ssl_ciph.c@ 69890

Last change on this file since 69890 was 69890, checked in by vboxsync, 7 years ago
Added OpenSSL 1.1.0g with unneeded files removed, otherwise unmodified. bugref:8070: src/libs maintenance
Property svn:eol-style set to `native`
File size: 60.4 KB

Line
1	/*
2	* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/* ====================================================================
11	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12	* ECC cipher suite support in OpenSSL originally developed by
13	* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
14	*/
15	/* ====================================================================
16	* Copyright 2005 Nokia. All rights reserved.
17	*
18	* The portions of the attached software ("Contribution") is developed by
19	* Nokia Corporation and is licensed pursuant to the OpenSSL open source
20	* license.
21	*
22	* The Contribution, originally written by Mika Kousa and Pasi Eronen of
23	* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
24	* support (see RFC 4279) to OpenSSL.
25	*
26	* No patent licenses or other rights except those expressly stated in
27	* the OpenSSL open source license shall be deemed granted or received
28	* expressly, by implication, estoppel, or otherwise.
29	*
30	* No assurances are provided by Nokia that the Contribution does not
31	* infringe the patent or other intellectual property rights of any third
32	* party or that the license provides you with all the necessary rights
33	* to make use of the Contribution.
34	*
35	* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
36	* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
37	* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
38	* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
39	* OTHERWISE.
40	*/
41
42	#include <stdio.h>
43	#include <ctype.h>
44	#include <openssl/objects.h>
45	#include <openssl/comp.h>
46	#include <openssl/engine.h>
47	#include <openssl/crypto.h>
48	#include "ssl_locl.h"
49	#include "internal/thread_once.h"
50
51	#define SSL_ENC_DES_IDX 0
52	#define SSL_ENC_3DES_IDX 1
53	#define SSL_ENC_RC4_IDX 2
54	#define SSL_ENC_RC2_IDX 3
55	#define SSL_ENC_IDEA_IDX 4
56	#define SSL_ENC_NULL_IDX 5
57	#define SSL_ENC_AES128_IDX 6
58	#define SSL_ENC_AES256_IDX 7
59	#define SSL_ENC_CAMELLIA128_IDX 8
60	#define SSL_ENC_CAMELLIA256_IDX 9
61	#define SSL_ENC_GOST89_IDX 10
62	#define SSL_ENC_SEED_IDX 11
63	#define SSL_ENC_AES128GCM_IDX 12
64	#define SSL_ENC_AES256GCM_IDX 13
65	#define SSL_ENC_AES128CCM_IDX 14
66	#define SSL_ENC_AES256CCM_IDX 15
67	#define SSL_ENC_AES128CCM8_IDX 16
68	#define SSL_ENC_AES256CCM8_IDX 17
69	#define SSL_ENC_GOST8912_IDX 18
70	#define SSL_ENC_CHACHA_IDX 19
71	#define SSL_ENC_NUM_IDX 20
72
73	/* NB: make sure indices in these tables match values above */
74
75	typedef struct {
76	uint32_t mask;
77	int nid;
78	} ssl_cipher_table;
79
80	/* Table of NIDs for each cipher */
81	static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
82	{SSL_DES, NID_des_cbc}, /* SSL_ENC_DES_IDX 0 */
83	{SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */
84	{SSL_RC4, NID_rc4}, /* SSL_ENC_RC4_IDX 2 */
85	{SSL_RC2, NID_rc2_cbc}, /* SSL_ENC_RC2_IDX 3 */
86	{SSL_IDEA, NID_idea_cbc}, /* SSL_ENC_IDEA_IDX 4 */
87	{SSL_eNULL, NID_undef}, /* SSL_ENC_NULL_IDX 5 */
88	{SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */
89	{SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */
90	{SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */
91	{SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */
92	{SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
93	{SSL_SEED, NID_seed_cbc}, /* SSL_ENC_SEED_IDX 11 */
94	{SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
95	{SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
96	{SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
97	{SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
98	{SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
99	{SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
100	{SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */
101	{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
102	};
103
104	static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
105	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
106	NULL, NULL
107	};
108
109	#define SSL_COMP_NULL_IDX 0
110	#define SSL_COMP_ZLIB_IDX 1
111	#define SSL_COMP_NUM_IDX 2
112
113	static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
114
115	#ifndef OPENSSL_NO_COMP
116	static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
117	#endif
118
119	/*
120	* Constant SSL_MAX_DIGEST equal to size of digests array should be defined
121	* in the ssl_locl.h
122	*/
123
124	#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
125
126	/* NB: make sure indices in this table matches values above */
127	static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
128	{SSL_MD5, NID_md5}, /* SSL_MD_MD5_IDX 0 */
129	{SSL_SHA1, NID_sha1}, /* SSL_MD_SHA1_IDX 1 */
130	{SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */
131	{SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
132	{SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */
133	{SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */
134	{SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
135	{SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
136	{SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
137	{0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */
138	{0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */
139	{0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */
140	};
141
142	static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
143	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
144	};
145
146	/* INDENT-OFF */
147	static const ssl_cipher_table ssl_cipher_table_kx[] = {
148	{SSL_kRSA, NID_kx_rsa},
149	{SSL_kECDHE, NID_kx_ecdhe},
150	{SSL_kDHE, NID_kx_dhe},
151	{SSL_kECDHEPSK, NID_kx_ecdhe_psk},
152	{SSL_kDHEPSK, NID_kx_dhe_psk},
153	{SSL_kRSAPSK, NID_kx_rsa_psk},
154	{SSL_kPSK, NID_kx_psk},
155	{SSL_kSRP, NID_kx_srp},
156	{SSL_kGOST, NID_kx_gost}
157	};
158
159	static const ssl_cipher_table ssl_cipher_table_auth[] = {
160	{SSL_aRSA, NID_auth_rsa},
161	{SSL_aECDSA, NID_auth_ecdsa},
162	{SSL_aPSK, NID_auth_psk},
163	{SSL_aDSS, NID_auth_dss},
164	{SSL_aGOST01, NID_auth_gost01},
165	{SSL_aGOST12, NID_auth_gost12},
166	{SSL_aSRP, NID_auth_srp},
167	{SSL_aNULL, NID_auth_null}
168	};
169	/* INDENT-ON */
170
171	/* Utility function for table lookup */
172	static int ssl_cipher_info_find(const ssl_cipher_table * table,
173	size_t table_cnt, uint32_t mask)
174	{
175	size_t i;
176	for (i = 0; i < table_cnt; i++, table++) {
177	if (table->mask == mask)
178	return i;
179	}
180	return -1;
181	}
182
183	#define ssl_cipher_info_lookup(table, x) \
184	ssl_cipher_info_find(table, OSSL_NELEM(table), x)
185
186	/*
187	* PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
188	* is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
189	* found
190	*/
191	static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
192	/* MD5, SHA, GOST94, MAC89 */
193	EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
194	/* SHA256, SHA384, GOST2012_256, MAC89-12 */
195	EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
196	/* GOST2012_512 */
197	EVP_PKEY_HMAC,
198	};
199
200	static int ssl_mac_secret_size[SSL_MD_NUM_IDX];
201
202	#define CIPHER_ADD 1
203	#define CIPHER_KILL 2
204	#define CIPHER_DEL 3
205	#define CIPHER_ORD 4
206	#define CIPHER_SPECIAL 5
207	/*
208	* Bump the ciphers to the top of the list.
209	* This rule isn't currently supported by the public cipherstring API.
