summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
authorjsing <>2014-04-14 13:10:35 +0000
committerjsing <>2014-04-14 13:10:35 +0000
commitb12a89b75a526f5ae9bbd6bfff6053e21295fd2a (patch)
tree7ee2ebf15684ee99e649ef8b3b2dd289398f6325 /src/lib/libssl/ssl_ciph.c
parentabb7d374248574dba5fd92eb363fdf180c877abc (diff)
downloadopenbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.gz
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.tar.bz2
openbsd-b12a89b75a526f5ae9bbd6bfff6053e21295fd2a.zip
First pass at applying KNF to the OpenSSL code, which almost makes it
readable. This pass is whitespace only and can readily be verified using tr and md5.
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c1393
1 files changed, 680 insertions, 713 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 0aba8e048c..f37c70cf91 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -167,15 +167,15 @@
167#define SSL_ENC_NUM_IDX 14 167#define SSL_ENC_NUM_IDX 14
168 168
169 169
170static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 170static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
171 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL 171 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
172 }; 172};
173 173
174#define SSL_COMP_NULL_IDX 0 174#define SSL_COMP_NULL_IDX 0
175#define SSL_COMP_ZLIB_IDX 1 175#define SSL_COMP_ZLIB_IDX 1
176#define SSL_COMP_NUM_IDX 2 176#define SSL_COMP_NUM_IDX 2
177 177
178static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 178static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
179 179
180#define SSL_MD_MD5_IDX 0 180#define SSL_MD_MD5_IDX 0
181#define SSL_MD_SHA1_IDX 1 181#define SSL_MD_SHA1_IDX 1
@@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
187 * defined in the 187 * defined in the
188 * ssl_locl.h */ 188 * ssl_locl.h */
189#define SSL_MD_NUM_IDX SSL_MAX_DIGEST 189#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
190static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 190static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
191 NULL,NULL,NULL,NULL,NULL,NULL 191 NULL, NULL, NULL, NULL, NULL, NULL
192 }; 192};
193/* PKEY_TYPE for GOST89MAC is known in advance, but, because 193/* PKEY_TYPE for GOST89MAC is known in advance, but, because
194 * implementation is engine-provided, we'll fill it only if 194 * implementation is engine-provided, we'll fill it only if
195 * corresponding EVP_PKEY_METHOD is found 195 * corresponding EVP_PKEY_METHOD is found
196 */ 196 */
197static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ 197static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
198 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, 198 EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
199 EVP_PKEY_HMAC,EVP_PKEY_HMAC 199 EVP_PKEY_HMAC, EVP_PKEY_HMAC
200 }; 200};
201 201
202static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ 202static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
203 0,0,0,0,0,0 203 0, 0, 0, 0, 0, 0
204 }; 204};
205 205
206static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ 206static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
207 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, 207 SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
208 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, 208 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
209 SSL_HANDSHAKE_MAC_SHA384 209 SSL_HANDSHAKE_MAC_SHA384
210 }; 210};
211 211
212#define CIPHER_ADD 1 212#define CIPHER_ADD 1
213#define CIPHER_KILL 2 213#define CIPHER_KILL 2
@@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
215#define CIPHER_ORD 4 215#define CIPHER_ORD 4
216#define CIPHER_SPECIAL 5 216#define CIPHER_SPECIAL 5
217 217
218typedef struct cipher_order_st 218typedef struct cipher_order_st {
219 {
220 const SSL_CIPHER *cipher; 219 const SSL_CIPHER *cipher;
221 int active; 220 int active;
222 int dead; 221 int dead;
223 struct cipher_order_st *next,*prev; 222 struct cipher_order_st *next, *prev;
224 } CIPHER_ORDER; 223} CIPHER_ORDER;
225 224
226static const SSL_CIPHER cipher_aliases[]={ 225static const SSL_CIPHER cipher_aliases[] = {
227 /* "ALL" doesn't include eNULL (must be specifically enabled) */ 226 /* "ALL" doesn't include eNULL (must be specifically enabled) */
228 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, 227 {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
229 /* "COMPLEMENTOFALL" */ 228 /* "COMPLEMENTOFALL" */
230 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, 229 {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
231 230
232 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ 231 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
233 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, 232 {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0},
234 233
235 /* key exchange aliases 234 /* key exchange aliases
236 * (some of those using only a single bit here combine 235 * (some of those using only a single bit here combine
237 * multiple key exchange algs according to the RFCs, 236 * multiple key exchange algs according to the RFCs,
238 * e.g. kEDH combines DHE_DSS and DHE_RSA) */ 237 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
239 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, 238 {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
240 239
241 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 240 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 241 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 242 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
244 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, 243 {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
245 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, 244 {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
246 245
247 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, 246 {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
248 247
249 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, 248 {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
250 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, 249 {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
251 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, 250 {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
252 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, 251 {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
253 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, 252 {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
254 253
255 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, 254 {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
256 {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, 255 {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
257 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, 256 {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
258 257
259 /* server authentication aliases */ 258 /* server authentication aliases */
260 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, 259 {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
261 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, 260 {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
262 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, 261 {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
263 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, 262 {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
264 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, 263 {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
265 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 264 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
266 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, 265 {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
267 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, 266 {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
268 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, 267 {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
269 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, 268 {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
270 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, 269 {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
271 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, 270 {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
272 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, 271 {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
273 272
274 /* aliases combining key exchange and server authentication */ 273 /* aliases combining key exchange and server authentication */
275 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, 274 {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
276 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, 275 {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
277 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, 276 {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
278 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, 277 {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
279 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, 278 {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
280 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, 279 {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
281 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, 280 {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
282 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, 281 {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
283 {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, 282 {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
284 283
285 284
286 /* symmetric encryption aliases */ 285 /* symmetric encryption aliases */
287 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, 286 {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},
288 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, 287 {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0},
289 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, 288 {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0},
290 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, 289 {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0},
291 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, 290 {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
292 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, 291 {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
293 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, 292 {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
294 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, 293 {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0},
295 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, 294 {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0},
296 {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, 295 {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
297 {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, 296 {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0},
298 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, 297 {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
299 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, 298 {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
