summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
authordjm <>2010-10-01 22:54:21 +0000
committerdjm <>2010-10-01 22:54:21 +0000
commit829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
treee03b9f1bd051e844b971936729e9df549a209130 /src/lib/libssl/ssl_ciph.c
parente6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
downloadopenbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c1019
1 files changed, 690 insertions, 329 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 52f91cfe60..bee3507ea1 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -113,12 +113,41 @@
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
116#include <stdio.h> 143#include <stdio.h>
117#include <openssl/objects.h> 144#include <openssl/objects.h>
118#ifndef OPENSSL_NO_COMP 145#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h> 146#include <openssl/comp.h>
120#endif 147#endif
121 148#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h>
150#endif
122#include "ssl_locl.h" 151#include "ssl_locl.h"
123 152
124#define SSL_ENC_DES_IDX 0 153#define SSL_ENC_DES_IDX 0
@@ -126,18 +155,18 @@
126#define SSL_ENC_RC4_IDX 2 155#define SSL_ENC_RC4_IDX 2
127#define SSL_ENC_RC2_IDX 3 156#define SSL_ENC_RC2_IDX 3
128#define SSL_ENC_IDEA_IDX 4 157#define SSL_ENC_IDEA_IDX 4
129#define SSL_ENC_eFZA_IDX 5 158#define SSL_ENC_NULL_IDX 5
130#define SSL_ENC_NULL_IDX 6 159#define SSL_ENC_AES128_IDX 6
131#define SSL_ENC_AES128_IDX 7 160#define SSL_ENC_AES256_IDX 7
132#define SSL_ENC_AES256_IDX 8 161#define SSL_ENC_CAMELLIA128_IDX 8
133#define SSL_ENC_CAMELLIA128_IDX 9 162#define SSL_ENC_CAMELLIA256_IDX 9
134#define SSL_ENC_CAMELLIA256_IDX 10 163#define SSL_ENC_GOST89_IDX 10
135#define SSL_ENC_SEED_IDX 11 164#define SSL_ENC_SEED_IDX 11
136#define SSL_ENC_NUM_IDX 12 165#define SSL_ENC_NUM_IDX 12
137 166
138 167
139static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
140 NULL,NULL,NULL,NULL,NULL,NULL, 169 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
141 }; 170 };
142 171
143#define SSL_COMP_NULL_IDX 0 172#define SSL_COMP_NULL_IDX 0
@@ -148,9 +177,30 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
148 177
149#define SSL_MD_MD5_IDX 0 178#define SSL_MD_MD5_IDX 0
150#define SSL_MD_SHA1_IDX 1 179#define SSL_MD_SHA1_IDX 1
151#define SSL_MD_NUM_IDX 2 180#define SSL_MD_GOST94_IDX 2
181#define SSL_MD_GOST89MAC_IDX 3
182/*Constant SSL_MAX_DIGEST equal to size of digests array should be
183 * defined in the
184 * ssl_locl.h */
185#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
152static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 186static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
153 NULL,NULL, 187 NULL,NULL,NULL,NULL
188 };
189/* PKEY_TYPE for GOST89MAC is known in advance, but, because
190 * implementation is engine-provided, we'll fill it only if
191 * corresponding EVP_PKEY_METHOD is found
192 */
193static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
194 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
195 };
196
197static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
198 0,0,0,0
199 };
200
201static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
202 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
203 SSL_HANDSHAKE_MAC_GOST94,0
154 }; 204 };
155 205
156#define CIPHER_ADD 1 206#define CIPHER_ADD 1
@@ -161,72 +211,144 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
161 211
162typedef struct cipher_order_st 212typedef struct cipher_order_st
163 { 213 {
164 SSL_CIPHER *cipher; 214 const SSL_CIPHER *cipher;
165 int active; 215 int active;
166 int dead; 216 int dead;
167 struct cipher_order_st *next,*prev; 217 struct cipher_order_st *next,*prev;
168 } CIPHER_ORDER; 218 } CIPHER_ORDER;
169 219
170static const SSL_CIPHER cipher_aliases[]={ 220static const SSL_CIPHER cipher_aliases[]={
171 /* Don't include eNULL unless specifically enabled. */ 221 /* "ALL" doesn't include eNULL (must be specifically enabled) */
172 /* Don't include ECC in ALL because these ciphers are not yet official. */ 222 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
173 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ 223 /* "COMPLEMENTOFALL" */
174 /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ 224 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
175 {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ 225
176 {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, 226 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
177 {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ 227 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
178 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, 228
179 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, 229 /* key exchange aliases
180 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, 230 * (some of those using only a single bit here combine
181 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, 231 * multiple key exchange algs according to the RFCs,
182 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, 232 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
183 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, 233 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
184 {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, 234
185 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, 235 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
186 {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ 236 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
187 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, 237 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
188 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, 238 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
189 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, 239 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
190 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, 240
191 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, 241 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
192 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, 242
193 243 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
194 {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, 244 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
195 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, 245 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
196 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, 246 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
197 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, 247 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
198#ifndef OPENSSL_NO_IDEA 248
199 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 249 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
200#endif 250 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
201 {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0}, 251
202 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 252 /* server authentication aliases */
203 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 253 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
204 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 254 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
205 {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, 255 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
206 256 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
207 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, 257 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
208 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, 258 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
209 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, 259 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
210 260 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
211 {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, 261 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
