• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* ssl/ssl_ciph.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142 
143 #include <stdio.h>
144 #include <openssl/objects.h>
145 #ifndef OPENSSL_NO_COMP
146 #include <openssl/comp.h>
147 #endif
148 #ifndef OPENSSL_NO_ENGINE
149 #include <openssl/engine.h>
150 #endif
151 #include "ssl_locl.h"
152 
153 #define SSL_ENC_DES_IDX		0
154 #define SSL_ENC_3DES_IDX	1
155 #define SSL_ENC_RC4_IDX		2
156 #define SSL_ENC_RC2_IDX		3
157 #define SSL_ENC_IDEA_IDX	4
158 #define SSL_ENC_NULL_IDX	5
159 #define SSL_ENC_AES128_IDX	6
160 #define SSL_ENC_AES256_IDX	7
161 #define SSL_ENC_CAMELLIA128_IDX	8
162 #define SSL_ENC_CAMELLIA256_IDX	9
163 #define SSL_ENC_GOST89_IDX	10
164 #define SSL_ENC_SEED_IDX    	11
165 #define SSL_ENC_AES128GCM_IDX	12
166 #define SSL_ENC_AES256GCM_IDX	13
167 #define SSL_ENC_NUM_IDX		14
168 
169 
170 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
171 	NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
172 	};
173 
174 #define SSL_COMP_NULL_IDX	0
175 #define SSL_COMP_ZLIB_IDX	1
176 #define SSL_COMP_NUM_IDX	2
177 
178 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
179 
180 #define SSL_MD_MD5_IDX	0
181 #define SSL_MD_SHA1_IDX	1
182 #define SSL_MD_GOST94_IDX 2
183 #define SSL_MD_GOST89MAC_IDX 3
184 #define SSL_MD_SHA256_IDX 4
185 #define SSL_MD_SHA384_IDX 5
186 /*Constant SSL_MAX_DIGEST equal to size of digests array should be
187  * defined in the
188  * ssl_locl.h */
189 #define SSL_MD_NUM_IDX	SSL_MAX_DIGEST
190 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
191 	NULL,NULL,NULL,NULL,NULL,NULL
192 	};
193 /* PKEY_TYPE for GOST89MAC is known in advance, but, because
194  * implementation is engine-provided, we'll fill it only if
195  * corresponding EVP_PKEY_METHOD is found
196  */
197 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
198 	EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
199 	EVP_PKEY_HMAC,EVP_PKEY_HMAC
200 	};
201 
202 static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
203 	0,0,0,0,0,0
204 	};
205 
206 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
207 	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
208 	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
209 	SSL_HANDSHAKE_MAC_SHA384
210 	};
211 
212 #define CIPHER_ADD	1
213 #define CIPHER_KILL	2
214 #define CIPHER_DEL	3
215 #define CIPHER_ORD	4
216 #define CIPHER_SPECIAL	5
217 
218 typedef struct cipher_order_st
219 	{
220 	const SSL_CIPHER *cipher;
221 	int active;
222 	int dead;
223 	struct cipher_order_st *next,*prev;
224 	} CIPHER_ORDER;
225 
226 static const SSL_CIPHER cipher_aliases[]={
227 	/* "ALL" doesn't include eNULL (must be specifically enabled) */
228 	{0,SSL_TXT_ALL,0,     0,0,~SSL_eNULL,0,0,0,0,0,0},
229 	/* "COMPLEMENTOFALL" */
230 	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
231 
232 	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
233 	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
234 
235 	/* key exchange aliases
236 	 * (some of those using only a single bit here combine
237 	 * multiple key exchange algs according to the RFCs,
238 	 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
239 	{0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
240 
241 	{0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 	{0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 	{0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
244 	{0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
245 	{0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
246 
247 	{0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
248 
249 	{0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
250 	{0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
251 	{0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
252 	{0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
253 	{0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
254 
255         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
256 	{0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
257 	{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
258 
259 	/* server authentication aliases */
260 	{0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
261 	{0,SSL_TXT_aDSS,0,    0,SSL_aDSS,  0,0,0,0,0,0,0},
262 	{0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
263 	{0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
264 	{0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
265 	{0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
266 	{0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
267 	{0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
268 	{0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
269         {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
270 	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
271 	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
272 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
273 
274 	/* aliases combining key exchange and server authentication */
275 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
276 	{0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
277 	{0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
278 	{0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
279 	{0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
280 	{0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
281 	{0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
282         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
283 	{0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
284 
285 
286 	/* symmetric encryption aliases */
287 	{0,SSL_TXT_DES,0,     0,0,SSL_DES,   0,0,0,0,0,0},
288 	{0,SSL_TXT_3DES,0,    0,0,SSL_3DES,  0,0,0,0,0,0},
289 	{0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
290 	{0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
291 	{0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
292 	{0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
293 	{0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
294 	{0,SSL_TXT_AES128,0,  0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
295 	{0,SSL_TXT_AES256,0,  0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
296 	{0,SSL_TXT_AES,0,     0,0,SSL_AES,0,0,0,0,0,0},
297 	{0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
298 	{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
299 	{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
300 	{0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
301 
302 	/* MAC aliases */
303 	{0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
304 	{0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
305 	{0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
306 	{0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
307 	{0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
308 	{0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
309 	{0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
310 
311 	/* protocol version aliases */
312 	{0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
313 	{0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
314 	{0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
315 	{0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
316 
317 	/* export flag */
318 	{0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
319 	{0,SSL_TXT_EXPORT,0,  0,0,0,0,0,SSL_EXPORT,0,0,0},
320 
321 	/* strength classes */
322 	{0,SSL_TXT_EXP40,0,   0,0,0,0,0,SSL_EXP40, 0,0,0},
