixed_iv_len = 0;
Adam Langleyc9fb3752014-06-20 12:00:00 -0700[diff] [blame]754
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]755 switch (cipher->algorithm_enc) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]756 case SSL_AES128GCM:
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]757 *out_aead = EVP_aead_aes_128_gcm();
758 *out_fixed_iv_len = 4;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]759 return 1;
760
761 case SSL_AES256GCM:
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]762 *out_aead = EVP_aead_aes_256_gcm();
763 *out_fixed_iv_len = 4;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]764 return 1;
765
Adam Langleyd98dc132015-09-23 16:41:33 -0700[diff] [blame]766#if !defined(BORINGSSL_ANDROID_SYSTEM)
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]767 case SSL_CHACHA20POLY1305_OLD:
Brian Smith3e23e4c2015-10-03 11:38:58 -1000[diff] [blame]768 *out_aead = EVP_aead_chacha20_poly1305_old();
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]769 *out_fixed_iv_len = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]770 return 1;
Adam Langleyd98dc132015-09-23 16:41:33 -0700[diff] [blame]771#endif
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]772
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]773 case SSL_CHACHA20POLY1305:
774 *out_aead = EVP_aead_chacha20_poly1305();
775 *out_fixed_iv_len = 12;
776 return 1;
777
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]778 case SSL_RC4:
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]779 switch (cipher->algorithm_mac) {
780 case SSL_MD5:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]781 if (version == SSL3_VERSION) {
782 *out_aead = EVP_aead_rc4_md5_ssl3();
783 } else {
784 *out_aead = EVP_aead_rc4_md5_tls();
785 }
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]786 *out_mac_secret_len = MD5_DIGEST_LENGTH;
787 return 1;
788 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]789 if (version == SSL3_VERSION) {
790 *out_aead = EVP_aead_rc4_sha1_ssl3();
791 } else {
792 *out_aead = EVP_aead_rc4_sha1_tls();
793 }
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]794 *out_mac_secret_len = SHA_DIGEST_LENGTH;
795 return 1;
796 default:
797 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]798 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]799
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]800 case SSL_AES128:
801 switch (cipher->algorithm_mac) {
802 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]803 if (version == SSL3_VERSION) {
804 *out_aead = EVP_aead_aes_128_cbc_sha1_ssl3();
805 *out_fixed_iv_len = 16;
806 } else if (version == TLS1_VERSION) {
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]807 *out_aead = EVP_aead_aes_128_cbc_sha1_tls_implicit_iv();
808 *out_fixed_iv_len = 16;
809 } else {
810 *out_aead = EVP_aead_aes_128_cbc_sha1_tls();
811 }
812 *out_mac_secret_len = SHA_DIGEST_LENGTH;
813 return 1;
814 case SSL_SHA256:
815 *out_aead = EVP_aead_aes_128_cbc_sha256_tls();
816 *out_mac_secret_len = SHA256_DIGEST_LENGTH;
817 return 1;
818 default:
819 return 0;
820 }
821
822 case SSL_AES256:
823 switch (cipher->algorithm_mac) {
824 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]825 if (version == SSL3_VERSION) {
826 *out_aead = EVP_aead_aes_256_cbc_sha1_ssl3();
827 *out_fixed_iv_len = 16;
828 } else if (version == TLS1_VERSION) {
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]829 *out_aead = EVP_aead_aes_256_cbc_sha1_tls_implicit_iv();
830 *out_fixed_iv_len = 16;
831 } else {
832 *out_aead = EVP_aead_aes_256_cbc_sha1_tls();
833 }
834 *out_mac_secret_len = SHA_DIGEST_LENGTH;
835 return 1;
836 case SSL_SHA256:
837 *out_aead = EVP_aead_aes_256_cbc_sha256_tls();
838 *out_mac_secret_len = SHA256_DIGEST_LENGTH;
839 return 1;
840 case SSL_SHA384:
841 *out_aead = EVP_aead_aes_256_cbc_sha384_tls();
842 *out_mac_secret_len = SHA384_DIGEST_LENGTH;
843 return 1;
844 default:
845 return 0;
846 }
847
848 case SSL_3DES:
849 switch (cipher->algorithm_mac) {
850 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]851 if (version == SSL3_VERSION) {
852 *out_aead = EVP_aead_des_ede3_cbc_sha1_ssl3();
853 *out_fixed_iv_len = 8;
854 } else if (version == TLS1_VERSION) {
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]855 *out_aead = EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv();
856 *out_fixed_iv_len = 8;
857 } else {
858 *out_aead = EVP_aead_des_ede3_cbc_sha1_tls();
859 }
860 *out_mac_secret_len = SHA_DIGEST_LENGTH;
861 return 1;
862 default:
863 return 0;
864 }
865
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]866 case SSL_eNULL:
867 switch (cipher->algorithm_mac) {
868 case SSL_SHA1:
869 if (version == SSL3_VERSION) {
870 *out_aead = EVP_aead_null_sha1_ssl3();
871 } else {