300 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, 299 {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
301 300
302 /* MAC aliases */ 301 /* MAC aliases */
303 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, 302 {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0},
304 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, 303 {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
305 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, 304 {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
306 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, 305 {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0},
307 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, 306 {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0},
308 {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, 307 {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0},
309 {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, 308 {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0},
310 309
311 /* protocol version aliases */ 310 /* protocol version aliases */
312 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, 311 {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0},
313 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, 312 {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
314 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, 313 {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
315 {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, 314 {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
316 315
317 /* export flag */ 316 /* export flag */
318 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, 317 {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
319 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, 318 {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
320 319
321 /* strength classes */ 320 /* strength classes */
322 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, 321 {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
323 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, 322 {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
324 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, 323 {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
325 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, 324 {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
326 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, 325 {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
327 /* FIPS 140-2 approved ciphersuite */ 326 /* FIPS 140-2 approved ciphersuite */
328 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, 327 {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
329 }; 328};
330/* Search for public key algorithm with given name and 329/* Search for public key algorithm with given name and
331 * return its pkey_id if it is available. Otherwise return 0 330 * return its pkey_id if it is available. Otherwise return 0
332 */ 331 */
333#ifdef OPENSSL_NO_ENGINE 332#ifdef OPENSSL_NO_ENGINE
334 333
335static int get_optional_pkey_id(const char *pkey_name) 334static int
336 { 335get_optional_pkey_id(const char *pkey_name)
336{
337 const EVP_PKEY_ASN1_METHOD *ameth; 337 const EVP_PKEY_ASN1_METHOD *ameth;
338 int pkey_id=0; 338 int pkey_id = 0;
339 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); 339 ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
340 if (ameth) 340 if (ameth) {
341 { 341 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
342 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
343 }
344 return pkey_id;
345 } 342 }
343 return pkey_id;
344}
346 345
347#else 346#else
348 347
349static int get_optional_pkey_id(const char *pkey_name) 348static int
350 { 349get_optional_pkey_id(const char *pkey_name)
350{
351 const EVP_PKEY_ASN1_METHOD *ameth; 351 const EVP_PKEY_ASN1_METHOD *ameth;
352 ENGINE *tmpeng = NULL; 352 ENGINE *tmpeng = NULL;
353 int pkey_id=0; 353 int pkey_id = 0;
354 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); 354 ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
355 if (ameth) 355 if (ameth) {
356 { 356 EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
357 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
358 }
359 if (tmpeng) ENGINE_finish(tmpeng);
360 return pkey_id;
361 } 357 }
358 if (tmpeng)
359 ENGINE_finish(tmpeng);
360 return pkey_id;
361}
362 362
363#endif 363#endif
364 364
365void ssl_load_ciphers(void) 365void
366 { 366ssl_load_ciphers(void)
367 ssl_cipher_methods[SSL_ENC_DES_IDX]= 367{
368 EVP_get_cipherbyname(SN_des_cbc); 368 ssl_cipher_methods[SSL_ENC_DES_IDX]=
369 EVP_get_cipherbyname(SN_des_cbc);
369 ssl_cipher_methods[SSL_ENC_3DES_IDX]= 370 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
370 EVP_get_cipherbyname(SN_des_ede3_cbc); 371 EVP_get_cipherbyname(SN_des_ede3_cbc);
371 ssl_cipher_methods[SSL_ENC_RC4_IDX]= 372 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
372 EVP_get_cipherbyname(SN_rc4); 373 EVP_get_cipherbyname(SN_rc4);
373 ssl_cipher_methods[SSL_ENC_RC2_IDX]= 374 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
374 EVP_get_cipherbyname(SN_rc2_cbc); 375 EVP_get_cipherbyname(SN_rc2_cbc);
375#ifndef OPENSSL_NO_IDEA 376#ifndef OPENSSL_NO_IDEA
376 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 377 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
377 EVP_get_cipherbyname(SN_idea_cbc); 378 EVP_get_cipherbyname(SN_idea_cbc);
378#else 379#else
379 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; 380 ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
380#endif 381#endif
381 ssl_cipher_methods[SSL_ENC_AES128_IDX]= 382 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
382 EVP_get_cipherbyname(SN_aes_128_cbc); 383 EVP_get_cipherbyname(SN_aes_128_cbc);
383 ssl_cipher_methods[SSL_ENC_AES256_IDX]= 384 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
384 EVP_get_cipherbyname(SN_aes_256_cbc); 385 EVP_get_cipherbyname(SN_aes_256_cbc);
385 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= 386 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
386 EVP_get_cipherbyname(SN_camellia_128_cbc); 387 EVP_get_cipherbyname(SN_camellia_128_cbc);
387 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 388 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
388 EVP_get_cipherbyname(SN_camellia_256_cbc); 389 EVP_get_cipherbyname(SN_camellia_256_cbc);
389 ssl_cipher_methods[SSL_ENC_GOST89_IDX]= 390 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
390 EVP_get_cipherbyname(SN_gost89_cnt); 391 EVP_get_cipherbyname(SN_gost89_cnt);
391 ssl_cipher_methods[SSL_ENC_SEED_IDX]= 392 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
392 EVP_get_cipherbyname(SN_seed_cbc); 393 EVP_get_cipherbyname(SN_seed_cbc);
393 394
394 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= 395 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
395 EVP_get_cipherbyname(SN_aes_128_gcm); 396 EVP_get_cipherbyname(SN_aes_128_gcm);
396 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= 397 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
397 EVP_get_cipherbyname(SN_aes_256_gcm); 398 EVP_get_cipherbyname(SN_aes_256_gcm);
398 399
399 ssl_digest_methods[SSL_MD_MD5_IDX]= 400 ssl_digest_methods[SSL_MD_MD5_IDX]=
400 EVP_get_digestbyname(SN_md5); 401 EVP_get_digestbyname(SN_md5);
401 ssl_mac_secret_size[SSL_MD_MD5_IDX]= 402 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
402 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); 403 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
403 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); 404 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
404 ssl_digest_methods[SSL_MD_SHA1_IDX]= 405 ssl_digest_methods[SSL_MD_SHA1_IDX]=
405 EVP_get_digestbyname(SN_sha1); 406 EVP_get_digestbyname(SN_sha1);
406 ssl_mac_secret_size[SSL_MD_SHA1_IDX]= 407 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
407 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); 408 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
408 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); 409 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
409 ssl_digest_methods[SSL_MD_GOST94_IDX]= 410 ssl_digest_methods[SSL_MD_GOST94_IDX]=
410 EVP_get_digestbyname(SN_id_GostR3411_94); 411 EVP_get_digestbyname(SN_id_GostR3411_94);
411 if (ssl_digest_methods[SSL_MD_GOST94_IDX]) 412 if (ssl_digest_methods[SSL_MD_GOST94_IDX]) {
412 {
413 ssl_mac_secret_size[SSL_MD_GOST94_IDX]= 413 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
414 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); 414 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
415 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); 415 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
416 } 416 }
417 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= 417 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
418 EVP_get_digestbyname(SN_id_Gost28147_89_MAC); 418 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
419 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); 419 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
420 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { 420 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
421 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; 421 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
422 } 422 }
423 423
424 ssl_digest_methods[SSL_MD_SHA256_IDX]= 424 ssl_digest_methods[SSL_MD_SHA256_IDX]=
425 EVP_get_digestbyname(SN_sha256); 425 EVP_get_digestbyname(SN_sha256);
426 ssl_mac_secret_size[SSL_MD_SHA256_IDX]= 426 ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
427 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); 427 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
428 ssl_digest_methods[SSL_MD_SHA384_IDX]= 428 ssl_digest_methods[SSL_MD_SHA384_IDX]=
429 EVP_get_digestbyname(SN_sha384); 429 EVP_get_digestbyname(SN_sha384);
430 ssl_mac_secret_size[SSL_MD_SHA384_IDX]= 430 ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
431 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 431 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
432 } 432}
433#ifndef OPENSSL_NO_COMP 433#ifndef OPENSSL_NO_COMP
434 434
435static int sk_comp_cmp(const SSL_COMP * const *a, 435static int
436 const SSL_COMP * const *b) 436sk_comp_cmp(const SSL_COMP * const *a,
437 { 437 const SSL_COMP * const *b)
438 return((*a)->id-(*b)->id); 438{
439 } 439 return ((*a)->id - (*b)->id);
440}
440 441
441static void load_builtin_compressions(void) 442static void
442 { 443load_builtin_compressions(void)
444{
443 int got_write_lock = 0; 445 int got_write_lock = 0;
444 446
445 CRYPTO_r_lock(CRYPTO_LOCK_SSL); 447 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
446 if (ssl_comp_methods == NULL) 448 if (ssl_comp_methods == NULL) {
447 {
448 CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 449 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
449 CRYPTO_w_lock(CRYPTO_LOCK_SSL); 450 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
450 got_write_lock = 1; 451 got_write_lock = 1;
451 452
452 if (ssl_comp_methods == NULL) 453 if (ssl_comp_methods == NULL) {
453 {
454 SSL_COMP *comp = NULL; 454 SSL_COMP *comp = NULL;
455 455
456 MemCheck_off(); 456 MemCheck_off();
457 ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); 457 ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