323 	{0,SSL_TXT_EXP56,0,   0,0,0,0,0,SSL_EXP56, 0,0,0},
324 	{0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
325 	{0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
326 	{0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
327 	/* FIPS 140-2 approved ciphersuite */
328 	{0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
329 	};
330 /* Search for public key algorithm with given name and
331  * return its pkey_id if it is available. Otherwise return 0
332  */
333 #ifdef OPENSSL_NO_ENGINE
334 
get_optional_pkey_id(const char * pkey_name)335 static int get_optional_pkey_id(const char *pkey_name)
336 	{
337 	const EVP_PKEY_ASN1_METHOD *ameth;
338 	int pkey_id=0;
339 	ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
340 	if (ameth)
341 		{
342 		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
343 		}
344 	return pkey_id;
345 	}
346 
347 #else
348 
get_optional_pkey_id(const char * pkey_name)349 static int get_optional_pkey_id(const char *pkey_name)
350 	{
351 	const EVP_PKEY_ASN1_METHOD *ameth;
352 	ENGINE *tmpeng = NULL;
353 	int pkey_id=0;
354 	ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
355 	if (ameth)
356 		{
357 		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
358 		}
359 	if (tmpeng) ENGINE_finish(tmpeng);
360 	return pkey_id;
361 	}
362 
363 #endif
364 
ssl_load_ciphers(void)365 void ssl_load_ciphers(void)
366 	{
367 	ssl_cipher_methods[SSL_ENC_DES_IDX]=
368 		EVP_get_cipherbyname(SN_des_cbc);
369 	ssl_cipher_methods[SSL_ENC_3DES_IDX]=
370 		EVP_get_cipherbyname(SN_des_ede3_cbc);
371 	ssl_cipher_methods[SSL_ENC_RC4_IDX]=
372 		EVP_get_cipherbyname(SN_rc4);
373 	ssl_cipher_methods[SSL_ENC_RC2_IDX]=
374 		EVP_get_cipherbyname(SN_rc2_cbc);
375 #ifndef OPENSSL_NO_IDEA
376 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
377 		EVP_get_cipherbyname(SN_idea_cbc);
378 #else
379 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
380 #endif
381 	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
382 	  EVP_get_cipherbyname(SN_aes_128_cbc);
383 	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
384 	  EVP_get_cipherbyname(SN_aes_256_cbc);
385 	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
386 	  EVP_get_cipherbyname(SN_camellia_128_cbc);
387 	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
388 	  EVP_get_cipherbyname(SN_camellia_256_cbc);
389 	ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
390 	  EVP_get_cipherbyname(SN_gost89_cnt);
391 	ssl_cipher_methods[SSL_ENC_SEED_IDX]=
392 	  EVP_get_cipherbyname(SN_seed_cbc);
393 
394 	ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
395 	  EVP_get_cipherbyname(SN_aes_128_gcm);
396 	ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
397 	  EVP_get_cipherbyname(SN_aes_256_gcm);
398 
399 	ssl_digest_methods[SSL_MD_MD5_IDX]=
400 		EVP_get_digestbyname(SN_md5);
401 	ssl_mac_secret_size[SSL_MD_MD5_IDX]=
402 		EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
403 	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
404 	ssl_digest_methods[SSL_MD_SHA1_IDX]=
405 		EVP_get_digestbyname(SN_sha1);
406 	ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
407 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
408 	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
409 	ssl_digest_methods[SSL_MD_GOST94_IDX]=
410 		EVP_get_digestbyname(SN_id_GostR3411_94);
411 	if (ssl_digest_methods[SSL_MD_GOST94_IDX])
412 		{
413 		ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
414 			EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
415 		OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
416 		}
417 	ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
418 		EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
419 		ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
420 		if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
421 			ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
422 		}
423 
424 	ssl_digest_methods[SSL_MD_SHA256_IDX]=
425 		EVP_get_digestbyname(SN_sha256);
426 	ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
427 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
428 	ssl_digest_methods[SSL_MD_SHA384_IDX]=
429 		EVP_get_digestbyname(SN_sha384);
430 	ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
431 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
432 	}
433 #ifndef OPENSSL_NO_COMP
434 
sk_comp_cmp(const SSL_COMP * const * a,const SSL_COMP * const * b)435 static int sk_comp_cmp(const SSL_COMP * const *a,
436 			const SSL_COMP * const *b)
437 	{
438 	return((*a)->id-(*b)->id);
439 	}
440 
load_builtin_compressions(void)441 static void load_builtin_compressions(void)
442 	{
443 	int got_write_lock = 0;
444 
445 	CRYPTO_r_lock(CRYPTO_LOCK_SSL);
446 	if (ssl_comp_methods == NULL)
447 		{
448 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
449 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
450 		got_write_lock = 1;
451 
452 		if (ssl_comp_methods == NULL)
453 			{
454 			SSL_COMP *comp = NULL;
455 
456 			MemCheck_off();
457 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
458 			if (ssl_comp_methods != NULL)
459 				{
460 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
461 				if (comp != NULL)
462 					{
463 					comp->method=COMP_zlib();
464 					if (comp->method
465 						&& comp->method->type == NID_undef)
466 						OPENSSL_free(comp);
467 					else
468 						{
469 						comp->id=SSL_COMP_ZLIB_IDX;
470 						comp->name=comp->method->name;
471 						sk_SSL_COMP_push(ssl_comp_methods,comp);
472 						}
473 					}
474 					sk_SSL_COMP_sort(ssl_comp_methods);
475 				}
476 			MemCheck_on();
477 			}
478 		}
479 
480 	if (got_write_lock)
481 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
482 	else
483 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
484 	}
485 #endif
486 
ssl_cipher_get_evp(const SSL_SESSION * s,const EVP_CIPHER ** enc,const EVP_MD ** md,int * mac_pkey_type,int * mac_secret_size,SSL_COMP ** comp)487 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
488 	     const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
489 	{
490 	int i;
491 	const SSL_CIPHER *c;
492 
493 	c=s->cipher;
494 	if (c == NULL) return(0);
495 	if (comp != NULL)
496 		{
497 		SSL_COMP ctmp;
498 #ifndef OPENSSL_NO_COMP
499 		load_builtin_compressions();
500 #endif
501 
502 		*comp=NULL;
503 		ctmp.id=s->compress_meth;
504 		if (ssl_comp_methods != NULL)
505 			{
506 			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
507 			if (i >= 0)
508 				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
509 			else
510 				*comp=NULL;
511 			}
512 		}
513 
514 	if ((enc == NULL) || (md == NULL)) return(0);
515 
516 	switch (c->algorithm_enc)
517 		{
518 	case SSL_DES:
519 		i=SSL_ENC_DES_IDX;
520 		break;
521 	case SSL_3DES:
522 		i=SSL_ENC_3DES_IDX;
523 		break;
524 	case SSL_RC4:
525 		i=SSL_ENC_RC4_IDX;
526 		break;
527 	case SSL_RC2:
528 		i=SSL_ENC_RC2_IDX;
529 		break;
530 	case SSL_IDEA:
531 		i=SSL_ENC_IDEA_IDX;
532 		break;
533 	case SSL_eNULL:
534 		i=SSL_ENC_NULL_IDX;
535 		break;
536 	case SSL_AES128:
537 		i=SSL_ENC_AES128_IDX;
538 		break;
539 	case SSL_AES256:
540 		i=SSL_ENC_AES256_IDX;
541 		break;
542 	case SSL_CAMELLIA128:
543 		i=SSL_ENC_CAMELLIA128_IDX;
544 		break;
545 	case SSL_CAMELLIA256:
546 		i=SSL_ENC_CAMELLIA256_IDX;
547 		break;
548 	case SSL_eGOST2814789CNT:
549 		i=SSL_ENC_GOST89_IDX;
550 		break;
551 	case SSL_SEED:
552 		i=SSL_ENC_SEED_IDX;
553 		break;