210	*/
211	#define CIPHER_BUMP 6
212
213	typedef struct cipher_order_st {
214	const SSL_CIPHER *cipher;
215	int active;
216	int dead;
217	struct cipher_order_st next, prev;
218	} CIPHER_ORDER;
219
220	static const SSL_CIPHER cipher_aliases[] = {
221	/* "ALL" doesn't include eNULL (must be specifically enabled) */
222	{0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL},
223	/* "COMPLEMENTOFALL" */
224	{0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL},
225
226	/*
227	* "COMPLEMENTOFDEFAULT" (does not include ciphersuites not found in
228	* ALL!)
229	*/
230	{0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
231
232	/*
233	* key exchange aliases (some of those using only a single bit here
234	* combine multiple key exchange algs according to the RFCs, e.g. kDHE
235	* combines DHE_DSS and DHE_RSA)
236	*/
237	{0, SSL_TXT_kRSA, 0, SSL_kRSA},
238
239	{0, SSL_TXT_kEDH, 0, SSL_kDHE},
240	{0, SSL_TXT_kDHE, 0, SSL_kDHE},
241	{0, SSL_TXT_DH, 0, SSL_kDHE},
242
243	{0, SSL_TXT_kEECDH, 0, SSL_kECDHE},
244	{0, SSL_TXT_kECDHE, 0, SSL_kECDHE},
245	{0, SSL_TXT_ECDH, 0, SSL_kECDHE},
246
247	{0, SSL_TXT_kPSK, 0, SSL_kPSK},
248	{0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK},
249	{0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK},
250	{0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK},
251	{0, SSL_TXT_kSRP, 0, SSL_kSRP},
252	{0, SSL_TXT_kGOST, 0, SSL_kGOST},
253
254	/* server authentication aliases */
255	{0, SSL_TXT_aRSA, 0, 0, SSL_aRSA},
256	{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS},
257	{0, SSL_TXT_DSS, 0, 0, SSL_aDSS},
258	{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL},
259	{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA},
260	{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA},
261	{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK},
262	{0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01},
263	{0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12},
264	{0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 \| SSL_aGOST12},
265	{0, SSL_TXT_aSRP, 0, 0, SSL_aSRP},
266
267	/* aliases combining key exchange and server authentication */
268	{0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL},
269	{0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL},
270	{0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL},
271	{0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL},
272	{0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL},
273	{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA},
274	{0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL},
275	{0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL},
276	{0, SSL_TXT_PSK, 0, SSL_PSK},
277	{0, SSL_TXT_SRP, 0, SSL_kSRP},
278
279	/* symmetric encryption aliases */
280	{0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES},
281	{0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4},
282	{0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2},
283	{0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA},
284	{0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED},
285	{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL},
286	{0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT \| SSL_eGOST2814789CNT12},
287	{0, SSL_TXT_AES128, 0, 0, 0,
288	SSL_AES128 \| SSL_AES128GCM \| SSL_AES128CCM \| SSL_AES128CCM8},
289	{0, SSL_TXT_AES256, 0, 0, 0,
290	SSL_AES256 \| SSL_AES256GCM \| SSL_AES256CCM \| SSL_AES256CCM8},
291	{0, SSL_TXT_AES, 0, 0, 0, SSL_AES},
292	{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM \| SSL_AES256GCM},
293	{0, SSL_TXT_AES_CCM, 0, 0, 0,
294	SSL_AES128CCM \| SSL_AES256CCM \| SSL_AES128CCM8 \| SSL_AES256CCM8},
295	{0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 \| SSL_AES256CCM8},
296	{0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128},
297	{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256},
298	{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA},
299	{0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20},
300
301	/* MAC aliases */
302	{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5},
303	{0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1},
304	{0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1},
305	{0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94},
306	{0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC \| SSL_GOST89MAC12},
307	{0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256},
308	{0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384},
309	{0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256},
310
311	/* protocol version aliases */
312	{0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL3_VERSION},
313	{0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, TLS1_VERSION},
314	{0, "TLSv1.0", 0, 0, 0, 0, 0, TLS1_VERSION},
315	{0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, TLS1_2_VERSION},
316
317	/* strength classes */
318	{0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
319	{0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
320	{0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
321	/* FIPS 140-2 approved ciphersuite */
322	{0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
323
324	/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
325	{0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
326	SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH \| SSL_FIPS},
327	{0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
328	SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH \| SSL_FIPS},
329
330	};
331
332	/*
333	* Search for public key algorithm with given name and return its pkey_id if
334	* it is available. Otherwise return 0
335	*/
336	#ifdef OPENSSL_NO_ENGINE
337
338	static int get_optional_pkey_id(const char *pkey_name)
339	{
340	const EVP_PKEY_ASN1_METHOD *ameth;
341	int pkey_id = 0;
342	ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
343	if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
344	ameth) > 0) {
345	return pkey_id;
346	}
347	return 0;
348	}
349
350	#else
351
352	static int get_optional_pkey_id(const char *pkey_name)
353	{
354	const EVP_PKEY_ASN1_METHOD *ameth;
355	ENGINE *tmpeng = NULL;
356	int pkey_id = 0;
357	ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
358	if (ameth) {
359	if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
360	ameth) <= 0)
361	pkey_id = 0;
362	}
363	ENGINE_finish(tmpeng);
364	return pkey_id;
365	}
366
367	#endif
368
369	/* masks of disabled algorithms */
370	static uint32_t disabled_enc_mask;
371	static uint32_t disabled_mac_mask;
372	static uint32_t disabled_mkey_mask;
373	static uint32_t disabled_auth_mask;
374
375	void ssl_load_ciphers(void)
376	{
377	size_t i;
378	const ssl_cipher_table *t;
379
380	disabled_enc_mask = 0;
381	ssl_sort_cipher_list();
382	for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
383	if (t->nid == NID_undef) {
384	ssl_cipher_methods[i] = NULL;
385	} else {
386	const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid);
387	ssl_cipher_methods[i] = cipher;
388	if (cipher == NULL)
389	disabled_enc_mask \|= t->mask;
390	}
391	}
392	#ifdef SSL_FORBID_ENULL
393	disabled_enc_mask \|= SSL_eNULL;
394	#endif
395	disabled_mac_mask = 0;
396	for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
397	const EVP_MD *md = EVP_get_digestbynid(t->nid);
398	ssl_digest_methods[i] = md;
399	if (md == NULL) {
400	disabled_mac_mask \|= t->mask;
401	} else {
402	ssl_mac_secret_size[i] = EVP_MD_size(md);
403	OPENSSL_assert(ssl_mac_secret_size[i] >= 0);
404	}
405	}
406	/* Make sure we can access MD5 and SHA1 */
407	OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