212 {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 262 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
213 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 263 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
214 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 264 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
215 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, 265 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
216 266
217 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, 267 /* aliases combining key exchange and server authentication */
218 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, 268 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
219 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, 269 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
220 270 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
221 {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 271 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
222 {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 272 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
223 {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, 273 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
224 {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, 274 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
225 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 275 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
226 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 276
227 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 277
228 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, 278 /* symmetric encryption aliases */
279 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
280 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
281 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
282 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
283 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
284 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
285 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
286 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
287 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
288 {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
289 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
290 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
291 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
292
293 /* MAC aliases */
294 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
295 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
296 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
297 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
298 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
299
300 /* protocol version aliases */
301 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
302 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
303 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
304
305 /* export flag */
306 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
307 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
308
309 /* strength classes */
310 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
311 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
312 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
313 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
314 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
315 /* FIPS 140-2 approved ciphersuite */
316 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
229 }; 317 };
318/* Search for public key algorithm with given name and
319 * return its pkey_id if it is available. Otherwise return 0
320 */
321#ifdef OPENSSL_NO_ENGINE
322
323static int get_optional_pkey_id(const char *pkey_name)
324 {
325 const EVP_PKEY_ASN1_METHOD *ameth;
326 int pkey_id=0;
327 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
328 if (ameth)
329 {
330 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
331 }
332 return pkey_id;
333 }
334
335#else
336
337static int get_optional_pkey_id(const char *pkey_name)
338 {
339 const EVP_PKEY_ASN1_METHOD *ameth;
340 ENGINE *tmpeng = NULL;
341 int pkey_id=0;
342 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
343 if (ameth)
344 {
345 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
346 }
347 if (tmpeng) ENGINE_finish(tmpeng);
348 return pkey_id;
349 }
350
351#endif
230 352
231void ssl_load_ciphers(void) 353void ssl_load_ciphers(void)
232 { 354 {
@@ -252,16 +374,37 @@ void ssl_load_ciphers(void)
252 EVP_get_cipherbyname(SN_camellia_128_cbc); 374 EVP_get_cipherbyname(SN_camellia_128_cbc);
253 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 375 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
254 EVP_get_cipherbyname(SN_camellia_256_cbc); 376 EVP_get_cipherbyname(SN_camellia_256_cbc);
377 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
378 EVP_get_cipherbyname(SN_gost89_cnt);
255 ssl_cipher_methods[SSL_ENC_SEED_IDX]= 379 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
256 EVP_get_cipherbyname(SN_seed_cbc); 380 EVP_get_cipherbyname(SN_seed_cbc);
257 381
258 ssl_digest_methods[SSL_MD_MD5_IDX]= 382 ssl_digest_methods[SSL_MD_MD5_IDX]=
259 EVP_get_digestbyname(SN_md5); 383 EVP_get_digestbyname(SN_md5);
384 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
385 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
386 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
260 ssl_digest_methods[SSL_MD_SHA1_IDX]= 387 ssl_digest_methods[SSL_MD_SHA1_IDX]=
261 EVP_get_digestbyname(SN_sha1); 388 EVP_get_digestbyname(SN_sha1);
262 } 389 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
263 390 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
391 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
392 ssl_digest_methods[SSL_MD_GOST94_IDX]=
393 EVP_get_digestbyname(SN_id_GostR3411_94);
394 if (ssl_digest_methods[SSL_MD_GOST94_IDX])
395 {
396 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
397 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
398 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
399 }
400 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
401 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
402 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
403 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
404 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
405 }
264 406
407 }
265#ifndef OPENSSL_NO_COMP 408#ifndef OPENSSL_NO_COMP
266 409
267static int sk_comp_cmp(const SSL_COMP * const *a, 410static int sk_comp_cmp(const SSL_COMP * const *a,
@@ -316,10 +459,10 @@ static void load_builtin_compressions(void)
316#endif 459#endif
317 460
318int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 461int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
319 const EVP_MD **md, SSL_COMP **comp) 462 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
320 { 463 {
321 int i; 464 int i;
322 SSL_CIPHER *c; 465 const SSL_CIPHER *c;
323 466
324 c=s->cipher; 467 c=s->cipher;
325 if (c == NULL) return(0); 468 if (c == NULL) return(0);
@@ -344,7 +487,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
344 487
345 if ((enc == NULL) || (md == NULL)) return(0); 488 if ((enc == NULL) || (md == NULL)) return(0);
346 489
347 switch (c->algorithms & SSL_ENC_MASK) 490 switch (c->algorithm_enc)
348 { 491 {
349 case SSL_DES: 492 case SSL_DES:
350 i=SSL_ENC_DES_IDX; 493 i=SSL_ENC_DES_IDX;
@@ -364,26 +507,24 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
364 case SSL_eNULL: 507 case SSL_eNULL:
365 i=SSL_ENC_NULL_IDX; 508 i=SSL_ENC_NULL_IDX;
366 break; 509 break;
367 case SSL_AES: 510 case SSL_AES128:
368 switch(c->alg_bits) 511 i=SSL_ENC_AES128_IDX;
369 {
370 case 128: i=SSL_ENC_AES128_IDX; break;
371 case 256: i=SSL_ENC_AES256_IDX; break;
372 default: i=-1; break;