554 	case SSL_AES128GCM:
555 		i=SSL_ENC_AES128GCM_IDX;
556 		break;
557 	case SSL_AES256GCM:
558 		i=SSL_ENC_AES256GCM_IDX;
559 		break;
560 	default:
561 		i= -1;
562 		break;
563 		}
564 
565 	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
566 		*enc=NULL;
567 	else
568 		{
569 		if (i == SSL_ENC_NULL_IDX)
570 			*enc=EVP_enc_null();
571 		else
572 			*enc=ssl_cipher_methods[i];
573 		}
574 
575 	switch (c->algorithm_mac)
576 		{
577 	case SSL_MD5:
578 		i=SSL_MD_MD5_IDX;
579 		break;
580 	case SSL_SHA1:
581 		i=SSL_MD_SHA1_IDX;
582 		break;
583 	case SSL_SHA256:
584 		i=SSL_MD_SHA256_IDX;
585 		break;
586 	case SSL_SHA384:
587 		i=SSL_MD_SHA384_IDX;
588 		break;
589 	case SSL_GOST94:
590 		i = SSL_MD_GOST94_IDX;
591 		break;
592 	case SSL_GOST89MAC:
593 		i = SSL_MD_GOST89MAC_IDX;
594 		break;
595 	default:
596 		i= -1;
597 		break;
598 		}
599 	if ((i < 0) || (i > SSL_MD_NUM_IDX))
600 	{
601 		*md=NULL;
602 		if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
603 		if (mac_secret_size!=NULL) *mac_secret_size = 0;
604 		if (c->algorithm_mac == SSL_AEAD)
605 			mac_pkey_type = NULL;
606 	}
607 	else
608 	{
609 		*md=ssl_digest_methods[i];
610 		if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
611 		if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
612 	}
613 
614 	if ((*enc != NULL) &&
615 	    (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
616 	    (!mac_pkey_type||*mac_pkey_type != NID_undef))
617 		{
618 		const EVP_CIPHER *evp;
619 
620 		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
621 		    s->ssl_version < TLS1_VERSION)
622 			return 1;
623 
624 #ifdef OPENSSL_FIPS
625 		if (FIPS_mode())
626 			return 1;
627 #endif
628 
629 		if	(c->algorithm_enc == SSL_RC4 &&
630 			 c->algorithm_mac == SSL_MD5 &&
631 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
632 			*enc = evp, *md = NULL;
633 		else if (c->algorithm_enc == SSL_AES128 &&
634 			 c->algorithm_mac == SSL_SHA1 &&
635 			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
636 			*enc = evp, *md = NULL;
637 		else if (c->algorithm_enc == SSL_AES256 &&
638 			 c->algorithm_mac == SSL_SHA1 &&
639 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
640 			*enc = evp, *md = NULL;
641 		return(1);
642 		}
643 	else
644 		return(0);
645 	}
646 
ssl_get_handshake_digest(int idx,long * mask,const EVP_MD ** md)647 int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
648 {
649 	if (idx <0||idx>=SSL_MD_NUM_IDX)
650 		{
651 		return 0;
652 		}
653 	*mask = ssl_handshake_digest_flag[idx];
654 	if (*mask)
655 		*md = ssl_digest_methods[idx];
656 	else
657 		*md = NULL;
658 	return 1;
659 }
660 
661 #define ITEM_SEP(a) \
662 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
663 
ll_append_tail(CIPHER_ORDER ** head,CIPHER_ORDER * curr,CIPHER_ORDER ** tail)664 static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
665 	     CIPHER_ORDER **tail)
666 	{
667 	if (curr == *tail) return;
668 	if (curr == *head)
669 		*head=curr->next;
670 	if (curr->prev != NULL)
671 		curr->prev->next=curr->next;
672 	if (curr->next != NULL)
673 		curr->next->prev=curr->prev;
674 	(*tail)->next=curr;
675 	curr->prev= *tail;
676 	curr->next=NULL;
677 	*tail=curr;
678 	}
679 
ll_append_head(CIPHER_ORDER ** head,CIPHER_ORDER * curr,CIPHER_ORDER ** tail)680 static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
681 	     CIPHER_ORDER **tail)
682 	{
683 	if (curr == *head) return;
684 	if (curr == *tail)
685 		*tail=curr->prev;
686 	if (curr->next != NULL)
687 		curr->next->prev=curr->prev;
688 	if (curr->prev != NULL)
689 		curr->prev->next=curr->next;
690 	(*head)->prev=curr;
691 	curr->next= *head;
692 	curr->prev=NULL;
693 	*head=curr;
694 	}
695 
ssl_cipher_get_disabled(unsigned long * mkey,unsigned long * auth,unsigned long * enc,unsigned long * mac,unsigned long * ssl)696 static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
697 	{
698 	*mkey = 0;
699 	*auth = 0;
700 	*enc = 0;
701 	*mac = 0;
702 	*ssl = 0;
703 
704 #ifdef OPENSSL_NO_RSA
705 	*mkey |= SSL_kRSA;
706 	*auth |= SSL_aRSA;
707 #endif
708 #ifdef OPENSSL_NO_DSA
709 	*auth |= SSL_aDSS;
710 #endif
711 	*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
712 	*auth |= SSL_aDH;
713 #ifdef OPENSSL_NO_DH
714 	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
715 	*auth |= SSL_aDH;
716 #endif
717 #ifdef OPENSSL_NO_KRB5
718 	*mkey |= SSL_kKRB5;
719 	*auth |= SSL_aKRB5;
720 #endif
721 #ifdef OPENSSL_NO_ECDSA
722 	*auth |= SSL_aECDSA;
723 #endif
724 #ifdef OPENSSL_NO_ECDH
725 	*mkey |= SSL_kECDHe|SSL_kECDHr;
726 	*auth |= SSL_aECDH;
727 #endif
728 #ifdef OPENSSL_NO_PSK
729 	*mkey |= SSL_kPSK;
730 	*auth |= SSL_aPSK;
731 #endif
732 #ifdef OPENSSL_NO_SRP
733 	*mkey |= SSL_kSRP;
734 #endif
735 	/* Check for presence of GOST 34.10 algorithms, and if they
736 	 * do not present, disable  appropriate auth and key exchange */
737 	if (!get_optional_pkey_id("gost94")) {
738 		*auth |= SSL_aGOST94;
739 	}
740 	if (!get_optional_pkey_id("gost2001")) {
741 		*auth |= SSL_aGOST01;
742 	}
743 	/* Disable GOST key exchange if no GOST signature algs are available * */
744 	if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
745 		*mkey |= SSL_kGOST;
746 	}
747 #ifdef SSL_FORBID_ENULL
748 	*enc |= SSL_eNULL;
749 #endif
750 
751 
752 
753 	*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
754 	*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
755 	*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
756 	*enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
757 	*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
758 	*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
759 	*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
760 	*enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
761 	*enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
762 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
763 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
764 	*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
765 	*enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
766 
767 	*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
768 	*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
769 	*mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
770 	*mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
771 	*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
772 	*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
773 
774 	}
775 
ssl_cipher_collect_ciphers(const SSL_METHOD * ssl_method,int num_of_ciphers,unsigned long disabled_mkey,unsigned long disabled_auth,unsigned long disabled_enc,unsigned long disabled_mac,unsigned long disabled_ssl,CIPHER_ORDER * co_list,CIPHER_ORDER ** head_p,CIPHER_ORDER ** tail_p)776 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
777                 int num_of_ciphers,
778                 unsigned long disabled_mkey, unsigned long disabled_auth,
779                 unsigned long disabled_enc, unsigned long disabled_mac,
780                 unsigned long disabled_ssl,
781                 CIPHER_ORDER *co_list,
782                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
783 	{
784 	int i, co_list_num;
785 	const SSL_CIPHER *c;
786 
787 	/*
788 	 * We have num_of_ciphers descriptions compiled in, depending on the
789 	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
790 	 * These will later be sorted in a linked list with at most num
791 	 * entries.