408	OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
409
410	disabled_mkey_mask = 0;
411	disabled_auth_mask = 0;
412
413	#ifdef OPENSSL_NO_RSA
414	disabled_mkey_mask \|= SSL_kRSA \| SSL_kRSAPSK;
415	disabled_auth_mask \|= SSL_aRSA;
416	#endif
417	#ifdef OPENSSL_NO_DSA
418	disabled_auth_mask \|= SSL_aDSS;
419	#endif
420	#ifdef OPENSSL_NO_DH
421	disabled_mkey_mask \|= SSL_kDHE \| SSL_kDHEPSK;
422	#endif
423	#ifdef OPENSSL_NO_EC
424	disabled_mkey_mask \|= SSL_kECDHEPSK;
425	disabled_auth_mask \|= SSL_aECDSA;
426	#endif
427	#ifdef OPENSSL_NO_PSK
428	disabled_mkey_mask \|= SSL_PSK;
429	disabled_auth_mask \|= SSL_aPSK;
430	#endif
431	#ifdef OPENSSL_NO_SRP
432	disabled_mkey_mask \|= SSL_kSRP;
433	#endif
434
435	/*
436	* Check for presence of GOST 34.10 algorithms, and if they are not
437	* present, disable appropriate auth and key exchange
438	*/
439	ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
440	if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
441	ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
442	} else {
443	disabled_mac_mask \|= SSL_GOST89MAC;
444	}
445
446	ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
447	get_optional_pkey_id("gost-mac-12");
448	if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
449	ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
450	} else {
451	disabled_mac_mask \|= SSL_GOST89MAC12;
452	}
453
454	if (!get_optional_pkey_id("gost2001"))
455	disabled_auth_mask \|= SSL_aGOST01 \| SSL_aGOST12;
456	if (!get_optional_pkey_id("gost2012_256"))
457	disabled_auth_mask \|= SSL_aGOST12;
458	if (!get_optional_pkey_id("gost2012_512"))
459	disabled_auth_mask \|= SSL_aGOST12;
460	/*
461	* Disable GOST key exchange if no GOST signature algs are available *
462	*/
463	if ((disabled_auth_mask & (SSL_aGOST01 \| SSL_aGOST12)) ==
464	(SSL_aGOST01 \| SSL_aGOST12))
465	disabled_mkey_mask \|= SSL_kGOST;
466	}
467
468	#ifndef OPENSSL_NO_COMP
469
470	static int sk_comp_cmp(const SSL_COMP const a, const SSL_COMP const b)
471	{
472	return ((a)->id - (b)->id);
473	}
474
475	DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
476	{
477	SSL_COMP *comp = NULL;
478	COMP_METHOD *method = COMP_zlib();
479
480	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
481	ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
482
483	if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
484	comp = OPENSSL_malloc(sizeof(*comp));
485	if (comp != NULL) {
486	comp->method = method;
487	comp->id = SSL_COMP_ZLIB_IDX;
488	comp->name = COMP_get_name(method);
489	sk_SSL_COMP_push(ssl_comp_methods, comp);
490	sk_SSL_COMP_sort(ssl_comp_methods);
491	}
492	}
493	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
494	return 1;
495	}
496
497	static int load_builtin_compressions(void)
498	{
499	return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
500	}
501	#endif
502
503	int ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
504	const EVP_MD *md, int mac_pkey_type,
505	int mac_secret_size, SSL_COMP *comp, int use_etm)
506	{
507	int i;
508	const SSL_CIPHER *c;
509
510	c = s->cipher;
511	if (c == NULL)
512	return (0);
513	if (comp != NULL) {
514	SSL_COMP ctmp;
515	#ifndef OPENSSL_NO_COMP
516	if (!load_builtin_compressions()) {
517	/*
518	* Currently don't care, since a failure only means that
519	* ssl_comp_methods is NULL, which is perfectly OK
520	*/
521	}
522	#endif
523	*comp = NULL;
524	ctmp.id = s->compress_meth;
525	if (ssl_comp_methods != NULL) {
526	i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
527	if (i >= 0)
528	*comp = sk_SSL_COMP_value(ssl_comp_methods, i);
529	else
530	*comp = NULL;
531	}
532	/* If were only interested in comp then return success */
533	if ((enc == NULL) && (md == NULL))
534	return 1;
535	}
536
537	if ((enc == NULL) \|\| (md == NULL))
538	return 0;
539
540	i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
541
542	if (i == -1)
543	*enc = NULL;
544	else {
545	if (i == SSL_ENC_NULL_IDX)
546	*enc = EVP_enc_null();
547	else
548	*enc = ssl_cipher_methods[i];
549	}
550
551	i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
552	if (i == -1) {
553	*md = NULL;
554	if (mac_pkey_type != NULL)
555	*mac_pkey_type = NID_undef;
556	if (mac_secret_size != NULL)
557	*mac_secret_size = 0;
558	if (c->algorithm_mac == SSL_AEAD)
559	mac_pkey_type = NULL;
560	} else {
561	*md = ssl_digest_methods[i];
562	if (mac_pkey_type != NULL)
563	*mac_pkey_type = ssl_mac_pkey_id[i];
564	if (mac_secret_size != NULL)
565	*mac_secret_size = ssl_mac_secret_size[i];
566	}
567
568	if ((*enc != NULL) &&
569	(md != NULL \|\| (EVP_CIPHER_flags(enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
570	&& (!mac_pkey_type \|\| *mac_pkey_type != NID_undef)) {
571	const EVP_CIPHER *evp;
572
573	if (use_etm)
574	return 1;
575
576	if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR \|\|
577	s->ssl_version < TLS1_VERSION)
578	return 1;
579
580	if (FIPS_mode())
581	return 1;
582
583	if (c->algorithm_enc == SSL_RC4 &&
584	c->algorithm_mac == SSL_MD5 &&
585	(evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
586	enc = evp, md = NULL;
587	else if (c->algorithm_enc == SSL_AES128 &&
588	c->algorithm_mac == SSL_SHA1 &&
589	(evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
590	enc = evp, md = NULL;
591	else if (c->algorithm_enc == SSL_AES256 &&
592	c->algorithm_mac == SSL_SHA1 &&
593	(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
594	enc = evp, md = NULL;
595	else if (c->algorithm_enc == SSL_AES128 &&
596	c->algorithm_mac == SSL_SHA256 &&
597	(evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
598	enc = evp, md = NULL;
599	else if (c->algorithm_enc == SSL_AES256 &&
600	c->algorithm_mac == SSL_SHA256 &&
601	(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
602	enc = evp, md = NULL;
603	return (1);
604	} else
605	return (0);
606	}
607
608	const EVP_MD *ssl_md(int idx)
609	{
610	idx &= SSL_HANDSHAKE_MAC_MASK;
611	if (idx < 0 \|\| idx >= SSL_MD_NUM_IDX)
612	return NULL;
613	return ssl_digest_methods[idx];
614	}
615
616	const EVP_MD ssl_handshake_md(SSL s)
617	{
618	return ssl_md(ssl_get_algorithm2(s));
619	}
620
621	const EVP_MD ssl_prf_md(SSL s)
622	{
623	return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
624	}
625
626	#define ITEM_SEP(a) \
627	(((a) == ':') \|\| ((a) == ' ') \|\| ((a) == ';') \|\| ((a) == ','))
628
629	static void ll_append_tail(CIPHER_ORDER *head, CIPHER_ORDER curr,
630	CIPHER_ORDER **tail)
631	{
632	if (curr == *tail)
633	return;
634	if (curr == *head)
635	*head = curr->next;
636	if (curr->prev != NULL)
637	curr->prev->next = curr->next;
638	if (curr->next != NULL)
639	curr->next->prev = curr->prev;
640	(*tail)->next = curr;
641	curr->prev = *tail;
642	curr->next = NULL;
643	*tail = curr;
644	}
645
646	static void ll_append_head(CIPHER_ORDER *head, CIPHER_ORDER curr,
647	CIPHER_ORDER **tail)
648	{
649	if (curr == *head)
650	return;
651	if (curr == *tail)
652	*tail = curr->prev;
653	if (curr->next != NULL)
654	curr->next->prev = curr->prev;
655	if (curr->prev != NULL)
656	curr->prev->next = curr->next;
657	(*head)->prev = curr;
658	curr->next = *head;
659	curr->prev = NULL;
660	*head = curr;
661	}
662
663	static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
664	int num_of_ciphers,
665	uint32_t disabled_mkey,
666	uint32_t disabled_auth,
667	uint32_t disabled_enc,
668	uint32_t disabled_mac,
669	CIPHER_ORDER *co_list,
670	CIPHER_ORDER **head_p,
671	CIPHER_ORDER **tail_p)
672	{
673	int i, co_list_num;
674	const SSL_CIPHER *c;
675
676	/*
677	* We have num_of_ciphers descriptions compiled in, depending on the
678	* method selected (SSLv3, TLSv1 etc).