373 }
374 break; 512 break;
375 case SSL_CAMELLIA: 513 case SSL_AES256:
376 switch(c->alg_bits) 514 i=SSL_ENC_AES256_IDX;
377 { 515 break;
378 case 128: i=SSL_ENC_CAMELLIA128_IDX; break; 516 case SSL_CAMELLIA128:
379 case 256: i=SSL_ENC_CAMELLIA256_IDX; break; 517 i=SSL_ENC_CAMELLIA128_IDX;
380 default: i=-1; break; 518 break;
381 } 519 case SSL_CAMELLIA256:
520 i=SSL_ENC_CAMELLIA256_IDX;
521 break;
522 case SSL_eGOST2814789CNT:
523 i=SSL_ENC_GOST89_IDX;
382 break; 524 break;
383 case SSL_SEED: 525 case SSL_SEED:
384 i=SSL_ENC_SEED_IDX; 526 i=SSL_ENC_SEED_IDX;
385 break; 527 break;
386
387 default: 528 default:
388 i= -1; 529 i= -1;
389 break; 530 break;
@@ -399,7 +540,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
399 *enc=ssl_cipher_methods[i]; 540 *enc=ssl_cipher_methods[i];
400 } 541 }
401 542
402 switch (c->algorithms & SSL_MAC_MASK) 543 switch (c->algorithm_mac)
403 { 544 {
404 case SSL_MD5: 545 case SSL_MD5:
405 i=SSL_MD_MD5_IDX; 546 i=SSL_MD_MD5_IDX;
@@ -407,21 +548,48 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
407 case SSL_SHA1: 548 case SSL_SHA1:
408 i=SSL_MD_SHA1_IDX; 549 i=SSL_MD_SHA1_IDX;
409 break; 550 break;
551 case SSL_GOST94:
552 i = SSL_MD_GOST94_IDX;
553 break;
554 case SSL_GOST89MAC:
555 i = SSL_MD_GOST89MAC_IDX;
556 break;
410 default: 557 default:
411 i= -1; 558 i= -1;
412 break; 559 break;
413 } 560 }
414 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 561 if ((i < 0) || (i > SSL_MD_NUM_IDX))
415 *md=NULL; 562 {
563 *md=NULL;
564 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
565 if (mac_secret_size!=NULL) *mac_secret_size = 0;
566
567 }
416 else 568 else
569 {
417 *md=ssl_digest_methods[i]; 570 *md=ssl_digest_methods[i];
571 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
572 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
573 }
418 574
419 if ((*enc != NULL) && (*md != NULL)) 575 if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
420 return(1); 576 return(1);
421 else 577 else
422 return(0); 578 return(0);
423 } 579 }
424 580
581int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
582{
583 if (idx <0||idx>=SSL_MD_NUM_IDX)
584 {
585 return 0;
586 }
587 if (ssl_handshake_digest_flag[idx]==0) return 0;
588 *mask = ssl_handshake_digest_flag[idx];
589 *md = ssl_digest_methods[idx];
590 return 1;
591}
592
425#define ITEM_SEP(a) \ 593#define ITEM_SEP(a) \
426 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 594 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
427 595
@@ -433,7 +601,7 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
433 *head=curr->next; 601 *head=curr->next;
434 if (curr->prev != NULL) 602 if (curr->prev != NULL)
435 curr->prev->next=curr->next; 603 curr->prev->next=curr->next;
436 if (curr->next != NULL) /* should always be true */ 604 if (curr->next != NULL)
437 curr->next->prev=curr->prev; 605 curr->next->prev=curr->prev;
438 (*tail)->next=curr; 606 (*tail)->next=curr;
439 curr->prev= *tail; 607 curr->prev= *tail;
@@ -441,69 +609,105 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
441 *tail=curr; 609 *tail=curr;
442 } 610 }
443 611
444struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, 612static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
445 * where 128-bit and 256-bit algorithms simply will get 613 CIPHER_ORDER **tail)
446 * separate bits. */ 614 {
447 unsigned long mask; /* everything except m256 */ 615 if (curr == *head) return;
448 unsigned long m256; /* applies to 256-bit algorithms only */ 616 if (curr == *tail)
449}; 617 *tail=curr->prev;
618 if (curr->next != NULL)
619 curr->next->prev=curr->prev;
620 if (curr->prev != NULL)
621 curr->prev->next=curr->next;
622 (*head)->prev=curr;
623 curr->next= *head;
624 curr->prev=NULL;
625 *head=curr;
626 }
450 627
451static struct disabled_masks ssl_cipher_get_disabled(void) 628static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
452 { 629 {
453 unsigned long mask; 630 *mkey = 0;
454 unsigned long m256; 631 *auth = 0;
455 struct disabled_masks ret; 632 *enc = 0;
633 *mac = 0;
634 *ssl = 0;
456 635
457 mask = SSL_kFZA;
458#ifdef OPENSSL_NO_RSA 636#ifdef OPENSSL_NO_RSA
459 mask |= SSL_aRSA|SSL_kRSA; 637 *mkey |= SSL_kRSA;
638 *auth |= SSL_aRSA;
460#endif 639#endif
461#ifdef OPENSSL_NO_DSA 640#ifdef OPENSSL_NO_DSA
462 mask |= SSL_aDSS; 641 *auth |= SSL_aDSS;
463#endif 642#endif
643 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
644 *auth |= SSL_aDH;
464#ifdef OPENSSL_NO_DH 645#ifdef OPENSSL_NO_DH
465 mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; 646 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
647 *auth |= SSL_aDH;
466#endif 648#endif
467#ifdef OPENSSL_NO_KRB5 649#ifdef OPENSSL_NO_KRB5
468 mask |= SSL_kKRB5|SSL_aKRB5; 650 *mkey |= SSL_kKRB5;
651 *auth |= SSL_aKRB5;
652#endif
653#ifdef OPENSSL_NO_ECDSA
654 *auth |= SSL_aECDSA;
469#endif 655#endif
470#ifdef OPENSSL_NO_ECDH 656#ifdef OPENSSL_NO_ECDH
471 mask |= SSL_kECDH|SSL_kECDHE; 657 *mkey |= SSL_kECDHe|SSL_kECDHr;
658 *auth |= SSL_aECDH;
472#endif 659#endif
660#ifdef OPENSSL_NO_PSK
661 *mkey |= SSL_kPSK;
662 *auth |= SSL_aPSK;
663#endif
664 /* Check for presence of GOST 34.10 algorithms, and if they
665 * do not present, disable appropriate auth and key exchange */
666 if (!get_optional_pkey_id("gost94")) {
667 *auth |= SSL_aGOST94;
668 }
669 if (!get_optional_pkey_id("gost2001")) {
670 *auth |= SSL_aGOST01;
671 }
672 /* Disable GOST key exchange if no GOST signature algs are available * */
673 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
674 *mkey |= SSL_kGOST;
675 }
473#ifdef SSL_FORBID_ENULL 676#ifdef SSL_FORBID_ENULL
474 mask |= SSL_eNULL; 677 *enc |= SSL_eNULL;
475#endif 678#endif
679
680
681
682 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
683 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
684 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
685 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
686 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
687 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
688 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
689 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
690 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
691 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
692 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
693
694 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
695 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
696 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
697 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
476 698
477 mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
478 mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
479 mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
480 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
481 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
482 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
483 mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
484
485 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
486 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
487
488 /* finally consider algorithms where mask and m256 differ */
489 m256 = mask;
490 mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
491 mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
492 m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
493 m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
494
495 ret.mask = mask;
496 ret.m256 = m256;
497 return ret;
498 } 699 }
499 700
500static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 701static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
501 int num_of_ciphers, unsigned long mask, unsigned long m256, 702 int num_of_ciphers,
502 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 703 unsigned long disabled_mkey, unsigned long disabled_auth,
503 CIPHER_ORDER **tail_p) 704 unsigned long disabled_enc, unsigned long disabled_mac,