872 *out_aead = EVP_aead_null_sha1_tls();
873 }
874 *out_mac_secret_len = SHA_DIGEST_LENGTH;
875 return 1;
876 default:
877 return 0;
878 }
879
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]880 default:
881 return 0;
882 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]883}
Adam Langleyc9fb3752014-06-20 12:00:00 -0700[diff] [blame]884
David Benjaminb0883312015-08-06 09:54:13 -0400[diff] [blame]885const EVP_MD *ssl_get_handshake_digest(uint32_t algorithm_prf) {
886 switch (algorithm_prf) {
887 case SSL_HANDSHAKE_MAC_DEFAULT:
888 return EVP_sha1();
889 case SSL_HANDSHAKE_MAC_SHA256:
890 return EVP_sha256();
891 case SSL_HANDSHAKE_MAC_SHA384:
892 return EVP_sha384();
893 default:
894 return NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]895 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]896}
897
898#define ITEM_SEP(a) \
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]899 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]900
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]901/* rule_equals returns one iff the NUL-terminated string |rule| is equal to the
902 * |buf_len| bytes at |buf|. */
903static int rule_equals(const char *rule, const char *buf, size_t buf_len) {
904 /* |strncmp| alone only checks that |buf| is a prefix of |rule|. */
905 return strncmp(rule, buf, buf_len) == 0 && rule[buf_len] == '\0';
906}
907
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]908static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]909 CIPHER_ORDER **tail) {
910 if (curr == *tail) {
911 return;
912 }
913 if (curr == *head) {
914 *head = curr->next;
915 }
916 if (curr->prev != NULL) {
917 curr->prev->next = curr->next;
918 }
919 if (curr->next != NULL) {
920 curr->next->prev = curr->prev;
921 }
922 (*tail)->next = curr;
923 curr->prev = *tail;
924 curr->next = NULL;
925 *tail = curr;
926}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]927
928static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]929 CIPHER_ORDER **tail) {
930 if (curr == *head) {
931 return;
932 }
933 if (curr == *tail) {
934 *tail = curr->prev;
935 }
936 if (curr->next != NULL) {
937 curr->next->prev = curr->prev;
938 }
939 if (curr->prev != NULL) {
940 curr->prev->next = curr->next;
941 }
942 (*head)->prev = curr;
943 curr->next = *head;
944 curr->prev = NULL;
945 *head = curr;
946}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]947
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]948static void ssl_cipher_collect_ciphers(const SSL_PROTOCOL_METHOD *ssl_method,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]949 CIPHER_ORDER *co_list,
950 CIPHER_ORDER **head_p,
951 CIPHER_ORDER **tail_p) {
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]952 /* The set of ciphers is static, but some subset may be unsupported by
953 * |ssl_method|, so the list may be smaller. */
954 size_t co_list_num = 0;
955 size_t i;
956 for (i = 0; i < kCiphersLen; i++) {
957 const SSL_CIPHER *cipher = &kCiphers[i];
958 if (ssl_method->supports_cipher(cipher)) {
959 co_list[co_list_num].cipher = cipher;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]960 co_list[co_list_num].next = NULL;
961 co_list[co_list_num].prev = NULL;
962 co_list[co_list_num].active = 0;
963 co_list[co_list_num].in_group = 0;
964 co_list_num++;
965 }
966 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]967
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]968 /* Prepare linked list from list entries. */
969 if (co_list_num > 0) {
970 co_list[0].prev = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]971
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]972 if (co_list_num > 1) {
973 co_list[0].next = &co_list[1];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]974
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]975 for (i = 1; i < co_list_num - 1; i++) {
976 co_list[i].prev = &co_list[i - 1];
977 co_list[i].next = &co_list[i + 1];
978 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]979
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]980 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
981 }
982
983 co_list[co_list_num - 1].next = NULL;
984
985 *head_p = &co_list[0];
986 *tail_p = &co_list[co_list_num - 1];
987 }
988}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]989
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]990/* ssl_cipher_apply_rule applies the rule type |rule| to ciphers matching its
991 * parameters in the linked list from |*head_p| to |*tail_p|. It writes the new
992 * head and tail of the list to |*head_p| and |*tail_p|, respectively.
993 *
994 * - If |cipher_id| is non-zero, only that cipher is selected.
995 * - Otherwise, if |strength_bits| is non-negative, it selects ciphers
996 * of that strength.