458 if (ssl_comp_methods != NULL) 458 if (ssl_comp_methods != NULL) {
459 { 459 comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
460 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 460 if (comp != NULL) {
461 if (comp != NULL) 461 comp->method = COMP_zlib();
462 {
463 comp->method=COMP_zlib();
464 if (comp->method 462 if (comp->method
465 && comp->method->type == NID_undef) 463 && comp->method->type == NID_undef)
466 OPENSSL_free(comp); 464 OPENSSL_free(comp);
467 else 465 else {
468 { 466 comp->id = SSL_COMP_ZLIB_IDX;
469 comp->id=SSL_COMP_ZLIB_IDX; 467 comp->name = comp->method->name;
470 comp->name=comp->method->name; 468 sk_SSL_COMP_push(ssl_comp_methods, comp);
471 sk_SSL_COMP_push(ssl_comp_methods,comp);
472 }
473 } 469 }
474 sk_SSL_COMP_sort(ssl_comp_methods);
475 } 470 }
476 MemCheck_on(); 471 sk_SSL_COMP_sort(ssl_comp_methods);
477 } 472 }
473 MemCheck_on();
478 } 474 }
479 475 }
476
480 if (got_write_lock) 477 if (got_write_lock)
481 CRYPTO_w_unlock(CRYPTO_LOCK_SSL); 478 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
482 else 479 else
483 CRYPTO_r_unlock(CRYPTO_LOCK_SSL); 480 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
484 } 481}
485#endif 482#endif
486 483
487int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 484int
488 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) 485ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
489 { 486 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp)
487{
490 int i; 488 int i;
491 const SSL_CIPHER *c; 489 const SSL_CIPHER *c;
492 490
493 c=s->cipher; 491 c = s->cipher;
494 if (c == NULL) return(0); 492 if (c == NULL)
495 if (comp != NULL) 493 return (0);
496 { 494 if (comp != NULL) {
497 SSL_COMP ctmp; 495 SSL_COMP ctmp;
498#ifndef OPENSSL_NO_COMP 496#ifndef OPENSSL_NO_COMP
499 load_builtin_compressions(); 497 load_builtin_compressions();
500#endif 498#endif
501 499
502 *comp=NULL; 500 *comp = NULL;
503 ctmp.id=s->compress_meth; 501 ctmp.id = s->compress_meth;
504 if (ssl_comp_methods != NULL) 502 if (ssl_comp_methods != NULL) {
505 { 503 i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
506 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
507 if (i >= 0) 504 if (i >= 0)
508 *comp=sk_SSL_COMP_value(ssl_comp_methods,i); 505 *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
509 else 506 else
510 *comp=NULL; 507 *comp = NULL;
511 }
512 } 508 }
509 }
513 510
514 if ((enc == NULL) || (md == NULL)) return(0); 511 if ((enc == NULL)
512 || (md == NULL)) return (0);
515 513
516 switch (c->algorithm_enc) 514 switch (c->algorithm_enc) {
517 {
518 case SSL_DES: 515 case SSL_DES:
519 i=SSL_ENC_DES_IDX; 516 i = SSL_ENC_DES_IDX;
520 break; 517 break;
521 case SSL_3DES: 518 case SSL_3DES:
522 i=SSL_ENC_3DES_IDX; 519 i = SSL_ENC_3DES_IDX;
523 break; 520 break;
524 case SSL_RC4: 521 case SSL_RC4:
525 i=SSL_ENC_RC4_IDX; 522 i = SSL_ENC_RC4_IDX;
526 break; 523 break;
527 case SSL_RC2: 524 case SSL_RC2:
528 i=SSL_ENC_RC2_IDX; 525 i = SSL_ENC_RC2_IDX;
529 break; 526 break;
530 case SSL_IDEA: 527 case SSL_IDEA:
531 i=SSL_ENC_IDEA_IDX; 528 i = SSL_ENC_IDEA_IDX;
532 break; 529 break;
533 case SSL_eNULL: 530 case SSL_eNULL:
534 i=SSL_ENC_NULL_IDX; 531 i = SSL_ENC_NULL_IDX;
535 break; 532 break;
536 case SSL_AES128: 533 case SSL_AES128:
537 i=SSL_ENC_AES128_IDX; 534 i = SSL_ENC_AES128_IDX;
538 break; 535 break;
539 case SSL_AES256: 536 case SSL_AES256:
540 i=SSL_ENC_AES256_IDX; 537 i = SSL_ENC_AES256_IDX;
541 break; 538 break;
542 case SSL_CAMELLIA128: 539 case SSL_CAMELLIA128:
543 i=SSL_ENC_CAMELLIA128_IDX; 540 i = SSL_ENC_CAMELLIA128_IDX;
544 break; 541 break;
545 case SSL_CAMELLIA256: 542 case SSL_CAMELLIA256:
546 i=SSL_ENC_CAMELLIA256_IDX; 543 i = SSL_ENC_CAMELLIA256_IDX;
547 break; 544 break;
548 case SSL_eGOST2814789CNT: 545 case SSL_eGOST2814789CNT:
549 i=SSL_ENC_GOST89_IDX; 546 i = SSL_ENC_GOST89_IDX;
550 break; 547 break;
551 case SSL_SEED: 548 case SSL_SEED:
552 i=SSL_ENC_SEED_IDX; 549 i = SSL_ENC_SEED_IDX;
553 break; 550 break;
554 case SSL_AES128GCM: 551 case SSL_AES128GCM:
555 i=SSL_ENC_AES128GCM_IDX; 552 i = SSL_ENC_AES128GCM_IDX;
556 break; 553 break;
557 case SSL_AES256GCM: 554 case SSL_AES256GCM:
558 i=SSL_ENC_AES256GCM_IDX; 555 i = SSL_ENC_AES256GCM_IDX;
559 break; 556 break;
560 default: 557 default:
561 i= -1; 558 i = -1;
562 break; 559 break;
563 } 560 }
564 561
565 if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 562 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
566 *enc=NULL; 563 *enc = NULL;
567 else 564 else {
568 {
569 if (i == SSL_ENC_NULL_IDX) 565 if (i == SSL_ENC_NULL_IDX)
570 *enc=EVP_enc_null(); 566 *enc = EVP_enc_null();
571 else 567 else
572 *enc=ssl_cipher_methods[i]; 568 *enc = ssl_cipher_methods[i];
573 } 569 }
574 570
575 switch (c->algorithm_mac) 571 switch (c->algorithm_mac) {
576 {
577 case SSL_MD5: 572 case SSL_MD5:
578 i=SSL_MD_MD5_IDX; 573 i = SSL_MD_MD5_IDX;
579 break; 574 break;
580 case SSL_SHA1: 575 case SSL_SHA1:
581 i=SSL_MD_SHA1_IDX; 576 i = SSL_MD_SHA1_IDX;
582 break; 577 break;
583 case SSL_SHA256: 578 case SSL_SHA256:
584 i=SSL_MD_SHA256_IDX; 579 i = SSL_MD_SHA256_IDX;
585 break; 580 break;
586 case SSL_SHA384: 581 case SSL_SHA384:
587 i=SSL_MD_SHA384_IDX; 582 i = SSL_MD_SHA384_IDX;
588 break; 583 break;
589 case SSL_GOST94: 584 case SSL_GOST94:
590 i = SSL_MD_GOST94_IDX; 585 i = SSL_MD_GOST94_IDX;
@@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
593 i = SSL_MD_GOST89MAC_IDX; 588 i = SSL_MD_GOST89MAC_IDX;
594 break; 589 break;
595 default: 590 default:
596 i= -1; 591 i = -1;
597 break; 592 break;
598 } 593 }
599 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 594 if ((i < 0) || (i > SSL_MD_NUM_IDX)) {
600 { 595 *md = NULL;
601 *md=NULL; 596
602 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; 597 if (mac_pkey_type != NULL)
603 if (mac_secret_size!=NULL) *mac_secret_size = 0; 598 *mac_pkey_type = NID_undef;
599 if (mac_secret_size != NULL)
600 *mac_secret_size = 0;
604 if (c->algorithm_mac == SSL_AEAD) 601 if (c->algorithm_mac == SSL_AEAD)
605 mac_pkey_type = NULL; 602 mac_pkey_type = NULL;
606 } 603 } else {
607 else 604 *md = ssl_digest_methods[i];
608 { 605 if (mac_pkey_type != NULL)
609 *md=ssl_digest_methods[i]; 606 *mac_pkey_type = ssl_mac_pkey_id[i];
610 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; 607 if (mac_secret_size != NULL)
611 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; 608 *mac_secret_size = ssl_mac_secret_size[i];
612 } 609 }
613 610
614 if ((*enc != NULL) && 611 if ((*enc != NULL) &&
615 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && 612 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
616 (!mac_pkey_type||*mac_pkey_type != NID_undef)) 613 (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
617 {
618 const EVP_CIPHER *evp; 614 const EVP_CIPHER *evp;
619 615
620 if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || 616 if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
621 s->ssl_version < TLS1_VERSION) 617 s->ssl_version < TLS1_VERSION)
622 return 1; 618 return 1;
623 619
624#ifdef OPENSSL_FIPS 620#ifdef OPENSSL_FIPS
625 if (FIPS_mode()) 621 if (FIPS_mode())
626 return 1; 622 return 1;
627#endif 623#endif
628 624
629 if (c->algorithm_enc == SSL_RC4 && 625 if (c->algorithm_enc == SSL_RC4 &&
630 c->algorithm_mac == SSL_MD5 && 626 c->algorithm_mac == SSL_MD5 &&
631 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) 627 (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
632 *enc = evp, *md = NULL; 628 *enc = evp, *md = NULL;
633 else if (c->algorithm_enc == SSL_AES128 && 629 else if (c->algorithm_enc == SSL_AES128 &&
634 c->algorithm_mac == SSL_SHA1 && 630 c->algorithm_mac == SSL_SHA1 &&
635 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) 631 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
636 *enc = evp, *md = NULL; 632 *enc = evp, *md = NULL;
637 else if (c->algorithm_enc == SSL_AES256 && 633 else if (c->algorithm_enc == SSL_AES256 &&
638 c->algorithm_mac == SSL_SHA1 && 634 c->algorithm_mac == SSL_SHA1 &&
639 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) 635 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
640 *enc = evp, *md = NULL; 636 *enc = evp, *md = NULL;
641 return(1); 637 return (1);
642 } 638 } else
643 else 639 return (0);
644 return(0); 640}
645 }
646 641
647int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 642int
643ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
648{ 644{
649 if (idx <0||idx>=SSL_MD_NUM_IDX) 645 if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
650 {
651 return 0; 646 return 0;
652 } 647 }
653 *mask = ssl_handshake_digest_flag[idx]; 648 *mask = ssl_handshake_digest_flag[idx];
654 if (*mask) 649 if (*mask)
655 *md = ssl_digest_methods[idx]; 650 *md = ssl_digest_methods[idx];
@@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
661#define ITEM_SEP(a) \ 656#define ITEM_SEP(a) \
662 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 657 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
663 658
664static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, 659static void
665 CIPHER_ORDER **tail) 660ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
666 { 661 CIPHER_ORDER **tail)
667 if (curr == *tail) return; 662{
663 if (curr == *tail)
664 return;
668 if (curr == *head) 665 if (curr == *head)
669 *head=curr->next; 666 *head = curr->next;
670 if (curr->prev != NULL) 667 if (curr->prev != NULL)
671 curr->prev->next=curr->next; 668 curr->prev->next = curr->next;
672 if (curr->next != NULL) 669 if (curr->next != NULL)
673 curr->next->prev=curr->prev; 670 curr->next->prev = curr->prev;
674 (*tail)->next=curr; 671 (*tail)->next = curr;
675 curr->prev= *tail; 672 curr->prev= *tail;
676 curr->next=NULL; 673 curr->next = NULL;
677 *tail=curr; 674 *tail = curr;
678 } 675}
679 676
680static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, 677static void
681 CIPHER_ORDER **tail) 678ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
682 { 679 CIPHER_ORDER **tail)
683 if (curr == *head) return; 680{
681 if (curr == *head)
682 return;
684 if (curr == *tail) 683 if (curr == *tail)
685 *tail=curr->prev; 684 *tail = curr->prev;
686 if (curr->next != NULL) 685 if (curr->next != NULL)
687 curr->next->prev=curr->prev; 686 curr->next->prev = curr->prev;
688 if (curr->prev != NULL) 687 if (curr->prev != NULL)
689 curr->prev->next=curr->next; 688 curr->prev->next = curr->next;
690 (*head)->prev=curr; 689 (*head)->prev = curr;
691 curr->next= *head; 690 curr->next= *head;
692 curr->prev=NULL; 691 curr->prev = NULL;
693 *head=curr; 692 *head = curr;
694 } 693}
695 694
696static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) 695static void
697 { 696ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
697{
698 *mkey = 0; 698 *mkey = 0;
699 *auth = 0; 699 *auth = 0;
700 *enc = 0; 700 *enc = 0;
@@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
743 /* Disable GOST key exchange if no GOST signature algs are available * */ 743 /* Disable GOST key exchange if no GOST signature algs are available * */
744 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { 744 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
745 *mkey |= SSL_kGOST; 745 *mkey |= SSL_kGOST;
746 } 746 }
747#ifdef SSL_FORBID_ENULL 747#ifdef SSL_FORBID_ENULL
748 *enc |= SSL_eNULL; 748 *enc |= SSL_eNULL;
749#endif 749#endif
750
751
752
753 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