705 unsigned long disabled_ssl,
706 CIPHER_ORDER *co_list,
707 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
504 { 708 {
505 int i, co_list_num; 709 int i, co_list_num;
506 SSL_CIPHER *c; 710 const SSL_CIPHER *c;
507 711
508 /* 712 /*
509 * We have num_of_ciphers descriptions compiled in, depending on the 713 * We have num_of_ciphers descriptions compiled in, depending on the
@@ -517,14 +721,13 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
517 for (i = 0; i < num_of_ciphers; i++) 721 for (i = 0; i < num_of_ciphers; i++)
518 { 722 {
519 c = ssl_method->get_cipher(i); 723 c = ssl_method->get_cipher(i);
520#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
521 /* drop those that use any of that is not available */ 724 /* drop those that use any of that is not available */
522#ifdef OPENSSL_FIPS 725 if ((c != NULL) && c->valid &&
523 if ((c != NULL) && c->valid && !IS_MASKED(c) 726 !(c->algorithm_mkey & disabled_mkey) &&
524 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) 727 !(c->algorithm_auth & disabled_auth) &&
525#else 728 !(c->algorithm_enc & disabled_enc) &&
526 if ((c != NULL) && c->valid && !IS_MASKED(c)) 729 !(c->algorithm_mac & disabled_mac) &&
527#endif 730 !(c->algorithm_ssl & disabled_ssl))
528 { 731 {
529 co_list[co_list_num].cipher = c; 732 co_list[co_list_num].cipher = c;
530 co_list[co_list_num].next = NULL; 733 co_list[co_list_num].next = NULL;
@@ -532,7 +735,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
532 co_list[co_list_num].active = 0; 735 co_list[co_list_num].active = 0;
533 co_list_num++; 736 co_list_num++;
534#ifdef KSSL_DEBUG 737#ifdef KSSL_DEBUG
535 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 738 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
536#endif /* KSSL_DEBUG */ 739#endif /* KSSL_DEBUG */
537 /* 740 /*
538 if (!sk_push(ca_list,(char *)c)) goto err; 741 if (!sk_push(ca_list,(char *)c)) goto err;
@@ -543,29 +746,45 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
543 /* 746 /*
544 * Prepare linked list from list entries 747 * Prepare linked list from list entries
545 */ 748 */
546 for (i = 1; i < co_list_num - 1; i++)
547 {
548 co_list[i].prev = &(co_list[i-1]);
549 co_list[i].next = &(co_list[i+1]);
550 }
551 if (co_list_num > 0) 749 if (co_list_num > 0)
552 { 750 {
553 (*head_p) = &(co_list[0]); 751 co_list[0].prev = NULL;
554 (*head_p)->prev = NULL; 752
555 (*head_p)->next = &(co_list[1]); 753 if (co_list_num > 1)
556 (*tail_p) = &(co_list[co_list_num - 1]); 754 {
557 (*tail_p)->prev = &(co_list[co_list_num - 2]); 755 co_list[0].next = &co_list[1];
558 (*tail_p)->next = NULL; 756
757 for (i = 1; i < co_list_num - 1; i++)
758 {
759 co_list[i].prev = &co_list[i - 1];
760 co_list[i].next = &co_list[i + 1];
761 }
762
763 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
764 }
765
766 co_list[co_list_num - 1].next = NULL;
767
768 *head_p = &co_list[0];
769 *tail_p = &co_list[co_list_num - 1];
559 } 770 }
560 } 771 }
561 772
562static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, 773static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
563 int num_of_group_aliases, unsigned long mask, 774 int num_of_group_aliases,
775 unsigned long disabled_mkey, unsigned long disabled_auth,
776 unsigned long disabled_enc, unsigned long disabled_mac,
777 unsigned long disabled_ssl,
564 CIPHER_ORDER *head) 778 CIPHER_ORDER *head)
565 { 779 {
566 CIPHER_ORDER *ciph_curr; 780 CIPHER_ORDER *ciph_curr;
567 SSL_CIPHER **ca_curr; 781 const SSL_CIPHER **ca_curr;
568 int i; 782 int i;
783 unsigned long mask_mkey = ~disabled_mkey;
784 unsigned long mask_auth = ~disabled_auth;
785 unsigned long mask_enc = ~disabled_enc;
786 unsigned long mask_mac = ~disabled_mac;
787 unsigned long mask_ssl = ~disabled_ssl;
569 788
570 /* 789 /*
571 * First, add the real ciphers as already collected 790 * First, add the real ciphers as already collected
@@ -581,84 +800,118 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
581 800
582 /* 801 /*
583 * Now we add the available ones from the cipher_aliases[] table. 802 * Now we add the available ones from the cipher_aliases[] table.
584 * They represent either an algorithm, that must be fully 803 * They represent either one or more algorithms, some of which
585 * supported (not match any bit in mask) or represent a cipher 804 * in any affected category must be supported (set in enabled_mask),
586 * strength value (will be added in any case because algorithms=0). 805 * or represent a cipher strength value (will be added in any case because algorithms=0).
587 */ 806 */
588 for (i = 0; i < num_of_group_aliases; i++) 807 for (i = 0; i < num_of_group_aliases; i++)
589 { 808 {
590 if ((i == 0) || /* always fetch "ALL" */ 809 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
591 !(cipher_aliases[i].algorithms & mask)) 810 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
592 { 811 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
593 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 812 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
594 ca_curr++; 813 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
595 } 814
815 if (algorithm_mkey)
816 if ((algorithm_mkey & mask_mkey) == 0)
817 continue;
818
819 if (algorithm_auth)
820 if ((algorithm_auth & mask_auth) == 0)
821 continue;
822
823 if (algorithm_enc)
824 if ((algorithm_enc & mask_enc) == 0)
825 continue;
826
827 if (algorithm_mac)
828 if ((algorithm_mac & mask_mac) == 0)
829 continue;
830
831 if (algorithm_ssl)
832 if ((algorithm_ssl & mask_ssl) == 0)
833 continue;
834
835 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
836 ca_curr++;
596 } 837 }
597 838
598 *ca_curr = NULL; /* end of list */ 839 *ca_curr = NULL; /* end of list */
599 } 840 }
600 841
601static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, 842static void ssl_cipher_apply_rule(unsigned long cipher_id,
602 unsigned long algorithms, unsigned long mask, 843 unsigned long alg_mkey, unsigned long alg_auth,
603 unsigned long algo_strength, unsigned long mask_strength, 844 unsigned long alg_enc, unsigned long alg_mac,
604 int rule, int strength_bits, CIPHER_ORDER *co_list, 845 unsigned long alg_ssl,
846 unsigned long algo_strength,
847 int rule, int strength_bits,
605 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 848 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
606 { 849 {
607 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 850 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
608 SSL_CIPHER *cp; 851 const SSL_CIPHER *cp;
609 unsigned long ma, ma_s; 852 int reverse = 0;
610 853
611#ifdef CIPHER_DEBUG 854#ifdef CIPHER_DEBUG
612 printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", 855 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
613 rule, algorithms, mask, algo_strength, mask_strength, 856 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
614 strength_bits);
615#endif 857#endif
616 858
617 curr = head = *head_p; 859 if (rule == CIPHER_DEL)
618 curr2 = head; 860 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
619 tail2 = tail = *tail_p; 861
862 head = *head_p;
863 tail = *tail_p;
864
865 if (reverse)
866 {
867 curr = tail;
868 last = head;
869 }
870 else
871 {
872 curr = head;
873 last = tail;
874 }
875
876 curr2 = curr;
620 for (;;) 877 for (;;)
621 { 878 {
622 if ((curr == NULL) || (curr == tail2)) break; 879 if ((curr == NULL) || (curr == last)) break;
623 curr = curr2; 880 curr = curr2;
624 curr2 = curr->next; 881 curr2 = reverse ? curr->prev : curr->next;
625 882
626 cp = curr->cipher; 883 cp = curr->cipher;
627 884
628 /* If explicit cipher suite, match only that one for its own protocol version. 885 /*
629 * Usual selection criteria will be used for similar ciphersuites from other version! */ 886 * Selection criteria is either the value of strength_bits
630 887 * or the algorithms used.