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]997 * - Otherwise, it selects ciphers that match each bitmasks in |alg_*| and
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]998 * |min_version|. */
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]999static void ssl_cipher_apply_rule(
David Benjamin107db582015-04-08 00:41:59 -0400[diff] [blame]1000 uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1001 uint32_t alg_enc, uint32_t alg_mac, uint16_t min_version, int rule,
1002 int strength_bits, int in_group, CIPHER_ORDER **head_p,
1003 CIPHER_ORDER **tail_p) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1004 CIPHER_ORDER *head, *tail, *curr, *next, *last;
1005 const SSL_CIPHER *cp;
1006 int reverse = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1007
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1008 if (cipher_id == 0 && strength_bits == -1 && min_version == 0 &&
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1009 (alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0)) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1010 /* The rule matches nothing, so bail early. */
1011 return;
1012 }
1013
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1014 if (rule == CIPHER_DEL) {
1015 /* needed to maintain sorting between currently deleted ciphers */
1016 reverse = 1;
1017 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1018
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1019 head = *head_p;
1020 tail = *tail_p;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1021
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1022 if (reverse) {
1023 next = tail;
1024 last = head;
1025 } else {
1026 next = head;
1027 last = tail;
1028 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1029
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1030 curr = NULL;
1031 for (;;) {
1032 if (curr == last) {
1033 break;
1034 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1035
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1036 curr = next;
1037 if (curr == NULL) {
1038 break;
1039 }
Adam Langleye3142a72014-07-24 17:56:48 -0700[diff] [blame]1040
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1041 next = reverse ? curr->prev : curr->next;
1042 cp = curr->cipher;
Adam Langleye3142a72014-07-24 17:56:48 -0700[diff] [blame]1043
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1044 /* Selection criteria is either a specific cipher, the value of
1045 * |strength_bits|, or the algorithms used. */
1046 if (cipher_id != 0) {
1047 if (cipher_id != cp->id) {
1048 continue;
1049 }
1050 } else if (strength_bits >= 0) {
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1051 if (strength_bits != SSL_CIPHER_get_bits(cp, NULL)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1052 continue;
1053 }
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1054 } else if (!(alg_mkey & cp->algorithm_mkey) ||
1055 !(alg_auth & cp->algorithm_auth) ||
1056 !(alg_enc & cp->algorithm_enc) ||
1057 !(alg_mac & cp->algorithm_mac) ||
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1058 (min_version != 0 &&
1059 SSL_CIPHER_get_min_version(cp) != min_version)) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1060 continue;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1061 }
Adam Langleye3142a72014-07-24 17:56:48 -0700[diff] [blame]1062
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1063 /* add the cipher if it has not been added yet. */
1064 if (rule == CIPHER_ADD) {
1065 /* reverse == 0 */
1066 if (!curr->active) {
1067 ll_append_tail(&head, curr, &tail);
1068 curr->active = 1;
1069 curr->in_group = in_group;
1070 }
1071 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1072
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1073 /* Move the added cipher to this location */
1074 else if (rule == CIPHER_ORD) {
1075 /* reverse == 0 */
1076 if (curr->active) {
1077 ll_append_tail(&head, curr, &tail);
1078 curr->in_group = 0;
1079 }
1080 } else if (rule == CIPHER_DEL) {
1081 /* reverse == 1 */
1082 if (curr->active) {
1083 /* most recently deleted ciphersuites get best positions
1084 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1085 * works in reverse to maintain the order) */
1086 ll_append_head(&head, curr, &tail);
1087 curr->active = 0;
1088 curr->in_group = 0;
1089 }
1090 } else if (rule == CIPHER_KILL) {
1091 /* reverse == 0 */
1092 if (head == curr) {
1093 head = curr->next;
1094 } else {
1095 curr->prev->next = curr->next;
1096 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1097
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1098 if (tail == curr) {
1099 tail = curr->prev;
1100 }
1101 curr->active = 0;
1102 if (curr->next != NULL) {
1103 curr->next->prev = curr->prev;
1104 }
1105 if (curr->prev != NULL) {
1106 curr->prev->next = curr->next;
1107 }
1108 curr->next = NULL;
1109 curr->prev = NULL;
1110 }
1111 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1112
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1113 *head_p = head;
1114 *tail_p = tail;
1115}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1116
1117static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1118 CIPHER_ORDER **tail_p) {
1119 int max_strength_bits, i, *number_uses;
1120 CIPHER_ORDER *curr;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1121
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1122 /* This routine sorts the ciphers with descending strength. The sorting must
1123 * keep the pre-sorted sequence, so we apply the normal sorting routine as
1124 * '+' movement to the end of the list. */
1125 max_strength_bits = 0;
1126 curr = *head_p;
1127 while (curr != NULL) {
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1128 if (curr->active &&
1129 SSL_CIPHER_get_bits(curr->cipher, NULL) > max_strength_bits) {
1130 max_strength_bits = SSL_CIPHER_get_bits(curr->cipher, NULL);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1131 }
1132 curr = curr->next;
1133 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1134
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1135 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
1136 if (!number_uses) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1137 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1138 return 0;
1139 }
1140 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1141
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1142 /* Now find the strength_bits values actually used. */
1143 curr = *head_p;
1144 while (curr != NULL) {
1145 if (curr->active) {
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1146 number_uses[SSL_CIPHER_get_bits(curr->cipher, NULL)]++;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1147 }
1148 curr = curr->next;
1149 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1150
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1151 /* Go through the list of used strength_bits values in descending order. */
1152 for (i = max_strength_bits; i >= 0; i--) {
1153 if (number_uses[i] > 0) {
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1154 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, tail_p);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1155 }
1156 }
1157
1158 OPENSSL_free(number_uses);
1159 return 1;
1160}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1161
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1162static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
1163 const char *rule_str,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1164 CIPHER_ORDER **head_p,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1165 CIPHER_ORDER **tail_p) {
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1166 uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1167 uint16_t min_version;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1168 const char *l, *buf;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1169 int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1170 size_t j, buf_len;
1171 uint32_t cipher_id;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1172 char ch;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1173
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1174 retval = 1;
1175 l = rule_str;
1176 for (;;) {
1177 ch = *l;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1178
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1179 if (ch == '\0') {
1180 break; /* done */
1181 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1182
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1183 if (in_group) {
1184 if (ch == ']') {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1185 if (*tail_p) {
1186 (*tail_p)->in_group = 0;
1187 }
1188 in_group = 0;
1189 l++;
1190 continue;
1191 }
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]1192
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1193 if (ch == '|') {
1194 rule = CIPHER_ADD;
1195 l++;
1196 continue;
1197 } else if (!(ch >= 'a' && ch <= 'z') && !(ch >= 'A' && ch <= 'Z') &&
1198 !(ch >= '0' && ch <= '9')) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1199 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1200 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1201 break;
1202 } else {
1203 rule = CIPHER_ADD;
1204 }
1205 } else if (ch == '-') {
1206 rule = CIPHER_DEL;
1207 l++;
1208 } else if (ch == '+') {
1209 rule = CIPHER_ORD;
1210 l++;
1211 } else if (ch == '!') {
1212 rule = CIPHER_KILL;
1213 l++;
1214 } else if (ch == '@') {
1215 rule = CIPHER_SPECIAL;
1216 l++;
1217 } else if (ch == '[') {
1218 if (in_group) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1219 OPENSSL_PUT_ERROR(SSL, SSL_R_NESTED_GROUP);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1220 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1221 break;
1222 }
1223 in_group = 1;
1224 has_group = 1;
1225 l++;
1226 continue;
1227 } else {
1228 rule = CIPHER_ADD;
1229 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1230
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1231 /* If preference groups are enabled, the only legal operator is +.