679	* These will later be sorted in a linked list with at most num
680	* entries.
681	*/
682
683	/* Get the initial list of ciphers */
684	co_list_num = 0; /* actual count of ciphers */
685	for (i = 0; i < num_of_ciphers; i++) {
686	c = ssl_method->get_cipher(i);
687	/* drop those that use any of that is not available */
688	if (c == NULL \|\| !c->valid)
689	continue;
690	if (FIPS_mode() && (c->algo_strength & SSL_FIPS))
691	continue;
692	if ((c->algorithm_mkey & disabled_mkey) \|\|
693	(c->algorithm_auth & disabled_auth) \|\|
694	(c->algorithm_enc & disabled_enc) \|\|
695	(c->algorithm_mac & disabled_mac))
696	continue;
697	if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) &&
698	c->min_tls == 0)
699	continue;
700	if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) &&
701	c->min_dtls == 0)
702	continue;
703
704	co_list[co_list_num].cipher = c;
705	co_list[co_list_num].next = NULL;
706	co_list[co_list_num].prev = NULL;
707	co_list[co_list_num].active = 0;
708	co_list_num++;
709	/*
710	* if (!sk_push(ca_list,(char *)c)) goto err;
711	*/
712	}
713
714	/*
715	* Prepare linked list from list entries
716	*/
717	if (co_list_num > 0) {
718	co_list[0].prev = NULL;
719
720	if (co_list_num > 1) {
721	co_list[0].next = &co_list[1];
722
723	for (i = 1; i < co_list_num - 1; i++) {
724	co_list[i].prev = &co_list[i - 1];
725	co_list[i].next = &co_list[i + 1];
726	}
727
728	co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
729	}
730
731	co_list[co_list_num - 1].next = NULL;
732
733	*head_p = &co_list[0];
734	*tail_p = &co_list[co_list_num - 1];
735	}
736	}
737
738	static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
739	int num_of_group_aliases,
740	uint32_t disabled_mkey,
741	uint32_t disabled_auth,
742	uint32_t disabled_enc,
743	uint32_t disabled_mac,
744	CIPHER_ORDER *head)
745	{
746	CIPHER_ORDER *ciph_curr;
747	const SSL_CIPHER **ca_curr;
748	int i;
749	uint32_t mask_mkey = ~disabled_mkey;
750	uint32_t mask_auth = ~disabled_auth;
751	uint32_t mask_enc = ~disabled_enc;
752	uint32_t mask_mac = ~disabled_mac;
753
754	/*
755	* First, add the real ciphers as already collected
756	*/
757	ciph_curr = head;
758	ca_curr = ca_list;
759	while (ciph_curr != NULL) {
760	*ca_curr = ciph_curr->cipher;
761	ca_curr++;
762	ciph_curr = ciph_curr->next;
763	}
764
765	/*
766	* Now we add the available ones from the cipher_aliases[] table.
767	* They represent either one or more algorithms, some of which
768	* in any affected category must be supported (set in enabled_mask),
769	* or represent a cipher strength value (will be added in any case because algorithms=0).
770	*/
771	for (i = 0; i < num_of_group_aliases; i++) {
772	uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
773	uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
774	uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
775	uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
776
777	if (algorithm_mkey)
778	if ((algorithm_mkey & mask_mkey) == 0)
779	continue;
780
781	if (algorithm_auth)
782	if ((algorithm_auth & mask_auth) == 0)
783	continue;
784
785	if (algorithm_enc)
786	if ((algorithm_enc & mask_enc) == 0)
787	continue;
788
789	if (algorithm_mac)
790	if ((algorithm_mac & mask_mac) == 0)
791	continue;
792
793	ca_curr = (SSL_CIPHER )(cipher_aliases + i);
794	ca_curr++;
795	}
796
797	ca_curr = NULL; / end of list */
798	}
799
800	static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
801	uint32_t alg_auth, uint32_t alg_enc,
802	uint32_t alg_mac, int min_tls,
803	uint32_t algo_strength, int rule,
804	int32_t strength_bits, CIPHER_ORDER **head_p,
805	CIPHER_ORDER **tail_p)
806	{
807	CIPHER_ORDER head, tail, curr, next, *last;
808	const SSL_CIPHER *cp;
809	int reverse = 0;
810
811	#ifdef CIPHER_DEBUG
812	fprintf(stderr,
813	"Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
814	rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
815	algo_strength, strength_bits);
816	#endif
817
818	if (rule == CIPHER_DEL \|\| rule == CIPHER_BUMP)
819	reverse = 1; /* needed to maintain sorting between currently
820	* deleted ciphers */
821
822	head = *head_p;
823	tail = *tail_p;
824
825	if (reverse) {
826	next = tail;
827	last = head;
828	} else {
829	next = head;
830	last = tail;
831	}
832
833	curr = NULL;
834	for (;;) {
835	if (curr == last)
836	break;
837
838	curr = next;
839
840	if (curr == NULL)
841	break;
842
843	next = reverse ? curr->prev : curr->next;
844
845	cp = curr->cipher;
846
847	/*
848	* Selection criteria is either the value of strength_bits
849	* or the algorithms used.
850	*/
851	if (strength_bits >= 0) {
852	if (strength_bits != cp->strength_bits)
853	continue;
854	} else {
855	#ifdef CIPHER_DEBUG
856	fprintf(stderr,
857	"\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
858	cp->name, cp->algorithm_mkey, cp->algorithm_auth,
859	cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
860	cp->algo_strength);
861	#endif
862	if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
863	continue;
864	if (alg_auth && !(alg_auth & cp->algorithm_auth))
865	continue;
866	if (alg_enc && !(alg_enc & cp->algorithm_enc))
867	continue;
868	if (alg_mac && !(alg_mac & cp->algorithm_mac))
869	continue;
870	if (min_tls && (min_tls != cp->min_tls))
871	continue;
872	if ((algo_strength & SSL_STRONG_MASK)
873	&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
874	continue;
875	if ((algo_strength & SSL_DEFAULT_MASK)
876	&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
877	continue;
878	}
879
880	#ifdef CIPHER_DEBUG
881	fprintf(stderr, "Action = %d\n", rule);
882	#endif
883
884	/* add the cipher if it has not been added yet. */
885	if (rule == CIPHER_ADD) {
886	/* reverse == 0 */
887	if (!curr->active) {
888	ll_append_tail(&head, curr, &tail);
889	curr->active = 1;
890	}
891	}
892	/* Move the added cipher to this location */
893	else if (rule == CIPHER_ORD) {
894	/* reverse == 0 */
895	if (curr->active) {
896	ll_append_tail(&head, curr, &tail);
897	}
898	} else if (rule == CIPHER_DEL) {
899	/* reverse == 1 */
900	if (curr->active) {
901	/*
902	* most recently deleted ciphersuites get best positions for
903	* any future CIPHER_ADD (note that the CIPHER_DEL loop works
904	* in reverse to maintain the order)
905	*/
906	ll_append_head(&head, curr, &tail);
907	curr->active = 0;
908	}
909	} else if (rule == CIPHER_BUMP) {
910	if (curr->active)
911	ll_append_head(&head, curr, &tail);
912	} else if (rule == CIPHER_KILL) {
913	/* reverse == 0 */
914	if (head == curr)
915	head = curr->next;
916	else
917	curr->prev->next = curr->next;
918	if (tail == curr)
919	tail = curr->prev;
920	curr->active = 0;
921	if (curr->next != NULL)
922	curr->next->prev = curr->prev;
923	if (curr->prev != NULL)
924	curr->prev->next = curr->next;
925	curr->next = NULL;
926	curr->prev = NULL;
927	}
928	}
929
930	*head_p = head;
931	*tail_p = tail;
932	}
933
934	static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
935	CIPHER_ORDER **tail_p)
936	{
937	int32_t max_strength_bits;
938	int i, *number_uses;
939	CIPHER_ORDER *curr;
940
941	/*
942	* This routine sorts the ciphers with descending strength. The sorting
943	* must keep the pre-sorted sequence, so we apply the normal sorting
944	* routine as '+' movement to the end of the list.