754 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
755 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
756 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
757 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
758 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
759 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
760 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
761 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
762 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
763 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
764 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
765 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
766
767 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
768 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
769 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
770 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
771 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
772 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
773 750
774 }
775 751
776static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 752
777 int num_of_ciphers, 753 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0;
778 unsigned long disabled_mkey, unsigned long disabled_auth, 754 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
779 unsigned long disabled_enc, unsigned long disabled_mac, 755 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;
780 unsigned long disabled_ssl, 756 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0;
781 CIPHER_ORDER *co_list, 757 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
782 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 758 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
783 { 759 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
760 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0;
761 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0;
762 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0;
763 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0;
764 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0;
765 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0;
766
767 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0;
768 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
769 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
770 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
771 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
772 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0;
773
774}
775
776static void
777ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
778 int num_of_ciphers,
779unsigned long disabled_mkey, unsigned long disabled_auth,
780 unsigned long disabled_enc, unsigned long disabled_mac,
781unsigned long disabled_ssl,
782 CIPHER_ORDER *co_list,
783CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
784{
784 int i, co_list_num; 785 int i, co_list_num;
785 const SSL_CIPHER *c; 786 const SSL_CIPHER *c;
786 787
@@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
793 794
794 /* Get the initial list of ciphers */ 795 /* Get the initial list of ciphers */
795 co_list_num = 0; /* actual count of ciphers */ 796 co_list_num = 0; /* actual count of ciphers */
796 for (i = 0; i < num_of_ciphers; i++) 797 for (i = 0; i < num_of_ciphers; i++) {
797 {
798 c = ssl_method->get_cipher(i); 798 c = ssl_method->get_cipher(i);
799 /* drop those that use any of that is not available */ 799 /* drop those that use any of that is not available */
800 if ((c != NULL) && c->valid && 800 if ((c != NULL) && c->valid &&
801#ifdef OPENSSL_FIPS 801#ifdef OPENSSL_FIPS
802 (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && 802 (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
803#endif 803#endif
804 !(c->algorithm_mkey & disabled_mkey) && 804 !(c->algorithm_mkey & disabled_mkey) &&
805 !(c->algorithm_auth & disabled_auth) && 805 !(c->algorithm_auth & disabled_auth) &&
806 !(c->algorithm_enc & disabled_enc) && 806 !(c->algorithm_enc & disabled_enc) &&
807 !(c->algorithm_mac & disabled_mac) && 807 !(c->algorithm_mac & disabled_mac) &&
808 !(c->algorithm_ssl & disabled_ssl)) 808 !(c->algorithm_ssl & disabled_ssl)) {
809 {
810 co_list[co_list_num].cipher = c; 809 co_list[co_list_num].cipher = c;
811 co_list[co_list_num].next = NULL; 810 co_list[co_list_num].next = NULL;
812 co_list[co_list_num].prev = NULL; 811 co_list[co_list_num].prev = NULL;
813 co_list[co_list_num].active = 0; 812 co_list[co_list_num].active = 0;
814 co_list_num++; 813 co_list_num++;
815#ifdef KSSL_DEBUG 814#ifdef KSSL_DEBUG
816 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); 815 printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth);
817#endif /* KSSL_DEBUG */ 816#endif /* KSSL_DEBUG */
818 /* 817 /*
819 if (!sk_push(ca_list,(char *)c)) goto err; 818 if (!sk_push(ca_list,(char *)c)) goto err;
820 */ 819 */
821 }
822 } 820 }
821 }
823 822
824 /* 823 /*
825 * Prepare linked list from list entries 824 * Prepare linked list from list entries
826 */ 825 */
827 if (co_list_num > 0) 826 if (co_list_num > 0) {
828 {
829 co_list[0].prev = NULL; 827 co_list[0].prev = NULL;
830 828
831 if (co_list_num > 1) 829 if (co_list_num > 1) {
832 {
833 co_list[0].next = &co_list[1]; 830 co_list[0].next = &co_list[1];
834 831
835 for (i = 1; i < co_list_num - 1; i++) 832 for (i = 1; i < co_list_num - 1; i++) {
836 {
837 co_list[i].prev = &co_list[i - 1]; 833 co_list[i].prev = &co_list[i - 1];
838 co_list[i].next = &co_list[i + 1]; 834 co_list[i].next = &co_list[i + 1];
839 } 835 }
840 836
841 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; 837 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
842 } 838 }
843 839
844 co_list[co_list_num - 1].next = NULL; 840 co_list[co_list_num - 1].next = NULL;
845 841
846 *head_p = &co_list[0]; 842 *head_p = &co_list[0];
847 *tail_p = &co_list[co_list_num - 1]; 843 *tail_p = &co_list[co_list_num - 1];
848 }
849 } 844 }
845}
850 846
851static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, 847static void
852 int num_of_group_aliases, 848ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
853 unsigned long disabled_mkey, unsigned long disabled_auth, 849 int num_of_group_aliases,
854 unsigned long disabled_enc, unsigned long disabled_mac, 850unsigned long disabled_mkey, unsigned long disabled_auth,
855 unsigned long disabled_ssl, 851 unsigned long disabled_enc, unsigned long disabled_mac,
856 CIPHER_ORDER *head) 852unsigned long disabled_ssl,
857 { 853 CIPHER_ORDER *head)
854{
858 CIPHER_ORDER *ciph_curr; 855 CIPHER_ORDER *ciph_curr;
859 const SSL_CIPHER **ca_curr; 856 const SSL_CIPHER **ca_curr;
860 int i; 857 int i;
@@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
869 */ 866 */
870 ciph_curr = head; 867 ciph_curr = head;
871 ca_curr = ca_list; 868 ca_curr = ca_list;
872 while (ciph_curr != NULL) 869 while (ciph_curr != NULL) {
873 {
874 *ca_curr = ciph_curr->cipher; 870 *ca_curr = ciph_curr->cipher;
875 ca_curr++; 871 ca_curr++;
876 ciph_curr = ciph_curr->next; 872 ciph_curr = ciph_curr->next;
877 } 873 }
878 874
879 /* 875 /*
880 * Now we add the available ones from the cipher_aliases[] table. 876 * Now we add the available ones from the cipher_aliases[] table.
@@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
882 * in any affected category must be supported (set in enabled_mask), 878 * in any affected category must be supported (set in enabled_mask),
883 * or represent a cipher strength value (will be added in any case because algorithms=0). 879 * or represent a cipher strength value (will be added in any case because algorithms=0).
884 */ 880 */
885 for (i = 0; i < num_of_group_aliases; i++) 881 for (i = 0; i < num_of_group_aliases; i++) {
886 {
887 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; 882 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
888 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; 883 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
889 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; 884 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
@@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
893 if (algorithm_mkey) 888 if (algorithm_mkey)
894 if ((algorithm_mkey & mask_mkey) == 0) 889 if ((algorithm_mkey & mask_mkey) == 0)
895 continue; 890 continue;
896 891
897 if (algorithm_auth) 892 if (algorithm_auth)
898 if ((algorithm_auth & mask_auth) == 0) 893 if ((algorithm_auth & mask_auth) == 0)
899 continue; 894 continue;
900 895
901 if (algorithm_enc) 896 if (algorithm_enc)
902 if ((algorithm_enc & mask_enc) == 0) 897 if ((algorithm_enc & mask_enc) == 0)
903 continue; 898 continue;
904 899
905 if (algorithm_mac) 900 if (algorithm_mac)
906 if ((algorithm_mac & mask_mac) == 0) 901 if ((algorithm_mac & mask_mac) == 0)
907 continue; 902 continue;
908 903
909 if (algorithm_ssl) 904 if (algorithm_ssl)
910 if ((algorithm_ssl & mask_ssl) == 0) 905 if ((algorithm_ssl & mask_ssl) == 0)
911 continue; 906 continue;
912 907
913 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 908 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
914 ca_curr++; 909 ca_curr++;
915 } 910 }
916 911
917 *ca_curr = NULL; /* end of list */ 912 *ca_curr = NULL; /* end of list */
918 } 913}
919 914
920static void ssl_cipher_apply_rule(unsigned long cipher_id, 915static void
921 unsigned long alg_mkey, unsigned long alg_auth, 916ssl_cipher_apply_rule(unsigned long cipher_id,
922 unsigned long alg_enc, unsigned long alg_mac, 917 unsigned long alg_mkey, unsigned long alg_auth,
923 unsigned long alg_ssl, 918unsigned long alg_enc, unsigned long alg_mac,
924 unsigned long algo_strength, 919 unsigned long alg_ssl,
925 int rule, int strength_bits, 920unsigned long algo_strength,
926 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 921 int rule, int strength_bits,
927 { 922CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
923{
928 CIPHER_ORDER *head, *tail, *curr, *curr2, *last; 924 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
929 const SSL_CIPHER *cp; 925 const SSL_CIPHER *cp;
930 int reverse = 0; 926 int reverse = 0;
931 927
932#ifdef CIPHER_DEBUG 928#ifdef CIPHER_DEBUG
933 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", 929 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
934 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); 930 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
935#endif 931#endif
936 932
937 if (rule == CIPHER_DEL) 933 if (rule == CIPHER_DEL)
@@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
940 head = *head_p; 936 head = *head_p;
941 tail = *tail_p; 937 tail = *tail_p;
942 938
943 if (reverse) 939 if (reverse) {
944 {
945 curr = tail; 940 curr = tail;
946 last = head; 941 last = head;
947 } 942 } else {
948 else
949 {
950 curr = head; 943 curr = head;
951 last = tail; 944 last = tail;
952 } 945 }
953 946
954 curr2 = curr; 947 curr2 = curr;
955 for (;;) 948 for (;;) {
956 { 949 if ((curr == NULL)
957 if ((curr == NULL) || (curr == last)) break; 950 || (curr == last)) break;
958 curr = curr2; 951 curr = curr2;
959 curr2 = reverse ? curr->prev : curr->next; 952 curr2 = reverse ? curr->prev : curr->next;
960 953
@@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
964 * Selection criteria is either the value of strength_bits 957 * Selection criteria is either the value of strength_bits
965 * or the algorithms used. 958 * or the algorithms used.