1232 * Otherwise the in_group bits will get mixed up. */
1233 if (has_group && rule != CIPHER_ADD) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1234 OPENSSL_PUT_ERROR(SSL, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1235 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1236 break;
1237 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1238
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1239 if (ITEM_SEP(ch)) {
1240 l++;
1241 continue;
1242 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1243
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1244 multi = 0;
1245 cipher_id = 0;
1246 alg_mkey = ~0u;
1247 alg_auth = ~0u;
1248 alg_enc = ~0u;
1249 alg_mac = ~0u;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1250 min_version = 0;
1251 skip_rule = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1252
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1253 for (;;) {
1254 ch = *l;
1255 buf = l;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1256 buf_len = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1257 while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) ||
1258 ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) {
1259 ch = *(++l);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1260 buf_len++;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1261 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1262
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1263 if (buf_len == 0) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1264 /* We hit something we cannot deal with, it is no command or separator
1265 * nor alphanumeric, so we call this an error. */
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1266 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1267 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1268 l++;
1269 break;
1270 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1271
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1272 if (rule == CIPHER_SPECIAL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1273 break;
1274 }
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1275
1276 /* Look for a matching exact cipher. These aren't allowed in multipart
1277 * rules. */
1278 if (!multi && ch != '+') {
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1279 for (j = 0; j < kCiphersLen; j++) {
1280 const SSL_CIPHER *cipher = &kCiphers[j];
1281 if (rule_equals(cipher->name, buf, buf_len)) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1282 cipher_id = cipher->id;
1283 break;
1284 }
1285 }
1286 }
1287 if (cipher_id == 0) {
1288 /* If not an exact cipher, look for a matching cipher alias. */
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1289 for (j = 0; j < kCipherAliasesLen; j++) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1290 if (rule_equals(kCipherAliases[j].name, buf, buf_len)) {
1291 alg_mkey &= kCipherAliases[j].algorithm_mkey;
1292 alg_auth &= kCipherAliases[j].algorithm_auth;
1293 alg_enc &= kCipherAliases[j].algorithm_enc;
1294 alg_mac &= kCipherAliases[j].algorithm_mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1295
1296 if (min_version != 0 &&
1297 min_version != kCipherAliases[j].min_version) {
1298 skip_rule = 1;
1299 } else {
1300 min_version = kCipherAliases[j].min_version;
1301 }
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1302 break;
1303 }
1304 }
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1305 if (j == kCipherAliasesLen) {
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1306 skip_rule = 1;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1307 }
1308 }
1309
1310 /* Check for a multipart rule. */
1311 if (ch != '+') {
1312 break;
1313 }
1314 l++;
1315 multi = 1;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1316 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1317
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1318 /* If one of the CHACHA20_POLY1305 variants is selected, include the other
1319 * as well. They have the same name to avoid requiring changes in
1320 * configuration. Apply this transformation late so that the cipher name
1321 * still behaves as an exact name and not an alias in multipart rules.
1322 *
1323 * This is temporary and will be removed when the pre-standard construction
1324 * is removed. */
1325 if (cipher_id == TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD ||
1326 cipher_id == TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) {
1327 cipher_id = 0;
1328 alg_mkey = SSL_kECDHE;
1329 alg_auth = SSL_aRSA;
1330 alg_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD;
1331 alg_mac = SSL_AEAD;
1332 } else if (cipher_id == TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD ||
1333 cipher_id == TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) {
1334 cipher_id = 0;
1335 alg_mkey = SSL_kECDHE;
1336 alg_auth = SSL_aECDSA;
1337 alg_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD;
1338 alg_mac = SSL_AEAD;
1339 }
1340
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1341 /* Ok, we have the rule, now apply it. */
1342 if (rule == CIPHER_SPECIAL) {
1343 /* special command */
1344 ok = 0;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1345 if (buf_len == 8 && !strncmp(buf, "STRENGTH", 8)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1346 ok = ssl_cipher_strength_sort(head_p, tail_p);
1347 } else {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1348 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1349 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1350
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1351 if (ok == 0) {
1352 retval = 0;
1353 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1354
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1355 /* We do not support any "multi" options together with "@", so throw away
1356 * the rest of the command, if any left, until end or ':' is found. */
1357 while (*l != '\0' && !ITEM_SEP(*l)) {
1358 l++;
1359 }
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1360 } else if (!skip_rule) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1361 ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1362 min_version, rule, -1, in_group, head_p, tail_p);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1363 }
1364 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1365
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1366 if (in_group) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1367 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1368 retval = 0;
1369 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1370
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1371 return retval;
1372}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1373
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1374STACK_OF(SSL_CIPHER) *
1375ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method,
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1376 struct ssl_cipher_preference_list_st **out_cipher_list,
1377 STACK_OF(SSL_CIPHER) **out_cipher_list_by_id,
1378 const char *rule_str) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1379 int ok;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1380 STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list = NULL;
1381 const char *rule_p;
1382 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1383 uint8_t *in_group_flags = NULL;
1384 unsigned int num_in_group_flags = 0;
1385 struct ssl_cipher_preference_list_st *pref_list = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1386
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1387 /* Return with error if nothing to do. */
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1388 if (rule_str == NULL || out_cipher_list == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1389 return NULL;
1390 }
David Benjamin5213df42014-08-20 14:19:54 -0400[diff] [blame]1391
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1392 /* Now we have to collect the available ciphers from the compiled in ciphers.