631 if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) 888 */
889 if (strength_bits >= 0)
632 { 890 {
633 if (cp->id != cipher_id) 891 if (strength_bits != cp->strength_bits)
634 continue; 892 continue;
635 } 893 }
636 894 else
637 /*
638 * Selection criteria is either the number of strength_bits
639 * or the algorithm used.
640 */
641 else if (strength_bits == -1)
642 { 895 {
643 ma = mask & cp->algorithms;
644 ma_s = mask_strength & cp->algo_strength;
645
646#ifdef CIPHER_DEBUG 896#ifdef CIPHER_DEBUG
647 printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); 897 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
648 printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
649#endif 898#endif
650 /* 899
651 * Select: if none of the mask bit was met from the 900 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
652 * cipher or not all of the bits were met, the 901 continue;
653 * selection does not apply. 902 if (alg_auth && !(alg_auth & cp->algorithm_auth))
654 */ 903 continue;
655 if (((ma == 0) && (ma_s == 0)) || 904 if (alg_enc && !(alg_enc & cp->algorithm_enc))
656 ((ma & algorithms) != ma) || 905 continue;
657 ((ma_s & algo_strength) != ma_s)) 906 if (alg_mac && !(alg_mac & cp->algorithm_mac))
658 continue; /* does not apply */ 907 continue;
908 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
909 continue;
910 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
911 continue;
912 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
913 continue;
659 } 914 }
660 else if (strength_bits != cp->strength_bits)
661 continue; /* does not apply */
662 915
663#ifdef CIPHER_DEBUG 916#ifdef CIPHER_DEBUG
664 printf("Action = %d\n", rule); 917 printf("Action = %d\n", rule);
@@ -667,38 +920,37 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
667 /* add the cipher if it has not been added yet. */ 920 /* add the cipher if it has not been added yet. */
668 if (rule == CIPHER_ADD) 921 if (rule == CIPHER_ADD)
669 { 922 {
923 /* reverse == 0 */
670 if (!curr->active) 924 if (!curr->active)
671 { 925 {
672 int add_this_cipher = 1; 926 ll_append_tail(&head, curr, &tail);
673 927 curr->active = 1;
674 if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
675 {
676 /* Make sure "ECCdraft" ciphersuites are activated only if
677 * *explicitly* requested, but not implicitly (such as
678 * as part of the "AES" alias). */
679
680 add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
681 }
682
683 if (add_this_cipher)
684 {
685 ll_append_tail(&head, curr, &tail);
686 curr->active = 1;
687 }
688 } 928 }
689 } 929 }
690 /* Move the added cipher to this location */ 930 /* Move the added cipher to this location */
691 else if (rule == CIPHER_ORD) 931 else if (rule == CIPHER_ORD)
692 { 932 {
933 /* reverse == 0 */
693 if (curr->active) 934 if (curr->active)
694 { 935 {
695 ll_append_tail(&head, curr, &tail); 936 ll_append_tail(&head, curr, &tail);
696 } 937 }
697 } 938 }
698 else if (rule == CIPHER_DEL) 939 else if (rule == CIPHER_DEL)
699 curr->active = 0; 940 {
941 /* reverse == 1 */
942 if (curr->active)
943 {
944 /* most recently deleted ciphersuites get best positions
945 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
946 * works in reverse to maintain the order) */
947 ll_append_head(&head, curr, &tail);
948 curr->active = 0;
949 }
950 }
700 else if (rule == CIPHER_KILL) 951 else if (rule == CIPHER_KILL)
701 { 952 {
953 /* reverse == 0 */
702 if (head == curr) 954 if (head == curr)
703 head = curr->next; 955 head = curr->next;
704 else 956 else
@@ -719,8 +971,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
719 *tail_p = tail; 971 *tail_p = tail;
720 } 972 }
721 973
722static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, 974static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
723 CIPHER_ORDER **head_p,
724 CIPHER_ORDER **tail_p) 975 CIPHER_ORDER **tail_p)
725 { 976 {
726 int max_strength_bits, i, *number_uses; 977 int max_strength_bits, i, *number_uses;
@@ -743,10 +994,10 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
743 994
744 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 995 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
745 if (!number_uses) 996 if (!number_uses)
746 { 997 {
747 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); 998 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
748 return(0); 999 return(0);
749 } 1000 }
750 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 1001 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
751 1002
752 /* 1003 /*
@@ -765,21 +1016,20 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
765 */ 1016 */
766 for (i = max_strength_bits; i >= 0; i--) 1017 for (i = max_strength_bits; i >= 0; i--)
767 if (number_uses[i] > 0) 1018 if (number_uses[i] > 0)
768 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 1019 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
769 co_list, head_p, tail_p);
770 1020
771 OPENSSL_free(number_uses); 1021 OPENSSL_free(number_uses);
772 return(1); 1022 return(1);
773 } 1023 }
774 1024
775static int ssl_cipher_process_rulestr(const char *rule_str, 1025static int ssl_cipher_process_rulestr(const char *rule_str,
776 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 1026 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
777 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 1027 const SSL_CIPHER **ca_list)
778 { 1028 {
779 unsigned long algorithms, mask, algo_strength, mask_strength; 1029 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
780 const char *l, *start, *buf; 1030 const char *l, *start, *buf;
781 int j, multi, found, rule, retval, ok, buflen; 1031 int j, multi, found, rule, retval, ok, buflen;
782 unsigned long cipher_id = 0, ssl_version = 0; 1032 unsigned long cipher_id = 0;
783 char ch; 1033 char ch;
784 1034
785 retval = 1; 1035 retval = 1;
@@ -807,7 +1057,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
807 continue; 1057 continue;
808 } 1058 }
809 1059
810 algorithms = mask = algo_strength = mask_strength = 0; 1060 alg_mkey = 0;
1061 alg_auth = 0;
1062 alg_enc = 0;
1063 alg_mac = 0;
1064 alg_ssl = 0;
1065 algo_strength = 0;
811 1066
812 start=l; 1067 start=l;
813 for (;;) 1068 for (;;)
@@ -868,10 +1123,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
868 * sufficient, we have to strncmp() anyway. (We cannot 1123 * sufficient, we have to strncmp() anyway. (We cannot
869 * use strcmp(), because buf is not '\0' terminated.) 1124 * use strcmp(), because buf is not '\0' terminated.)