792 	 */
793 
794 	/* Get the initial list of ciphers */
795 	co_list_num = 0;	/* actual count of ciphers */
796 	for (i = 0; i < num_of_ciphers; i++)
797 		{
798 		c = ssl_method->get_cipher(i);
799 		/* drop those that use any of that is not available */
800 		if ((c != NULL) && c->valid &&
801 #ifdef OPENSSL_FIPS
802 		    (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
803 #endif
804 		    !(c->algorithm_mkey & disabled_mkey) &&
805 		    !(c->algorithm_auth & disabled_auth) &&
806 		    !(c->algorithm_enc & disabled_enc) &&
807 		    !(c->algorithm_mac & disabled_mac) &&
808 		    !(c->algorithm_ssl & disabled_ssl))
809 			{
810 			co_list[co_list_num].cipher = c;
811 			co_list[co_list_num].next = NULL;
812 			co_list[co_list_num].prev = NULL;
813 			co_list[co_list_num].active = 0;
814 			co_list_num++;
815 #ifdef KSSL_DEBUG
816 			printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
817 #endif	/* KSSL_DEBUG */
818 			/*
819 			if (!sk_push(ca_list,(char *)c)) goto err;
820 			*/
821 			}
822 		}
823 
824 	/*
825 	 * Prepare linked list from list entries
826 	 */
827 	if (co_list_num > 0)
828 		{
829 		co_list[0].prev = NULL;
830 
831 		if (co_list_num > 1)
832 			{
833 			co_list[0].next = &co_list[1];
834 
835 			for (i = 1; i < co_list_num - 1; i++)
836 				{
837 				co_list[i].prev = &co_list[i - 1];
838 				co_list[i].next = &co_list[i + 1];
839 				}
840 
841 			co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
842 			}
843 
844 		co_list[co_list_num - 1].next = NULL;
845 
846 		*head_p = &co_list[0];
847 		*tail_p = &co_list[co_list_num - 1];
848 		}
849 	}
850 
ssl_cipher_collect_aliases(const SSL_CIPHER ** ca_list,int num_of_group_aliases,unsigned long disabled_mkey,unsigned long disabled_auth,unsigned long disabled_enc,unsigned long disabled_mac,unsigned long disabled_ssl,CIPHER_ORDER * head)851 static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
852                         int num_of_group_aliases,
853                         unsigned long disabled_mkey, unsigned long disabled_auth,
854                         unsigned long disabled_enc, unsigned long disabled_mac,
855                         unsigned long disabled_ssl,
856 			CIPHER_ORDER *head)
857 	{
858 	CIPHER_ORDER *ciph_curr;
859 	const SSL_CIPHER **ca_curr;
860 	int i;
861 	unsigned long mask_mkey = ~disabled_mkey;
862 	unsigned long mask_auth = ~disabled_auth;
863 	unsigned long mask_enc = ~disabled_enc;
864 	unsigned long mask_mac = ~disabled_mac;
865 	unsigned long mask_ssl = ~disabled_ssl;
866 
867 	/*
868 	 * First, add the real ciphers as already collected
869 	 */
870 	ciph_curr = head;
871 	ca_curr = ca_list;
872 	while (ciph_curr != NULL)
873 		{
874 		*ca_curr = ciph_curr->cipher;
875 		ca_curr++;
876 		ciph_curr = ciph_curr->next;
877 		}
878 
879 	/*
880 	 * Now we add the available ones from the cipher_aliases[] table.
881 	 * They represent either one or more algorithms, some of which
882 	 * in any affected category must be supported (set in enabled_mask),
883 	 * or represent a cipher strength value (will be added in any case because algorithms=0).
884 	 */
885 	for (i = 0; i < num_of_group_aliases; i++)
886 		{
887 		unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
888 		unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
889 		unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
890 		unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
891 		unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
892 
893 		if (algorithm_mkey)
894 			if ((algorithm_mkey & mask_mkey) == 0)
895 				continue;
896 
897 		if (algorithm_auth)
898 			if ((algorithm_auth & mask_auth) == 0)
899 				continue;
900 
901 		if (algorithm_enc)
902 			if ((algorithm_enc & mask_enc) == 0)
903 				continue;
904 
905 		if (algorithm_mac)
906 			if ((algorithm_mac & mask_mac) == 0)
907 				continue;
908 
909 		if (algorithm_ssl)
910 			if ((algorithm_ssl & mask_ssl) == 0)
911 				continue;
912 
913 		*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
914 		ca_curr++;
915 		}
916 
917 	*ca_curr = NULL;	/* end of list */
918 	}
919 
ssl_cipher_apply_rule(unsigned long cipher_id,unsigned long alg_mkey,unsigned long alg_auth,unsigned long alg_enc,unsigned long alg_mac,unsigned long alg_ssl,unsigned long algo_strength,int rule,int strength_bits,CIPHER_ORDER ** head_p,CIPHER_ORDER ** tail_p)920 static void ssl_cipher_apply_rule(unsigned long cipher_id,
921                 unsigned long alg_mkey, unsigned long alg_auth,
922                 unsigned long alg_enc, unsigned long alg_mac,
923                 unsigned long alg_ssl,
924 		unsigned long algo_strength,
925 		int rule, int strength_bits,
926 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
927 	{
928 	CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
929 	const SSL_CIPHER *cp;
930 	int reverse = 0;
931 
932 #ifdef CIPHER_DEBUG
933 	printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
934 		rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
935 #endif
936 
937 	if (rule == CIPHER_DEL)
938 		reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
939 
940 	head = *head_p;
941 	tail = *tail_p;
942 
943 	if (reverse)
944 		{
945 		curr = tail;
946 		last = head;
947 		}
948 	else
949 		{
950 		curr = head;
951 		last = tail;
952 		}
953 
954 	curr2 = curr;
955 	for (;;)
956 		{
957 		if ((curr == NULL) || (curr == last)) break;
958 		curr = curr2;
959 		curr2 = reverse ? curr->prev : curr->next;
960 
961 		cp = curr->cipher;
962 
963 		/*
964 		 * Selection criteria is either the value of strength_bits
965 		 * or the algorithms used.