1393 * We cannot get more than the number compiled in, so it is used for
1394 * allocation. */
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]1395 co_list = OPENSSL_malloc(sizeof(CIPHER_ORDER) * kCiphersLen);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1396 if (co_list == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1397 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1398 return NULL;
1399 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1400
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1401 ssl_cipher_collect_ciphers(ssl_method, co_list, &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1402
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1403 /* Now arrange all ciphers by preference:
1404 * TODO(davidben): Compute this order once and copy it. */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1405
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1406 /* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other
1407 * key exchange mechanisms */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1408 ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, 0, CIPHER_ADD, -1,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1409 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1410 ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
1411 &head, &tail);
1412 ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0,
1413 &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1414
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1415 /* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer
1416 * CHACHA20 unless there is hardware support for fast and constant-time
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1417 * AES_GCM. Of the two CHACHA20 variants, the new one is preferred over the
1418 * old one. */
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1419 if (EVP_has_aes_hardware()) {
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1420 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1421 &head, &tail);
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame^]1422 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1423 &head, &tail);
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1424 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, 0, CIPHER_ADD,
1425 -1, 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1426 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1427 CIPHER_ADD, -1, 0, &head, &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1428 } else {
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1429 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, 0, CIPHER_ADD,
1430 -1, 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1431 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1432 CIPHER_ADD, -1, 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1433 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1434 &head, &tail);
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame^]1435 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1436 &head, &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1437 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1438
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame^]1439 /* Then the legacy non-AEAD ciphers: AES_128_CBC, AES_256_CBC,
1440 * 3DES_EDE_CBC_SHA, RC4_128_SHA, RC4_128_MD5. */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1441 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, 0, CIPHER_ADD, -1, 0,
1442 &head, &tail);
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame^]1443 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, 0, CIPHER_ADD, -1, 0,
1444 &head, &tail);
1445 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head,
1446 &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1447 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, 0, CIPHER_ADD, -1, 0,
1448 &head, &tail);
1449 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, 0, CIPHER_ADD, -1, 0,
1450 &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1451
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1452 /* Temporarily enable everything else for sorting */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1453 ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head,
1454 &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1455
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1456 /* Move ciphers without forward secrecy to the end. */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1457 ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, 0,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1458 CIPHER_ORD, -1, 0, &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1459
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1460 /* Now disable everything (maintaining the ordering!) */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1461 ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0, &head,
1462 &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1463
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1464 /* If the rule_string begins with DEFAULT, apply the default rule before
1465 * using the (possibly available) additional rules. */
1466 ok = 1;
1467 rule_p = rule_str;
1468 if (strncmp(rule_str, "DEFAULT", 7) == 0) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1469 ok = ssl_cipher_process_rulestr(ssl_method, SSL_DEFAULT_CIPHER_LIST, &head,
1470 &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1471 rule_p += 7;
1472 if (*rule_p == ':') {
1473 rule_p++;
1474 }
1475 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1476
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1477 if (ok && strlen(rule_p) > 0) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1478 ok = ssl_cipher_process_rulestr(ssl_method, rule_p, &head, &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1479 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1480
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1481 if (!ok) {
1482 goto err;
1483 }
1484
1485 /* Allocate new "cipherstack" for the result, return with error
1486 * if we cannot get one. */
1487 cipherstack = sk_SSL_CIPHER_new_null();
1488 if (cipherstack == NULL) {
1489 goto err;
1490 }
1491
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1492 in_group_flags = OPENSSL_malloc(kCiphersLen);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1493 if (!in_group_flags) {