966 */ 959 */
967 if (strength_bits >= 0) 960 if (strength_bits >= 0) {
968 {
969 if (strength_bits != cp->strength_bits) 961 if (strength_bits != cp->strength_bits)
970 continue; 962 continue;
971 } 963 } else {
972 else
973 {
974#ifdef CIPHER_DEBUG 964#ifdef CIPHER_DEBUG
975 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); 965 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
976#endif 966#endif
@@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
989 continue; 979 continue;
990 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) 980 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
991 continue; 981 continue;
992 } 982 }
993 983
994#ifdef CIPHER_DEBUG 984#ifdef CIPHER_DEBUG
995 printf("Action = %d\n", rule); 985 printf("Action = %d\n", rule);
996#endif 986#endif
997 987
998 /* add the cipher if it has not been added yet. */ 988 /* add the cipher if it has not been added yet. */
999 if (rule == CIPHER_ADD) 989 if (rule == CIPHER_ADD) {
1000 {
1001 /* reverse == 0 */ 990 /* reverse == 0 */
1002 if (!curr->active) 991 if (!curr->active) {
1003 {
1004 ll_append_tail(&head, curr, &tail); 992 ll_append_tail(&head, curr, &tail);
1005 curr->active = 1; 993 curr->active = 1;
1006 }
1007 } 994 }
995 }
1008 /* Move the added cipher to this location */ 996 /* Move the added cipher to this location */
1009 else if (rule == CIPHER_ORD) 997 else if (rule == CIPHER_ORD) {
1010 {
1011 /* reverse == 0 */ 998 /* reverse == 0 */
1012 if (curr->active) 999 if (curr->active) {
1013 {
1014 ll_append_tail(&head, curr, &tail); 1000 ll_append_tail(&head, curr, &tail);
1015 }
1016 } 1001 }
1017 else if (rule == CIPHER_DEL) 1002 } else if (rule == CIPHER_DEL) {
1018 {
1019 /* reverse == 1 */ 1003 /* reverse == 1 */
1020 if (curr->active) 1004 if (curr->active) {
1021 {
1022 /* most recently deleted ciphersuites get best positions 1005 /* most recently deleted ciphersuites get best positions
1023 * for any future CIPHER_ADD (note that the CIPHER_DEL loop 1006 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1024 * works in reverse to maintain the order) */ 1007 * works in reverse to maintain the order) */
1025 ll_append_head(&head, curr, &tail); 1008 ll_append_head(&head, curr, &tail);
1026 curr->active = 0; 1009 curr->active = 0;
1027 }
1028 } 1010 }
1029 else if (rule == CIPHER_KILL) 1011 } else if (rule == CIPHER_KILL) {
1030 {
1031 /* reverse == 0 */ 1012 /* reverse == 0 */
1032 if (head == curr) 1013 if (head == curr)
1033 head = curr->next; 1014 head = curr->next;
@@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
1042 curr->prev->next = curr->next; 1023 curr->prev->next = curr->next;
1043 curr->next = NULL; 1024 curr->next = NULL;
1044 curr->prev = NULL; 1025 curr->prev = NULL;
1045 }
1046 } 1026 }
1027 }
1047 1028
1048 *head_p = head; 1029 *head_p = head;
1049 *tail_p = tail; 1030 *tail_p = tail;
1050 } 1031}
1051 1032
1052static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, 1033static int
1053 CIPHER_ORDER **tail_p) 1034ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
1054 { 1035 CIPHER_ORDER **tail_p)
1036{
1055 int max_strength_bits, i, *number_uses; 1037 int max_strength_bits, i, *number_uses;
1056 CIPHER_ORDER *curr; 1038 CIPHER_ORDER *curr;
1057 1039
@@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
1062 */ 1044 */
1063 max_strength_bits = 0; 1045 max_strength_bits = 0;
1064 curr = *head_p; 1046 curr = *head_p;
1065 while (curr != NULL) 1047 while (curr != NULL) {
1066 {
1067 if (curr->active && 1048 if (curr->active &&
1068 (curr->cipher->strength_bits > max_strength_bits)) 1049 (curr->cipher->strength_bits > max_strength_bits))
1069 max_strength_bits = curr->cipher->strength_bits; 1050 max_strength_bits = curr->cipher->strength_bits;
1070 curr = curr->next; 1051 curr = curr->next;
1071 } 1052 }
1072 1053
1073 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 1054 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
1074 if (!number_uses) 1055 if (!number_uses) {
1075 { 1056 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
1076 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); 1057 return (0);
1077 return(0); 1058 }
1078 }
1079 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 1059 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
1080 1060
1081 /* 1061 /*
1082 * Now find the strength_bits values actually used 1062 * Now find the strength_bits values actually used
1083 */ 1063 */
1084 curr = *head_p; 1064 curr = *head_p;
1085 while (curr != NULL) 1065 while (curr != NULL) {
1086 {
1087 if (curr->active) 1066 if (curr->active)
1088 number_uses[curr->cipher->strength_bits]++; 1067 number_uses[curr->cipher->strength_bits]++;
1089 curr = curr->next; 1068 curr = curr->next;
1090 } 1069 }
1091 /* 1070 /*
1092 * Go through the list of used strength_bits values in descending 1071 * Go through the list of used strength_bits values in descending
1093 * order. 1072 * order.
@@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
1097 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); 1076 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1098 1077
1099 OPENSSL_free(number_uses); 1078 OPENSSL_free(number_uses);
1100 return(1); 1079 return (1);
1101 } 1080}
1102 1081
1103static int ssl_cipher_process_rulestr(const char *rule_str, 1082static int
1104 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, 1083ssl_cipher_process_rulestr(const char *rule_str,
1105 const SSL_CIPHER **ca_list) 1084 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
1106 { 1085const SSL_CIPHER **ca_list)
1086{
1107 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; 1087 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
1108 const char *l, *buf; 1088 const char *l, *buf;
1109 int j, multi, found, rule, retval, ok, buflen; 1089 int j, multi, found, rule, retval, ok, buflen;
@@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1112 1092
1113 retval = 1; 1093 retval = 1;
1114 l = rule_str; 1094 l = rule_str;
1115 for (;;) 1095 for (;;) {
1116 {
1117 ch = *l; 1096 ch = *l;
1118 1097
1119 if (ch == '\0') 1098 if (ch == '\0')
1120 break; /* done */ 1099 break;
1100 /* done */
1121 if (ch == '-') 1101 if (ch == '-')
1122 { rule = CIPHER_DEL; l++; } 1102 { rule = CIPHER_DEL;
1123 else if (ch == '+') 1103 l++;
1124 { rule = CIPHER_ORD; l++; } 1104 } else if (ch == '+')
1125 else if (ch == '!') 1105 { rule = CIPHER_ORD;
1126 { rule = CIPHER_KILL; l++; } 1106 l++;
1127 else if (ch == '@') 1107 } else if (ch == '!')
1128 { rule = CIPHER_SPECIAL; l++; } 1108 { rule = CIPHER_KILL;
1129 else 1109 l++;
1130 { rule = CIPHER_ADD; } 1110 } else if (ch == '@')
1111 { rule = CIPHER_SPECIAL;
1112 l++;
1113 } else
1114 { rule = CIPHER_ADD;
1115 }
1131 1116
1132 if (ITEM_SEP(ch)) 1117 if (ITEM_SEP(ch)) {
1133 {
1134 l++; 1118 l++;
1135 continue; 1119 continue;
1136 } 1120 }
1137 1121
1138 alg_mkey = 0; 1122 alg_mkey = 0;
1139 alg_auth = 0; 1123 alg_auth = 0;
@@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1142 alg_ssl = 0; 1126 alg_ssl = 0;
1143 algo_strength = 0; 1127 algo_strength = 0;
1144 1128
1145 for (;;) 1129 for (;;) {
1146 {
1147 ch = *l; 1130 ch = *l;
1148 buf = l; 1131 buf = l;
1149 buflen = 0; 1132 buflen = 0;
1150#ifndef CHARSET_EBCDIC 1133#ifndef CHARSET_EBCDIC
1151 while ( ((ch >= 'A') && (ch <= 'Z')) || 1134 while (((ch >= 'A') && (ch <= 'Z')) ||
1152 ((ch >= '0') && (ch <= '9')) || 1135 ((ch >= '0') && (ch <= '9')) ||
1153 ((ch >= 'a') && (ch <= 'z')) || 1136 ((ch >= 'a') && (ch <= 'z')) ||
1154 (ch == '-') || (ch == '.')) 1137 (ch == '-') || (ch == '.'))
1155#else 1138#else
1156 while ( isalnum(ch) || (ch == '-') || (ch == '.')) 1139 while (isalnum(ch) || (ch == '-') || (ch == '.'))
1157#endif 1140#endif
1158 { 1141 {
1159 ch = *(++l); 1142 ch = *(++l);
1160 buflen++; 1143 buflen++;
1161 } 1144 }
1162 1145
1163 if (buflen == 0) 1146 if (buflen == 0) {
1164 {
1165 /* 1147 /*
1166 * We hit something we cannot deal with, 1148 * We hit something we cannot deal with,
1167 * it is no command or separator nor 1149 * it is no command or separator nor
1168 * alphanumeric, so we call this an error. 1150 * alphanumeric, so we call this an error.