870 */ 1125 */
871 j = found = 0; 1126 j = found = 0;
872 cipher_id = 0; 1127 cipher_id = 0;
873 ssl_version = 0; 1128 while (ca_list[j])
874 while (ca_list[j])
875 { 1129 {
876 if (!strncmp(buf, ca_list[j]->name, buflen) && 1130 if (!strncmp(buf, ca_list[j]->name, buflen) &&
877 (ca_list[j]->name[buflen] == '\0')) 1131 (ca_list[j]->name[buflen] == '\0'))
@@ -882,31 +1136,100 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
882 else 1136 else
883 j++; 1137 j++;
884 } 1138 }
1139
885 if (!found) 1140 if (!found)
886 break; /* ignore this entry */ 1141 break; /* ignore this entry */
887 1142
888 /* New algorithms: 1143 if (ca_list[j]->algorithm_mkey)
889 * 1 - any old restrictions apply outside new mask 1144 {
890 * 2 - any new restrictions apply outside old mask 1145 if (alg_mkey)
891 * 3 - enforce old & new where masks intersect 1146 {
892 */ 1147 alg_mkey &= ca_list[j]->algorithm_mkey;
893 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */ 1148 if (!alg_mkey) { found = 0; break; }
894 (ca_list[j]->algorithms & ~mask) | /* 2 */ 1149 }
895 (algorithms & ca_list[j]->algorithms); /* 3 */ 1150 else
896 mask |= ca_list[j]->mask; 1151 alg_mkey = ca_list[j]->algorithm_mkey;
897 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) | 1152 }
898 (ca_list[j]->algo_strength & ~mask_strength) | 1153
899 (algo_strength & ca_list[j]->algo_strength); 1154 if (ca_list[j]->algorithm_auth)
900 mask_strength |= ca_list[j]->mask_strength; 1155 {
901 1156 if (alg_auth)
902 /* explicit ciphersuite found */ 1157 {
1158 alg_auth &= ca_list[j]->algorithm_auth;
1159 if (!alg_auth) { found = 0; break; }
1160 }
1161 else
1162 alg_auth = ca_list[j]->algorithm_auth;
1163 }
1164
1165 if (ca_list[j]->algorithm_enc)
1166 {
1167 if (alg_enc)
1168 {
1169 alg_enc &= ca_list[j]->algorithm_enc;
1170 if (!alg_enc) { found = 0; break; }
1171 }
1172 else
1173 alg_enc = ca_list[j]->algorithm_enc;
1174 }
1175
1176 if (ca_list[j]->algorithm_mac)
1177 {
1178 if (alg_mac)
1179 {
1180 alg_mac &= ca_list[j]->algorithm_mac;
1181 if (!alg_mac) { found = 0; break; }
1182 }
1183 else
1184 alg_mac = ca_list[j]->algorithm_mac;
1185 }
1186
1187 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1188 {
1189 if (algo_strength & SSL_EXP_MASK)
1190 {
1191 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1192 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1193 }
1194 else
1195 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1196 }
1197
1198 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1199 {
1200 if (algo_strength & SSL_STRONG_MASK)
1201 {
1202 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1203 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1204 }
1205 else
1206 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1207 }
1208
903 if (ca_list[j]->valid) 1209 if (ca_list[j]->valid)
904 { 1210 {
1211 /* explicit ciphersuite found; its protocol version
1212 * does not become part of the search pattern!*/
1213
905 cipher_id = ca_list[j]->id; 1214 cipher_id = ca_list[j]->id;
906 ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
907 break;
908 } 1215 }
1216 else
1217 {
1218 /* not an explicit ciphersuite; only in this case, the
1219 * protocol version is considered part of the search pattern */
909 1220
1221 if (ca_list[j]->algorithm_ssl)
1222 {
1223 if (alg_ssl)
1224 {
1225 alg_ssl &= ca_list[j]->algorithm_ssl;
1226 if (!alg_ssl) { found = 0; break; }
1227 }
1228 else
1229 alg_ssl = ca_list[j]->algorithm_ssl;
1230 }
1231 }
1232
910 if (!multi) break; 1233 if (!multi) break;
911 } 1234 }
912 1235
@@ -918,8 +1241,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
918 ok = 0; 1241 ok = 0;
919 if ((buflen == 8) && 1242 if ((buflen == 8) &&
920 !strncmp(buf, "STRENGTH", 8)) 1243 !strncmp(buf, "STRENGTH", 8))
921 ok = ssl_cipher_strength_sort(co_list, 1244 ok = ssl_cipher_strength_sort(head_p, tail_p);
922 head_p, tail_p);
923 else 1245 else
924 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1246 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
925 SSL_R_INVALID_COMMAND); 1247 SSL_R_INVALID_COMMAND);
@@ -936,9 +1258,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
936 } 1258 }
937 else if (found) 1259 else if (found)
938 { 1260 {
939 ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, 1261 ssl_cipher_apply_rule(cipher_id,
940 algo_strength, mask_strength, rule, -1, 1262 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
941 co_list, head_p, tail_p); 1263 rule, -1, head_p, tail_p);
942 } 1264 }
943 else 1265 else
944 { 1266 {
@@ -957,12 +1279,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
957 const char *rule_str) 1279 const char *rule_str)
958 { 1280 {
959 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1281 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
960 unsigned long disabled_mask; 1282 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
961 unsigned long disabled_m256;
962 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1283 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
963 const char *rule_p; 1284 const char *rule_p;
964 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 1285 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
965 SSL_CIPHER **ca_list = NULL; 1286 const SSL_CIPHER **ca_list = NULL;
966 1287
967 /* 1288 /*
968 * Return with error if nothing to do. 1289 * Return with error if nothing to do.