1494 goto err;
1495 }
1496
1497 /* The cipher selection for the list is done. The ciphers are added
1498 * to the resulting precedence to the STACK_OF(SSL_CIPHER). */
1499 for (curr = head; curr != NULL; curr = curr->next) {
1500 if (curr->active) {
David Benjamin2adb7ec2015-01-11 19:59:06 -0500[diff] [blame]1501 if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
1502 goto err;
1503 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1504 in_group_flags[num_in_group_flags++] = curr->in_group;
1505 }
1506 }
1507 OPENSSL_free(co_list); /* Not needed any longer */
1508 co_list = NULL;
1509
1510 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1511 if (tmp_cipher_list == NULL) {
1512 goto err;
1513 }
1514 pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
1515 if (!pref_list) {
1516 goto err;
1517 }
1518 pref_list->ciphers = cipherstack;
1519 pref_list->in_group_flags = OPENSSL_malloc(num_in_group_flags);
1520 if (!pref_list->in_group_flags) {
1521 goto err;
1522 }
1523 memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags);
1524 OPENSSL_free(in_group_flags);
1525 in_group_flags = NULL;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1526 if (*out_cipher_list != NULL) {
1527 ssl_cipher_preference_list_free(*out_cipher_list);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1528 }
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1529 *out_cipher_list = pref_list;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1530 pref_list = NULL;
1531
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1532 if (out_cipher_list_by_id != NULL) {
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]1533 sk_SSL_CIPHER_free(*out_cipher_list_by_id);
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1534 *out_cipher_list_by_id = tmp_cipher_list;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1535 tmp_cipher_list = NULL;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1536 (void) sk_SSL_CIPHER_set_cmp_func(*out_cipher_list_by_id,
1537 ssl_cipher_ptr_id_cmp);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1538
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1539 sk_SSL_CIPHER_sort(*out_cipher_list_by_id);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1540 } else {
1541 sk_SSL_CIPHER_free(tmp_cipher_list);
1542 tmp_cipher_list = NULL;
1543 }
1544
1545 return cipherstack;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1546
1547err:
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]1548 OPENSSL_free(co_list);
1549 OPENSSL_free(in_group_flags);
1550 sk_SSL_CIPHER_free(cipherstack);
1551 sk_SSL_CIPHER_free(tmp_cipher_list);
1552 if (pref_list) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1553 OPENSSL_free(pref_list->in_group_flags);
1554 }
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]1555 OPENSSL_free(pref_list);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1556 return NULL;
1557}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1558
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1559uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
1560
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1561uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
1562 uint32_t id = cipher->id;
1563 /* All ciphers are SSLv3. */
1564 assert((id & 0xff000000) == 0x03000000);
1565 return id & 0xffff;
1566}
1567
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1568int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) {
1569 return (cipher->algorithm_enc & SSL_AES) != 0;
1570}
1571
1572int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) {
1573 return (cipher->algorithm_mac & SSL_MD5) != 0;
1574}
1575
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1576int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) {
1577 return (cipher->algorithm_mac & SSL_SHA1) != 0;
1578}
1579
David Benjamina211aee2016-02-24 17:18:44 -0500[diff] [blame]1580int SSL_CIPHER_has_SHA256_HMAC(const SSL_CIPHER *cipher) {
1581 return (cipher->algorithm_mac & SSL_SHA256) != 0;
1582}
1583
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1584int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher) {
David Benjaminc0125ef2015-09-09 09:11:07 -0400[diff] [blame]1585 return (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) != 0;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1586}
1587
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1588int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher) {
1589 return (cipher->algorithm_enc & SSL_AES128GCM) != 0;
1590}
1591
Adam Langleyb00061c2015-11-16 17:44:52 -0800[diff] [blame]1592int SSL_CIPHER_is_AES128CBC(const SSL_CIPHER *cipher) {
1593 return (cipher->algorithm_enc & SSL_AES128) != 0;
1594}
1595
1596int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher) {
1597 return (cipher->algorithm_enc & SSL_AES256) != 0;
1598}
1599
David Benjamin51a01a52015-10-29 13:19:56 -0400[diff] [blame]1600int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher) {
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1601 return (cipher->algorithm_enc &
1602 (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_OLD)) != 0;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1603}
1604
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1605int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher) {
1606 return (cipher->algorithm_enc & SSL_eNULL) != 0;
1607}
1608
Adam Langleyd7fe75c2015-09-18 15:40:48 -0700[diff] [blame]1609int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher) {
1610 return (cipher->algorithm_enc & SSL_RC4) != 0;
1611}
1612
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1613int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
1614 /* Neither stream cipher nor AEAD. */
1615 return (cipher->algorithm_enc & (SSL_RC4 | SSL_eNULL)) == 0 &&
1616 cipher->algorithm_mac != SSL_AEAD;
1617}
1618
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1619int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher) {
1620 return (cipher->algorithm_auth & SSL_aECDSA) != 0;
1621}
1622
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]1623int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher) {
1624 return (cipher->algorithm_mkey & SSL_kECDHE) != 0;
1625}
1626
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1627uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher) {