1169 */ 1151 */
1170 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1152 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1171 SSL_R_INVALID_COMMAND); 1153 SSL_R_INVALID_COMMAND);
1172 retval = found = 0; 1154 retval = found = 0;
1173 l++; 1155 l++;
1174 break; 1156 break;
1175 } 1157 }
1176 1158
1177 if (rule == CIPHER_SPECIAL) 1159 if (rule == CIPHER_SPECIAL) {
1178 {
1179 found = 0; /* unused -- avoid compiler warning */ 1160 found = 0; /* unused -- avoid compiler warning */
1180 break; /* special treatment */ 1161 break; /* special treatment */
1181 } 1162 }
1182 1163
1183 /* check for multi-part specification */ 1164 /* check for multi-part specification */
1184 if (ch == '+') 1165 if (ch == '+') {
1185 { 1166 multi = 1;
1186 multi=1;
1187 l++; 1167 l++;
1188 } 1168 } else
1189 else 1169 multi = 0;
1190 multi=0;
1191 1170
1192 /* 1171 /*
1193 * Now search for the cipher alias in the ca_list. Be careful 1172 * Now search for the cipher alias in the ca_list. Be careful
@@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1202 */ 1181 */
1203 j = found = 0; 1182 j = found = 0;
1204 cipher_id = 0; 1183 cipher_id = 0;
1205 while (ca_list[j]) 1184 while (ca_list[j]) {
1206 {
1207 if (!strncmp(buf, ca_list[j]->name, buflen) && 1185 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1208 (ca_list[j]->name[buflen] == '\0')) 1186 (ca_list[j]->name[buflen] == '\0')) {
1209 {
1210 found = 1; 1187 found = 1;
1211 break; 1188 break;
1212 } 1189 } else
1213 else
1214 j++; 1190 j++;
1215 } 1191 }
1216 1192
1217 if (!found) 1193 if (!found)
1218 break; /* ignore this entry */ 1194 break; /* ignore this entry */
1219 1195
1220 if (ca_list[j]->algorithm_mkey) 1196 if (ca_list[j]->algorithm_mkey) {
1221 { 1197 if (alg_mkey) {
1222 if (alg_mkey)
1223 {
1224 alg_mkey &= ca_list[j]->algorithm_mkey; 1198 alg_mkey &= ca_list[j]->algorithm_mkey;
1225 if (!alg_mkey) { found = 0; break; } 1199 if (!alg_mkey) {
1200 found = 0;
1201 break;
1226 } 1202 }
1227 else 1203 } else
1228 alg_mkey = ca_list[j]->algorithm_mkey; 1204 alg_mkey = ca_list[j]->algorithm_mkey;
1229 } 1205 }
1230 1206
1231 if (ca_list[j]->algorithm_auth) 1207 if (ca_list[j]->algorithm_auth) {
1232 { 1208 if (alg_auth) {
1233 if (alg_auth)
1234 {
1235 alg_auth &= ca_list[j]->algorithm_auth; 1209 alg_auth &= ca_list[j]->algorithm_auth;
1236 if (!alg_auth) { found = 0; break; } 1210 if (!alg_auth) {
1211 found = 0;
1212 break;
1237 } 1213 }
1238 else 1214 } else
1239 alg_auth = ca_list[j]->algorithm_auth; 1215 alg_auth = ca_list[j]->algorithm_auth;
1240 } 1216 }
1241 1217
1242 if (ca_list[j]->algorithm_enc) 1218 if (ca_list[j]->algorithm_enc) {
1243 { 1219 if (alg_enc) {
1244 if (alg_enc)
1245 {
1246 alg_enc &= ca_list[j]->algorithm_enc; 1220 alg_enc &= ca_list[j]->algorithm_enc;
1247 if (!alg_enc) { found = 0; break; } 1221 if (!alg_enc) {
1222 found = 0;
1223 break;
1248 } 1224 }
1249 else 1225 } else
1250 alg_enc = ca_list[j]->algorithm_enc; 1226 alg_enc = ca_list[j]->algorithm_enc;
1251 } 1227 }
1252 1228
1253 if (ca_list[j]->algorithm_mac) 1229 if (ca_list[j]->algorithm_mac) {
1254 { 1230 if (alg_mac) {
1255 if (alg_mac)
1256 {
1257 alg_mac &= ca_list[j]->algorithm_mac; 1231 alg_mac &= ca_list[j]->algorithm_mac;
1258 if (!alg_mac) { found = 0; break; } 1232 if (!alg_mac) {
1233 found = 0;
1234 break;
1259 } 1235 }
1260 else 1236 } else
1261 alg_mac = ca_list[j]->algorithm_mac; 1237 alg_mac = ca_list[j]->algorithm_mac;
1262 } 1238 }
1263 1239
1264 if (ca_list[j]->algo_strength & SSL_EXP_MASK) 1240 if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
1265 { 1241 if (algo_strength & SSL_EXP_MASK) {
1266 if (algo_strength & SSL_EXP_MASK)
1267 {
1268 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; 1242 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1269 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } 1243 if (!(algo_strength & SSL_EXP_MASK)) {
1244 found = 0;
1245 break;
1270 } 1246 }
1271 else 1247 } else
1272 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; 1248 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1273 } 1249 }
1274 1250
1275 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) 1251 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1276 { 1252 if (algo_strength & SSL_STRONG_MASK) {
1277 if (algo_strength & SSL_STRONG_MASK)
1278 {
1279 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; 1253 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1280 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } 1254 if (!(algo_strength & SSL_STRONG_MASK)) {
1255 found = 0;
1256 break;
1281 } 1257 }
1282 else 1258 } else
1283 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; 1259 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1284 } 1260 }
1285 1261
1286 if (ca_list[j]->valid) 1262 if (ca_list[j]->valid) {
1287 {
1288 /* explicit ciphersuite found; its protocol version 1263 /* explicit ciphersuite found; its protocol version
1289 * does not become part of the search pattern!*/ 1264 * does not become part of the search pattern!*/
1290 1265
1291 cipher_id = ca_list[j]->id; 1266 cipher_id = ca_list[j]->id;
1292 } 1267 } else {
1293 else
1294 {
1295 /* not an explicit ciphersuite; only in this case, the 1268 /* not an explicit ciphersuite; only in this case, the
1296 * protocol version is considered part of the search pattern */ 1269 * protocol version is considered part of the search pattern */
1297 1270
1298 if (ca_list[j]->algorithm_ssl) 1271 if (ca_list[j]->algorithm_ssl) {
1299 { 1272 if (alg_ssl) {
1300 if (alg_ssl)
1301 {
1302 alg_ssl &= ca_list[j]->algorithm_ssl; 1273 alg_ssl &= ca_list[j]->algorithm_ssl;
1303 if (!alg_ssl) { found = 0; break; } 1274 if (!alg_ssl) {
1275 found = 0;
1276 break;
1304 } 1277 }
1305 else 1278 } else
1306 alg_ssl = ca_list[j]->algorithm_ssl; 1279 alg_ssl = ca_list[j]->algorithm_ssl;
1307 }
1308 } 1280 }
1309
1310 if (!multi) break;
1311 } 1281 }
1312 1282
1283 if (!multi)
1284 break;
1285 }
1286
1313 /* 1287 /*
1314 * Ok, we have the rule, now apply it 1288 * Ok, we have the rule, now apply it
1315 */ 1289 */
1316 if (rule == CIPHER_SPECIAL) 1290 if (rule == CIPHER_SPECIAL)
1317 { /* special command */ 1291 { /* special command */
1318 ok = 0; 1292 ok = 0;
1319 if ((buflen == 8) && 1293 if ((buflen == 8) &&
1320 !strncmp(buf, "STRENGTH", 8)) 1294 !strncmp(buf, "STRENGTH", 8))
1321 ok = ssl_cipher_strength_sort(head_p, tail_p); 1295 ok = ssl_cipher_strength_sort(head_p, tail_p);
1322 else 1296 else
1323 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1297 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1324 SSL_R_INVALID_COMMAND); 1298 SSL_R_INVALID_COMMAND);
1325 if (ok == 0) 1299 if (ok == 0)
1326 retval = 0; 1300 retval = 0;
1327 /* 1301 /*
@@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1331 * end or ':' is found. 1305 * end or ':' is found.
