Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / fd772a5aebeeaafb591903d509b187d7d41c5d69 / . / ssl / ssl_ciph.c
blob: aac6883e0af45a44679a2988f96f01c820469e90 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110/* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114 */
115/* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
117 *
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
120 * license.
121 *
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
125 *
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
129 *
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
134 *
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139 * OTHERWISE. */
140
141#include <stdio.h>
142#include <assert.h>
143
144#include <openssl/comp.h>
145#include <openssl/engine.h>
146#include <openssl/mem.h>
147#include <openssl/obj.h>
148
149#include "ssl_locl.h"
150
151#define SSL_ENC_DES_IDX 0
152#define SSL_ENC_3DES_IDX 1
153#define SSL_ENC_RC4_IDX 2
154#define SSL_ENC_RC2_IDX 3
155#define SSL_ENC_IDEA_IDX 4
156#define SSL_ENC_NULL_IDX 5
157#define SSL_ENC_AES128_IDX 6
158#define SSL_ENC_AES256_IDX 7
159#define SSL_ENC_CAMELLIA128_IDX 8
160#define SSL_ENC_CAMELLIA256_IDX 9
161#define SSL_ENC_GOST89_IDX 10
162#define SSL_ENC_SEED_IDX 11
163#define SSL_ENC_AES128GCM_IDX 12
164#define SSL_ENC_AES256GCM_IDX 13
165#define SSL_ENC_NUM_IDX 14
166
167
168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
169 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
170 };
171
172#define SSL_COMP_NULL_IDX 0
173#define SSL_COMP_ZLIB_IDX 1
174#define SSL_COMP_NUM_IDX 2
175
176static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
177
178#define SSL_MD_MD5_IDX 0
179#define SSL_MD_SHA1_IDX 1
180#define SSL_MD_GOST94_IDX 2
181#define SSL_MD_GOST89MAC_IDX 3
182#define SSL_MD_SHA256_IDX 4
183#define SSL_MD_SHA384_IDX 5
184/*Constant SSL_MAX_DIGEST equal to size of digests array should be
185 * defined in the
186 * ssl_locl.h */
187#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
188static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
189 NULL,NULL,NULL,NULL,NULL,NULL
190 };
191/* PKEY_TYPE for GOST89MAC is known in advance, but, because
192 * implementation is engine-provided, we'll fill it only if
193 * corresponding EVP_PKEY_METHOD is found
194 */
195static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
196 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
197 EVP_PKEY_HMAC,EVP_PKEY_HMAC
198 };
199
200static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
201 0,0,0,0,0,0
202 };
203
204static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
205 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
206 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
207 SSL_HANDSHAKE_MAC_SHA384
208 };
209
210#define CIPHER_ADD 1
211#define CIPHER_KILL 2
212#define CIPHER_DEL 3
213#define CIPHER_ORD 4
214#define CIPHER_SPECIAL 5
215
216typedef struct cipher_order_st
217 {
218 const SSL_CIPHER *cipher;
219 int active;
220 int dead;
221 struct cipher_order_st *next,*prev;
222 } CIPHER_ORDER;
223
224static const SSL_CIPHER cipher_aliases[]={
225 /* "ALL" doesn't include eNULL (must be specifically enabled) */
226 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
227 /* "COMPLEMENTOFALL" */
228 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
229
230 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
231 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
232
233 /* key exchange aliases
234 * (some of those using only a single bit here combine
235 * multiple key exchange algs according to the RFCs,
236 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
237 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
238
239 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0},
240 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0},
241 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
242 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
243 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
244
245 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
246
247 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
248 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
249 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
250 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
251 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
252
253 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
254 {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
255 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
256
257 /* server authentication aliases */
258 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
259 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
260 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
261 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
262 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
263 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
264 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
265 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
266 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
267 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
268 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
269 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
270 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
271
272 /* aliases combining key exchange and server authentication */
273 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
274 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
275 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
276 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
277 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
278 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
279 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
280 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
281 {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
282
283
284 /* symmetric encryption aliases */
285 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
286 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
287 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
288 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
289 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