945	*/
946	max_strength_bits = 0;
947	curr = *head_p;
948	while (curr != NULL) {
949	if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
950	max_strength_bits = curr->cipher->strength_bits;
951	curr = curr->next;
952	}
953
954	number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
955	if (number_uses == NULL) {
956	SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
957	return (0);
958	}
959
960	/*
961	* Now find the strength_bits values actually used
962	*/
963	curr = *head_p;
964	while (curr != NULL) {
965	if (curr->active)
966	number_uses[curr->cipher->strength_bits]++;
967	curr = curr->next;
968	}
969	/*
970	* Go through the list of used strength_bits values in descending
971	* order.
972	*/
973	for (i = max_strength_bits; i >= 0; i--)
974	if (number_uses[i] > 0)
975	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
976	tail_p);
977
978	OPENSSL_free(number_uses);
979	return (1);
980	}
981
982	static int ssl_cipher_process_rulestr(const char *rule_str,
983	CIPHER_ORDER **head_p,
984	CIPHER_ORDER **tail_p,
985	const SSL_CIPHER *ca_list, CERT c)
986	{
987	uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
988	int min_tls;
989	const char l, buf;
990	int j, multi, found, rule, retval, ok, buflen;
991	uint32_t cipher_id = 0;
992	char ch;
993
994	retval = 1;
995	l = rule_str;
996	for (;;) {
997	ch = *l;
998
999	if (ch == '\0')
1000	break; /* done */
1001	if (ch == '-') {
1002	rule = CIPHER_DEL;
1003	l++;
1004	} else if (ch == '+') {
1005	rule = CIPHER_ORD;
1006	l++;
1007	} else if (ch == '!') {
1008	rule = CIPHER_KILL;
1009	l++;
1010	} else if (ch == '@') {
1011	rule = CIPHER_SPECIAL;
1012	l++;
1013	} else {
1014	rule = CIPHER_ADD;
1015	}
1016
1017	if (ITEM_SEP(ch)) {
1018	l++;
1019	continue;
1020	}
1021
1022	alg_mkey = 0;
1023	alg_auth = 0;
1024	alg_enc = 0;
1025	alg_mac = 0;
1026	min_tls = 0;
1027	algo_strength = 0;
1028
1029	for (;;) {
1030	ch = *l;
1031	buf = l;
1032	buflen = 0;
1033	#ifndef CHARSET_EBCDIC
1034	while (((ch >= 'A') && (ch <= 'Z')) \|\|
1035	((ch >= '0') && (ch <= '9')) \|\|
1036	((ch >= 'a') && (ch <= 'z')) \|\|
1037	(ch == '-') \|\| (ch == '.') \|\| (ch == '='))
1038	#else
1039	while (isalnum((unsigned char)ch) \|\| (ch == '-') \|\| (ch == '.')
1040	\|\| (ch == '='))
1041	#endif
1042	{
1043	ch = *(++l);
1044	buflen++;
1045	}
1046
1047	if (buflen == 0) {
1048	/*
1049	* We hit something we cannot deal with,
1050	* it is no command or separator nor
1051	* alphanumeric, so we call this an error.
1052	*/
1053	SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
1054	retval = found = 0;
1055	l++;
1056	break;
1057	}
1058
1059	if (rule == CIPHER_SPECIAL) {
1060	found = 0; /* unused -- avoid compiler warning */
1061	break; /* special treatment */
1062	}
1063
1064	/* check for multi-part specification */
1065	if (ch == '+') {
1066	multi = 1;
1067	l++;
1068	} else
1069	multi = 0;
1070
1071	/*
1072	* Now search for the cipher alias in the ca_list. Be careful
1073	* with the strncmp, because the "buflen" limitation
1074	* will make the rule "ADH:SOME" and the cipher
1075	* "ADH-MY-CIPHER" look like a match for buflen=3.
1076	* So additionally check whether the cipher name found
1077	* has the correct length. We can save a strlen() call:
1078	* just checking for the '\0' at the right place is
1079	* sufficient, we have to strncmp() anyway. (We cannot
1080	* use strcmp(), because buf is not '\0' terminated.)
1081	*/
1082	j = found = 0;
1083	cipher_id = 0;
1084	while (ca_list[j]) {
1085	if (strncmp(buf, ca_list[j]->name, buflen) == 0
1086	&& (ca_list[j]->name[buflen] == '\0')) {
1087	found = 1;
1088	break;
1089	} else
1090	j++;
1091	}
1092
1093	if (!found)
1094	break; /* ignore this entry */
1095
1096	if (ca_list[j]->algorithm_mkey) {
1097	if (alg_mkey) {
1098	alg_mkey &= ca_list[j]->algorithm_mkey;
1099	if (!alg_mkey) {
1100	found = 0;
1101	break;
1102	}
1103	} else
1104	alg_mkey = ca_list[j]->algorithm_mkey;
1105	}
1106
1107	if (ca_list[j]->algorithm_auth) {
1108	if (alg_auth) {
1109	alg_auth &= ca_list[j]->algorithm_auth;
1110	if (!alg_auth) {
1111	found = 0;
1112	break;
1113	}
1114	} else
1115	alg_auth = ca_list[j]->algorithm_auth;
1116	}
1117
1118	if (ca_list[j]->algorithm_enc) {
1119	if (alg_enc) {
1120	alg_enc &= ca_list[j]->algorithm_enc;
1121	if (!alg_enc) {
1122	found = 0;
1123	break;
1124	}
1125	} else
1126	alg_enc = ca_list[j]->algorithm_enc;
1127	}
1128
1129	if (ca_list[j]->algorithm_mac) {
1130	if (alg_mac) {
1131	alg_mac &= ca_list[j]->algorithm_mac;
1132	if (!alg_mac) {
1133	found = 0;
1134	break;
1135	}
1136	} else
1137	alg_mac = ca_list[j]->algorithm_mac;
1138	}
1139
1140	if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1141	if (algo_strength & SSL_STRONG_MASK) {
1142	algo_strength &=
1143	(ca_list[j]->algo_strength & SSL_STRONG_MASK) \|
1144	~SSL_STRONG_MASK;
1145	if (!(algo_strength & SSL_STRONG_MASK)) {
1146	found = 0;
1147	break;
1148	}
1149	} else
1150	algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
1151	}
1152
1153	if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
1154	if (algo_strength & SSL_DEFAULT_MASK) {
1155	algo_strength &=
1156	(ca_list[j]->algo_strength & SSL_DEFAULT_MASK) \|
1157	~SSL_DEFAULT_MASK;
1158	if (!(algo_strength & SSL_DEFAULT_MASK)) {
1159	found = 0;
1160	break;
1161	}
1162	} else
1163	algo_strength \|=
1164	ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
1165	}
1166
1167	if (ca_list[j]->valid) {
1168	/*
1169	* explicit ciphersuite found; its protocol version does not
1170	* become part of the search pattern!