966 		 */
967 		if (strength_bits >= 0)
968 			{
969 			if (strength_bits != cp->strength_bits)
970 				continue;
971 			}
972 		else
973 			{
974 #ifdef CIPHER_DEBUG
975 			printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
976 #endif
977 
978 			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
979 				continue;
980 			if (alg_auth && !(alg_auth & cp->algorithm_auth))
981 				continue;
982 			if (alg_enc && !(alg_enc & cp->algorithm_enc))
983 				continue;
984 			if (alg_mac && !(alg_mac & cp->algorithm_mac))
985 				continue;
986 			if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
987 				continue;
988 			if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
989 				continue;
990 			if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
991 				continue;
992 			}
993 
994 #ifdef CIPHER_DEBUG
995 		printf("Action = %d\n", rule);
996 #endif
997 
998 		/* add the cipher if it has not been added yet. */
999 		if (rule == CIPHER_ADD)
1000 			{
1001 			/* reverse == 0 */
1002 			if (!curr->active)
1003 				{
1004 				ll_append_tail(&head, curr, &tail);
1005 				curr->active = 1;
1006 				}
1007 			}
1008 		/* Move the added cipher to this location */
1009 		else if (rule == CIPHER_ORD)
1010 			{
1011 			/* reverse == 0 */
1012 			if (curr->active)
1013 				{
1014 				ll_append_tail(&head, curr, &tail);
1015 				}
1016 			}
1017 		else if	(rule == CIPHER_DEL)
1018 			{
1019 			/* reverse == 1 */
1020 			if (curr->active)
1021 				{
1022 				/* most recently deleted ciphersuites get best positions
1023 				 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1024 				 * works in reverse to maintain the order) */
1025 				ll_append_head(&head, curr, &tail);
1026 				curr->active = 0;
1027 				}
1028 			}
1029 		else if (rule == CIPHER_KILL)
1030 			{
1031 			/* reverse == 0 */
1032 			if (head == curr)
1033 				head = curr->next;
1034 			else
1035 				curr->prev->next = curr->next;
1036 			if (tail == curr)
1037 				tail = curr->prev;
1038 			curr->active = 0;
1039 			if (curr->next != NULL)
1040 				curr->next->prev = curr->prev;
1041 			if (curr->prev != NULL)
1042 				curr->prev->next = curr->next;
1043 			curr->next = NULL;
1044 			curr->prev = NULL;
1045 			}
1046 		}
1047 
1048 	*head_p = head;
1049 	*tail_p = tail;
1050 	}
1051 
ssl_cipher_strength_sort(CIPHER_ORDER ** head_p,CIPHER_ORDER ** tail_p)1052 static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
1053 				    CIPHER_ORDER **tail_p)
1054 	{
1055 	int max_strength_bits, i, *number_uses;
1056 	CIPHER_ORDER *curr;
1057 
1058 	/*
1059 	 * This routine sorts the ciphers with descending strength. The sorting
1060 	 * must keep the pre-sorted sequence, so we apply the normal sorting
1061 	 * routine as '+' movement to the end of the list.
1062 	 */
1063 	max_strength_bits = 0;
1064 	curr = *head_p;
1065 	while (curr != NULL)
1066 		{
1067 		if (curr->active &&
1068 		    (curr->cipher->strength_bits > max_strength_bits))
1069 		    max_strength_bits = curr->cipher->strength_bits;
1070 		curr = curr->next;
1071 		}
1072 
1073 	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
1074 	if (!number_uses)
1075 		{
1076 		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
1077 		return(0);
1078 		}
1079 	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
1080 
1081 	/*
1082 	 * Now find the strength_bits values actually used
1083 	 */
1084 	curr = *head_p;
1085 	while (curr != NULL)
1086 		{
1087 		if (curr->active)
1088 			number_uses[curr->cipher->strength_bits]++;
1089 		curr = curr->next;
1090 		}
1091 	/*
1092 	 * Go through the list of used strength_bits values in descending
1093 	 * order.
1094 	 */
1095 	for (i = max_strength_bits; i >= 0; i--)
1096 		if (number_uses[i] > 0)
1097 			ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1098 
1099 	OPENSSL_free(number_uses);
1100 	return(1);
1101 	}
1102 
ssl_cipher_process_rulestr(const char * rule_str,CIPHER_ORDER ** head_p,CIPHER_ORDER ** tail_p,const SSL_CIPHER ** ca_list)1103 static int ssl_cipher_process_rulestr(const char *rule_str,
1104                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
1105                 const SSL_CIPHER **ca_list)
1106 	{
1107 	unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
1108 	const char *l, *buf;
1109 	int j, multi, found, rule, retval, ok, buflen;
1110 	unsigned long cipher_id = 0;
1111 	char ch;
1112 
1113 	retval = 1;
1114 	l = rule_str;
1115 	for (;;)
1116 		{
1117 		ch = *l;
1118 
1119 		if (ch == '\0')
1120 			break;		/* done */
1121 		if (ch == '-')
1122 			{ rule = CIPHER_DEL; l++; }
1123 		else if (ch == '+')
1124 			{ rule = CIPHER_ORD; l++; }
1125 		else if (ch == '!')
1126 			{ rule = CIPHER_KILL; l++; }
1127 		else if (ch == '@')
1128 			{ rule = CIPHER_SPECIAL; l++; }
1129 		else
1130 			{ rule = CIPHER_ADD; }
1131 
1132 		if (ITEM_SEP(ch))
1133 			{
1134 			l++;
1135 			continue;
1136 			}
1137 
1138 		alg_mkey = 0;
1139 		alg_auth = 0;
1140 		alg_enc = 0;
1141 		alg_mac = 0;
1142 		alg_ssl = 0;
1143 		algo_strength = 0;
1144 
1145 		for (;;)
1146 			{
1147 			ch = *l;
1148 			buf = l;
1149 			buflen = 0;
1150 #ifndef CHARSET_EBCDIC
1151 			while (	((ch >= 'A') && (ch <= 'Z')) ||
1152 				((ch >= '0') && (ch <= '9')) ||
1153 				((ch >= 'a') && (ch <= 'z')) ||
1154 				 (ch == '-') || (ch == '.'))
1155 #else
1156 			while (	isalnum(ch) || (ch == '-') || (ch == '.'))
1157 #endif
1158 				 {
1159 				 ch = *(++l);
1160 				 buflen++;
1161 				 }
1162 
1163 			if (buflen == 0)
1164 				{
1165 				/*
1166 				 * We hit something we cannot deal with,
1167 				 * it is no command or separator nor
1168 				 * alphanumeric, so we call this an error.
1169 				 */
1170 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1171 				       SSL_R_INVALID_COMMAND);
1172 				retval = found = 0;
1173 				l++;
1174 				break;
1175 				}
1176 
1177 			if (rule == CIPHER_SPECIAL)
1178 				{
1179 				found = 0; /* unused -- avoid compiler warning */
1180 				break;	/* special treatment */
1181 				}
1182 
1183 			/* check for multi-part specification */
1184 			if (ch == '+')
1185 				{
1186 				multi=1;
1187 				l++;
1188 				}
1189 			else
1190 				multi=0;
1191 
1192 			/*
1193 			 * Now search for the cipher alias in the ca_list. Be careful
1194 			 * with the strncmp, because the "buflen" limitation
1195 			 * will make the rule "ADH:SOME" and the cipher
1196 			 * "ADH-MY-CIPHER" look like a match for buflen=3.
1197 			 * So additionally check whether the cipher name found
1198 			 * has the correct length. We can save a strlen() call:
1199 			 * just checking for the '\0' at the right place is
1200 			 * sufficient, we have to strncmp() anyway. (We cannot
1201 			 * use strcmp(), because buf is not '\0' terminated.)