290 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
291 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
292 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
293 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
294 {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
295 {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
296 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
297 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
298 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
299
300 /* MAC aliases */
301 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
302 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
303 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
304 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
305 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
306 {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
307 {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
308
309 /* protocol version aliases */
310 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
311 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
312 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
313 {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
314
315 /* export flag */
316 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
317 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
318
319 /* strength classes */
320 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
321 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
322 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
323 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
324 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
325 /* FIPS 140-2 approved ciphersuite */
326 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
327 };
328
329void ssl_load_ciphers(void)
330 {
331 ssl_cipher_methods[SSL_ENC_DES_IDX]= EVP_des_cbc();
332 ssl_cipher_methods[SSL_ENC_3DES_IDX]= EVP_des_ede3_cbc();
333 ssl_cipher_methods[SSL_ENC_RC4_IDX]= EVP_rc4();
334 ssl_cipher_methods[SSL_ENC_AES128_IDX]= EVP_aes_128_cbc();
335 ssl_cipher_methods[SSL_ENC_AES256_IDX]= EVP_aes_256_cbc();
336
337 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= EVP_aes_128_gcm();
338 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= EVP_aes_256_gcm();
339
340 ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_md5();
341 ssl_mac_secret_size[SSL_MD_MD5_IDX]= EVP_MD_size(EVP_md5());
342 assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
343 ssl_digest_methods[SSL_MD_SHA1_IDX]=EVP_sha1();
344 ssl_mac_secret_size[SSL_MD_SHA1_IDX]= EVP_MD_size(EVP_sha1());
345 assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
346
347 ssl_digest_methods[SSL_MD_SHA256_IDX]= EVP_sha256();
348 ssl_mac_secret_size[SSL_MD_SHA256_IDX]= EVP_MD_size(EVP_sha256());
349 ssl_digest_methods[SSL_MD_SHA384_IDX]= EVP_sha384();
350 ssl_mac_secret_size[SSL_MD_SHA384_IDX]= EVP_MD_size(EVP_sha384());
351 }
352
353int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
354 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
355 {
356 size_t compression_index;
357 int i;
358 const SSL_CIPHER *c;
359
360 c=s->cipher;
361 if (c == NULL) return(0);
362 if (comp != NULL)
363 {
364 SSL_COMP ctmp;
365
366 *comp=NULL;
367 ctmp.id=s->compress_meth;
368 if (ssl_comp_methods != NULL)
369 {
370 if (sk_SSL_COMP_find(ssl_comp_methods, &compression_index, &ctmp))
371 *comp=sk_SSL_COMP_value(ssl_comp_methods, compression_index);
372 else
373 *comp=NULL;
374 }
375 }
376
377 if ((enc == NULL) || (md == NULL)) return(0);
378
379 switch (c->algorithm_enc)
380 {
381 case SSL_DES:
382 i=SSL_ENC_DES_IDX;
383 break;
384 case SSL_3DES:
385 i=SSL_ENC_3DES_IDX;
386 break;
387 case SSL_RC4:
388 i=SSL_ENC_RC4_IDX;
389 break;
390 case SSL_RC2:
391 i=SSL_ENC_RC2_IDX;
392 break;
393 case SSL_IDEA:
394 i=SSL_ENC_IDEA_IDX;
395 break;
396 case SSL_eNULL:
397 i=SSL_ENC_NULL_IDX;
398 break;
399 case SSL_AES128:
400 i=SSL_ENC_AES128_IDX;
401 break;
402 case SSL_AES256:
403 i=SSL_ENC_AES256_IDX;
404 break;
405 case SSL_CAMELLIA128:
406 i=SSL_ENC_CAMELLIA128_IDX;
407 break;
408 case SSL_CAMELLIA256:
409 i=SSL_ENC_CAMELLIA256_IDX;
410 break;
411 case SSL_eGOST2814789CNT:
412 i=SSL_ENC_GOST89_IDX;
413 break;
414 case SSL_SEED:
415 i=SSL_ENC_SEED_IDX;
416 break;
417 case SSL_AES128GCM:
418 i=SSL_ENC_AES128GCM_IDX;
419 break;
420 case SSL_AES256GCM:
421 i=SSL_ENC_AES256GCM_IDX;
422 break;
423 default:
424 i= -1;
425 break;
426 }
427
428 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
429 *enc=NULL;
430 else
431 {
432 if (i == SSL_ENC_NULL_IDX)
433 *enc = EVP_enc_null();
434
435 *enc=ssl_cipher_methods[i];
436 }
437
438 switch (c->algorithm_mac)
439 {
440 case SSL_MD5:
441 i=SSL_MD_MD5_IDX;
442 break;
443 case SSL_SHA1:
444 i=SSL_MD_SHA1_IDX;
445 break;
446 case SSL_SHA256:
447 i=SSL_MD_SHA256_IDX;
448 break;
449 case SSL_SHA384:
450 i=SSL_MD_SHA384_IDX;
451 break;
452 case SSL_GOST94:
453 i = SSL_MD_GOST94_IDX;
454 break;
455 case SSL_GOST89MAC:
456 i = SSL_MD_GOST89MAC_IDX;
457 break;
458 default:
459 i= -1;
460 break;
461 }
462 if ((i < 0) || (i > SSL_MD_NUM_IDX))
463 {
464 *md=NULL;
465 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
466 if (mac_secret_size!=NULL) *mac_secret_size = 0;
467 if (c->algorithm_mac == SSL_AEAD)
468 mac_pkey_type = NULL;
469 }
470 else
471 {
472 *md=ssl_digest_methods[i];
473 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
474 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
475 }
476
477 if ((*enc != NULL) &&
478 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
479 (!mac_pkey_type||*mac_pkey_type != NID_undef))
480 {
481 if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
482 s->ssl_version < TLS1_VERSION)
483 return 1;
484
485#ifdef OPENSSL_FIPS
486 if (FIPS_mode())
487 return 1;
488#endif
489
490 /* TODO(fork): enable the stitched cipher modes. */
491#if 0
492 if (c->algorithm_enc == SSL_RC4 &&
493 c->algorithm_mac == SSL_MD5 &&
494 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
495 *enc = evp, *md = NULL;
496 else if (c->algorithm_enc == SSL_AES128 &&
497 c->algorithm_mac == SSL_SHA1 &&
498 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
499 *enc = evp, *md = NULL;
500 else if (c->algorithm_enc == SSL_AES256 &&
501 c->algorithm_mac == SSL_SHA1 &&