1171	*/
1172
1173	cipher_id = ca_list[j]->id;
1174	} else {
1175	/*
1176	* not an explicit ciphersuite; only in this case, the
1177	* protocol version is considered part of the search pattern
1178	*/
1179
1180	if (ca_list[j]->min_tls) {
1181	if (min_tls != 0 && min_tls != ca_list[j]->min_tls) {
1182	found = 0;
1183	break;
1184	} else {
1185	min_tls = ca_list[j]->min_tls;
1186	}
1187	}
1188	}
1189
1190	if (!multi)
1191	break;
1192	}
1193
1194	/*
1195	* Ok, we have the rule, now apply it
1196	*/
1197	if (rule == CIPHER_SPECIAL) { /* special command */
1198	ok = 0;
1199	if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
1200	ok = ssl_cipher_strength_sort(head_p, tail_p);
1201	else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
1202	int level = buf[9] - '0';
1203	if (level < 0 \|\| level > 5) {
1204	SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1205	SSL_R_INVALID_COMMAND);
1206	} else {
1207	c->sec_level = level;
1208	ok = 1;
1209	}
1210	} else
1211	SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
1212	if (ok == 0)
1213	retval = 0;
1214	/*
1215	* We do not support any "multi" options
1216	* together with "@", so throw away the
1217	* rest of the command, if any left, until
1218	* end or ':' is found.
1219	*/
1220	while ((l != '\0') && !ITEM_SEP(l))
1221	l++;
1222	} else if (found) {
1223	ssl_cipher_apply_rule(cipher_id,
1224	alg_mkey, alg_auth, alg_enc, alg_mac,
1225	min_tls, algo_strength, rule, -1, head_p,
1226	tail_p);
1227	} else {
1228	while ((l != '\0') && !ITEM_SEP(l))
1229	l++;
1230	}
1231	if (*l == '\0')
1232	break; /* done */
1233	}
1234
1235	return (retval);
1236	}
1237
1238	#ifndef OPENSSL_NO_EC
1239	static int check_suiteb_cipher_list(const SSL_METHOD meth, CERT c,
1240	const char **prule_str)
1241	{
1242	unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
1243	if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
1244	suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
1245	} else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
1246	suiteb_comb2 = 1;
1247	suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
1248	} else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
1249	suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
1250	} else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
1251	suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
1252	}
1253
1254	if (suiteb_flags) {
1255	c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
1256	c->cert_flags \|= suiteb_flags;
1257	} else
1258	suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
1259
1260	if (!suiteb_flags)
1261	return 1;
1262	/* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
1263
1264	if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) {
1265	SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
1266	SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
1267	return 0;
1268	}
1269	# ifndef OPENSSL_NO_EC
1270	switch (suiteb_flags) {
1271	case SSL_CERT_FLAG_SUITEB_128_LOS:
1272	if (suiteb_comb2)
1273	*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
1274	else
1275	*prule_str =
1276	"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
1277	break;
1278	case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
1279	*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
1280	break;
1281	case SSL_CERT_FLAG_SUITEB_192_LOS:
1282	*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
1283	break;
1284	}
1285	return 1;
1286	# else
1287	SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
1288	return 0;
1289	# endif
1290	}
1291	#endif
1292
1293	STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD ssl_method, STACK_OF(SSL_CIPHER)
1294	**cipher_list, STACK_OF(SSL_CIPHER)
1295	**cipher_list_by_id,
1296	const char rule_str, CERT c)
1297	{
1298	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1299	uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
1300	STACK_OF(SSL_CIPHER) cipherstack, tmp_cipher_list;
1301	const char *rule_p;
1302	CIPHER_ORDER co_list = NULL, head = NULL, tail = NULL, curr;
1303	const SSL_CIPHER **ca_list = NULL;
1304
1305	/*
1306	* Return with error if nothing to do.
1307	*/
1308	if (rule_str == NULL \|\| cipher_list == NULL \|\| cipher_list_by_id == NULL)
1309	return NULL;
1310	#ifndef OPENSSL_NO_EC
1311	if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
1312	return NULL;
1313	#endif
1314
1315	/*
1316	* To reduce the work to do we only want to process the compiled
1317	* in algorithms, so we first get the mask of disabled ciphers.
1318	*/
1319
1320	disabled_mkey = disabled_mkey_mask;
1321	disabled_auth = disabled_auth_mask;
1322	disabled_enc = disabled_enc_mask;
1323	disabled_mac = disabled_mac_mask;
1324
1325	/*
1326	* Now we have to collect the available ciphers from the compiled
1327	* in ciphers. We cannot get more than the number compiled in, so
1328	* it is used for allocation.
1329	*/
1330	num_of_ciphers = ssl_method->num_ciphers();
1331
1332	co_list = OPENSSL_malloc(sizeof(co_list) num_of_ciphers);
1333	if (co_list == NULL) {
1334	SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1335	return (NULL); /* Failure */
1336	}
1337
1338	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1339	disabled_mkey, disabled_auth, disabled_enc,
1340	disabled_mac, co_list, &head, &tail);
1341
1342	/* Now arrange all ciphers by preference. */
1343
1344	/*
1345	* Everything else being equal, prefer ephemeral ECDH over other key
1346	* exchange mechanisms.
1347	* For consistency, prefer ECDSA over RSA (though this only matters if the
1348	* server has both certificates, and is using the DEFAULT, or a client
1349	* preference).
1350	*/
1351	ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
1352	-1, &head, &tail);
1353	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
1354	&tail);
1355	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
1356	&tail);
1357
1358	/* Within each strength group, we prefer GCM over CHACHA... */
1359	ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
1360	&head, &tail);
1361	ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
1362	&head, &tail);
1363
1364	/*
1365	* ...and generally, our preferred cipher is AES.
1366	* Note that AEADs will be bumped to take preference after sorting by
1367	* strength.
1368	*/
1369	ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
1370	-1, &head, &tail);
1371
1372	/* Temporarily enable everything else for sorting */
1373	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1374
1375	/* Low priority for MD5 */
1376	ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
1377	&tail);
1378
1379	/*
1380	* Move anonymous ciphers to the end. Usually, these will remain
1381	* disabled. (For applications that allow them, they aren't too bad, but
1382	* we prefer authenticated ciphers.)
1383	*/
1384	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
1385	&tail);
1386
1387	/*
1388	* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
1389	* &head, &tail);
1390	*/
1391	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
1392	&tail);
1393	ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
1394	&tail);
1395
1396	/* RC4 is sort-of broken -- move the the end */
1397	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
1398	&tail);
1399
1400	/*
1401	* Now sort by symmetric encryption strength. The above ordering remains
1402	* in force within each class
1403	*/
1404	if (!ssl_cipher_strength_sort(&head, &tail)) {
1405	OPENSSL_free(co_list);
1406	return NULL;
1407	}
1408
1409	/*
1410	* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
1411	* TODO(openssl-team): is there an easier way to accomplish all this?
1412	*/
1413	ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
1414	&head, &tail);
1415
1416	/*
1417	* Irrespective of strength, enforce the following order:
1418	* (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest.
1419	* Within each group, ciphers remain sorted by strength and previous
1420	* preference, i.e.,
1421	* 1) ECDHE > DHE
1422	* 2) GCM > CHACHA
1423	* 3) AES > rest
1424	* 4) TLS 1.2 > legacy
1425	*
1426	* Because we now bump ciphers to the top of the list, we proceed in
1427	* reverse order of preference.
1428	*/
1429	ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
1430	&head, &tail);
1431	ssl_cipher_apply_rule(0, SSL_kDHE \| SSL_kECDHE, 0, 0, 0, 0, 0,
1432	CIPHER_BUMP, -1, &head, &tail);
1433	ssl_cipher_apply_rule(0, SSL_kDHE \| SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
1434	CIPHER_BUMP, -1, &head, &tail);
1435
1436	/* Now disable everything (maintaining the ordering!) */
1437	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1438
1439	/*
1440	* We also need cipher aliases for selecting based on the rule_str.