@@ -974,12 +1295,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
974 * To reduce the work to do we only want to process the compiled 1295 * To reduce the work to do we only want to process the compiled
975 * in algorithms, so we first get the mask of disabled ciphers. 1296 * in algorithms, so we first get the mask of disabled ciphers.
976 */ 1297 */
977 { 1298 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
978 struct disabled_masks d;
979 d = ssl_cipher_get_disabled();
980 disabled_mask = d.mask;
981 disabled_m256 = d.m256;
982 }
983 1299
984 /* 1300 /*
985 * Now we have to collect the available ciphers from the compiled 1301 * Now we have to collect the available ciphers from the compiled
@@ -997,8 +1313,52 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
997 return(NULL); /* Failure */ 1313 return(NULL); /* Failure */
998 } 1314 }
999 1315
1000 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 1316 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1001 disabled_m256, co_list, &head, &tail); 1317 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1318 co_list, &head, &tail);
1319
1320
1321 /* Now arrange all ciphers by preference: */
1322
1323 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1324 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1325 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1326
1327 /* AES is our preferred symmetric cipher */
1328 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1329
1330 /* Temporarily enable everything else for sorting */
1331 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1332
1333 /* Low priority for MD5 */
1334 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1335
1336 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1337 * (For applications that allow them, they aren't too bad, but we prefer
1338 * authenticated ciphers.) */
1339 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1340
1341 /* Move ciphers without forward secrecy to the end */
1342 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1343 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1344 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1345 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1346 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1347
1348 /* RC4 is sort-of broken -- move the the end */
1349 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1350
1351 /* Now sort by symmetric encryption strength. The above ordering remains
1352 * in force within each class */
1353 if (!ssl_cipher_strength_sort(&head, &tail))
1354 {
1355 OPENSSL_free(co_list);
1356 return NULL;
1357 }
1358
1359 /* Now disable everything (maintaining the ordering!) */
1360 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1361
1002 1362
1003 /* 1363 /*
1004 * We also need cipher aliases for selecting based on the rule_str. 1364 * We also need cipher aliases for selecting based on the rule_str.
@@ -1010,8 +1370,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1010 */ 1370 */
1011 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1371 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1012 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1372 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1013 ca_list = 1373 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1014 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1015 if (ca_list == NULL) 1374 if (ca_list == NULL)
1016 { 1375 {
1017 OPENSSL_free(co_list); 1376 OPENSSL_free(co_list);
@@ -1019,7 +1378,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1019 return(NULL); /* Failure */ 1378 return(NULL); /* Failure */
1020 } 1379 }
1021 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1380 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1022 (disabled_mask & disabled_m256), head); 1381 disabled_mkey, disabled_auth, disabled_enc,
1382 disabled_mac, disabled_ssl, head);
1023 1383
1024 /* 1384 /*
1025 * If the rule_string begins with DEFAULT, apply the default rule 1385 * If the rule_string begins with DEFAULT, apply the default rule
@@ -1030,23 +1390,23 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1030 if (strncmp(rule_str,"DEFAULT",7) == 0) 1390 if (strncmp(rule_str,"DEFAULT",7) == 0)
1031 { 1391 {
1032 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1392 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1033 co_list, &head, &tail, ca_list); 1393 &head, &tail, ca_list);
1034 rule_p += 7; 1394 rule_p += 7;
1035 if (*rule_p == ':') 1395 if (*rule_p == ':')
1036 rule_p++; 1396 rule_p++;
1037 } 1397 }
1038 1398
1039 if (ok && (strlen(rule_p) > 0)) 1399 if (ok && (strlen(rule_p) > 0))
1040 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, 1400 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1041 ca_list);
1042 1401
1043 OPENSSL_free(ca_list); /* Not needed anymore */ 1402 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1044 1403
1045 if (!ok) 1404 if (!ok)
1046 { /* Rule processing failure */ 1405 { /* Rule processing failure */
1047 OPENSSL_free(co_list); 1406 OPENSSL_free(co_list);
1048 return(NULL); 1407 return(NULL);
1049 } 1408 }
1409
1050 /* 1410 /*
1051 * Allocate new "cipherstack" for the result, return with error 1411 * Allocate new "cipherstack" for the result, return with error
1052 * if we cannot get one. 1412 * if we cannot get one.