502 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
503 *enc = evp, *md = NULL;
504#endif
505 return(1);
506 }
507 else
508 return(0);
509 }
510
511int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
512{
513 if (idx <0||idx>=SSL_MD_NUM_IDX)
514 {
515 return 0;
516 }
517 *mask = ssl_handshake_digest_flag[idx];
518 if (*mask)
519 *md = ssl_digest_methods[idx];
520 else
521 *md = NULL;
522 return 1;
523}
524
525#define ITEM_SEP(a) \
526 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
527
528static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
529 CIPHER_ORDER **tail)
530 {
531 if (curr == *tail) return;
532 if (curr == *head)
533 *head=curr->next;
534 if (curr->prev != NULL)
535 curr->prev->next=curr->next;
536 if (curr->next != NULL)
537 curr->next->prev=curr->prev;
538 (*tail)->next=curr;
539 curr->prev= *tail;
540 curr->next=NULL;
541 *tail=curr;
542 }
543
544static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
545 CIPHER_ORDER **tail)
546 {
547 if (curr == *head) return;
548 if (curr == *tail)
549 *tail=curr->prev;
550 if (curr->next != NULL)
551 curr->next->prev=curr->prev;
552 if (curr->prev != NULL)
553 curr->prev->next=curr->next;
554 (*head)->prev=curr;
555 curr->next= *head;
556 curr->prev=NULL;
557 *head=curr;
558 }
559
560static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
561 {
562 *mkey = 0;
563 *auth = 0;
564 *enc = 0;
565 *mac = 0;
566 *ssl = 0;
567
568#ifdef OPENSSL_NO_RSA
569 *mkey |= SSL_kRSA;
570 *auth |= SSL_aRSA;
571#endif
572#ifdef OPENSSL_NO_DSA
573 *auth |= SSL_aDSS;
574#endif
575#ifdef OPENSSL_NO_DH
576 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
577 *auth |= SSL_aDH;
578#endif
579#ifdef OPENSSL_NO_ECDSA
580 *auth |= SSL_aECDSA;
581#endif
582#ifdef OPENSSL_NO_ECDH
583 *mkey |= SSL_kECDHe|SSL_kECDHr;
584 *auth |= SSL_aECDH;
585#endif
586#ifdef OPENSSL_NO_PSK
587 *mkey |= SSL_kPSK;
588 *auth |= SSL_aPSK;
589#endif
590#ifdef SSL_FORBID_ENULL
591 *enc |= SSL_eNULL;
592#endif
593
594
595
596 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
597 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
598 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
599 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
600 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
601 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
602 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
603 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
604 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
605 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
606 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
607 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
608 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
609
610 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
611 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
612 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
613 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
614 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
615 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
616
617 }
618
619static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
620 int num_of_ciphers,
621 unsigned long disabled_mkey, unsigned long disabled_auth,
622 unsigned long disabled_enc, unsigned long disabled_mac,
623 unsigned long disabled_ssl,
624 CIPHER_ORDER *co_list,
625 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
626 {
627 int i, co_list_num;
628 const SSL_CIPHER *c;
629
630 /*
631 * We have num_of_ciphers descriptions compiled in, depending on the
632 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
633 * These will later be sorted in a linked list with at most num
634 * entries.
635 */
636
637 /* Get the initial list of ciphers */
638 co_list_num = 0; /* actual count of ciphers */
639 for (i = 0; i < num_of_ciphers; i++)
640 {
641 c = ssl_method->get_cipher(i);
642 /* drop those that use any of that is not available */
643 if ((c != NULL) && c->valid &&
644#ifdef OPENSSL_FIPS
645 (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
646#endif
647 !(c->algorithm_mkey & disabled_mkey) &&
648 !(c->algorithm_auth & disabled_auth) &&
649 !(c->algorithm_enc & disabled_enc) &&
650 !(c->algorithm_mac & disabled_mac) &&
651 !(c->algorithm_ssl & disabled_ssl))
652 {
653 co_list[co_list_num].cipher = c;
654 co_list[co_list_num].next = NULL;
655 co_list[co_list_num].prev = NULL;
656 co_list[co_list_num].active = 0;
657 co_list_num++;
658#ifdef KSSL_DEBUG
659 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
660#endif /* KSSL_DEBUG */
661 /*
662 if (!sk_push(ca_list,(char *)c)) goto err;
663 */
664 }
665 }
666
667 /*
668 * Prepare linked list from list entries
669 */
670 if (co_list_num > 0)
671 {
672 co_list[0].prev = NULL;
673
674 if (co_list_num > 1)
675 {
676 co_list[0].next = &co_list[1];
677
678 for (i = 1; i < co_list_num - 1; i++)
679 {
680 co_list[i].prev = &co_list[i - 1];
681 co_list[i].next = &co_list[i + 1];
682 }
683
684 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
685 }
686
687 co_list[co_list_num - 1].next = NULL;
688
689 *head_p = &co_list[0];
690 *tail_p = &co_list[co_list_num - 1];
691 }
692 }
693
694static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
695 int num_of_group_aliases,
696 unsigned long disabled_mkey, unsigned long disabled_auth,
697 unsigned long disabled_enc, unsigned long disabled_mac,
698 unsigned long disabled_ssl,
699 CIPHER_ORDER *head)
700 {
701 CIPHER_ORDER *ciph_curr;
702 const SSL_CIPHER **ca_curr;
703 int i;
704 unsigned long mask_mkey = ~disabled_mkey;
705 unsigned long mask_auth = ~disabled_auth;
706 unsigned long mask_enc = ~disabled_enc;
707 unsigned long mask_mac = ~disabled_mac;
708 unsigned long mask_ssl = ~disabled_ssl;
709
710 /*
711 * First, add the real ciphers as already collected
712 */
713 ciph_curr = head;
714 ca_curr = ca_list;
715 while (ciph_curr != NULL)
716 {
717 *ca_curr = ciph_curr->cipher;
718 ca_curr++;
719 ciph_curr = ciph_curr->next;
720 }
721
722 /*
723 * Now we add the available ones from the cipher_aliases[] table.
724 * They represent either one or more algorithms, some of which
725 * in any affected category must be supported (set in enabled_mask),
726 * or represent a cipher strength value (will be added in any case because algorithms=0).