1202 			 */
1203 			j = found = 0;
1204 			cipher_id = 0;
1205 			while (ca_list[j])
1206 				{
1207 				if (!strncmp(buf, ca_list[j]->name, buflen) &&
1208 				    (ca_list[j]->name[buflen] == '\0'))
1209 					{
1210 					found = 1;
1211 					break;
1212 					}
1213 				else
1214 					j++;
1215 				}
1216 
1217 			if (!found)
1218 				break;	/* ignore this entry */
1219 
1220 			if (ca_list[j]->algorithm_mkey)
1221 				{
1222 				if (alg_mkey)
1223 					{
1224 					alg_mkey &= ca_list[j]->algorithm_mkey;
1225 					if (!alg_mkey) { found = 0; break; }
1226 					}
1227 				else
1228 					alg_mkey = ca_list[j]->algorithm_mkey;
1229 				}
1230 
1231 			if (ca_list[j]->algorithm_auth)
1232 				{
1233 				if (alg_auth)
1234 					{
1235 					alg_auth &= ca_list[j]->algorithm_auth;
1236 					if (!alg_auth) { found = 0; break; }
1237 					}
1238 				else
1239 					alg_auth = ca_list[j]->algorithm_auth;
1240 				}
1241 
1242 			if (ca_list[j]->algorithm_enc)
1243 				{
1244 				if (alg_enc)
1245 					{
1246 					alg_enc &= ca_list[j]->algorithm_enc;
1247 					if (!alg_enc) { found = 0; break; }
1248 					}
1249 				else
1250 					alg_enc = ca_list[j]->algorithm_enc;
1251 				}
1252 
1253 			if (ca_list[j]->algorithm_mac)
1254 				{
1255 				if (alg_mac)
1256 					{
1257 					alg_mac &= ca_list[j]->algorithm_mac;
1258 					if (!alg_mac) { found = 0; break; }
1259 					}
1260 				else
1261 					alg_mac = ca_list[j]->algorithm_mac;
1262 				}
1263 
1264 			if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1265 				{
1266 				if (algo_strength & SSL_EXP_MASK)
1267 					{
1268 					algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1269 					if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1270 					}
1271 				else
1272 					algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1273 				}
1274 
1275 			if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1276 				{
1277 				if (algo_strength & SSL_STRONG_MASK)
1278 					{
1279 					algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1280 					if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1281 					}
1282 				else
1283 					algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1284 				}
1285 
1286 			if (ca_list[j]->valid)
1287 				{
1288 				/* explicit ciphersuite found; its protocol version
1289 				 * does not become part of the search pattern!*/
1290 
1291 				cipher_id = ca_list[j]->id;
1292 				}
1293 			else
1294 				{
1295 				/* not an explicit ciphersuite; only in this case, the
1296 				 * protocol version is considered part of the search pattern */
1297 
1298 				if (ca_list[j]->algorithm_ssl)
1299 					{
1300 					if (alg_ssl)
1301 						{
1302 						alg_ssl &= ca_list[j]->algorithm_ssl;
1303 						if (!alg_ssl) { found = 0; break; }
1304 						}
1305 					else
1306 						alg_ssl = ca_list[j]->algorithm_ssl;
1307 					}
1308 				}
1309 
1310 			if (!multi) break;
1311 			}
1312 
1313 		/*
1314 		 * Ok, we have the rule, now apply it
1315 		 */
1316 		if (rule == CIPHER_SPECIAL)
1317 			{	/* special command */
1318 			ok = 0;
1319 			if ((buflen == 8) &&
1320 				!strncmp(buf, "STRENGTH", 8))
1321 				ok = ssl_cipher_strength_sort(head_p, tail_p);
1322 			else
1323 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1324 					SSL_R_INVALID_COMMAND);
1325 			if (ok == 0)
1326 				retval = 0;
1327 			/*
1328 			 * We do not support any "multi" options
1329 			 * together with "@", so throw away the
1330 			 * rest of the command, if any left, until
1331 			 * end or ':' is found.
1332 			 */
1333 			while ((*l != '\0') && !ITEM_SEP(*l))
1334 				l++;
1335 			}
1336 		else if (found)
1337 			{
1338 			ssl_cipher_apply_rule(cipher_id,
1339 				alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1340 				rule, -1, head_p, tail_p);
1341 			}
1342 		else
1343 			{
1344 			while ((*l != '\0') && !ITEM_SEP(*l))
1345 				l++;
1346 			}
1347 		if (*l == '\0') break; /* done */
1348 		}
1349 
1350 	return(retval);
1351 	}
1352 
STACK_OF(SSL_CIPHER)1353 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1354 		STACK_OF(SSL_CIPHER) **cipher_list,
1355 		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1356 		const char *rule_str)
1357 	{
1358 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1359 	unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1360 	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1361 	const char *rule_p;
1362 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1363 	const SSL_CIPHER **ca_list = NULL;
1364 
1365 	/*
1366 	 * Return with error if nothing to do.
1367 	 */
1368 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1369 		return NULL;
1370 
1371 	/*
1372 	 * To reduce the work to do we only want to process the compiled
1373 	 * in algorithms, so we first get the mask of disabled ciphers.
1374 	 */
1375 	ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1376 
1377 	/*
1378 	 * Now we have to collect the available ciphers from the compiled
1379 	 * in ciphers. We cannot get more than the number compiled in, so
1380 	 * it is used for allocation.
1381 	 */
1382 	num_of_ciphers = ssl_method->num_ciphers();
1383 #ifdef KSSL_DEBUG
1384 	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1385 #endif    /* KSSL_DEBUG */
1386 	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1387 	if (co_list == NULL)
1388 		{
1389 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1390 		return(NULL);	/* Failure */
1391 		}
1392 
1393 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1394 	                           disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1395 	                           co_list, &head, &tail);
1396 
1397 
1398 	/* Now arrange all ciphers by preference: */
1399 
1400 	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1401 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1402 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1403 
1404 	/* AES is our preferred symmetric cipher */
1405 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1406 
1407 	/* Temporarily enable everything else for sorting */
1408 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1409 
1410 	/* Low priority for MD5 */
1411 	ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1412 
1413 	/* Move anonymous ciphers to the end.  Usually, these will remain disabled.
1414 	 * (For applications that allow them, they aren't too bad, but we prefer
1415 	 * authenticated ciphers.) */
1416 	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1417 
1418 	/* Move ciphers without forward secrecy to the end */
1419 	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1420 	/* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1421 	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1422 	ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1423 	ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1424 
1425 	/* RC4 is sort-of broken -- move the the end */
1426 	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1427 
1428 	/* Now sort by symmetric encryption strength.  The above ordering remains
1429 	 * in force within each class */
1430 	if (!ssl_cipher_strength_sort(&head, &tail))
1431 		{
1432 		OPENSSL_free(co_list);
1433 		return NULL;
1434 		}
1435 
1436 	/* Now disable everything (maintaining the ordering!) */
1437 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1438 
1439 
1440 	/*
1441 	 * We also need cipher aliases for selecting based on the rule_str.
1442 	 * There might be two types of entries in the rule_str: 1) names
1443 	 * of ciphers themselves 2) aliases for groups of ciphers.