1332 */ 1306 */
1333 while ((*l != '\0') && !ITEM_SEP(*l)) 1307 while ((*l != '\0') && !ITEM_SEP(*l))
1334 l++; 1308 l++;
1335 } 1309 } else if (found) {
1336 else if (found)
1337 {
1338 ssl_cipher_apply_rule(cipher_id, 1310 ssl_cipher_apply_rule(cipher_id,
1339 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, 1311 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1340 rule, -1, head_p, tail_p); 1312 rule, -1, head_p, tail_p);
1341 } 1313 } else {
1342 else
1343 {
1344 while ((*l != '\0') && !ITEM_SEP(*l)) 1314 while ((*l != '\0') && !ITEM_SEP(*l))
1345 l++; 1315 l++;
1346 } 1316 }
1347 if (*l == '\0') break; /* done */ 1317 if (*l == '\0') break; /* done */
1348 } 1318 }
1349 1319
1350 return(retval); 1320 return (retval);
1351 } 1321}
1352 1322
1353STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, 1323STACK_OF(SSL_CIPHER)
1354 STACK_OF(SSL_CIPHER) **cipher_list, 1324*ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1355 STACK_OF(SSL_CIPHER) **cipher_list_by_id, 1325STACK_OF(SSL_CIPHER) **cipher_list,
1356 const char *rule_str) 1326 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1357 { 1327const char *rule_str)
1328{
1358 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1329 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1359 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; 1330 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1360 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1331 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
@@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1384 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 1355 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1385#endif /* KSSL_DEBUG */ 1356#endif /* KSSL_DEBUG */
1386 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 1357 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1387 if (co_list == NULL) 1358 if (co_list == NULL) {
1388 { 1359 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1389 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1390 return(NULL); /* Failure */ 1360 return(NULL); /* Failure */
1391 } 1361 }
1392 1362
1393 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1363 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1394 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, 1364 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1395 co_list, &head, &tail); 1365 co_list, &head, &tail);
1396 1366
1397 1367
1398 /* Now arrange all ciphers by preference: */ 1368 /* Now arrange all ciphers by preference: */
@@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1419 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1389 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1420 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ 1390 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1421 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1391 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1422 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1392 ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1423 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1393 ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1424 1394
1425 /* RC4 is sort-of broken -- move the the end */ 1395 /* RC4 is sort-of broken -- move the the end */
1426 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1396 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1427 1397
1428 /* Now sort by symmetric encryption strength. The above ordering remains 1398 /* Now sort by symmetric encryption strength. The above ordering remains
1429 * in force within each class */ 1399 * in force within each class */
1430 if (!ssl_cipher_strength_sort(&head, &tail)) 1400 if (!ssl_cipher_strength_sort(&head, &tail)) {
1431 {
1432 OPENSSL_free(co_list); 1401 OPENSSL_free(co_list);
1433 return NULL; 1402 return NULL;
1434 } 1403 }
1435 1404
1436 /* Now disable everything (maintaining the ordering!) */ 1405 /* Now disable everything (maintaining the ordering!) */
1437 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1406 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
@@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1448 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1417 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1449 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1418 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1450 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1419 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1451 if (ca_list == NULL) 1420 if (ca_list == NULL) {
1452 {
1453 OPENSSL_free(co_list); 1421 OPENSSL_free(co_list);
1454 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 1422 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1455 return(NULL); /* Failure */ 1423 return(NULL); /* Failure */
1456 } 1424 }
1457 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1425 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1458 disabled_mkey, disabled_auth, disabled_enc, 1426 disabled_mkey, disabled_auth, disabled_enc,
1459 disabled_mac, disabled_ssl, head); 1427 disabled_mac, disabled_ssl, head);
1460 1428
1461 /* 1429 /*
1462 * If the rule_string begins with DEFAULT, apply the default rule 1430 * If the rule_string begins with DEFAULT, apply the default rule
@@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1464 */ 1432 */
1465 ok = 1; 1433 ok = 1;
1466 rule_p = rule_str; 1434 rule_p = rule_str;
1467 if (strncmp(rule_str,"DEFAULT",7) == 0) 1435 if (strncmp(rule_str, "DEFAULT", 7) == 0) {
1468 {
1469 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1436 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1470 &head, &tail, ca_list); 1437 &head, &tail, ca_list);
1471 rule_p += 7; 1438 rule_p += 7;
1472 if (*rule_p == ':') 1439 if (*rule_p == ':')
1473 rule_p++; 1440 rule_p++;
1474 } 1441 }
1475 1442
1476 if (ok && (strlen(rule_p) > 0)) 1443 if (ok && (strlen(rule_p) > 0))
1477 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); 1444 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
@@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1479 OPENSSL_free((void *)ca_list); /* Not needed anymore */ 1446 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1480 1447
1481 if (!ok) 1448 if (!ok)
1482 { /* Rule processing failure */ 1449 { /* Rule processing failure */
1483 OPENSSL_free(co_list); 1450 OPENSSL_free(co_list);
1484 return(NULL); 1451 return (NULL);
1485 } 1452 }
1486 1453
1487 /* 1454 /*
1488 * Allocate new "cipherstack" for the result, return with error 1455 * Allocate new "cipherstack" for the result, return with error
1489 * if we cannot get one. 1456 * if we cannot get one.
1490 */ 1457 */
1491 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 1458 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
1492 {
1493 OPENSSL_free(co_list); 1459 OPENSSL_free(co_list);
1494 return(NULL); 1460 return (NULL);
1495 } 1461 }
1496 1462
1497 /* 1463 /*
1498 * The cipher selection for the list is done. The ciphers are added 1464 * The cipher selection for the list is done. The ciphers are added
1499 * to the resulting precedence to the STACK_OF(SSL_CIPHER). 1465 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1500 */ 1466 */
1501 for (curr = head; curr != NULL; curr = curr->next) 1467 for (curr = head; curr != NULL; curr = curr->next) {
1502 {
1503#ifdef OPENSSL_FIPS 1468#ifdef OPENSSL_FIPS
1504 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) 1469 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1505#else 1470#else
1506 if (curr->active) 1471 if (curr->active)
1507#endif 1472#endif
1508 { 1473 {
1509 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1474 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1510#ifdef CIPHER_DEBUG 1475#ifdef CIPHER_DEBUG
1511 printf("<%s>\n",curr->cipher->name); 1476 printf("<%s>\n", curr->cipher->name);
1512#endif 1477#endif
1513 }
1514 } 1478 }
1479 }
1515 OPENSSL_free(co_list); /* Not needed any longer */ 1480 OPENSSL_free(co_list); /* Not needed any longer */
1516 1481
1517 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); 1482 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1518 if (tmp_cipher_list == NULL) 1483 if (tmp_cipher_list == NULL) {
1519 {
1520 sk_SSL_CIPHER_free(cipherstack); 1484 sk_SSL_CIPHER_free(cipherstack);
1521 return NULL; 1485 return NULL;
1522 } 1486 }
1523 if (*cipher_list != NULL) 1487 if (*cipher_list != NULL)
1524 sk_SSL_CIPHER_free(*cipher_list); 1488 sk_SSL_CIPHER_free(*cipher_list);
1525 *cipher_list = cipherstack; 1489 *cipher_list = cipherstack;
1526 if (*cipher_list_by_id != NULL) 1490 if (*cipher_list_by_id != NULL)
1527 sk_SSL_CIPHER_free(*cipher_list_by_id); 1491 sk_SSL_CIPHER_free(*cipher_list_by_id);
1528 *cipher_list_by_id = tmp_cipher_list; 1492 *cipher_list_by_id = tmp_cipher_list;
1529 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 1493 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
1530 1494
1531 sk_SSL_CIPHER_sort(*cipher_list_by_id); 1495 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1532 return(cipherstack); 1496 return (cipherstack);
1533 } 1497}
1534 1498
1535char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1499char
1536 { 1500*SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1537 int is_export,pkl,kl; 1501{
1538 const char *ver,*exp_str; 1502 int is_export, pkl, kl;
1539 const char *kx,*au,*enc,*mac; 1503 const char *ver, *exp_str;
1540 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; 1504 const char *kx, *au, *enc, *mac;
1505 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1541#ifdef KSSL_DEBUG 1506#ifdef KSSL_DEBUG
1542 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 1507 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1543#else 1508#else
@@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1550 alg_mac = cipher->algorithm_mac; 1515 alg_mac = cipher->algorithm_mac;
1551 alg_ssl = cipher->algorithm_ssl; 1516 alg_ssl = cipher->algorithm_ssl;
1552 1517
1553 alg2=cipher->algorithm2; 1518 alg2 = cipher->algorithm2;
1519
1520 is_export = SSL_C_IS_EXPORT(cipher);
1521 pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
1522 kl = SSL_C_EXPORT_KEYLENGTH(cipher);
1523 exp_str = is_export?" export":"";
1554 1524
1555 is_export=SSL_C_IS_EXPORT(cipher);
1556 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1557 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1558 exp_str=is_export?" export":"";
1559
1560 if (alg_ssl & SSL_SSLV2) 1525 if (alg_ssl & SSL_SSLV2)
1561 ver="SSLv2"; 1526 ver="SSLv2";
1562 else if (alg_ssl & SSL_SSLV3) 1527 else if (alg_ssl & SSL_SSLV3)
@@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1566 else 1531 else
1567 ver="unknown"; 1532 ver="unknown";
1568 1533
1569 switch (alg_mkey) 1534 switch (alg_mkey) {
1570 {
1571 case SSL_kRSA: 1535 case SSL_kRSA:
1572 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1536 kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1573 break; 1537 break;
1574 case SSL_kDHr: 1538 case SSL_kDHr:
1575 kx="DH/RSA"; 1539 kx="DH/RSA";
@@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1577 case SSL_kDHd: 1541 case SSL_kDHd:
1578 kx="DH/DSS"; 1542 kx="DH/DSS";
1579 break; 1543 break;
1580 case SSL_kKRB5: 1544 case SSL_kKRB5:
1581 kx="KRB5"; 1545 kx="KRB5";
1582 break; 1546 break;
1583 case SSL_kEDH: 1547 case SSL_kEDH:
1584 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1548 kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1585 break; 1549 break;
1586 case SSL_kECDHr: 1550 case SSL_kECDHr:
1587 kx="ECDH/RSA"; 1551 kx="ECDH/RSA";
@@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1600 break; 1564 break;
1601 default: 1565 default:
1602 kx="unknown"; 1566 kx="unknown";
1603 } 1567 }
1604 1568
1605 switch (alg_auth) 1569 switch (alg_auth) {
1606 {
1607 case SSL_aRSA: 1570 case SSL_aRSA:
1608 au="RSA"; 1571 au="RSA";
1609 break; 1572 break;
@@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1613 case SSL_aDH: 1576 case SSL_aDH:
1614 au="DH"; 1577 au="DH";
1615 break; 1578 break;
1616 case SSL_aKRB5: 1579 case SSL_aKRB5:
1617 au="KRB5"; 1580 au="KRB5";
1618 break; 1581 break;
1619 case SSL_aECDH: 1582 case SSL_aECDH:
1620 au="ECDH"; 1583 au="ECDH";
1621 break; 1584 break;
1622 case SSL_aNULL: 1585 case SSL_aNULL:
@@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1631 default: 1594 default:
1632 au="unknown"; 1595 au="unknown";
1633 break; 1596 break;
1634 } 1597 }
1635 1598
1636 switch (alg_enc) 1599 switch (alg_enc) {
1637 {
1638 case SSL_DES: 1600 case SSL_DES:
1639 enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 1601 enc = (is_export && kl == 5)?"DES(40)":"DES(56)";
1640 break; 1602 break;
1641 case SSL_3DES: 1603 case SSL_3DES:
1642 enc="3DES(168)"; 1604 enc="3DES(168)";
1643 break; 1605 break;
1644 case SSL_RC4: 1606 case SSL_RC4:
1645 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") 1607 enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1646 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); 1608 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1647 break; 1609 break;
1648 case SSL_RC2: 1610 case SSL_RC2:
1649 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; 1611 enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1650 break; 1612 break;
1651 case SSL_IDEA: 1613 case SSL_IDEA:
1652 enc="IDEA(128)"; 1614 enc="IDEA(128)";
@@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1678 default: 1640 default:
1679 enc="unknown"; 1641 enc="unknown";
1680 break; 1642 break;
1681 } 1643 }
1682 1644
1683 switch (alg_mac) 1645 switch (alg_mac) {
1684 {
1685 case SSL_MD5: 1646 case SSL_MD5:
1686 mac="MD5"; 1647 mac="MD5";
1687 break; 1648 break;
@@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1700 default: 1661 default:
1701 mac="unknown"; 1662 mac="unknown";
1702 break; 1663 break;
1703 } 1664 }
1704 1665
1705 if (buf == NULL) 1666 if (buf == NULL) {
1706 { 1667 len = 128;
1707 len=128; 1668 buf = OPENSSL_malloc(len);
1708 buf=OPENSSL_malloc(len); 1669 if (buf == NULL)
1709 if (buf == NULL) return("OPENSSL_malloc Error"); 1670 return("OPENSSL_malloc Error");
1710 } 1671 } else if (len < 128)
1711 else if (len < 128) 1672 return("Buffer too small");
1712 return("Buffer too small");
1713 1673
1714#ifdef KSSL_DEBUG 1674#ifdef KSSL_DEBUG
1715 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); 1675 BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
1716#else 1676#else
1717 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 1677 BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str);
1718#endif /* KSSL_DEBUG */ 1678#endif /* KSSL_DEBUG */
1719 return(buf); 1679 return (buf);
1720 } 1680}
1721 1681
1722char *SSL_CIPHER_get_version(const SSL_CIPHER *c) 1682char
1723 { 1683*SSL_CIPHER_get_version(const SSL_CIPHER *c)
1684{
1724 int i; 1685 int i;
1725 1686
1726 if (c == NULL) return("(NONE)"); 1687 if (c == NULL)
1727 i=(int)(c->id>>24L); 1688 return("(NONE)");
1689 i = (int)(c->id >> 24L);
1728 if (i == 3) 1690 if (i == 3)
1729 return("TLSv1/SSLv3"); 1691 return("TLSv1/SSLv3");
1730 else if (i == 2) 1692 else if (i == 2)
1731 return("SSLv2"); 1693 return("SSLv2");
1732 else 1694 else
1733 return("unknown"); 1695 return("unknown");
1734 } 1696}
1735 1697
1736/* return the actual cipher being used */ 1698/* return the actual cipher being used */
1737const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) 1699const char
1738 { 1700*SSL_CIPHER_get_name(const SSL_CIPHER *c)
1701{
1739 if (c != NULL) 1702 if (c != NULL)
1740 return(c->name); 1703 return (c->name);
1741 return("(NONE)"); 1704 return("(NONE)");
1742 } 1705}
1743 1706
1744/* number of bits for symmetric cipher */ 1707/* number of bits for symmetric cipher */
1745int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) 1708int
1746 { 1709SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1747 int ret=0; 1710{
1711 int ret = 0;
1748 1712
1749 if (c != NULL) 1713 if (c != NULL) {
1750 { 1714 if (alg_bits != NULL)
1751 if (alg_bits != NULL) *alg_bits = c->alg_bits; 1715 *alg_bits = c->alg_bits;
1752 ret = c->strength_bits; 1716 ret = c->strength_bits;
1753 }
1754 return(ret);
1755 } 1717 }
1718 return (ret);
1719}
1756 1720
1757unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) 1721unsigned long
1758 { 1722SSL_CIPHER_get_id(const SSL_CIPHER *c)
1723{
1759 return c->id; 1724 return c->id;
1760 } 1725}
1761 1726
1762SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) 1727SSL_COMP
1763 { 1728*ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1729{
1764 SSL_COMP *ctmp; 1730 SSL_COMP *ctmp;
1765 int i,nn; 1731 int i, nn;
1766 1732
1767 if ((n == 0) || (sk == NULL)) return(NULL); 1733 if ((n == 0)
1768 nn=sk_SSL_COMP_num(sk); 1734 || (sk == NULL)) return (NULL);
1769 for (i=0; i<nn; i++) 1735 nn = sk_SSL_COMP_num(sk);
1770 { 1736 for (i = 0; i < nn; i++) {
1771 ctmp=sk_SSL_COMP_value(sk,i); 1737 ctmp = sk_SSL_COMP_value(sk, i);
1772 if (ctmp->id == n) 1738 if (ctmp->id == n)
1773 return(ctmp); 1739 return (ctmp);
1774 }
1775 return(NULL);
1776 } 1740 }
1741 return (NULL);
1742}
1777 1743
1778#ifdef OPENSSL_NO_COMP 1744#ifdef OPENSSL_NO_COMP
1779void *SSL_COMP_get_compression_methods(void) 1745void
1780 { 1746*SSL_COMP_get_compression_methods(void)
1747{
1781 return NULL; 1748 return NULL;
1782 } 1749}
1783int SSL_COMP_add_compression_method(int id, void *cm) 1750
1784 { 1751int
1752SSL_COMP_add_compression_method(int id, void *cm)
1753{
1785 return 1; 1754 return 1;
1786 } 1755}
1787 1756
1788const char *SSL_COMP_get_name(const void *comp) 1757const char
1789 { 1758*SSL_COMP_get_name(const void *comp)
1759{
1790 return NULL; 1760 return NULL;
1791 } 1761}
1792#else 1762#else
1793STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 1763STACK_OF(SSL_COMP)
1794 { 1764*SSL_COMP_get_compression_methods(void)
1765{
1795 load_builtin_compressions(); 1766 load_builtin_compressions();
1796 return(ssl_comp_methods); 1767 return (ssl_comp_methods);
1797 } 1768}
1798 1769
1799int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 1770int
1800 { 1771SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1772{
1801 SSL_COMP *comp; 1773 SSL_COMP *comp;
1802 1774
1803 if (cm == NULL || cm->type == NID_undef) 1775 if (cm == NULL || cm->type == NID_undef)
1804 return 1; 1776 return 1;
1805 1777
1806 /* According to draft-ietf-tls-compression-04.txt, the 1778 /* According to draft-ietf-tls-compression-04.txt, the
1807 compression number ranges should be the following: 1779 compression number ranges should be the following:
@@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1809 0 to 63: methods defined by the IETF 1781 0 to 63: methods defined by the IETF
1810 64 to 192: external party methods assigned by IANA 1782 64 to 192: external party methods assigned by IANA
1811 193 to 255: reserved for private use */ 1783 193 to 255: reserved for private use */
1812 if (id < 193 || id > 255) 1784 if (id < 193 || id > 255) {
1813 { 1785 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1814 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1815 return 0; 1786 return 0;
1816 } 1787 }
1817 1788
1818 MemCheck_off(); 1789 MemCheck_off();
1819 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 1790 comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1820 comp->id=id; 1791 comp->id = id;
1821 comp->method=cm; 1792 comp->method = cm;
1822 load_builtin_compressions(); 1793 load_builtin_compressions();
1823 if (ssl_comp_methods 1794 if (ssl_comp_methods
1824 && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) 1795 && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
1825 {
1826 OPENSSL_free(comp); 1796 OPENSSL_free(comp);
1827 MemCheck_on(); 1797 MemCheck_on();
1828 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); 1798 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID);
1829 return(1); 1799 return (1);
1830 } 1800 } else if ((ssl_comp_methods == NULL)
1831 else if ((ssl_comp_methods == NULL) 1801 || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
1832 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1833 {
1834 OPENSSL_free(comp); 1802 OPENSSL_free(comp);
1835 MemCheck_on(); 1803 MemCheck_on();
1836 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1804 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
1837 return(1); 1805 return (1);
1838 } 1806 } else {
1839 else
1840 {
1841 MemCheck_on(); 1807 MemCheck_on();
1842 return(0); 1808 return (0);
1843 }
1844 } 1809 }
1810}
1845 1811
1846const char *SSL_COMP_get_name(const COMP_METHOD *comp) 1812const char
1847 { 1813*SSL_COMP_get_name(const COMP_METHOD *comp)
1814{
1848 if (comp) 1815 if (comp)
1849 return comp->name; 1816 return comp->name;
1850 return NULL; 1817 return NULL;
1851 } 1818}
1852 1819
1853#endif 1820#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:21:03 +0000