Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 060cfb091194edf7341d91009764c64096a87157 / . / ssl / ssl_cipher.c
blob: 58ce582c4621413c3a697ad796220bc943305caf [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115/* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
David Benjamin9e4e01e2015-09-15 01:48:04 -0400[diff] [blame]141#include <openssl/ssl.h>
142
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]143#include <assert.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400[diff] [blame]144#include <string.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]145
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]146#include <openssl/buf.h>
David Benjaminf0ae1702015-04-07 23:05:04 -0400[diff] [blame]147#include <openssl/err.h>
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]148#include <openssl/md5.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]149#include <openssl/mem.h>
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]150#include <openssl/sha.h>
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]151#include <openssl/stack.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]152
David Benjamin2ee94aa2015-04-07 22:38:30 -0400[diff] [blame]153#include "internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]154
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]155
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]156/* kCiphers is an array of all supported ciphers, sorted by id. */
David Benjamin20c37312015-11-11 21:33:18 -0800[diff] [blame]157static const SSL_CIPHER kCiphers[] = {
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]158 /* The RSA ciphers */
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]159 /* Cipher 02 */
160 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]161 SSL3_TXT_RSA_NULL_SHA,
162 SSL3_CK_RSA_NULL_SHA,
163 SSL_kRSA,
164 SSL_aRSA,
165 SSL_eNULL,
166 SSL_SHA1,
167 SSL_HANDSHAKE_MAC_DEFAULT,
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]168 },
169
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]170 /* Cipher 04 */
171 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]172 SSL3_TXT_RSA_RC4_128_MD5,
173 SSL3_CK_RSA_RC4_128_MD5,
174 SSL_kRSA,
175 SSL_aRSA,
176 SSL_RC4,
177 SSL_MD5,
178 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]179 },
180
181 /* Cipher 05 */
182 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]183 SSL3_TXT_RSA_RC4_128_SHA,
184 SSL3_CK_RSA_RC4_128_SHA,
185 SSL_kRSA,
186 SSL_aRSA,
187 SSL_RC4,
188 SSL_SHA1,
189 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]190 },
191
192 /* Cipher 0A */
193 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]194 SSL3_TXT_RSA_DES_192_CBC3_SHA,
195 SSL3_CK_RSA_DES_192_CBC3_SHA,
196 SSL_kRSA,
197 SSL_aRSA,
198 SSL_3DES,
199 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]200 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]201 },
202
203
204 /* New AES ciphersuites */
205
206 /* Cipher 2F */
207 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]208 TLS1_TXT_RSA_WITH_AES_128_SHA,
209 TLS1_CK_RSA_WITH_AES_128_SHA,
210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_AES128,
213 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]214 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]215 },
216
217 /* Cipher 33 */
218 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]219 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
220 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
221 SSL_kDHE,
222 SSL_aRSA,
223 SSL_AES128,
224 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]225 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]226 },
227
228 /* Cipher 35 */
229 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]230 TLS1_TXT_RSA_WITH_AES_256_SHA,
231 TLS1_CK_RSA_WITH_AES_256_SHA,
232 SSL_kRSA,
233 SSL_aRSA,
234 SSL_AES256,
235 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]236 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]237 },
238
239 /* Cipher 39 */
240 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]241 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
242 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
243 SSL_kDHE,
244 SSL_aRSA,
245 SSL_AES256,
246 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]247 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]248 },
249
250
251 /* TLS v1.2 ciphersuites */
252
253 /* Cipher 3C */
254 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]255 TLS1_TXT_RSA_WITH_AES_128_SHA256,
256 TLS1_CK_RSA_WITH_AES_128_SHA256,
257 SSL_kRSA,
258 SSL_aRSA,
259 SSL_AES128,
260 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]261 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]262 },
263
264 /* Cipher 3D */
265 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]266 TLS1_TXT_RSA_WITH_AES_256_SHA256,
267 TLS1_CK_RSA_WITH_AES_256_SHA256,
268 SSL_kRSA,
269 SSL_aRSA,
270 SSL_AES256,
271 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]272 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]273 },
274
275 /* Cipher 67 */
276 {
277 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]278 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
279 SSL_kDHE,
280 SSL_aRSA,
281 SSL_AES128,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]282 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]283 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]284 },
285
286 /* Cipher 6B */
287 {
288 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]289 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
290 SSL_kDHE,
291 SSL_aRSA,
292 SSL_AES256,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]293 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]294 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]295 },
296
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]297 /* PSK cipher suites. */
298
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]299 /* Cipher 8A */
300 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]301 TLS1_TXT_PSK_WITH_RC4_128_SHA,
302 TLS1_CK_PSK_WITH_RC4_128_SHA,
303 SSL_kPSK,
304 SSL_aPSK,
305 SSL_RC4,
306 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]307 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]308 },
309
310 /* Cipher 8C */
311 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]312 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
313 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
314 SSL_kPSK,
315 SSL_aPSK,
316 SSL_AES128,
317 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]318 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]319 },
320
321 /* Cipher 8D */
322 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]323 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
324 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
325 SSL_kPSK,
326 SSL_aPSK,
327 SSL_AES256,
328 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]329 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]330 },
331
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]332 /* GCM ciphersuites from RFC5288 */
333
334 /* Cipher 9C */
335 {
336 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]337 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
338 SSL_kRSA,
339 SSL_aRSA,
340 SSL_AES128GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]341 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]342 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]343 },
344
345 /* Cipher 9D */
346 {
347 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]348 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
349 SSL_kRSA,
350 SSL_aRSA,
351 SSL_AES256GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]352 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]353 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]354 },
355
356 /* Cipher 9E */
357 {
358 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]359 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
360 SSL_kDHE,
361 SSL_aRSA,
362 SSL_AES128GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]363 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]364 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]365 },
366
367 /* Cipher 9F */
368 {
369 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]370 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
371 SSL_kDHE,
372 SSL_aRSA,
373 SSL_AES256GCM,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]374 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]375 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]376 },
377
378 /* Cipher C007 */
379 {
380 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]381 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
382 SSL_kECDHE,
383 SSL_aECDSA,
384 SSL_RC4,
385 SSL_SHA1,
386 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]387 },
388
389 /* Cipher C009 */
390 {
391 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]392 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
393 SSL_kECDHE,
394 SSL_aECDSA,
395 SSL_AES128,
396 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]397 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]398 },
399
400 /* Cipher C00A */
401 {
402 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]403 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
404 SSL_kECDHE,
405 SSL_aECDSA,
406 SSL_AES256,
407 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]408 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]409 },
410
411 /* Cipher C011 */
412 {
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]413 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
414 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
415 SSL_kECDHE,
416 SSL_aRSA,
417 SSL_RC4,
418 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]419 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]420 },
421
422 /* Cipher C013 */
423 {
424 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]425 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
426 SSL_kECDHE,
427 SSL_aRSA,
428 SSL_AES128,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]429 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]430 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]431 },
432
433 /* Cipher C014 */
434 {