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1628 if (cipher->algorithm_prf != SSL_HANDSHAKE_MAC_DEFAULT) {
1629 /* Cipher suites before TLS 1.2 use the default PRF, while all those added
1630 * afterwards specify a particular hash. */
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1631 return TLS1_2_VERSION;
1632 }
1633 return SSL3_VERSION;
1634}
1635
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1636/* return the actual cipher being used */
1637const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher) {
1638 if (cipher != NULL) {
1639 return cipher->name;
1640 }
1641
1642 return "(NONE)";
1643}
1644
1645const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) {
1646 if (cipher == NULL) {
1647 return "";
1648 }
1649
1650 switch (cipher->algorithm_mkey) {
1651 case SSL_kRSA:
1652 return "RSA";
1653
1654 case SSL_kDHE:
1655 switch (cipher->algorithm_auth) {
1656 case SSL_aRSA:
1657 return "DHE_RSA";
1658 default:
1659 assert(0);
1660 return "UNKNOWN";
1661 }
1662
1663 case SSL_kECDHE:
1664 switch (cipher->algorithm_auth) {
1665 case SSL_aECDSA:
1666 return "ECDHE_ECDSA";
1667 case SSL_aRSA:
1668 return "ECDHE_RSA";
1669 case SSL_aPSK:
1670 return "ECDHE_PSK";
1671 default:
1672 assert(0);
1673 return "UNKNOWN";
1674 }
1675
1676 case SSL_kPSK:
1677 assert(cipher->algorithm_auth == SSL_aPSK);
1678 return "PSK";
1679
1680 default:
1681 assert(0);
1682 return "UNKNOWN";
1683 }
1684}
1685
1686static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) {
1687 switch (cipher->algorithm_enc) {
1688 case SSL_3DES:
1689 return "3DES_EDE_CBC";
1690 case SSL_RC4:
1691 return "RC4";
1692 case SSL_AES128:
1693 return "AES_128_CBC";
1694 case SSL_AES256:
1695 return "AES_256_CBC";
1696 case SSL_AES128GCM:
1697 return "AES_128_GCM";
1698 case SSL_AES256GCM:
1699 return "AES_256_GCM";
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1700 case SSL_CHACHA20POLY1305:
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]1701 case SSL_CHACHA20POLY1305_OLD:
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1702 return "CHACHA20_POLY1305";
1703 break;
1704 default:
1705 assert(0);
1706 return "UNKNOWN";
1707 }
1708}
1709
1710static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) {
David Benjaminb0883312015-08-06 09:54:13 -0400[diff] [blame]1711 switch (cipher->algorithm_prf) {
1712 case SSL_HANDSHAKE_MAC_DEFAULT:
1713 /* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is
1714 * only ever MD5 or SHA-1. */
1715 switch (cipher->algorithm_mac) {
1716 case SSL_MD5:
1717 return "MD5";
1718 case SSL_SHA1:
1719 return "SHA";
1720 }
1721 break;
1722 case SSL_HANDSHAKE_MAC_SHA256:
1723 return "SHA256";
1724 case SSL_HANDSHAKE_MAC_SHA384:
1725 return "SHA384";
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1726 }
David Benjaminb0883312015-08-06 09:54:13 -0400[diff] [blame]1727 assert(0);
1728 return "UNKNOWN";
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1729}
1730
1731char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher) {
1732 if (cipher == NULL) {
1733 return NULL;
1734 }
1735
1736 const char *kx_name = SSL_CIPHER_get_kx_name(cipher);
1737 const char *enc_name = ssl_cipher_get_enc_name(cipher);
1738 const char *prf_name = ssl_cipher_get_prf_name(cipher);
1739
1740 /* The final name is TLS_{kx_name}_WITH_{enc_name}_{prf_name}. */
1741 size_t len = 4 + strlen(kx_name) + 6 + strlen(enc_name) + 1 +
1742 strlen(prf_name) + 1;
1743 char *ret = OPENSSL_malloc(len);
1744 if (ret == NULL) {
1745 return NULL;
1746 }
1747 if (BUF_strlcpy(ret, "TLS_", len) >= len ||
1748 BUF_strlcat(ret, kx_name, len) >= len ||
1749 BUF_strlcat(ret, "_WITH_", len) >= len ||
1750 BUF_strlcat(ret, enc_name, len) >= len ||
1751 BUF_strlcat(ret, "_", len) >= len ||
1752 BUF_strlcat(ret, prf_name, len) >= len) {
1753 assert(0);
1754 OPENSSL_free(ret);
1755 return NULL;
1756 }
1757 assert(strlen(ret) + 1 == len);
1758 return ret;
1759}
1760
1761int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) {
1762 if (cipher == NULL) {
1763 return 0;
1764 }
1765
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1766 int alg_bits, strength_bits;
1767 switch (cipher->algorithm_enc) {
1768 case SSL_AES128:
1769 case SSL_AES128GCM:
1770 case SSL_RC4:
1771 alg_bits = 128;
1772 strength_bits = 128;
1773 break;
1774
1775 case SSL_AES256:
1776 case SSL_AES256GCM:
1777#if !defined(BORINGSSL_ANDROID_SYSTEM)
1778 case SSL_CHACHA20POLY1305_OLD:
1779#endif
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1780 case SSL_CHACHA20POLY1305:
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1781 alg_bits = 256;
1782 strength_bits = 256;
1783 break;
1784
1785 case SSL_3DES:
1786 alg_bits = 168;
1787 strength_bits = 112;
1788 break;
1789
1790 case SSL_eNULL:
1791 alg_bits = 0;
1792 strength_bits = 0;
1793 break;
1794
1795 default:
1796 assert(0);
1797 alg_bits = 0;
1798 strength_bits = 0;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1799 }
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1800
1801 if (out_alg_bits != NULL) {
1802 *out_alg_bits = alg_bits;
1803 }
1804 return strength_bits;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1805}
1806
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1807const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
1808 int len) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1809 const char *kx, *au, *enc, *mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1810 uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1811
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1812 alg_mkey = cipher->algorithm_mkey;
1813 alg_auth = cipher->algorithm_auth;
1814 alg_enc = cipher->algorithm_enc;
1815 alg_mac = cipher->algorithm_mac;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1816
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1817 switch (alg_mkey) {
1818 case SSL_kRSA:
1819 kx = "RSA";
1820 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1821
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1822 case SSL_kDHE:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1823 kx = "DH";
1824 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1825
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1826 case SSL_kECDHE:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1827 kx = "ECDH";
1828 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1829