1444 	 * For 1) we need the available ciphers and for 2) the cipher
1445 	 * groups of cipher_aliases added together in one list (otherwise
1446 	 * we would be happy with just the cipher_aliases table).
1447 	 */
1448 	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1449 	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1450 	ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1451 	if (ca_list == NULL)
1452 		{
1453 		OPENSSL_free(co_list);
1454 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1455 		return(NULL);	/* Failure */
1456 		}
1457 	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1458 	                           disabled_mkey, disabled_auth, disabled_enc,
1459 				   disabled_mac, disabled_ssl, head);
1460 
1461 	/*
1462 	 * If the rule_string begins with DEFAULT, apply the default rule
1463 	 * before using the (possibly available) additional rules.
1464 	 */
1465 	ok = 1;
1466 	rule_p = rule_str;
1467 	if (strncmp(rule_str,"DEFAULT",7) == 0)
1468 		{
1469 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1470 			&head, &tail, ca_list);
1471 		rule_p += 7;
1472 		if (*rule_p == ':')
1473 			rule_p++;
1474 		}
1475 
1476 	if (ok && (strlen(rule_p) > 0))
1477 		ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1478 
1479 	OPENSSL_free((void *)ca_list);	/* Not needed anymore */
1480 
1481 	if (!ok)
1482 		{	/* Rule processing failure */
1483 		OPENSSL_free(co_list);
1484 		return(NULL);
1485 		}
1486 
1487 	/*
1488 	 * Allocate new "cipherstack" for the result, return with error
1489 	 * if we cannot get one.
1490 	 */
1491 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1492 		{
1493 		OPENSSL_free(co_list);
1494 		return(NULL);
1495 		}
1496 
1497 	/*
1498 	 * The cipher selection for the list is done. The ciphers are added
1499 	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1500 	 */
1501 	for (curr = head; curr != NULL; curr = curr->next)
1502 		{
1503 #ifdef OPENSSL_FIPS
1504 		if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1505 #else
1506 		if (curr->active)
1507 #endif
1508 			{
1509 			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1510 #ifdef CIPHER_DEBUG
1511 			printf("<%s>\n",curr->cipher->name);
1512 #endif
1513 			}
1514 		}
1515 	OPENSSL_free(co_list);	/* Not needed any longer */
1516 
1517 	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1518 	if (tmp_cipher_list == NULL)
1519 		{
1520 		sk_SSL_CIPHER_free(cipherstack);
1521 		return NULL;
1522 		}
1523 	if (*cipher_list != NULL)
1524 		sk_SSL_CIPHER_free(*cipher_list);
1525 	*cipher_list = cipherstack;
1526 	if (*cipher_list_by_id != NULL)
1527 		sk_SSL_CIPHER_free(*cipher_list_by_id);
1528 	*cipher_list_by_id = tmp_cipher_list;
1529 	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1530 
1531 	sk_SSL_CIPHER_sort(*cipher_list_by_id);
1532 	return(cipherstack);
1533 	}
1534 
SSL_CIPHER_description(const SSL_CIPHER * cipher,char * buf,int len)1535 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1536 	{
1537 	int is_export,pkl,kl;
1538 	const char *ver,*exp_str;
1539 	const char *kx,*au,*enc,*mac;
1540 	unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
1541 #ifdef KSSL_DEBUG
1542 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1543 #else
1544 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1545 #endif /* KSSL_DEBUG */
1546 
1547 	alg_mkey = cipher->algorithm_mkey;
1548 	alg_auth = cipher->algorithm_auth;
1549 	alg_enc = cipher->algorithm_enc;
1550 	alg_mac = cipher->algorithm_mac;
1551 	alg_ssl = cipher->algorithm_ssl;
1552 
1553 	alg2=cipher->algorithm2;
1554 
1555 	is_export=SSL_C_IS_EXPORT(cipher);
1556 	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1557 	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1558 	exp_str=is_export?" export":"";
1559 
1560 	if (alg_ssl & SSL_SSLV2)
1561 		ver="SSLv2";
1562 	else if (alg_ssl & SSL_SSLV3)
1563 		ver="SSLv3";
1564 	else if (alg_ssl & SSL_TLSV1_2)
1565 		ver="TLSv1.2";
1566 	else
1567 		ver="unknown";
1568 
1569 	switch (alg_mkey)
1570 		{
1571 	case SSL_kRSA:
1572 		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1573 		break;
1574 	case SSL_kDHr:
1575 		kx="DH/RSA";
1576 		break;
1577 	case SSL_kDHd:
1578 		kx="DH/DSS";
1579 		break;
1580         case SSL_kKRB5:
1581 		kx="KRB5";
1582 		break;
1583 	case SSL_kEDH:
1584 		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1585 		break;
1586 	case SSL_kECDHr:
1587 		kx="ECDH/RSA";
1588 		break;
1589 	case SSL_kECDHe:
1590 		kx="ECDH/ECDSA";
1591 		break;
1592 	case SSL_kEECDH:
1593 		kx="ECDH";
1594 		break;
1595 	case SSL_kPSK:
1596 		kx="PSK";
1597 		break;
1598 	case SSL_kSRP:
1599 		kx="SRP";
1600 		break;
1601 	default:
1602 		kx="unknown";
1603 		}
1604 
1605 	switch (alg_auth)
1606 		{
1607 	case SSL_aRSA:
1608 		au="RSA";
1609 		break;
1610 	case SSL_aDSS:
1611 		au="DSS";
1612 		break;
1613 	case SSL_aDH:
1614 		au="DH";
1615 		break;
1616         case SSL_aKRB5:
1617 		au="KRB5";
1618 		break;
1619         case SSL_aECDH:
1620 		au="ECDH";
1621 		break;
1622 	case SSL_aNULL:
1623 		au="None";
1624 		break;
1625 	case SSL_aECDSA:
1626 		au="ECDSA";
1627 		break;
1628 	case SSL_aPSK:
1629 		au="PSK";
1630 		break;
1631 	default:
1632 		au="unknown";
1633 		break;
1634 		}
1635 
1636 	switch (alg_enc)
1637 		{
1638 	case SSL_DES:
1639 		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1640 		break;
1641 	case SSL_3DES:
1642 		enc="3DES(168)";
1643 		break;
1644 	case SSL_RC4:
1645 		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1646 		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1647 		break;
1648 	case SSL_RC2:
1649 		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1650 		break;
1651 	case SSL_IDEA:
1652 		enc="IDEA(128)";
1653 		break;
1654 	case SSL_eNULL:
1655 		enc="None";
1656 		break;
1657 	case SSL_AES128:
1658 		enc="AES(128)";
1659 		break;
1660 	case SSL_AES256:
1661 		enc="AES(256)";
1662 		break;
1663 	case SSL_AES128GCM:
1664 		enc="AESGCM(128)";
1665 		break;
1666 	case SSL_AES256GCM:
1667 		enc="AESGCM(256)";
1668 		break;