435 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]436 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
437 SSL_kECDHE,
438 SSL_aRSA,
439 SSL_AES256,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]440 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]441 SSL_HANDSHAKE_MAC_DEFAULT,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]442 },
443
444
445 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
446
447 /* Cipher C023 */
448 {
449 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]450 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
451 SSL_kECDHE,
452 SSL_aECDSA,
453 SSL_AES128,
454 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]455 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]456 },
457
458 /* Cipher C024 */
459 {
460 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]461 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
462 SSL_kECDHE,
463 SSL_aECDSA,
464 SSL_AES256,
465 SSL_SHA384,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]466 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]467 },
468
469 /* Cipher C027 */
470 {
471 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]472 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
473 SSL_kECDHE,
474 SSL_aRSA,
475 SSL_AES128,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]476 SSL_SHA256,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]477 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]478 },
479
480 /* Cipher C028 */
481 {
482 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]483 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
484 SSL_kECDHE,
485 SSL_aRSA,
486 SSL_AES256,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]487 SSL_SHA384,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]488 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]489 },
490
491
492 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
493
494 /* Cipher C02B */
495 {
496 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]497 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
498 SSL_kECDHE,
499 SSL_aECDSA,
500 SSL_AES128GCM,
501 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]502 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]503 },
504
505 /* Cipher C02C */
506 {
507 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]508 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
509 SSL_kECDHE,
510 SSL_aECDSA,
511 SSL_AES256GCM,
512 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]513 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]514 },
515
516 /* Cipher C02F */
517 {
518 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]519 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
520 SSL_kECDHE,
521 SSL_aRSA,
522 SSL_AES128GCM,
523 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]524 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]525 },
526
527 /* Cipher C030 */
528 {
529 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]530 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
531 SSL_kECDHE,
532 SSL_aRSA,
533 SSL_AES256GCM,
534 SSL_AEAD,
David Benjaminb2a985b2015-06-21 15:13:57 -0400[diff] [blame]535 SSL_HANDSHAKE_MAC_SHA384,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]536 },
537
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]538 /* ECDHE-PSK cipher suites. */
539
540 /* Cipher C035 */
541 {
542 TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
543 TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]544 SSL_kECDHE,
545 SSL_aPSK,
546 SSL_AES128,
547 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]548 SSL_HANDSHAKE_MAC_DEFAULT,
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]549 },
550
551 /* Cipher C036 */
552 {
553 TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
554 TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]555 SSL_kECDHE,
556 SSL_aPSK,
557 SSL_AES256,
558 SSL_SHA1,
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]559 SSL_HANDSHAKE_MAC_DEFAULT,
Adam Langley85bc5602015-06-09 09:54:04 -0700[diff] [blame]560 },
561
562 /* ChaCha20-Poly1305 cipher suites. */
563
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]564#if !defined(BORINGSSL_ANDROID_SYSTEM)
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]565 {
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]566 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]567 TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD,
568 SSL_kECDHE,
569 SSL_aRSA,
570 SSL_CHACHA20POLY1305_OLD,
571 SSL_AEAD,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]572 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]573 },
574
575 {
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]576 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD,
David Benjaminff2df332015-11-18 10:01:16 -0500[diff] [blame]577 TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD,
578 SSL_kECDHE,
579 SSL_aECDSA,
580 SSL_CHACHA20POLY1305_OLD,
581 SSL_AEAD,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]582 SSL_HANDSHAKE_MAC_SHA256,
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]583 },
Adam Langleyd98dc132015-09-23 16:41:33 -0700[diff] [blame]584#endif
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]585
586 /* Cipher CCA8 */
587 {
588 TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
589 TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
590 SSL_kECDHE,
591 SSL_aRSA,
592 SSL_CHACHA20POLY1305,
593 SSL_AEAD,
594 SSL_HANDSHAKE_MAC_SHA256,
595 },
596
597 /* Cipher CCA9 */
598 {
599 TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
600 TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
601 SSL_kECDHE,
602 SSL_aECDSA,
603 SSL_CHACHA20POLY1305,
604 SSL_AEAD,
605 SSL_HANDSHAKE_MAC_SHA256,
606 },
607
608 /* Cipher CCAB */
609 {
610 TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
611 TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
612 SSL_kECDHE,
613 SSL_aPSK,
614 SSL_CHACHA20POLY1305,
615 SSL_AEAD,
616 SSL_HANDSHAKE_MAC_SHA256,
617 },
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]618};
619
620static const size_t kCiphersLen = sizeof(kCiphers) / sizeof(kCiphers[0]);
621
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]622#define CIPHER_ADD 1
623#define CIPHER_KILL 2
624#define CIPHER_DEL 3
625#define CIPHER_ORD 4
626#define CIPHER_SPECIAL 5
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]627
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]628typedef struct cipher_order_st {
629 const SSL_CIPHER *cipher;
630 int active;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]631 int in_group;
632 struct cipher_order_st *next, *prev;
633} CIPHER_ORDER;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]634
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]635typedef struct cipher_alias_st {
636 /* name is the name of the cipher alias. */
637 const char *name;
638
639 /* The following fields are bitmasks for the corresponding fields on
640 * |SSL_CIPHER|. A cipher matches a cipher alias iff, for each bitmask, the
641 * bit corresponding to the cipher's value is set to 1. If any bitmask is
642 * all zeroes, the alias matches nothing. Use |~0u| for the default value. */
643 uint32_t algorithm_mkey;
644 uint32_t algorithm_auth;
645 uint32_t algorithm_enc;
646 uint32_t algorithm_mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]647
648 /* min_version, if non-zero, matches all ciphers which were added in that
649 * particular protocol version. */
650 uint16_t min_version;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]651} CIPHER_ALIAS;
652
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]653static const CIPHER_ALIAS kCipherAliases[] = {
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]654 /* "ALL" doesn't include eNULL (must be specifically enabled) */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]655 {"ALL", ~0u, ~0u, ~SSL_eNULL, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]656
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]657 /* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]658
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]659 /* key exchange aliases
660 * (some of those using only a single bit here combine
661 * multiple key exchange algs according to the RFCs,
662 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]663 {"kRSA", SSL_kRSA, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]664
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]665 {"kDHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
666 {"kEDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
667 {"DH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]668
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]669 {"kECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
670 {"kEECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
671 {"ECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]672
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]673 {"kPSK", SSL_kPSK, ~0u, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]674
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]675 /* server authentication aliases */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]676 {"aRSA", ~0u, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
677 {"aECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
678 {"ECDSA", ~0u, SSL_aECDSA, ~0u, ~0u, 0},
679 {"aPSK", ~0u, SSL_aPSK, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]680
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]681 /* aliases combining key exchange and server authentication */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]682 {"DHE", SSL_kDHE, ~0u, ~0u, ~0u, 0},
683 {"EDH", SSL_kDHE, ~0u, ~0u, ~0u, 0},
684 {"ECDHE", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
685 {"EECDH", SSL_kECDHE, ~0u, ~0u, ~0u, 0},
686 {"RSA", SSL_kRSA, SSL_aRSA, ~SSL_eNULL, ~0u, 0},
687 {"PSK", SSL_kPSK, SSL_aPSK, ~0u, ~0u, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]688
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]689 /* symmetric encryption aliases */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]690 {"3DES", ~0u, ~0u, SSL_3DES, ~0u, 0},
691 {"RC4", ~0u, ~0u, SSL_RC4, ~0u, 0},
692 {"AES128", ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, 0},