727 */
728 for (i = 0; i < num_of_group_aliases; i++)
729 {
730 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
731 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
732 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
733 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
734 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
735
736 if (algorithm_mkey)
737 if ((algorithm_mkey & mask_mkey) == 0)
738 continue;
739
740 if (algorithm_auth)
741 if ((algorithm_auth & mask_auth) == 0)
742 continue;
743
744 if (algorithm_enc)
745 if ((algorithm_enc & mask_enc) == 0)
746 continue;
747
748 if (algorithm_mac)
749 if ((algorithm_mac & mask_mac) == 0)
750 continue;
751
752 if (algorithm_ssl)
753 if ((algorithm_ssl & mask_ssl) == 0)
754 continue;
755
756 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
757 ca_curr++;
758 }
759
760 *ca_curr = NULL; /* end of list */
761 }
762
763static void ssl_cipher_apply_rule(unsigned long cipher_id,
764 unsigned long alg_mkey, unsigned long alg_auth,
765 unsigned long alg_enc, unsigned long alg_mac,
766 unsigned long alg_ssl,
767 unsigned long algo_strength,
768 int rule, int strength_bits,
769 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
770 {
771 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
772 const SSL_CIPHER *cp;
773 int reverse = 0;
774
775#ifdef CIPHER_DEBUG
776 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
777 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
778#endif
779
780 if (rule == CIPHER_DEL)
781 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
782
783 head = *head_p;
784 tail = *tail_p;
785
786 if (reverse)
787 {
788 curr = tail;
789 last = head;
790 }
791 else
792 {
793 curr = head;
794 last = tail;
795 }
796
797 curr2 = curr;
798 for (;;)
799 {
800 if ((curr == NULL) || (curr == last)) break;
801 curr = curr2;
802 curr2 = reverse ? curr->prev : curr->next;
803
804 cp = curr->cipher;
805
806 /*
807 * Selection criteria is either the value of strength_bits
808 * or the algorithms used.
809 */
810 if (strength_bits >= 0)
811 {
812 if (strength_bits != cp->strength_bits)
813 continue;
814 }
815 else
816 {
817#ifdef CIPHER_DEBUG
818 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
819#endif
820#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
821 if (cipher_id && cipher_id != cp->id)
822 continue;
823#endif
824 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
825 continue;
826 if (alg_auth && !(alg_auth & cp->algorithm_auth))
827 continue;
828 if (alg_enc && !(alg_enc & cp->algorithm_enc))
829 continue;
830 if (alg_mac && !(alg_mac & cp->algorithm_mac))
831 continue;
832 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
833 continue;
834 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
835 continue;
836 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
837 continue;
838 }
839
840#ifdef CIPHER_DEBUG
841 printf("Action = %d\n", rule);
842#endif
843
844 /* add the cipher if it has not been added yet. */
845 if (rule == CIPHER_ADD)
846 {
847 /* reverse == 0 */
848 if (!curr->active)
849 {
850 ll_append_tail(&head, curr, &tail);
851 curr->active = 1;
852 }
853 }
854 /* Move the added cipher to this location */
855 else if (rule == CIPHER_ORD)
856 {
857 /* reverse == 0 */
858 if (curr->active)
859 {
860 ll_append_tail(&head, curr, &tail);
861 }
862 }
863 else if (rule == CIPHER_DEL)
864 {
865 /* reverse == 1 */
866 if (curr->active)
867 {
868 /* most recently deleted ciphersuites get best positions
869 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
870 * works in reverse to maintain the order) */
871 ll_append_head(&head, curr, &tail);
872 curr->active = 0;
873 }
874 }
875 else if (rule == CIPHER_KILL)
876 {
877 /* reverse == 0 */
878 if (head == curr)
879 head = curr->next;
880 else
881 curr->prev->next = curr->next;
882 if (tail == curr)
883 tail = curr->prev;
884 curr->active = 0;
885 if (curr->next != NULL)
886 curr->next->prev = curr->prev;
887 if (curr->prev != NULL)
888 curr->prev->next = curr->next;
889 curr->next = NULL;
890 curr->prev = NULL;
891 }
892 }
893
894 *head_p = head;
895 *tail_p = tail;
896 }
897
898static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
899 CIPHER_ORDER **tail_p)
900 {
901 int max_strength_bits, i, *number_uses;
902 CIPHER_ORDER *curr;
903
904 /*
905 * This routine sorts the ciphers with descending strength. The sorting
906 * must keep the pre-sorted sequence, so we apply the normal sorting
907 * routine as '+' movement to the end of the list.
908 */
909 max_strength_bits = 0;
910 curr = *head_p;
911 while (curr != NULL)
912 {
913 if (curr->active &&
914 (curr->cipher->strength_bits > max_strength_bits))
915 max_strength_bits = curr->cipher->strength_bits;
916 curr = curr->next;
917 }
918
919 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
920 if (!number_uses)
921 {
922 OPENSSL_PUT_ERROR(SSL, ssl_cipher_strength_sort, ERR_R_MALLOC_FAILURE);
923 return(0);
924 }
925 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
926
927 /*
928 * Now find the strength_bits values actually used
929 */
930 curr = *head_p;
931 while (curr != NULL)
932 {
933 if (curr->active)
934 number_uses[curr->cipher->strength_bits]++;
935 curr = curr->next;
936 }
937 /*
938 * Go through the list of used strength_bits values in descending
939 * order.
940 */
941 for (i = max_strength_bits; i >= 0; i--)
942 if (number_uses[i] > 0)
943 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
944
945 OPENSSL_free(number_uses);
946 return(1);
947 }
948
949static int ssl_cipher_process_rulestr(const char *rule_str,
950 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
951 const SSL_CIPHER **ca_list)
952 {
953 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
954 const char *l, *buf;
955 int j, multi, found, rule, retval, ok, buflen;
956 unsigned long cipher_id = 0;
957 char ch;
958
959 retval = 1;
960 l = rule_str;
961 for (;;)
962 {
963 ch = *l;
964
965 if (ch == '\0')
966 break; /* done */
967 if (ch == '-')
968 { rule = CIPHER_DEL; l++; }
969 else if (ch == '+')
970 { rule = CIPHER_ORD; l++; }
971 else if (ch == '!')