1669 	case SSL_CAMELLIA128:
1670 		enc="Camellia(128)";
1671 		break;
1672 	case SSL_CAMELLIA256:
1673 		enc="Camellia(256)";
1674 		break;
1675 	case SSL_SEED:
1676 		enc="SEED(128)";
1677 		break;
1678 	default:
1679 		enc="unknown";
1680 		break;
1681 		}
1682 
1683 	switch (alg_mac)
1684 		{
1685 	case SSL_MD5:
1686 		mac="MD5";
1687 		break;
1688 	case SSL_SHA1:
1689 		mac="SHA1";
1690 		break;
1691 	case SSL_SHA256:
1692 		mac="SHA256";
1693 		break;
1694 	case SSL_SHA384:
1695 		mac="SHA384";
1696 		break;
1697 	case SSL_AEAD:
1698 		mac="AEAD";
1699 		break;
1700 	default:
1701 		mac="unknown";
1702 		break;
1703 		}
1704 
1705 	if (buf == NULL)
1706 		{
1707 		len=128;
1708 		buf=OPENSSL_malloc(len);
1709 		if (buf == NULL) return("OPENSSL_malloc Error");
1710 		}
1711 	else if (len < 128)
1712 		return("Buffer too small");
1713 
1714 #ifdef KSSL_DEBUG
1715 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1716 #else
1717 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1718 #endif /* KSSL_DEBUG */
1719 	return(buf);
1720 	}
1721 
SSL_CIPHER_get_version(const SSL_CIPHER * c)1722 char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1723 	{
1724 	int i;
1725 
1726 	if (c == NULL) return("(NONE)");
1727 	i=(int)(c->id>>24L);
1728 	if (i == 3)
1729 		return("TLSv1/SSLv3");
1730 	else if (i == 2)
1731 		return("SSLv2");
1732 	else
1733 		return("unknown");
1734 	}
1735 
1736 /* return the actual cipher being used */
SSL_CIPHER_get_name(const SSL_CIPHER * c)1737 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1738 	{
1739 	if (c != NULL)
1740 		return(c->name);
1741 	return("(NONE)");
1742 	}
1743 
1744 /* number of bits for symmetric cipher */
SSL_CIPHER_get_bits(const SSL_CIPHER * c,int * alg_bits)1745 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1746 	{
1747 	int ret=0;
1748 
1749 	if (c != NULL)
1750 		{
1751 		if (alg_bits != NULL) *alg_bits = c->alg_bits;
1752 		ret = c->strength_bits;
1753 		}
1754 	return(ret);
1755 	}
1756 
SSL_CIPHER_get_id(const SSL_CIPHER * c)1757 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
1758 	{
1759 	return c->id;
1760 	}
1761 
1762 /* return string version of key exchange algorithm */
SSL_CIPHER_authentication_method(const SSL_CIPHER * cipher)1763 const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
1764 	{
1765 	switch (cipher->algorithm_mkey)
1766 		{
1767 	case SSL_kRSA:
1768 		return SSL_TXT_RSA;
1769 	case SSL_kDHr:
1770 		return SSL_TXT_DH "_" SSL_TXT_RSA;
1771 	case SSL_kDHd:
1772 		return SSL_TXT_DH "_" SSL_TXT_DSS;
1773 	case SSL_kEDH:
1774 		switch (cipher->algorithm_auth)
1775 			{
1776 		case SSL_aDSS:
1777 			return "DHE_" SSL_TXT_DSS;
1778 		case SSL_aRSA:
1779 			return "DHE_" SSL_TXT_RSA;
1780 		case SSL_aNULL:
1781 			return SSL_TXT_DH "_anon";
1782 		default:
1783 			return "UNKNOWN";
1784                         }
1785 	case SSL_kKRB5:
1786 		return SSL_TXT_KRB5;
1787 	case SSL_kECDHr:
1788 		return SSL_TXT_ECDH "_" SSL_TXT_RSA;
1789 	case SSL_kECDHe:
1790 		return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
1791 	case SSL_kEECDH:
1792 		switch (cipher->algorithm_auth)
1793 			{
1794 		case SSL_aECDSA:
1795 			return "ECDHE_" SSL_TXT_ECDSA;
1796 		case SSL_aRSA:
1797 			return "ECDHE_" SSL_TXT_RSA;
1798 		case SSL_aNULL:
1799 			return SSL_TXT_ECDH "_anon";
1800 		default:
1801 			return "UNKNOWN";
1802                         }
1803         default:
1804 		return "UNKNOWN";
1805 		}
1806 	}
1807 
ssl3_comp_find(STACK_OF (SSL_COMP)* sk,int n)1808 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1809 	{
1810 	SSL_COMP *ctmp;
1811 	int i,nn;
1812 
1813 	if ((n == 0) || (sk == NULL)) return(NULL);
1814 	nn=sk_SSL_COMP_num(sk);
1815 	for (i=0; i<nn; i++)
1816 		{
1817 		ctmp=sk_SSL_COMP_value(sk,i);
1818 		if (ctmp->id == n)
1819 			return(ctmp);
1820 		}
1821 	return(NULL);
1822 	}
1823 
1824 #ifdef OPENSSL_NO_COMP
SSL_COMP_get_compression_methods(void)1825 void *SSL_COMP_get_compression_methods(void)
1826 	{
1827 	return NULL;
1828 	}
SSL_COMP_add_compression_method(int id,void * cm)1829 int SSL_COMP_add_compression_method(int id, void *cm)
1830 	{
1831 	return 1;
1832 	}
1833 
SSL_COMP_get_name(const void * comp)1834 const char *SSL_COMP_get_name(const void *comp)
1835 	{
1836 	return NULL;
1837 	}
1838 #else
STACK_OF(SSL_COMP)1839 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1840 	{
1841 	load_builtin_compressions();
1842 	return(ssl_comp_methods);
1843 	}
1844 
SSL_COMP_add_compression_method(int id,COMP_METHOD * cm)1845 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1846 	{
1847 	SSL_COMP *comp;
1848 
1849         if (cm == NULL || cm->type == NID_undef)
1850                 return 1;
1851 
1852 	/* According to draft-ietf-tls-compression-04.txt, the
1853 	   compression number ranges should be the following:
1854 
1855 	   0 to 63:    methods defined by the IETF
1856 	   64 to 192:  external party methods assigned by IANA
1857 	   193 to 255: reserved for private use */
1858 	if (id < 193 || id > 255)
1859 		{
1860 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1861 		return 0;
1862 		}
1863 
1864 	MemCheck_off();
1865 	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1866 	comp->id=id;
1867 	comp->method=cm;
1868 	load_builtin_compressions();
1869 	if (ssl_comp_methods
1870 		&& sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1871 		{
1872 		OPENSSL_free(comp);
1873 		MemCheck_on();
1874 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1875 		return(1);
1876 		}
1877 	else if ((ssl_comp_methods == NULL)
1878 		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
1879 		{
1880 		OPENSSL_free(comp);
1881 		MemCheck_on();
1882 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1883 		return(1);
1884 		}
1885 	else
1886 		{
1887 		MemCheck_on();
1888 		return(0);
1889 		}
1890 	}
1891 
SSL_COMP_get_name(const COMP_METHOD * comp)1892 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1893 	{
1894 	if (comp)
1895 		return comp->name;
1896 	return NULL;
1897 	}
1898 
1899 #endif
1900