693 {"AES256", ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, 0},
694 {"AES", ~0u, ~0u, SSL_AES, ~0u, 0},
695 {"AESGCM", ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, 0},
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]696 {"CHACHA20", ~0u, ~0u, SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_OLD, ~0u,
697 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]698
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]699 /* MAC aliases */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]700 {"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
701 {"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
702 {"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
703 {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
704 {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]705
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]706 /* Legacy protocol minimum version aliases. "TLSv1" is intentionally the
707 * same as "SSLv3". */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]708 {"SSLv3", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
709 {"TLSv1", ~0u, ~0u, ~SSL_eNULL, ~0u, SSL3_VERSION},
710 {"TLSv1.2", ~0u, ~0u, ~SSL_eNULL, ~0u, TLS1_2_VERSION},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]711
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]712 /* Legacy strength classes. */
713 {"MEDIUM", ~0u, ~0u, SSL_RC4, ~0u, 0},
714 {"HIGH", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
715 {"FIPS", ~0u, ~0u, ~(SSL_eNULL|SSL_RC4), ~0u, 0},
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]716};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]717
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]718static const size_t kCipherAliasesLen =
719 sizeof(kCipherAliases) / sizeof(kCipherAliases[0]);
720
721static int ssl_cipher_id_cmp(const void *in_a, const void *in_b) {
722 const SSL_CIPHER *a = in_a;
723 const SSL_CIPHER *b = in_b;
724
725 if (a->id > b->id) {
726 return 1;
727 } else if (a->id < b->id) {
728 return -1;
729 } else {
730 return 0;
731 }
732}
733
734static int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **a, const SSL_CIPHER **b) {
735 return ssl_cipher_id_cmp(*a, *b);
736}
737
738const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
739 SSL_CIPHER c;
740
741 c.id = 0x03000000L | value;
742 return bsearch(&c, kCiphers, kCiphersLen, sizeof(SSL_CIPHER),
743 ssl_cipher_id_cmp);
744}
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]745
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]746int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
747 size_t *out_mac_secret_len,
748 size_t *out_fixed_iv_len,
749 const SSL_CIPHER *cipher, uint16_t version) {
750 *out_aead = NULL;
751 *out_mac_secret_len = 0;
752 *out_fixed_iv_len = 0;
Adam Langleyc9fb3752014-06-20 12:00:00 -0700[diff] [blame]753
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]754 switch (cipher->algorithm_enc) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]755 case SSL_AES128GCM:
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]756 *out_aead = EVP_aead_aes_128_gcm();
757 *out_fixed_iv_len = 4;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]758 return 1;
759
760 case SSL_AES256GCM:
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]761 *out_aead = EVP_aead_aes_256_gcm();
762 *out_fixed_iv_len = 4;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]763 return 1;
764
Adam Langleyd98dc132015-09-23 16:41:33 -0700[diff] [blame]765#if !defined(BORINGSSL_ANDROID_SYSTEM)
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]766 case SSL_CHACHA20POLY1305_OLD:
Brian Smith3e23e4c2015-10-03 11:38:58 -1000[diff] [blame]767 *out_aead = EVP_aead_chacha20_poly1305_old();
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]768 *out_fixed_iv_len = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]769 return 1;
Adam Langleyd98dc132015-09-23 16:41:33 -0700[diff] [blame]770#endif
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]771
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]772 case SSL_CHACHA20POLY1305:
773 *out_aead = EVP_aead_chacha20_poly1305();
774 *out_fixed_iv_len = 12;
775 return 1;
776
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]777 case SSL_RC4:
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]778 switch (cipher->algorithm_mac) {
779 case SSL_MD5:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]780 if (version == SSL3_VERSION) {
781 *out_aead = EVP_aead_rc4_md5_ssl3();
782 } else {
783 *out_aead = EVP_aead_rc4_md5_tls();
784 }
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]785 *out_mac_secret_len = MD5_DIGEST_LENGTH;
786 return 1;
787 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]788 if (version == SSL3_VERSION) {
789 *out_aead = EVP_aead_rc4_sha1_ssl3();
790 } else {
791 *out_aead = EVP_aead_rc4_sha1_tls();
792 }
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]793 *out_mac_secret_len = SHA_DIGEST_LENGTH;
794 return 1;
795 default:
796 return 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]797 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]798
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]799 case SSL_AES128:
800 switch (cipher->algorithm_mac) {
801 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]802 if (version == SSL3_VERSION) {
803 *out_aead = EVP_aead_aes_128_cbc_sha1_ssl3();
804 *out_fixed_iv_len = 16;
805 } else if (version == TLS1_VERSION) {
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]806 *out_aead = EVP_aead_aes_128_cbc_sha1_tls_implicit_iv();
807 *out_fixed_iv_len = 16;
808 } else {
809 *out_aead = EVP_aead_aes_128_cbc_sha1_tls();
810 }
811 *out_mac_secret_len = SHA_DIGEST_LENGTH;
812 return 1;
813 case SSL_SHA256:
814 *out_aead = EVP_aead_aes_128_cbc_sha256_tls();
815 *out_mac_secret_len = SHA256_DIGEST_LENGTH;
816 return 1;
817 default:
818 return 0;
819 }
820
821 case SSL_AES256:
822 switch (cipher->algorithm_mac) {
823 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]824 if (version == SSL3_VERSION) {
825 *out_aead = EVP_aead_aes_256_cbc_sha1_ssl3();
826 *out_fixed_iv_len = 16;
827 } else if (version == TLS1_VERSION) {
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]828 *out_aead = EVP_aead_aes_256_cbc_sha1_tls_implicit_iv();
829 *out_fixed_iv_len = 16;
830 } else {
831 *out_aead = EVP_aead_aes_256_cbc_sha1_tls();
832 }
833 *out_mac_secret_len = SHA_DIGEST_LENGTH;
834 return 1;
835 case SSL_SHA256:
836 *out_aead = EVP_aead_aes_256_cbc_sha256_tls();
837 *out_mac_secret_len = SHA256_DIGEST_LENGTH;
838 return 1;
839 case SSL_SHA384:
840 *out_aead = EVP_aead_aes_256_cbc_sha384_tls();
841 *out_mac_secret_len = SHA384_DIGEST_LENGTH;
842 return 1;
843 default:
844 return 0;
845 }
846
847 case SSL_3DES:
848 switch (cipher->algorithm_mac) {
849 case SSL_SHA1:
David Benjamin044abb02014-12-23 10:57:17 -0500[diff] [blame]850 if (version == SSL3_VERSION) {
851 *out_aead = EVP_aead_des_ede3_cbc_sha1_ssl3();
852 *out_fixed_iv_len = 8;
853 } else if (version == TLS1_VERSION) {
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]854 *out_aead = EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv();
855 *out_fixed_iv_len = 8;
856 } else {
857 *out_aead = EVP_aead_des_ede3_cbc_sha1_tls();
858 }
859 *out_mac_secret_len = SHA_DIGEST_LENGTH;
860 return 1;
861 default:
862 return 0;
863 }
864
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]865 case SSL_eNULL:
866 switch (cipher->algorithm_mac) {
867 case SSL_SHA1:
868 if (version == SSL3_VERSION) {
869 *out_aead = EVP_aead_null_sha1_ssl3();
870 } else {
871 *out_aead = EVP_aead_null_sha1_tls();
872 }
873 *out_mac_secret_len = SHA_DIGEST_LENGTH;
874 return 1;
875 default:
876 return 0;
877 }
878
David Benjaminea72bd02014-12-21 21:27:41 -0500[diff] [blame]879 default:
880 return 0;
881 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]882}
Adam Langleyc9fb3752014-06-20 12:00:00 -0700[diff] [blame]883
David Benjaminb0883312015-08-06 09:54:13 -0400[diff] [blame]884const EVP_MD *ssl_get_handshake_digest(uint32_t algorithm_prf) {
885 switch (algorithm_prf) {
886 case SSL_HANDSHAKE_MAC_DEFAULT:
887 return EVP_sha1();
888 case SSL_HANDSHAKE_MAC_SHA256:
889 return EVP_sha256();
890 case SSL_HANDSHAKE_MAC_SHA384:
891 return EVP_sha384();
892 default:
893 return NULL;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]894 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]895}
896
897#define ITEM_SEP(a) \
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]898 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]899
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]900/* rule_equals returns one iff the NUL-terminated string |rule| is equal to the
901 * |buf_len| bytes at |buf|. */
902static int rule_equals(const char *rule, const char *buf, size_t buf_len) {
903 /* |strncmp| alone only checks that |buf| is a prefix of |rule|. */
904 return strncmp(rule, buf, buf_len) == 0 && rule[buf_len] == '\0';
905}
906
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]907static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]908 CIPHER_ORDER **tail) {
909 if (curr == *tail) {
910 return;
911 }
912 if (curr == *head) {
913 *head = curr->next;
914 }
915 if (curr->prev != NULL) {
916 curr->prev->next = curr->next;
917 }
918 if (curr->next != NULL) {
919 curr->next->prev = curr->prev;
920 }
921 (*tail)->next = curr;
922 curr->prev = *tail;
923 curr->next = NULL;
924 *tail = curr;
925}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]926
927static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]928 CIPHER_ORDER **tail) {
929 if (curr == *head) {
930 return;
931 }
932 if (curr == *tail) {
933 *tail = curr->prev;
934 }
935 if (curr->next != NULL) {
936 curr->next->prev = curr->prev;
937 }
938 if (curr->prev != NULL) {
939 curr->prev->next = curr->next;
940 }
941 (*head)->prev = curr;
942 curr->next = *head;
943 curr->prev = NULL;
944 *head = curr;
945}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]946
David Benjamin82c9e902014-12-12 15:55:27 -0500[diff] [blame]947static void ssl_cipher_collect_ciphers(const SSL_PROTOCOL_METHOD *ssl_method,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]948 CIPHER_ORDER *co_list,
949 CIPHER_ORDER **head_p,
950 CIPHER_ORDER **tail_p) {
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]951 /* The set of ciphers is static, but some subset may be unsupported by
952 * |ssl_method|, so the list may be smaller. */
953 size_t co_list_num = 0;
954 size_t i;
955 for (i = 0; i < kCiphersLen; i++) {
956 const SSL_CIPHER *cipher = &kCiphers[i];
957 if (ssl_method->supports_cipher(cipher)) {
958 co_list[co_list_num].cipher = cipher;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]959 co_list[co_list_num].next = NULL;
960 co_list[co_list_num].prev = NULL;
961 co_list[co_list_num].active = 0;
962 co_list[co_list_num].in_group = 0;
963 co_list_num++;
964 }
965 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]966
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]967 /* Prepare linked list from list entries. */
968 if (co_list_num > 0) {
969 co_list[0].prev = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]970
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]971 if (co_list_num > 1) {
972 co_list[0].next = &co_list[1];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]973
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]974 for (i = 1; i < co_list_num - 1; i++) {
975 co_list[i].prev = &co_list[i - 1];
976 co_list[i].next = &co_list[i + 1];
977 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]978
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]979 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
980 }
981
982 co_list[co_list_num - 1].next = NULL;
983
984 *head_p = &co_list[0];
985 *tail_p = &co_list[co_list_num - 1];
986 }
987}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]988
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]989/* ssl_cipher_apply_rule applies the rule type |rule| to ciphers matching its
990 * parameters in the linked list from |*head_p| to |*tail_p|. It writes the new
991 * head and tail of the list to |*head_p| and |*tail_p|, respectively.
992 *
993 * - If |cipher_id| is non-zero, only that cipher is selected.
994 * - Otherwise, if |strength_bits| is non-negative, it selects ciphers
995 * of that strength.
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]996 * - Otherwise, it selects ciphers that match each bitmasks in |alg_*| and
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]997 * |min_version|. */
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]998static void ssl_cipher_apply_rule(
David Benjamin107db582015-04-08 00:41:59 -0400[diff] [blame]999 uint32_t cipher_id, uint32_t alg_mkey, uint32_t alg_auth,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1000 uint32_t alg_enc, uint32_t alg_mac, uint16_t min_version, int rule,
1001 int strength_bits, int in_group, CIPHER_ORDER **head_p,
1002 CIPHER_ORDER **tail_p) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1003 CIPHER_ORDER *head, *tail, *curr, *next, *last;
1004 const SSL_CIPHER *cp;
1005 int reverse = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1006
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1007 if (cipher_id == 0 && strength_bits == -1 && min_version == 0 &&
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1008 (alg_mkey == 0 || alg_auth == 0 || alg_enc == 0 || alg_mac == 0)) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1009 /* The rule matches nothing, so bail early. */
1010 return;
1011 }
1012
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1013 if (rule == CIPHER_DEL) {
1014 /* needed to maintain sorting between currently deleted ciphers */
1015 reverse = 1;
1016 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1017
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1018 head = *head_p;
1019 tail = *tail_p;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1020
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1021 if (reverse) {
1022 next = tail;
1023 last = head;
1024 } else {
1025 next = head;
1026 last = tail;
1027 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1028
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1029 curr = NULL;
1030 for (;;) {
1031 if (curr == last) {
1032 break;
1033 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1034
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1035 curr = next;
1036 if (curr == NULL) {
1037 break;
1038 }
Adam Langleye3142a72014-07-24 17:56:48 -0700[diff] [blame]1039
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1040 next = reverse ? curr->prev : curr->next;
1041 cp = curr->cipher;
Adam Langleye3142a72014-07-24 17:56:48 -0700[diff] [blame]1042
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1043 /* Selection criteria is either a specific cipher, the value of
1044 * |strength_bits|, or the algorithms used. */
1045 if (cipher_id != 0) {
1046 if (cipher_id != cp->id) {
1047 continue;
1048 }
1049 } else if (strength_bits >= 0) {
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1050 if (strength_bits != SSL_CIPHER_get_bits(cp, NULL)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1051 continue;
1052 }
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1053 } else if (!(alg_mkey & cp->algorithm_mkey) ||
1054 !(alg_auth & cp->algorithm_auth) ||
1055 !(alg_enc & cp->algorithm_enc) ||
1056 !(alg_mac & cp->algorithm_mac) ||
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1057 (min_version != 0 &&
1058 SSL_CIPHER_get_min_version(cp) != min_version)) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1059 continue;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1060 }
Adam Langleye3142a72014-07-24 17:56:48 -0700[diff] [blame]1061
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1062 /* add the cipher if it has not been added yet. */
1063 if (rule == CIPHER_ADD) {
1064 /* reverse == 0 */
1065 if (!curr->active) {
1066 ll_append_tail(&head, curr, &tail);
1067 curr->active = 1;
1068 curr->in_group = in_group;
1069 }
1070 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1071
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1072 /* Move the added cipher to this location */
1073 else if (rule == CIPHER_ORD) {
1074 /* reverse == 0 */
1075 if (curr->active) {
1076 ll_append_tail(&head, curr, &tail);
1077 curr->in_group = 0;
1078 }
1079 } else if (rule == CIPHER_DEL) {
1080 /* reverse == 1 */
1081 if (curr->active) {
1082 /* most recently deleted ciphersuites get best positions
1083 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1084 * works in reverse to maintain the order) */
1085 ll_append_head(&head, curr, &tail);
1086 curr->active = 0;
1087 curr->in_group = 0;
1088 }
1089 } else if (rule == CIPHER_KILL) {
1090 /* reverse == 0 */
1091 if (head == curr) {
1092 head = curr->next;
1093 } else {
1094 curr->prev->next = curr->next;
1095 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1096
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1097 if (tail == curr) {
1098 tail = curr->prev;
1099 }
1100 curr->active = 0;
1101 if (curr->next != NULL) {
1102 curr->next->prev = curr->prev;
1103 }
1104 if (curr->prev != NULL) {
1105 curr->prev->next = curr->next;
1106 }
1107 curr->next = NULL;
1108 curr->prev = NULL;
1109 }
1110 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1111
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1112 *head_p = head;
1113 *tail_p = tail;
1114}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1115
1116static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1117 CIPHER_ORDER **tail_p) {
1118 int max_strength_bits, i, *number_uses;
1119 CIPHER_ORDER *curr;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1120
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1121 /* This routine sorts the ciphers with descending strength. The sorting must
1122 * keep the pre-sorted sequence, so we apply the normal sorting routine as
1123 * '+' movement to the end of the list. */
1124 max_strength_bits = 0;
1125 curr = *head_p;
1126 while (curr != NULL) {
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1127 if (curr->active &&
1128 SSL_CIPHER_get_bits(curr->cipher, NULL) > max_strength_bits) {
1129 max_strength_bits = SSL_CIPHER_get_bits(curr->cipher, NULL);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1130 }
1131 curr = curr->next;
1132 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1133
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1134 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
1135 if (!number_uses) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1136 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1137 return 0;
1138 }
1139 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1140
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1141 /* Now find the strength_bits values actually used. */
1142 curr = *head_p;
1143 while (curr != NULL) {
1144 if (curr->active) {
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1145 number_uses[SSL_CIPHER_get_bits(curr->cipher, NULL)]++;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1146 }
1147 curr = curr->next;
1148 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1149
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1150 /* Go through the list of used strength_bits values in descending order. */
1151 for (i = max_strength_bits; i >= 0; i--) {
1152 if (number_uses[i] > 0) {
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1153 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, tail_p);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1154 }
1155 }
1156
1157 OPENSSL_free(number_uses);
1158 return 1;
1159}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1160
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1161static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
1162 const char *rule_str,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1163 CIPHER_ORDER **head_p,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1164 CIPHER_ORDER **tail_p) {
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1165 uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1166 uint16_t min_version;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1167 const char *l, *buf;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1168 int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1169 size_t j, buf_len;
1170 uint32_t cipher_id;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1171 char ch;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1172
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1173 retval = 1;
1174 l = rule_str;
1175 for (;;) {
1176 ch = *l;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1177
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1178 if (ch == '\0') {
1179 break; /* done */
1180 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1181
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1182 if (in_group) {
1183 if (ch == ']') {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1184 if (*tail_p) {
1185 (*tail_p)->in_group = 0;
1186 }
1187 in_group = 0;
1188 l++;
1189 continue;
1190 }
David Benjamin37d92462014-09-20 17:54:24 -0400[diff] [blame]1191
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1192 if (ch == '|') {
1193 rule = CIPHER_ADD;
1194 l++;
1195 continue;
1196 } else if (!(ch >= 'a' && ch <= 'z') && !(ch >= 'A' && ch <= 'Z') &&
1197 !(ch >= '0' && ch <= '9')) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1198 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1199 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1200 break;
1201 } else {
1202 rule = CIPHER_ADD;
1203 }
1204 } else if (ch == '-') {
1205 rule = CIPHER_DEL;
1206 l++;
1207 } else if (ch == '+') {
1208 rule = CIPHER_ORD;
1209 l++;
1210 } else if (ch == '!') {
1211 rule = CIPHER_KILL;
1212 l++;
1213 } else if (ch == '@') {
1214 rule = CIPHER_SPECIAL;
1215 l++;
1216 } else if (ch == '[') {
1217 if (in_group) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1218 OPENSSL_PUT_ERROR(SSL, SSL_R_NESTED_GROUP);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1219 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1220 break;
1221 }
1222 in_group = 1;
1223 has_group = 1;
1224 l++;
1225 continue;
1226 } else {
1227 rule = CIPHER_ADD;
1228 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1229
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1230 /* If preference groups are enabled, the only legal operator is +.
1231 * Otherwise the in_group bits will get mixed up. */
1232 if (has_group && rule != CIPHER_ADD) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1233 OPENSSL_PUT_ERROR(SSL, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1234 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1235 break;
1236 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1237
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1238 if (ITEM_SEP(ch)) {
1239 l++;
1240 continue;
1241 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1242
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1243 multi = 0;
1244 cipher_id = 0;
1245 alg_mkey = ~0u;
1246 alg_auth = ~0u;
1247 alg_enc = ~0u;
1248 alg_mac = ~0u;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1249 min_version = 0;
1250 skip_rule = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1251
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1252 for (;;) {
1253 ch = *l;
1254 buf = l;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1255 buf_len = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1256 while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) ||
1257 ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) {
1258 ch = *(++l);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1259 buf_len++;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1260 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1261
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1262 if (buf_len == 0) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1263 /* We hit something we cannot deal with, it is no command or separator
1264 * nor alphanumeric, so we call this an error. */
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1265 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1266 retval = in_group = 0;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1267 l++;
1268 break;
1269 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1270
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1271 if (rule == CIPHER_SPECIAL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1272 break;
1273 }
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1274
1275 /* Look for a matching exact cipher. These aren't allowed in multipart
1276 * rules. */
1277 if (!multi && ch != '+') {
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1278 for (j = 0; j < kCiphersLen; j++) {
1279 const SSL_CIPHER *cipher = &kCiphers[j];
1280 if (rule_equals(cipher->name, buf, buf_len)) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1281 cipher_id = cipher->id;
1282 break;
1283 }
1284 }
1285 }
1286 if (cipher_id == 0) {
1287 /* If not an exact cipher, look for a matching cipher alias. */
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1288 for (j = 0; j < kCipherAliasesLen; j++) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1289 if (rule_equals(kCipherAliases[j].name, buf, buf_len)) {
1290 alg_mkey &= kCipherAliases[j].algorithm_mkey;
1291 alg_auth &= kCipherAliases[j].algorithm_auth;
1292 alg_enc &= kCipherAliases[j].algorithm_enc;
1293 alg_mac &= kCipherAliases[j].algorithm_mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1294
1295 if (min_version != 0 &&
1296 min_version != kCipherAliases[j].min_version) {
1297 skip_rule = 1;
1298 } else {
1299 min_version = kCipherAliases[j].min_version;
1300 }
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1301 break;
1302 }
1303 }
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1304 if (j == kCipherAliasesLen) {
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1305 skip_rule = 1;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1306 }
1307 }
1308
1309 /* Check for a multipart rule. */
1310 if (ch != '+') {
1311 break;
1312 }
1313 l++;
1314 multi = 1;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1315 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1316
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1317 /* If one of the CHACHA20_POLY1305 variants is selected, include the other
1318 * as well. They have the same name to avoid requiring changes in
1319 * configuration. Apply this transformation late so that the cipher name
1320 * still behaves as an exact name and not an alias in multipart rules.
1321 *
1322 * This is temporary and will be removed when the pre-standard construction
1323 * is removed. */
1324 if (cipher_id == TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD ||
1325 cipher_id == TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) {
1326 cipher_id = 0;
1327 alg_mkey = SSL_kECDHE;
1328 alg_auth = SSL_aRSA;
1329 alg_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD;
1330 alg_mac = SSL_AEAD;
1331 } else if (cipher_id == TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD ||
1332 cipher_id == TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) {
1333 cipher_id = 0;
1334 alg_mkey = SSL_kECDHE;
1335 alg_auth = SSL_aECDSA;
1336 alg_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD;
1337 alg_mac = SSL_AEAD;
1338 }
1339
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1340 /* Ok, we have the rule, now apply it. */
1341 if (rule == CIPHER_SPECIAL) {
1342 /* special command */
1343 ok = 0;
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1344 if (buf_len == 8 && !strncmp(buf, "STRENGTH", 8)) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1345 ok = ssl_cipher_strength_sort(head_p, tail_p);
1346 } else {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1347 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1348 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1349
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1350 if (ok == 0) {
1351 retval = 0;
1352 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1353
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1354 /* We do not support any "multi" options together with "@", so throw away
1355 * the rest of the command, if any left, until end or ':' is found. */
1356 while (*l != '\0' && !ITEM_SEP(*l)) {
1357 l++;
1358 }
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1359 } else if (!skip_rule) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1360 ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, alg_enc, alg_mac,
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1361 min_version, rule, -1, in_group, head_p, tail_p);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1362 }
1363 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1364
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1365 if (in_group) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1366 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1367 retval = 0;
1368 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1369
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1370 return retval;
1371}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1372
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1373STACK_OF(SSL_CIPHER) *
1374ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method,
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1375 struct ssl_cipher_preference_list_st **out_cipher_list,
1376 STACK_OF(SSL_CIPHER) **out_cipher_list_by_id,
1377 const char *rule_str) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1378 int ok;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1379 STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list = NULL;
1380 const char *rule_p;
1381 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1382 uint8_t *in_group_flags = NULL;
1383 unsigned int num_in_group_flags = 0;
1384 struct ssl_cipher_preference_list_st *pref_list = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1385
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1386 /* Return with error if nothing to do. */
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1387 if (rule_str == NULL || out_cipher_list == NULL) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1388 return NULL;
1389 }
David Benjamin5213df42014-08-20 14:19:54 -0400[diff] [blame]1390
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1391 /* Now we have to collect the available ciphers from the compiled in ciphers.
1392 * We cannot get more than the number compiled in, so it is used for
1393 * allocation. */
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]1394 co_list = OPENSSL_malloc(sizeof(CIPHER_ORDER) * kCiphersLen);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1395 if (co_list == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]1396 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1397 return NULL;
1398 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1399
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1400 ssl_cipher_collect_ciphers(ssl_method, co_list, &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1401
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1402 /* Now arrange all ciphers by preference:
1403 * TODO(davidben): Compute this order once and copy it. */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1404
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1405 /* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other
1406 * key exchange mechanisms */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1407 ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, 0, CIPHER_ADD, -1,
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1408 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1409 ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0,
1410 &head, &tail);
1411 ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0,
1412 &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1413
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1414 /* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer
1415 * CHACHA20 unless there is hardware support for fast and constant-time
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1416 * AES_GCM. Of the two CHACHA20 variants, the new one is preferred over the
1417 * old one. */
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1418 if (EVP_has_aes_hardware()) {
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1419 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1420 &head, &tail);
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame]1421 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1422 &head, &tail);
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1423 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, 0, CIPHER_ADD,
1424 -1, 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1425 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1426 CIPHER_ADD, -1, 0, &head, &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1427 } else {
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1428 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, 0, CIPHER_ADD,
1429 -1, 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1430 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_CHACHA20POLY1305_OLD, ~0u, 0,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1431 CIPHER_ADD, -1, 0, &head, &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1432 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1433 &head, &tail);
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame]1434 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256GCM, ~0u, 0, CIPHER_ADD, -1, 0,
1435 &head, &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1436 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1437
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame]1438 /* Then the legacy non-AEAD ciphers: AES_128_CBC, AES_256_CBC,
1439 * 3DES_EDE_CBC_SHA, RC4_128_SHA, RC4_128_MD5. */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1440 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES128, ~0u, 0, CIPHER_ADD, -1, 0,
1441 &head, &tail);
David Benjamin43336652016-03-03 15:32:29 -0500[diff] [blame]1442 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_AES256, ~0u, 0, CIPHER_ADD, -1, 0,
1443 &head, &tail);
1444 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head,
1445 &tail);
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1446 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, ~SSL_MD5, 0, CIPHER_ADD, -1, 0,
1447 &head, &tail);
1448 ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_RC4, SSL_MD5, 0, CIPHER_ADD, -1, 0,
1449 &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1450
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1451 /* Temporarily enable everything else for sorting */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1452 ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head,
1453 &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1454
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1455 /* Move ciphers without forward secrecy to the end. */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1456 ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), ~0u, ~0u, ~0u, 0,
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1457 CIPHER_ORD, -1, 0, &head, &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1458
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1459 /* Now disable everything (maintaining the ordering!) */
David Benjamind6e9eec2015-11-18 09:48:55 -0500[diff] [blame]1460 ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_DEL, -1, 0, &head,
1461 &tail);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1462
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1463 /* If the rule_string begins with DEFAULT, apply the default rule before
1464 * using the (possibly available) additional rules. */
1465 ok = 1;
1466 rule_p = rule_str;
1467 if (strncmp(rule_str, "DEFAULT", 7) == 0) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1468 ok = ssl_cipher_process_rulestr(ssl_method, SSL_DEFAULT_CIPHER_LIST, &head,
1469 &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1470 rule_p += 7;
1471 if (*rule_p == ':') {
1472 rule_p++;
1473 }
1474 }
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1475
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1476 if (ok && strlen(rule_p) > 0) {
David Benjamin0344daf2015-04-08 02:08:01 -0400[diff] [blame]1477 ok = ssl_cipher_process_rulestr(ssl_method, rule_p, &head, &tail);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1478 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1479
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1480 if (!ok) {
1481 goto err;
1482 }
1483
1484 /* Allocate new "cipherstack" for the result, return with error
1485 * if we cannot get one. */
1486 cipherstack = sk_SSL_CIPHER_new_null();
1487 if (cipherstack == NULL) {
1488 goto err;
1489 }
1490
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1491 in_group_flags = OPENSSL_malloc(kCiphersLen);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1492 if (!in_group_flags) {
1493 goto err;
1494 }
1495
1496 /* The cipher selection for the list is done. The ciphers are added
1497 * to the resulting precedence to the STACK_OF(SSL_CIPHER). */
1498 for (curr = head; curr != NULL; curr = curr->next) {
1499 if (curr->active) {
David Benjamin2adb7ec2015-01-11 19:59:06 -0500[diff] [blame]1500 if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
1501 goto err;
1502 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1503 in_group_flags[num_in_group_flags++] = curr->in_group;
1504 }
1505 }
1506 OPENSSL_free(co_list); /* Not needed any longer */
1507 co_list = NULL;
1508
1509 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1510 if (tmp_cipher_list == NULL) {
1511 goto err;
1512 }
1513 pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
1514 if (!pref_list) {
1515 goto err;
1516 }
1517 pref_list->ciphers = cipherstack;
1518 pref_list->in_group_flags = OPENSSL_malloc(num_in_group_flags);
1519 if (!pref_list->in_group_flags) {
1520 goto err;
1521 }
1522 memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags);
1523 OPENSSL_free(in_group_flags);
1524 in_group_flags = NULL;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1525 if (*out_cipher_list != NULL) {
1526 ssl_cipher_preference_list_free(*out_cipher_list);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1527 }
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1528 *out_cipher_list = pref_list;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1529 pref_list = NULL;
1530
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1531 if (out_cipher_list_by_id != NULL) {
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]1532 sk_SSL_CIPHER_free(*out_cipher_list_by_id);
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1533 *out_cipher_list_by_id = tmp_cipher_list;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1534 tmp_cipher_list = NULL;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1535 (void) sk_SSL_CIPHER_set_cmp_func(*out_cipher_list_by_id,
1536 ssl_cipher_ptr_id_cmp);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1537
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1538 sk_SSL_CIPHER_sort(*out_cipher_list_by_id);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1539 } else {
1540 sk_SSL_CIPHER_free(tmp_cipher_list);
1541 tmp_cipher_list = NULL;
1542 }
1543
1544 return cipherstack;
Adam Langley858a88d2014-06-20 12:00:00 -0700[diff] [blame]1545
1546err:
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]1547 OPENSSL_free(co_list);
1548 OPENSSL_free(in_group_flags);
1549 sk_SSL_CIPHER_free(cipherstack);
1550 sk_SSL_CIPHER_free(tmp_cipher_list);
1551 if (pref_list) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1552 OPENSSL_free(pref_list->in_group_flags);
1553 }
David Benjamin2755a3e2015-04-22 16:17:58 -0400[diff] [blame]1554 OPENSSL_free(pref_list);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1555 return NULL;
1556}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1557
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1558uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
1559
David Benjamina1c90a52015-05-30 17:03:14 -0400[diff] [blame]1560uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
1561 uint32_t id = cipher->id;
1562 /* All ciphers are SSLv3. */
1563 assert((id & 0xff000000) == 0x03000000);
1564 return id & 0xffff;
1565}
1566
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1567int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) {
1568 return (cipher->algorithm_enc & SSL_AES) != 0;
1569}
1570
1571int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) {
1572 return (cipher->algorithm_mac & SSL_MD5) != 0;
1573}
1574
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1575int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) {
1576 return (cipher->algorithm_mac & SSL_SHA1) != 0;
1577}
1578
David Benjamina211aee2016-02-24 17:18:44 -0500[diff] [blame]1579int SSL_CIPHER_has_SHA256_HMAC(const SSL_CIPHER *cipher) {
1580 return (cipher->algorithm_mac & SSL_SHA256) != 0;
1581}
1582
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1583int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher) {
David Benjaminc0125ef2015-09-09 09:11:07 -0400[diff] [blame]1584 return (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) != 0;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1585}
1586
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1587int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher) {
1588 return (cipher->algorithm_enc & SSL_AES128GCM) != 0;
1589}
1590
Adam Langleyb00061c2015-11-16 17:44:52 -0800[diff] [blame]1591int SSL_CIPHER_is_AES128CBC(const SSL_CIPHER *cipher) {
1592 return (cipher->algorithm_enc & SSL_AES128) != 0;
1593}
1594
1595int SSL_CIPHER_is_AES256CBC(const SSL_CIPHER *cipher) {
1596 return (cipher->algorithm_enc & SSL_AES256) != 0;
1597}
1598
David Benjamin51a01a52015-10-29 13:19:56 -0400[diff] [blame]1599int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher) {
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1600 return (cipher->algorithm_enc &
1601 (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_OLD)) != 0;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1602}
1603
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1604int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher) {
1605 return (cipher->algorithm_enc & SSL_eNULL) != 0;
1606}
1607
Adam Langleyd7fe75c2015-09-18 15:40:48 -0700[diff] [blame]1608int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher) {
1609 return (cipher->algorithm_enc & SSL_RC4) != 0;
1610}
1611
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1612int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher) {
1613 /* Neither stream cipher nor AEAD. */
1614 return (cipher->algorithm_enc & (SSL_RC4 | SSL_eNULL)) == 0 &&
1615 cipher->algorithm_mac != SSL_AEAD;
1616}
1617
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1618int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher) {
1619 return (cipher->algorithm_auth & SSL_aECDSA) != 0;
1620}
1621
David Benjamin4cc36ad2015-12-19 14:23:26 -0500[diff] [blame]1622int SSL_CIPHER_is_ECDHE(const SSL_CIPHER *cipher) {
1623 return (cipher->algorithm_mkey & SSL_kECDHE) != 0;
1624}
1625
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1626uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher) {
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1627 if (cipher->algorithm_prf != SSL_HANDSHAKE_MAC_DEFAULT) {
1628 /* Cipher suites before TLS 1.2 use the default PRF, while all those added
1629 * afterwards specify a particular hash. */
David Benjaminef793f42015-11-05 18:16:27 -0500[diff] [blame]1630 return TLS1_2_VERSION;
1631 }
1632 return SSL3_VERSION;
1633}
1634
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1635/* return the actual cipher being used */
1636const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher) {
1637 if (cipher != NULL) {
1638 return cipher->name;
1639 }
1640
1641 return "(NONE)";
1642}
1643
1644const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) {
1645 if (cipher == NULL) {
1646 return "";
1647 }
1648
1649 switch (cipher->algorithm_mkey) {
1650 case SSL_kRSA:
1651 return "RSA";
1652
1653 case SSL_kDHE:
1654 switch (cipher->algorithm_auth) {
1655 case SSL_aRSA:
1656 return "DHE_RSA";
1657 default:
1658 assert(0);
1659 return "UNKNOWN";
1660 }
1661
1662 case SSL_kECDHE:
1663 switch (cipher->algorithm_auth) {
1664 case SSL_aECDSA:
1665 return "ECDHE_ECDSA";
1666 case SSL_aRSA:
1667 return "ECDHE_RSA";
1668 case SSL_aPSK:
1669 return "ECDHE_PSK";
1670 default:
1671 assert(0);
1672 return "UNKNOWN";
1673 }
1674
1675 case SSL_kPSK:
1676 assert(cipher->algorithm_auth == SSL_aPSK);
1677 return "PSK";
1678
1679 default:
1680 assert(0);
1681 return "UNKNOWN";
1682 }
1683}
1684
1685static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) {
1686 switch (cipher->algorithm_enc) {
1687 case SSL_3DES:
1688 return "3DES_EDE_CBC";
1689 case SSL_RC4:
1690 return "RC4";
1691 case SSL_AES128:
1692 return "AES_128_CBC";
1693 case SSL_AES256:
1694 return "AES_256_CBC";
1695 case SSL_AES128GCM:
1696 return "AES_128_GCM";
1697 case SSL_AES256GCM:
1698 return "AES_256_GCM";
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1699 case SSL_CHACHA20POLY1305:
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]1700 case SSL_CHACHA20POLY1305_OLD:
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1701 return "CHACHA20_POLY1305";
1702 break;
1703 default:
1704 assert(0);
1705 return "UNKNOWN";
1706 }
1707}
1708
1709static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) {
David Benjaminb0883312015-08-06 09:54:13 -0400[diff] [blame]1710 switch (cipher->algorithm_prf) {
1711 case SSL_HANDSHAKE_MAC_DEFAULT:
1712 /* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is
1713 * only ever MD5 or SHA-1. */
1714 switch (cipher->algorithm_mac) {
1715 case SSL_MD5:
1716 return "MD5";
1717 case SSL_SHA1:
1718 return "SHA";
1719 }
1720 break;
1721 case SSL_HANDSHAKE_MAC_SHA256:
1722 return "SHA256";
1723 case SSL_HANDSHAKE_MAC_SHA384:
1724 return "SHA384";
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1725 }
David Benjaminb0883312015-08-06 09:54:13 -0400[diff] [blame]1726 assert(0);
1727 return "UNKNOWN";
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1728}
1729
1730char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher) {
1731 if (cipher == NULL) {
1732 return NULL;
1733 }
1734
1735 const char *kx_name = SSL_CIPHER_get_kx_name(cipher);
1736 const char *enc_name = ssl_cipher_get_enc_name(cipher);
1737 const char *prf_name = ssl_cipher_get_prf_name(cipher);
1738
1739 /* The final name is TLS_{kx_name}_WITH_{enc_name}_{prf_name}. */
1740 size_t len = 4 + strlen(kx_name) + 6 + strlen(enc_name) + 1 +
1741 strlen(prf_name) + 1;
1742 char *ret = OPENSSL_malloc(len);
1743 if (ret == NULL) {
1744 return NULL;
1745 }
1746 if (BUF_strlcpy(ret, "TLS_", len) >= len ||
1747 BUF_strlcat(ret, kx_name, len) >= len ||
1748 BUF_strlcat(ret, "_WITH_", len) >= len ||
1749 BUF_strlcat(ret, enc_name, len) >= len ||
1750 BUF_strlcat(ret, "_", len) >= len ||
1751 BUF_strlcat(ret, prf_name, len) >= len) {
1752 assert(0);
1753 OPENSSL_free(ret);
1754 return NULL;
1755 }
1756 assert(strlen(ret) + 1 == len);
1757 return ret;
1758}
1759
1760int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) {
1761 if (cipher == NULL) {
1762 return 0;
1763 }
1764
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1765 int alg_bits, strength_bits;
1766 switch (cipher->algorithm_enc) {
1767 case SSL_AES128:
1768 case SSL_AES128GCM:
1769 case SSL_RC4:
1770 alg_bits = 128;
1771 strength_bits = 128;
1772 break;
1773
1774 case SSL_AES256:
1775 case SSL_AES256GCM:
1776#if !defined(BORINGSSL_ANDROID_SYSTEM)
1777 case SSL_CHACHA20POLY1305_OLD:
1778#endif
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1779 case SSL_CHACHA20POLY1305:
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1780 alg_bits = 256;
1781 strength_bits = 256;
1782 break;
1783
1784 case SSL_3DES:
1785 alg_bits = 168;
1786 strength_bits = 112;
1787 break;
1788
1789 case SSL_eNULL:
1790 alg_bits = 0;
1791 strength_bits = 0;
1792 break;
1793
1794 default:
1795 assert(0);
1796 alg_bits = 0;
1797 strength_bits = 0;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1798 }
David Benjamin9f2e2772015-11-18 09:59:43 -0500[diff] [blame]1799
1800 if (out_alg_bits != NULL) {
1801 *out_alg_bits = alg_bits;
1802 }
1803 return strength_bits;
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1804}
1805
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1806const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
1807 int len) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1808 const char *kx, *au, *enc, *mac;
David Benjamindcb6ef02015-11-06 15:35:54 -0500[diff] [blame]1809 uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1810
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1811 alg_mkey = cipher->algorithm_mkey;
1812 alg_auth = cipher->algorithm_auth;
1813 alg_enc = cipher->algorithm_enc;
1814 alg_mac = cipher->algorithm_mac;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1815
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1816 switch (alg_mkey) {
1817 case SSL_kRSA:
1818 kx = "RSA";
1819 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1820
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1821 case SSL_kDHE:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1822 kx = "DH";
1823 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1824
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1825 case SSL_kECDHE:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1826 kx = "ECDH";
1827 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1828
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1829 case SSL_kPSK:
1830 kx = "PSK";
1831 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1832
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1833 default:
1834 kx = "unknown";
1835 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1836
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1837 switch (alg_auth) {
1838 case SSL_aRSA:
1839 au = "RSA";
1840 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1841
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1842 case SSL_aECDSA:
1843 au = "ECDSA";
1844 break;
Adam Langley4d4bff82014-06-20 12:00:00 -0700[diff] [blame]1845
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1846 case SSL_aPSK:
1847 au = "PSK";
1848 break;
Adam Langley4d4bff82014-06-20 12:00:00 -0700[diff] [blame]1849
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1850 default:
1851 au = "unknown";
1852 break;
1853 }
Adam Langleyde0b2022014-06-20 12:00:00 -0700[diff] [blame]1854
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1855 switch (alg_enc) {
1856 case SSL_3DES:
1857 enc = "3DES(168)";
1858 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1859
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1860 case SSL_RC4:
1861 enc = "RC4(128)";
1862 break;
1863
1864 case SSL_AES128:
1865 enc = "AES(128)";
1866 break;
1867
1868 case SSL_AES256:
1869 enc = "AES(256)";
1870 break;
1871
1872 case SSL_AES128GCM:
1873 enc = "AESGCM(128)";
1874 break;
1875
1876 case SSL_AES256GCM:
1877 enc = "AESGCM(256)";
1878 break;
1879
Brian Smith271777f2015-10-03 13:53:33 -1000[diff] [blame]1880 case SSL_CHACHA20POLY1305_OLD:
David Benjamin13414b32015-12-09 23:02:39 -0500[diff] [blame]1881 enc = "ChaCha20-Poly1305-Old";
1882 break;
1883
1884 case SSL_CHACHA20POLY1305:
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1885 enc = "ChaCha20-Poly1305";
1886 break;
1887
Matt Braithwaiteaf096752015-09-02 19:48:16 -0700[diff] [blame]1888 case SSL_eNULL:
1889 enc="None";
1890 break;
1891
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1892 default:
1893 enc = "unknown";
1894 break;
1895 }
1896
1897 switch (alg_mac) {
1898 case SSL_MD5:
1899 mac = "MD5";
1900 break;
1901
1902 case SSL_SHA1:
1903 mac = "SHA1";
1904 break;
1905
1906 case SSL_SHA256:
1907 mac = "SHA256";
1908 break;
1909
1910 case SSL_SHA384:
1911 mac = "SHA384";
1912 break;
1913
1914 case SSL_AEAD:
1915 mac = "AEAD";
1916 break;
1917
1918 default:
1919 mac = "unknown";
1920 break;
1921 }
1922
1923 if (buf == NULL) {
1924 len = 128;
1925 buf = OPENSSL_malloc(len);
David Benjamin1eed2c02015-02-08 23:20:06 -0500[diff] [blame]1926 if (buf == NULL) {
1927 return NULL;
1928 }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1929 } else if (len < 128) {
1930 return "Buffer too small";
1931 }
1932
Brian Smith0687bdf2016-01-17 09:18:26 -1000[diff] [blame]1933 BIO_snprintf(buf, len, "%-23s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
1934 cipher->name, kx, au, enc, mac);
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1935 return buf;
1936}
1937
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1938const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher) {
1939 return "TLSv1/SSLv3";
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1940}
1941
Matt Braithwaite6a1275b2015-06-26 12:09:10 -0700[diff] [blame]1942COMP_METHOD *SSL_COMP_get_compression_methods(void) { return NULL; }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1943
Matt Braithwaite6a1275b2015-06-26 12:09:10 -0700[diff] [blame]1944int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { return 1; }
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1945
Matt Braithwaite6a1275b2015-06-26 12:09:10 -0700[diff] [blame]1946const char *SSL_COMP_get_name(const COMP_METHOD *comp) { return NULL; }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1947
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1948int ssl_cipher_get_key_type(const SSL_CIPHER *cipher) {
David Benjamin71f07942015-04-08 02:36:59 -0400[diff] [blame]1949 uint32_t alg_a = cipher->algorithm_auth;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1950
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1951 if (alg_a & SSL_aECDSA) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1952 return EVP_PKEY_EC;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1953 } else if (alg_a & SSL_aRSA) {
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1954 return EVP_PKEY_RSA;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1955 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1956
David Benjamind1d80782015-07-05 11:54:09 -0400[diff] [blame]1957 return EVP_PKEY_NONE;
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1958}
David Benjamin9c651c92014-07-12 13:27:45 -0400[diff] [blame]1959
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1960int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher) {
David Benjamindf0905a2015-09-19 09:58:31 -0400[diff] [blame]1961 /* PSK-authenticated ciphers do not use a certificate. (RSA_PSK is not
1962 * supported.) */
1963 if (cipher->algorithm_auth & SSL_aPSK) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1964 return 0;
1965 }
1966
1967 /* All other ciphers include it. */
1968 return 1;
1969}
1970
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1971int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher) {
1972 /* Ephemeral Diffie-Hellman key exchanges require a ServerKeyExchange. */
David Benjamin7061e282015-03-19 11:10:48 -0400[diff] [blame]1973 if (cipher->algorithm_mkey & SSL_kDHE || cipher->algorithm_mkey & SSL_kECDHE) {
Adam Langleyfcf25832014-12-18 17:42:32 -0800[diff] [blame]1974 return 1;
1975 }
1976
1977 /* It is optional in all others. */
1978 return 0;
1979}
David Benjaminb8d28cf2015-07-28 21:34:45 -0400[diff] [blame]1980
1981size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) {
1982 size_t block_size;
1983 switch (cipher->algorithm_enc) {
1984 case SSL_3DES:
1985 block_size = 8;
1986 break;
1987 case SSL_AES128:
1988 case SSL_AES256:
1989 block_size = 16;
1990 break;
1991 default:
1992 return 0;
1993 }
1994
1995 size_t mac_len;
1996 switch (cipher->algorithm_mac) {
1997 case SSL_MD5:
1998 mac_len = MD5_DIGEST_LENGTH;
1999 break;
2000 case SSL_SHA1:
2001 mac_len = SHA_DIGEST_LENGTH;
2002 break;
2003 default:
2004 return 0;
2005 }
2006
2007 size_t ret = 1 + mac_len;
2008 ret += block_size - (ret % block_size);
2009 return ret;
2010}