972 { rule = CIPHER_KILL; l++; }
973 else if (ch == '@')
974 { rule = CIPHER_SPECIAL; l++; }
975 else
976 { rule = CIPHER_ADD; }
977
978 if (ITEM_SEP(ch))
979 {
980 l++;
981 continue;
982 }
983
984 alg_mkey = 0;
985 alg_auth = 0;
986 alg_enc = 0;
987 alg_mac = 0;
988 alg_ssl = 0;
989 algo_strength = 0;
990
991 for (;;)
992 {
993 ch = *l;
994 buf = l;
995 buflen = 0;
996#ifndef CHARSET_EBCDIC
997 while ( ((ch >= 'A') && (ch <= 'Z')) ||
998 ((ch >= '0') && (ch <= '9')) ||
999 ((ch >= 'a') && (ch <= 'z')) ||
1000 (ch == '-') || (ch == '.'))
1001#else
1002 while ( isalnum(ch) || (ch == '-') || (ch == '.'))
1003#endif
1004 {
1005 ch = *(++l);
1006 buflen++;
1007 }
1008
1009 if (buflen == 0)
1010 {
1011 /*
1012 * We hit something we cannot deal with,
1013 * it is no command or separator nor
1014 * alphanumeric, so we call this an error.
1015 */
1016 OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_INVALID_COMMAND);
1017 retval = found = 0;
1018 l++;
1019 break;
1020 }
1021
1022 if (rule == CIPHER_SPECIAL)
1023 {
1024 found = 0; /* unused -- avoid compiler warning */
1025 break; /* special treatment */
1026 }
1027
1028 /* check for multi-part specification */
1029 if (ch == '+')
1030 {
1031 multi=1;
1032 l++;
1033 }
1034 else
1035 multi=0;
1036
1037 /*
1038 * Now search for the cipher alias in the ca_list. Be careful
1039 * with the strncmp, because the "buflen" limitation
1040 * will make the rule "ADH:SOME" and the cipher
1041 * "ADH-MY-CIPHER" look like a match for buflen=3.
1042 * So additionally check whether the cipher name found
1043 * has the correct length. We can save a strlen() call:
1044 * just checking for the '\0' at the right place is
1045 * sufficient, we have to strncmp() anyway. (We cannot
1046 * use strcmp(), because buf is not '\0' terminated.)
1047 */
1048 j = found = 0;
1049 cipher_id = 0;
1050 while (ca_list[j])
1051 {
1052 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1053 (ca_list[j]->name[buflen] == '\0'))
1054 {
1055 found = 1;
1056 break;
1057 }
1058 else
1059 j++;
1060 }
1061
1062 if (!found)
1063 break; /* ignore this entry */
1064
1065 if (ca_list[j]->algorithm_mkey)
1066 {
1067 if (alg_mkey)
1068 {
1069 alg_mkey &= ca_list[j]->algorithm_mkey;
1070 if (!alg_mkey) { found = 0; break; }
1071 }
1072 else
1073 alg_mkey = ca_list[j]->algorithm_mkey;
1074 }
1075
1076 if (ca_list[j]->algorithm_auth)
1077 {
1078 if (alg_auth)
1079 {
1080 alg_auth &= ca_list[j]->algorithm_auth;
1081 if (!alg_auth) { found = 0; break; }
1082 }
1083 else
1084 alg_auth = ca_list[j]->algorithm_auth;
1085 }
1086
1087 if (ca_list[j]->algorithm_enc)
1088 {
1089 if (alg_enc)
1090 {
1091 alg_enc &= ca_list[j]->algorithm_enc;
1092 if (!alg_enc) { found = 0; break; }
1093 }
1094 else
1095 alg_enc = ca_list[j]->algorithm_enc;
1096 }
1097
1098 if (ca_list[j]->algorithm_mac)
1099 {
1100 if (alg_mac)
1101 {
1102 alg_mac &= ca_list[j]->algorithm_mac;
1103 if (!alg_mac) { found = 0; break; }
1104 }
1105 else
1106 alg_mac = ca_list[j]->algorithm_mac;
1107 }
1108
1109 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1110 {
1111 if (algo_strength & SSL_EXP_MASK)
1112 {
1113 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1114 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1115 }
1116 else
1117 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1118 }
1119
1120 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1121 {
1122 if (algo_strength & SSL_STRONG_MASK)
1123 {
1124 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1125 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1126 }
1127 else
1128 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1129 }
1130
1131 if (ca_list[j]->valid)
1132 {
1133 /* explicit ciphersuite found; its protocol version
1134 * does not become part of the search pattern!*/
1135
1136 cipher_id = ca_list[j]->id;
1137 }
1138 else
1139 {
1140 /* not an explicit ciphersuite; only in this case, the
1141 * protocol version is considered part of the search pattern */
1142
1143 if (ca_list[j]->algorithm_ssl)
1144 {
1145 if (alg_ssl)
1146 {
1147 alg_ssl &= ca_list[j]->algorithm_ssl;
1148 if (!alg_ssl) { found = 0; break; }
1149 }
1150 else
1151 alg_ssl = ca_list[j]->algorithm_ssl;
1152 }
1153 }
1154
1155 if (!multi) break;
1156 }
1157
1158 /*
1159 * Ok, we have the rule, now apply it
1160 */
1161 if (rule == CIPHER_SPECIAL)
1162 { /* special command */
1163 ok = 0;
1164 if ((buflen == 8) &&
1165 !strncmp(buf, "STRENGTH", 8))
1166 ok = ssl_cipher_strength_sort(head_p, tail_p);
1167 else
1168 OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_INVALID_COMMAND);
1169 if (ok == 0)
1170 retval = 0;
1171 /*
1172 * We do not support any "multi" options
1173 * together with "@", so throw away the
1174 * rest of the command, if any left, until
1175 * end or ':' is found.
1176 */
1177 while ((*l != '\0') && !ITEM_SEP(*l))
1178 l++;
1179 }
1180 else if (found)
1181 {
1182 ssl_cipher_apply_rule(cipher_id,
1183 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1184 rule, -1, head_p, tail_p);
1185 }
1186 else
1187 {
1188 while ((*l != '\0') && !ITEM_SEP(*l))
1189 l++;
1190 }
1191 if (*l == '\0') break; /* done */
1192 }
1193
1194 return(retval);
1195 }
1196#ifndef OPENSSL_NO_EC
1197static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
1198 const char **prule_str)
1199 {
1200 unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
1201 if (!strcmp(*prule_str, "SUITEB128"))
1202 suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
1203 else if (!strcmp(*prule_str, "SUITEB128ONLY"))
1204 suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
1205 else if (!strcmp(*prule_str, "SUITEB128C2"))
1206 {
1207 suiteb_comb2 = 1;
1208 suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
1209 }
1210 else if (!strcmp(*prule_str, "SUITEB192"))
1211 suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
1212
1213 if (suiteb_flags)
1214 {
1215 c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
1216 c->cert_flags |= suiteb_flags;
1217 }
1218 else
1219 suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
1220
1221 if (!suiteb_flags)
1222 return 1;
1223 /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
1224
1225 if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS))
1226 {
1227 if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
1228 OPENSSL_PUT_ERROR(SSL, check_suiteb_cipher_list, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
1229 else
1230 OPENSSL_PUT_ERROR(SSL, check_suiteb_cipher_list, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
1231 return 0;
1232 }
1233
1234 switch(suiteb_flags)
1235 {
1236 case SSL_CERT_FLAG_SUITEB_128_LOS:
1237 if (suiteb_comb2)
1238 *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
1239 else
1240 *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
1241 break;
1242 case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
1243 *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
1244 break;
1245 case SSL_CERT_FLAG_SUITEB_192_LOS:
1246 *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
1247 break;
1248 }
1249 /* Set auto ECDH parameter determination */
1250 c->ecdh_tmp_auto = 1;
1251 return 1;
1252 }
1253#endif
1254
1255
1256STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1257 STACK_OF(SSL_CIPHER) **cipher_list,
1258 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1259 const char *rule_str, CERT *c)
1260 {
1261 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1262 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1263 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1264 const char *rule_p;
1265 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1266 const SSL_CIPHER **ca_list = NULL;
1267
1268 /*
1269 * Return with error if nothing to do.
1270 */
Adam Langley0b5c1ac2014-06-20 12:00:00 -0700[diff] [blame]1271 if (rule_str == NULL || cipher_list == NULL)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1272 return NULL;
1273#ifndef OPENSSL_NO_EC
1274 if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
1275 return NULL;
1276#endif
1277
1278 /*
1279 * To reduce the work to do we only want to process the compiled
1280 * in algorithms, so we first get the mask of disabled ciphers.
1281 */
1282 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1283
1284 /*
1285 * Now we have to collect the available ciphers from the compiled
1286 * in ciphers. We cannot get more than the number compiled in, so
1287 * it is used for allocation.
1288 */
1289 num_of_ciphers = ssl_method->num_ciphers();
1290#ifdef KSSL_DEBUG
1291 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1292#endif /* KSSL_DEBUG */
1293 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1294 if (co_list == NULL)
1295 {
1296 OPENSSL_PUT_ERROR(SSL, ssl_create_cipher_list, ERR_R_MALLOC_FAILURE);
1297 return(NULL); /* Failure */
1298 }
1299
1300 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1301 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1302 co_list, &head, &tail);
1303
1304
1305 /* Now arrange all ciphers by preference: */
1306
1307 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1308 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1309 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1310
1311 /* AES is our preferred symmetric cipher */
1312 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1313
1314 /* Temporarily enable everything else for sorting */
1315 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1316
1317 /* Low priority for MD5 */
1318 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1319
1320 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1321 * (For applications that allow them, they aren't too bad, but we prefer
1322 * authenticated ciphers.) */
1323 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1324
1325 /* Move ciphers without forward secrecy to the end */
1326 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1327 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1328 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1329 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1330 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1331
1332 /* RC4 is sort-of broken -- move the the end */
1333 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1334
1335 /* Now sort by symmetric encryption strength. The above ordering remains
1336 * in force within each class */
1337 if (!ssl_cipher_strength_sort(&head, &tail))
1338 {
1339 OPENSSL_free(co_list);
1340 return NULL;
1341 }
1342
1343 /* Now disable everything (maintaining the ordering!) */
1344 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1345
1346
1347 /*
1348 * We also need cipher aliases for selecting based on the rule_str.
1349 * There might be two types of entries in the rule_str: 1) names
1350 * of ciphers themselves 2) aliases for groups of ciphers.
1351 * For 1) we need the available ciphers and for 2) the cipher
1352 * groups of cipher_aliases added together in one list (otherwise
1353 * we would be happy with just the cipher_aliases table).
1354 */
1355 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1356 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1357 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1358 if (ca_list == NULL)
1359 {
1360 OPENSSL_free(co_list);
1361 OPENSSL_PUT_ERROR(SSL, ssl_create_cipher_list, ERR_R_MALLOC_FAILURE);
1362 return(NULL); /* Failure */
1363 }
1364 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1365 disabled_mkey, disabled_auth, disabled_enc,
1366 disabled_mac, disabled_ssl, head);
1367
1368 /*
1369 * If the rule_string begins with DEFAULT, apply the default rule
1370 * before using the (possibly available) additional rules.
1371 */
1372 ok = 1;
1373 rule_p = rule_str;
1374 if (strncmp(rule_str,"DEFAULT",7) == 0)
1375 {
1376 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1377 &head, &tail, ca_list);
1378 rule_p += 7;
1379 if (*rule_p == ':')
1380 rule_p++;
1381 }
1382
1383 if (ok && (strlen(rule_p) > 0))
1384 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1385
1386 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1387
1388 if (!ok)
1389 { /* Rule processing failure */
1390 OPENSSL_free(co_list);
1391 return(NULL);
1392 }
1393
1394 /*
1395 * Allocate new "cipherstack" for the result, return with error
1396 * if we cannot get one.
1397 */
1398 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1399 {
1400 OPENSSL_free(co_list);
1401 return(NULL);
1402 }
1403
1404 /*
1405 * The cipher selection for the list is done. The ciphers are added
1406 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1407 */
1408 for (curr = head; curr != NULL; curr = curr->next)
1409 {
1410#ifdef OPENSSL_FIPS
1411 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1412#else
1413 if (curr->active)
1414#endif
1415 {
1416 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1417#ifdef CIPHER_DEBUG
1418 printf("<%s>\n",curr->cipher->name);
1419#endif
1420 }
1421 }
1422 OPENSSL_free(co_list); /* Not needed any longer */
1423
1424 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1425 if (tmp_cipher_list == NULL)
1426 {
1427 sk_SSL_CIPHER_free(cipherstack);
1428 return NULL;
1429 }
1430 if (*cipher_list != NULL)
1431 sk_SSL_CIPHER_free(*cipher_list);
1432 *cipher_list = cipherstack;
Adam Langley0b5c1ac2014-06-20 12:00:00 -0700[diff] [blame]1433 if (cipher_list_by_id != NULL)
1434 {
1435 if (*cipher_list_by_id != NULL)
1436 sk_SSL_CIPHER_free(*cipher_list_by_id);
1437 *cipher_list_by_id = tmp_cipher_list;
1438 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1439
Adam Langley0b5c1ac2014-06-20 12:00:00 -0700[diff] [blame]1440 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1441 }
1442 else
1443 sk_SSL_CIPHER_free(tmp_cipher_list);
1444
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1445 return(cipherstack);
1446 }
1447
1448char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1449 {
1450 int is_export,pkl,kl;
1451 const char *ver,*exp_str;
1452 const char *kx,*au,*enc,*mac;
1453 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
1454#ifdef KSSL_DEBUG
1455 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1456#else
1457 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1458#endif /* KSSL_DEBUG */
1459
1460 alg_mkey = cipher->algorithm_mkey;
1461 alg_auth = cipher->algorithm_auth;
1462 alg_enc = cipher->algorithm_enc;
1463 alg_mac = cipher->algorithm_mac;
1464 alg_ssl = cipher->algorithm_ssl;
1465
1466 alg2=cipher->algorithm2;
1467
1468 is_export=SSL_C_IS_EXPORT(cipher);
1469 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1470 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1471 exp_str=is_export?" export":"";
1472
1473 if (alg_ssl & SSL_SSLV2)
1474 ver="SSLv2";
1475 else if (alg_ssl & SSL_SSLV3)
1476 ver="SSLv3";
1477 else if (alg_ssl & SSL_TLSV1_2)
1478 ver="TLSv1.2";
1479 else
1480 ver="unknown";
1481
1482 switch (alg_mkey)
1483 {
1484 case SSL_kRSA:
1485 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1486 break;
1487 case SSL_kDHr:
1488 kx="DH/RSA";
1489 break;
1490 case SSL_kDHd:
1491 kx="DH/DSS";
1492 break;
1493 case SSL_kKRB5:
1494 kx="KRB5";
1495 break;
1496 case SSL_kEDH:
1497 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1498 break;
1499 case SSL_kECDHr:
1500 kx="ECDH/RSA";
1501 break;
1502 case SSL_kECDHe:
1503 kx="ECDH/ECDSA";
1504 break;
1505 case SSL_kEECDH:
1506 kx="ECDH";
1507 break;
1508 case SSL_kPSK:
1509 kx="PSK";
1510 break;
1511 case SSL_kSRP:
1512 kx="SRP";
1513 break;
1514 default:
1515 kx="unknown";
1516 }
1517
1518 switch (alg_auth)
1519 {
1520 case SSL_aRSA:
1521 au="RSA";
1522 break;
1523 case SSL_aDSS:
1524 au="DSS";
1525 break;
1526 case SSL_aDH:
1527 au="DH";
1528 break;
1529 case SSL_aKRB5:
1530 au="KRB5";
1531 break;
1532 case SSL_aECDH:
1533 au="ECDH";
1534 break;
1535 case SSL_aNULL:
1536 au="None";
1537 break;
1538 case SSL_aECDSA:
1539 au="ECDSA";
1540 break;
1541 case SSL_aPSK:
1542 au="PSK";
1543 break;
1544 default:
1545 au="unknown";
1546 break;
1547 }
1548
1549 switch (alg_enc)
1550 {
1551 case SSL_DES:
1552 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1553 break;
1554 case SSL_3DES:
1555 enc="3DES(168)";
1556 break;
1557 case SSL_RC4:
1558 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1559 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1560 break;
1561 case SSL_RC2:
1562 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1563 break;
1564 case SSL_IDEA:
1565 enc="IDEA(128)";
1566 break;
1567 case SSL_eNULL:
1568 enc="None";
1569 break;
1570 case SSL_AES128:
1571 enc="AES(128)";