@@ -1063,11 +1423,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1063 */ 1423 */
1064 for (curr = head; curr != NULL; curr = curr->next) 1424 for (curr = head; curr != NULL; curr = curr->next)
1065 { 1425 {
1066#ifdef OPENSSL_FIPS
1067 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1068#else
1069 if (curr->active) 1426 if (curr->active)
1070#endif
1071 { 1427 {
1072 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1428 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1073#ifdef CIPHER_DEBUG 1429#ifdef CIPHER_DEBUG
@@ -1091,22 +1447,28 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1091 *cipher_list_by_id = tmp_cipher_list; 1447 *cipher_list_by_id = tmp_cipher_list;
1092 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 1448 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1093 1449
1450 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1094 return(cipherstack); 1451 return(cipherstack);
1095 } 1452 }
1096 1453
1097char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 1454char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1098 { 1455 {
1099 int is_export,pkl,kl; 1456 int is_export,pkl,kl;
1100 const char *ver,*exp_str; 1457 const char *ver,*exp_str;
1101 const char *kx,*au,*enc,*mac; 1458 const char *kx,*au,*enc,*mac;
1102 unsigned long alg,alg2,alg_s; 1459 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
1103#ifdef KSSL_DEBUG 1460#ifdef KSSL_DEBUG
1104 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; 1461 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1105#else 1462#else
1106 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1463 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1107#endif /* KSSL_DEBUG */ 1464#endif /* KSSL_DEBUG */
1108 1465
1109 alg=cipher->algorithms; 1466 alg_mkey = cipher->algorithm_mkey;
1467 alg_auth = cipher->algorithm_auth;
1468 alg_enc = cipher->algorithm_enc;
1469 alg_mac = cipher->algorithm_mac;
1470 alg_ssl = cipher->algorithm_ssl;
1471
1110 alg_s=cipher->algo_strength; 1472 alg_s=cipher->algo_strength;
1111 alg2=cipher->algorithm2; 1473 alg2=cipher->algorithm2;
1112 1474
@@ -1115,14 +1477,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1115 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 1477 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1116 exp_str=is_export?" export":""; 1478 exp_str=is_export?" export":"";
1117 1479
1118 if (alg & SSL_SSLV2) 1480 if (alg_ssl & SSL_SSLV2)
1119 ver="SSLv2"; 1481 ver="SSLv2";
1120 else if (alg & SSL_SSLV3) 1482 else if (alg_ssl & SSL_SSLV3)
1121 ver="SSLv3"; 1483 ver="SSLv3";
1122 else 1484 else
1123 ver="unknown"; 1485 ver="unknown";
1124 1486
1125 switch (alg&SSL_MKEY_MASK) 1487 switch (alg_mkey)
1126 { 1488 {
1127 case SSL_kRSA: 1489 case SSL_kRSA:
1128 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1490 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
@@ -1133,25 +1495,29 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1133 case SSL_kDHd: 1495 case SSL_kDHd:
1134 kx="DH/DSS"; 1496 kx="DH/DSS";
1135 break; 1497 break;
1136 case SSL_kKRB5: /* VRS */ 1498 case SSL_kKRB5:
1137 case SSL_KRB5: /* VRS */ 1499 kx="KRB5";
1138 kx="KRB5";
1139 break;
1140 case SSL_kFZA:
1141 kx="Fortezza";
1142 break; 1500 break;
1143 case SSL_kEDH: 1501 case SSL_kEDH:
1144 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1502 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1145 break; 1503 break;
1146 case SSL_kECDH: 1504 case SSL_kECDHr:
1147 case SSL_kECDHE: 1505 kx="ECDH/RSA";
1148 kx=is_export?"ECDH(<=163)":"ECDH"; 1506 break;
1507 case SSL_kECDHe:
1508 kx="ECDH/ECDSA";
1509 break;
1510 case SSL_kEECDH:
1511 kx="ECDH";
1512 break;
1513 case SSL_kPSK:
1514 kx="PSK";
1149 break; 1515 break;
1150 default: 1516 default:
1151 kx="unknown"; 1517 kx="unknown";
1152 } 1518 }
1153 1519
1154 switch (alg&SSL_AUTH_MASK) 1520 switch (alg_auth)
1155 { 1521 {
1156 case SSL_aRSA: 1522 case SSL_aRSA:
1157 au="RSA"; 1523 au="RSA";
@@ -1162,23 +1528,27 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1162 case SSL_aDH: 1528 case SSL_aDH:
1163 au="DH"; 1529 au="DH";
1164 break; 1530 break;
1165 case SSL_aKRB5: /* VRS */ 1531 case SSL_aKRB5:
1166 case SSL_KRB5: /* VRS */ 1532 au="KRB5";
1167 au="KRB5"; 1533 break;
1168 break; 1534 case SSL_aECDH:
1169 case SSL_aFZA: 1535 au="ECDH";
1536 break;
1170 case SSL_aNULL: 1537 case SSL_aNULL:
1171 au="None"; 1538 au="None";
1172 break; 1539 break;
1173 case SSL_aECDSA: 1540 case SSL_aECDSA:
1174 au="ECDSA"; 1541 au="ECDSA";
1175 break; 1542 break;
1543 case SSL_aPSK:
1544 au="PSK";
1545 break;
1176 default: 1546 default:
1177 au="unknown"; 1547 au="unknown";
1178 break; 1548 break;
1179 } 1549 }
1180 1550
1181 switch (alg&SSL_ENC_MASK) 1551 switch (alg_enc)
1182 { 1552 {
1183 case SSL_DES: 1553 case SSL_DES:
1184 enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 1554 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
@@ -1196,39 +1566,30 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1196 case SSL_IDEA: 1566 case SSL_IDEA:
1197 enc="IDEA(128)"; 1567 enc="IDEA(128)";
1198 break; 1568 break;
1199 case SSL_eFZA:
1200 enc="Fortezza";
1201 break;
1202 case SSL_eNULL: 1569 case SSL_eNULL:
1203 enc="None"; 1570 enc="None";
1204 break; 1571 break;
1205 case SSL_AES: 1572 case SSL_AES128:
1206 switch(cipher->strength_bits) 1573 enc="AES(128)";
1207 {
1208 case 128: enc="AES(128)"; break;
1209 case 192: enc="AES(192)"; break;
1210 case 256: enc="AES(256)"; break;
1211 default: enc="AES(?""?""?)"; break;
1212 }
1213 break; 1574 break;
1214 case SSL_CAMELLIA: 1575 case SSL_AES256:
1215 switch(cipher->strength_bits) 1576 enc="AES(256)";
1216 { 1577 break;
1217 case 128: enc="Camellia(128)"; break; 1578 case SSL_CAMELLIA128:
1218 case 256: enc="Camellia(256)"; break; 1579 enc="Camellia(128)";
1219 default: enc="Camellia(?""?""?)"; break; 1580 break;
1220 } 1581 case SSL_CAMELLIA256:
1582 enc="Camellia(256)";
1221 break; 1583 break;
1222 case SSL_SEED: 1584 case SSL_SEED:
1223 enc="SEED(128)"; 1585 enc="SEED(128)";
1224 break; 1586 break;
1225
1226 default: 1587 default:
1227 enc="unknown"; 1588 enc="unknown";
1228 break; 1589 break;
1229 } 1590 }
1230 1591
1231 switch (alg&SSL_MAC_MASK) 1592 switch (alg_mac)
1232 { 1593 {
1233 case SSL_MD5: 1594 case SSL_MD5:
1234 mac="MD5"; 1595 mac="MD5";
@@ -1251,7 +1612,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1251 return("Buffer too small"); 1612 return("Buffer too small");
1252 1613
1253#ifdef KSSL_DEBUG 1614#ifdef KSSL_DEBUG
1254 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); 1615 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1255#else 1616#else
1256 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 1617 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1257#endif /* KSSL_DEBUG */ 1618#endif /* KSSL_DEBUG */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 20:56:01 +0000