1441	* There might be two types of entries in the rule_str: 1) names
1442	* of ciphers themselves 2) aliases for groups of ciphers.
1443	* For 1) we need the available ciphers and for 2) the cipher
1444	* groups of cipher_aliases added together in one list (otherwise
1445	* we would be happy with just the cipher_aliases table).
1446	*/
1447	num_of_group_aliases = OSSL_NELEM(cipher_aliases);
1448	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1449	ca_list = OPENSSL_malloc(sizeof(ca_list) num_of_alias_max);
1450	if (ca_list == NULL) {
1451	OPENSSL_free(co_list);
1452	SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1453	return (NULL); /* Failure */
1454	}
1455	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1456	disabled_mkey, disabled_auth, disabled_enc,
1457	disabled_mac, head);
1458
1459	/*
1460	* If the rule_string begins with DEFAULT, apply the default rule
1461	* before using the (possibly available) additional rules.
1462	*/
1463	ok = 1;
1464	rule_p = rule_str;
1465	if (strncmp(rule_str, "DEFAULT", 7) == 0) {
1466	ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1467	&head, &tail, ca_list, c);
1468	rule_p += 7;
1469	if (*rule_p == ':')
1470	rule_p++;
1471	}
1472
1473	if (ok && (strlen(rule_p) > 0))
1474	ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
1475
1476	OPENSSL_free(ca_list); /* Not needed anymore */
1477
1478	if (!ok) { /* Rule processing failure */
1479	OPENSSL_free(co_list);
1480	return (NULL);
1481	}
1482
1483	/*
1484	* Allocate new "cipherstack" for the result, return with error
1485	* if we cannot get one.
1486	*/
1487	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
1488	OPENSSL_free(co_list);
1489	return (NULL);
1490	}
1491
1492	/*
1493	* The cipher selection for the list is done. The ciphers are added
1494	* to the resulting precedence to the STACK_OF(SSL_CIPHER).
1495	*/
1496	for (curr = head; curr != NULL; curr = curr->next) {
1497	if (curr->active
1498	&& (!FIPS_mode() \|\| curr->cipher->algo_strength & SSL_FIPS)) {
1499	if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
1500	OPENSSL_free(co_list);
1501	sk_SSL_CIPHER_free(cipherstack);
1502	return NULL;
1503	}
1504	#ifdef CIPHER_DEBUG
1505	fprintf(stderr, "<%s>\n", curr->cipher->name);
1506	#endif
1507	}
1508	}
1509	OPENSSL_free(co_list); /* Not needed any longer */
1510
1511	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1512	if (tmp_cipher_list == NULL) {
1513	sk_SSL_CIPHER_free(cipherstack);
1514	return NULL;
1515	}
1516	sk_SSL_CIPHER_free(*cipher_list);
1517	*cipher_list = cipherstack;
1518	if (*cipher_list_by_id != NULL)
1519	sk_SSL_CIPHER_free(*cipher_list_by_id);
1520	*cipher_list_by_id = tmp_cipher_list;
1521	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
1522
1523	sk_SSL_CIPHER_sort(*cipher_list_by_id);
1524	return (cipherstack);
1525	}
1526
1527	char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
1528	{
1529	const char *ver;
1530	const char kx, au, enc, mac;
1531	uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
1532	static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
1533
1534	if (buf == NULL) {
1535	len = 128;
1536	buf = OPENSSL_malloc(len);
1537	if (buf == NULL)
1538	return NULL;
1539	} else if (len < 128)
1540	return NULL;
1541
1542	alg_mkey = cipher->algorithm_mkey;
1543	alg_auth = cipher->algorithm_auth;
1544	alg_enc = cipher->algorithm_enc;
1545	alg_mac = cipher->algorithm_mac;
1546
1547	ver = ssl_protocol_to_string(cipher->min_tls);
1548
1549	switch (alg_mkey) {
1550	case SSL_kRSA:
1551	kx = "RSA";
1552	break;
1553	case SSL_kDHE:
1554	kx = "DH";
1555	break;
1556	case SSL_kECDHE:
1557	kx = "ECDH";
1558	break;
1559	case SSL_kPSK:
1560	kx = "PSK";
1561	break;
1562	case SSL_kRSAPSK:
1563	kx = "RSAPSK";
1564	break;
1565	case SSL_kECDHEPSK:
1566	kx = "ECDHEPSK";
1567	break;
1568	case SSL_kDHEPSK:
1569	kx = "DHEPSK";
1570	break;
1571	case SSL_kSRP:
1572	kx = "SRP";
1573	break;
1574	case SSL_kGOST:
1575	kx = "GOST";
1576	break;
1577	default:
1578	kx = "unknown";
1579	}
1580
1581	switch (alg_auth) {
1582	case SSL_aRSA:
1583	au = "RSA";
1584	break;
1585	case SSL_aDSS:
1586	au = "DSS";
1587	break;
1588	case SSL_aNULL:
1589	au = "None";
1590	break;
1591	case SSL_aECDSA:
1592	au = "ECDSA";
1593	break;
1594	case SSL_aPSK:
1595	au = "PSK";
1596	break;
1597	case SSL_aSRP:
1598	au = "SRP";
1599	break;
1600	case SSL_aGOST01:
1601	au = "GOST01";
1602	break;
1603	/* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
1604	case (SSL_aGOST12 \| SSL_aGOST01):
1605	au = "GOST12";
1606	break;
1607	default:
1608	au = "unknown";
1609	break;
1610	}
1611
1612	switch (alg_enc) {
1613	case SSL_DES:
1614	enc = "DES(56)";
1615	break;
1616	case SSL_3DES:
1617	enc = "3DES(168)";
1618	break;
1619	case SSL_RC4:
1620	enc = "RC4(128)";
1621	break;
1622	case SSL_RC2:
1623	enc = "RC2(128)";
1624	break;
1625	case SSL_IDEA:
1626	enc = "IDEA(128)";
1627	break;
1628	case SSL_eNULL:
1629	enc = "None";
1630	break;
1631	case SSL_AES128:
1632	enc = "AES(128)";
1633	break;
1634	case SSL_AES256:
1635	enc = "AES(256)";
1636	break;
1637	case SSL_AES128GCM:
1638	enc = "AESGCM(128)";
1639	break;
1640	case SSL_AES256GCM:
1641	enc = "AESGCM(256)";
1642	break;
1643	case SSL_AES128CCM:
1644	enc = "AESCCM(128)";
1645	break;
1646	case SSL_AES256CCM:
1647	enc = "AESCCM(256)";
1648	break;
1649	case SSL_AES128CCM8:
1650	enc = "AESCCM8(128)";
1651	break;
1652	case SSL_AES256CCM8:
1653	enc = "AESCCM8(256)";
1654	break;
1655	case SSL_CAMELLIA128:
1656	enc = "Camellia(128)";
1657	break;
1658	case SSL_CAMELLIA256:
1659	enc = "Camellia(256)";
1660	break;
1661	case SSL_SEED:
1662	enc = "SEED(128)";
1663	break;
1664	case SSL_eGOST2814789CNT:
1665	case SSL_eGOST2814789CNT12:
1666	enc = "GOST89(256)";
1667	break;
1668	case SSL_CHACHA20POLY1305:
1669	enc = "CHACHA20/POLY1305(256)";
1670	break;
1671	default:
1672	enc = "unknown";
1673	break;
1674	}
1675
1676	switch (alg_mac) {
1677	case SSL_MD5:
1678	mac = "MD5";
1679	break;
1680	case SSL_SHA1:
1681	mac = "SHA1";
1682	break;
1683	case SSL_SHA256:
1684	mac = "SHA256";
1685	break;
1686	case SSL_SHA384:
1687	mac = "SHA384";
1688	break;
1689	case SSL_AEAD:
1690	mac = "AEAD";
1691	break;
1692	case SSL_GOST89MAC:
1693	case SSL_GOST89MAC12:
1694	mac = "GOST89";
1695	break;
1696	case SSL_GOST94:
1697	mac = "GOST94";
1698	break;
1699	case SSL_GOST12_256:
1700	case SSL_GOST12_512:
1701	mac = "GOST2012";
1702	break;
1703	default:
1704	mac = "unknown";
1705	break;
1706	}
1707
1708	BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
1709
1710	return (buf);
1711	}
1712
1713	const char SSL_CIPHER_get_version(const SSL_CIPHER c)