1572 break;
1573 case SSL_AES256:
1574 enc="AES(256)";
1575 break;
1576 case SSL_AES128GCM:
1577 enc="AESGCM(128)";
1578 break;
1579 case SSL_AES256GCM:
1580 enc="AESGCM(256)";
1581 break;
1582 case SSL_CAMELLIA128:
1583 enc="Camellia(128)";
1584 break;
1585 case SSL_CAMELLIA256:
1586 enc="Camellia(256)";
1587 break;
1588 case SSL_SEED:
1589 enc="SEED(128)";
1590 break;
1591 default:
1592 enc="unknown";
1593 break;
1594 }
1595
1596 switch (alg_mac)
1597 {
1598 case SSL_MD5:
1599 mac="MD5";
1600 break;
1601 case SSL_SHA1:
1602 mac="SHA1";
1603 break;
1604 case SSL_SHA256:
1605 mac="SHA256";
1606 break;
1607 case SSL_SHA384:
1608 mac="SHA384";
1609 break;
1610 case SSL_AEAD:
1611 mac="AEAD";
1612 break;
1613 default:
1614 mac="unknown";
1615 break;
1616 }
1617
1618 if (buf == NULL)
1619 {
1620 len=128;
1621 buf=OPENSSL_malloc(len);
1622 if (buf == NULL) return("OPENSSL_malloc Error");
1623 }
1624 else if (len < 128)
1625 return("Buffer too small");
1626
1627#ifdef KSSL_DEBUG
1628 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1629#else
1630 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1631#endif /* KSSL_DEBUG */
1632 return(buf);
1633 }
1634
Adam Langley4d4bff82014-06-20 12:00:00 -0700[diff] [blame]1635/* Next three functions require non-null cipher */
1636int SSL_CIPHER_is_AES(const SSL_CIPHER *c)
1637 {
1638 return (c->algorithm_enc & SSL_AES) != 0;
1639 }
1640
1641int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *c)
1642 {
1643 return (c->algorithm_mac & SSL_MD5) != 0;
1644 }
1645
1646int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *c)
1647 {
1648 return (c->algorithm_mac & (SSL_AES128GCM|SSL_AES256GCM)) != 0;
1649 }
1650
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1651char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1652 {
1653 int i;
1654
1655 if (c == NULL) return("(NONE)");
1656 i=(int)(c->id>>24L);
1657 if (i == 3)
1658 return("TLSv1/SSLv3");
1659 else if (i == 2)
1660 return("SSLv2");
1661 else
1662 return("unknown");
1663 }
1664
1665/* return the actual cipher being used */
1666const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1667 {
1668 if (c != NULL)
1669 return(c->name);
1670 return("(NONE)");
1671 }
1672
1673/* number of bits for symmetric cipher */
1674int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1675 {
1676 int ret=0;
1677
1678 if (c != NULL)
1679 {
1680 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1681 ret = c->strength_bits;
1682 }
1683 return(ret);
1684 }
1685
1686unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
1687 {
1688 return c->id;
1689 }
1690
1691SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1692 {
1693 SSL_COMP *ctmp;
1694 int i,nn;
1695
1696 if ((n == 0) || (sk == NULL)) return(NULL);
1697 nn=sk_SSL_COMP_num(sk);
1698 for (i=0; i<nn; i++)
1699 {
1700 ctmp=sk_SSL_COMP_value(sk,i);
1701 if (ctmp->id == n)
1702 return(ctmp);
1703 }
1704 return(NULL);
1705 }
1706
1707void *SSL_COMP_get_compression_methods(void)
1708 {
1709 return NULL;
1710 }
1711int SSL_COMP_add_compression_method(int id, void *cm)
1712 {
1713 return 1;
1714 }
1715
1716const char *SSL_COMP_get_name(const void *comp)
1717 {
1718 return NULL;
1719 }
1720
1721/* For a cipher return the index corresponding to the certificate type */
1722int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
1723 {
1724 unsigned long alg_k, alg_a;
1725
1726 alg_k = c->algorithm_mkey;
1727 alg_a = c->algorithm_auth;
1728
1729 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
1730 {
1731 /* we don't need to look at SSL_kEECDH
1732 * since no certificate is needed for
1733 * anon ECDH and for authenticated
1734 * EECDH, the check for the auth
1735 * algorithm will set i correctly
1736 * NOTE: For ECDH-RSA, we need an ECC
1737 * not an RSA cert but for EECDH-RSA
1738 * we need an RSA cert. Placing the
1739 * checks for SSL_kECDH before RSA
1740 * checks ensures the correct cert is chosen.
1741 */
1742 return SSL_PKEY_ECC;
1743 }
1744 else if (alg_a & SSL_aECDSA)
1745 return SSL_PKEY_ECC;
1746 else if (alg_k & SSL_kDHr)
1747 return SSL_PKEY_DH_RSA;
1748 else if (alg_k & SSL_kDHd)
1749 return SSL_PKEY_DH_DSA;
1750 else if (alg_a & SSL_aDSS)
1751 return SSL_PKEY_DSA_SIGN;
1752 else if (alg_a & SSL_aRSA)
1753 return SSL_PKEY_RSA_ENC;
1754 else if (alg_a & SSL_aKRB5)
1755 /* VRS something else here? */
1756 return -1;
1757 else if (alg_a & SSL_aGOST94)
1758 return SSL_PKEY_GOST94;
1759 else if (alg_a & SSL_aGOST01)
1760 return SSL_PKEY_GOST01;
1761 return -1;
1762 }
1763
1764const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
1765 {
1766 const SSL_CIPHER *c;
1767 c = ssl->method->get_cipher_by_char(ptr);
1768 if (c == NULL || c->valid == 0)
1769 return NULL;
1770 return c;
1771 }
1772
1773const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
1774 {
1775 return ssl->method->get_cipher_by_char(ptr);
1776 }