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1830 case SSL_kPSK:
1831 kx = "PSK";
1832 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1833
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1834 default:
1835 kx = "unknown";
1836 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1837
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1838 switch (alg_auth) {
1839 case SSL_aRSA:
1840 au = "RSA";
1841 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1842
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1843 case SSL_aECDSA:
1844 au = "ECDSA";
1845 break;
Adam Langley4d4bff82014-06-20 12:00:00 -0700[diff] [blame]1846
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1847 case SSL_aPSK:
1848 au = "PSK";
1849 break;
Adam Langley4d4bff82014-06-20 12:00:00 -0700[diff] [blame]1850
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1851 default:
1852 au = "unknown";
1853 break;
1854 }
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1855
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1856 switch (alg_enc) {
1857 case SSL_3DES:
1858 enc = "3DES(168)";
1859 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1860
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1861 case SSL_RC4:
1862 enc = "RC4(128)";
1863 break;
1864
1865 case SSL_AES128:
1866 enc = "AES(128)";
1867 break;
1868
1869 case SSL_AES256:
1870 enc = "AES(256)";
1871 break;
1872
1873 case SSL_AES128GCM:
1874 enc = "AESGCM(128)";
1875 break;
1876
1877 case SSL_AES256GCM:
1878 enc = "AESGCM(256)";
1879 break;
1880
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]1881 case SSL_CHACHA20POLY1305_OLD:
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1882 enc = "ChaCha20-Poly1305-Old";
1883 break;
1884
1885 case SSL_CHACHA20POLY1305:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1886 enc = "ChaCha20-Poly1305";
1887 break;
1888
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1889 case SSL_eNULL:
1890 enc="None";
1891 break;
1892
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1893 default:
1894 enc = "unknown";
1895 break;
1896 }
1897
1898 switch (alg_mac) {
1899 case SSL_MD5:
1900 mac = "MD5";
1901 break;
1902
1903 case SSL_SHA1:
1904 mac = "SHA1";
1905 break;
1906
1907 case SSL_SHA256:
1908 mac = "SHA256";
1909 break;
1910
1911 case SSL_SHA384:
1912 mac = "SHA384";
1913 break;
1914
1915 case SSL_AEAD:
1916 mac = "AEAD";
1917 break;
1918
1919 default:
1920 mac = "unknown";
1921 break;
1922 }
1923
1924 if (buf == NULL) {
1925 len = 128;
1926 buf = OPENSSL_malloc(len);
David Benjamin1eed2c02015-02-08 23:20:06 -0500[diff] [blame]1927 if (buf == NULL) {
1928 return NULL;
1929 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1930 } else if (len < 128) {
1931 return "Buffer too small";
1932 }
1933
Brian Smith0687bdf2016-01-17 09:18:26 -1000[diff] [blame]1934 BIO_snprintf(buf, len, "%-23s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
1935 cipher->name, kx, au, enc, mac);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1936 return buf;
1937}
1938
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1939const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher) {
1940 return "TLSv1/SSLv3";
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1941}
1942
Matt Braithwaite6a1275b2015-06-26 12:09:10 -0700[diff] [blame]1943COMP_METHOD *SSL_COMP_get_compression_methods(void) { return NULL; }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1944
Matt Braithwaite6a1275b2015-06-26 12:09:10 -0700[diff] [blame]1945int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { return 1; }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1946
Matt Braithwaite6a1275b2015-06-26 12:09:10 -0700[diff] [blame]1947const char *SSL_COMP_get_name(const COMP_METHOD *comp) { return NULL; }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1948
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1949int ssl_cipher_get_key_type(const SSL_CIPHER *cipher) {
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1950 uint32_t alg_a = cipher->algorithm_auth;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1951
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1952 if (alg_a & SSL_aECDSA) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1953 return EVP_PKEY_EC;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1954 } else if (alg_a & SSL_aRSA) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1955 return EVP_PKEY_RSA;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1956 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1957
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1958 return EVP_PKEY_NONE;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1959}
David Benjamin9c651c92014-07-12 13:27:45 -0400[diff] [blame]1960
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1961int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher) {
David Benjamindf0905a2015-09-19 09:58:31 -0400[diff] [blame]1962 /* PSK-authenticated ciphers do not use a certificate. (RSA_PSK is not
1963 * supported.) */
1964 if (cipher->algorithm_auth & SSL_aPSK) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1965 return 0;
1966 }
1967
1968 /* All other ciphers include it. */
1969 return 1;
1970}
1971
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1972int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher) {
1973 /* Ephemeral Diffie-Hellman key exchanges require a ServerKeyExchange. */
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1974 if (cipher->algorithm_mkey & SSL_kDHE || cipher->algorithm_mkey & SSL_kECDHE) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1975 return 1;
1976 }
1977
1978 /* It is optional in all others. */
1979 return 0;
1980}
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]1981
1982size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) {
1983 size_t block_size;
1984 switch (cipher->algorithm_enc) {
1985 case SSL_3DES:
1986 block_size = 8;
1987 break;
1988 case SSL_AES128:
1989 case SSL_AES256:
1990 block_size = 16;
1991 break;
1992 default:
1993 return 0;
1994 }
1995
1996 size_t mac_len;
1997 switch (cipher->algorithm_mac) {
1998 case SSL_MD5:
1999 mac_len = MD5_DIGEST_LENGTH;
2000 break;
2001 case SSL_SHA1:
2002 mac_len = SHA_DIGEST_LENGTH;
2003 break;
2004 default:
2005 return 0;
2006 }
2007
2008 size_t ret = 1 + mac_len;
2009 ret += block_size - (ret % block_size);
2010 return ret;
2011}