1714	{
1715	if (c == NULL)
1716	return "(NONE)";
1717
1718	/*
1719	* Backwards-compatibility crutch. In almost all contexts we report TLS
1720	* 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
1721	*/
1722	if (c->min_tls == TLS1_VERSION)
1723	return "TLSv1.0";
1724	return ssl_protocol_to_string(c->min_tls);
1725	}
1726
1727	/* return the actual cipher being used */
1728	const char SSL_CIPHER_get_name(const SSL_CIPHER c)
1729	{
1730	if (c != NULL)
1731	return (c->name);
1732	return ("(NONE)");
1733	}
1734
1735	/* number of bits for symmetric cipher */
1736	int SSL_CIPHER_get_bits(const SSL_CIPHER c, int alg_bits)
1737	{
1738	int ret = 0;
1739
1740	if (c != NULL) {
1741	if (alg_bits != NULL)
1742	*alg_bits = (int)c->alg_bits;
1743	ret = (int)c->strength_bits;
1744	}
1745	return ret;
1746	}
1747
1748	uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
1749	{
1750	return c->id;
1751	}
1752
1753	SSL_COMP ssl3_comp_find(STACK_OF(SSL_COMP) sk, int n)
1754	{
1755	SSL_COMP *ctmp;
1756	int i, nn;
1757
1758	if ((n == 0) \|\| (sk == NULL))
1759	return (NULL);
1760	nn = sk_SSL_COMP_num(sk);
1761	for (i = 0; i < nn; i++) {
1762	ctmp = sk_SSL_COMP_value(sk, i);
1763	if (ctmp->id == n)
1764	return (ctmp);
1765	}
1766	return (NULL);
1767	}
1768
1769	#ifdef OPENSSL_NO_COMP
1770	STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1771	{
1772	return NULL;
1773	}
1774
1775	STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
1776	*meths)
1777	{
1778	return meths;
1779	}
1780
1781	int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1782	{
1783	return 1;
1784	}
1785
1786	#else
1787	STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1788	{
1789	load_builtin_compressions();
1790	return (ssl_comp_methods);
1791	}
1792
1793	STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
1794	*meths)
1795	{
1796	STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
1797	ssl_comp_methods = meths;
1798	return old_meths;
1799	}
1800
1801	static void cmeth_free(SSL_COMP *cm)
1802	{
1803	OPENSSL_free(cm);
1804	}
1805
1806	void ssl_comp_free_compression_methods_int(void)
1807	{
1808	STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
1809	ssl_comp_methods = NULL;
1810	sk_SSL_COMP_pop_free(old_meths, cmeth_free);
1811	}
1812
1813	int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1814	{
1815	SSL_COMP *comp;
1816
1817	if (cm == NULL \|\| COMP_get_type(cm) == NID_undef)
1818	return 1;
1819
1820	/*-
1821	* According to draft-ietf-tls-compression-04.txt, the
1822	* compression number ranges should be the following:
1823	*
1824	* 0 to 63: methods defined by the IETF
1825	* 64 to 192: external party methods assigned by IANA
1826	* 193 to 255: reserved for private use
1827	*/
1828	if (id < 193 \|\| id > 255) {
1829	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1830	SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1831	return 1;
1832	}
1833
1834	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
1835	comp = OPENSSL_malloc(sizeof(*comp));
1836	if (comp == NULL) {
1837	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
1838	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
1839	return (1);
1840	}
1841
1842	comp->id = id;
1843	comp->method = cm;
1844	load_builtin_compressions();
1845	if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
1846	OPENSSL_free(comp);
1847	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
1848	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1849	SSL_R_DUPLICATE_COMPRESSION_ID);
1850	return (1);
1851	}
1852	if (ssl_comp_methods == NULL \|\| !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
1853	OPENSSL_free(comp);
1854	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
1855	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
1856	return (1);
1857	}
1858	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
1859	return (0);
1860	}
1861	#endif
1862
1863	const char SSL_COMP_get_name(const COMP_METHOD comp)
1864	{
1865	#ifndef OPENSSL_NO_COMP
1866	return comp ? COMP_get_name(comp) : NULL;
1867	#else
1868	return NULL;
1869	#endif
1870	}
1871
1872	const char SSL_COMP_get0_name(const SSL_COMP comp)
1873	{
1874	#ifndef OPENSSL_NO_COMP
1875	return comp->name;
1876	#else
1877	return NULL;
1878	#endif
1879	}
1880
1881	int SSL_COMP_get_id(const SSL_COMP *comp)
1882	{
1883	#ifndef OPENSSL_NO_COMP
1884	return comp->id;
1885	#else
1886	return -1;
1887	#endif
1888	}
1889
1890	/* For a cipher return the index corresponding to the certificate type */
1891	int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
1892	{
1893	uint32_t alg_a;
1894
1895	alg_a = c->algorithm_auth;
1896
1897	if (alg_a & SSL_aECDSA)
1898	return SSL_PKEY_ECC;
1899	else if (alg_a & SSL_aDSS)
1900	return SSL_PKEY_DSA_SIGN;
1901	else if (alg_a & SSL_aRSA)
1902	return SSL_PKEY_RSA_ENC;
1903	else if (alg_a & SSL_aGOST12)
1904	return SSL_PKEY_GOST_EC;
1905	else if (alg_a & SSL_aGOST01)
1906	return SSL_PKEY_GOST01;
1907
1908	return -1;
1909	}
1910
1911	const SSL_CIPHER ssl_get_cipher_by_char(SSL ssl, const unsigned char *ptr)
1912	{
1913	const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
1914
1915	if (c == NULL \|\| c->valid == 0)
1916	return NULL;
1917	return c;
1918	}
1919
1920	const SSL_CIPHER SSL_CIPHER_find(SSL ssl, const unsigned char *ptr)
1921	{
1922	return ssl->method->get_cipher_by_char(ptr);
1923	}
1924
1925	int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
1926	{
1927	int i;
1928	if (c == NULL)
1929	return NID_undef;
1930	i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
1931	if (i == -1)
1932	return NID_undef;
1933	return ssl_cipher_table_cipher[i].nid;
1934	}
1935
1936	int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
1937	{
1938	int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
1939
1940	if (i == -1)
1941	return NID_undef;
1942	return ssl_cipher_table_mac[i].nid;
1943	}
1944
1945	int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
1946	{
1947	int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
1948
1949	if (i == -1)
1950	return NID_undef;
1951	return ssl_cipher_table_kx[i].nid;
1952	}
1953
1954	int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
1955	{
1956	int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
1957
1958	if (i == -1)
1959	return NID_undef;
1960	return ssl_cipher_table_auth[i].nid;
1961	}
1962
1963	int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
1964	{
1965	return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
1966	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.0g/ssl/ssl_ciph.c@ 69890

Download in other formats: