summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl_ciph.c79
1 files changed, 40 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 532fb4e80d..2d6eab20c3 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -340,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
340 } 340 }
341 341
342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, 343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
345 { 345 {
346 int i, list_num; 346 int i, co_list_num;
347 SSL_CIPHER *c; 347 SSL_CIPHER *c;
348 348
349 /* 349 /*
@@ -354,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
354 */ 354 */
355 355
356 /* Get the initial list of ciphers */ 356 /* Get the initial list of ciphers */
357 list_num = 0; /* actual count of ciphers */ 357 co_list_num = 0; /* actual count of ciphers */
358 for (i = 0; i < num_of_ciphers; i++) 358 for (i = 0; i < num_of_ciphers; i++)
359 { 359 {
360 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
361 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
362 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
363 { 363 {
364 list[list_num].cipher = c; 364 co_list[co_list_num].cipher = c;
365 list[list_num].next = NULL; 365 co_list[co_list_num].next = NULL;
366 list[list_num].prev = NULL; 366 co_list[co_list_num].prev = NULL;
367 list[list_num].active = 0; 367 co_list[co_list_num].active = 0;
368 list_num++; 368 co_list_num++;
369#ifdef KSSL_DEBUG 369#ifdef KSSL_DEBUG
370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
371#endif /* KSSL_DEBUG */ 371#endif /* KSSL_DEBUG */
@@ -378,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
378 /* 378 /*
379 * Prepare linked list from list entries 379 * Prepare linked list from list entries
380 */ 380 */
381 for (i = 1; i < list_num - 1; i++) 381 for (i = 1; i < co_list_num - 1; i++)
382 { 382 {
383 list[i].prev = &(list[i-1]); 383 co_list[i].prev = &(co_list[i-1]);
384 list[i].next = &(list[i+1]); 384 co_list[i].next = &(co_list[i+1]);
385 } 385 }
386 if (list_num > 0) 386 if (co_list_num > 0)
387 { 387 {
388 (*head_p) = &(list[0]); 388 (*head_p) = &(co_list[0]);
389 (*head_p)->prev = NULL; 389 (*head_p)->prev = NULL;
390 (*head_p)->next = &(list[1]); 390 (*head_p)->next = &(co_list[1]);
391 (*tail_p) = &(list[list_num - 1]); 391 (*tail_p) = &(co_list[co_list_num - 1]);
392 (*tail_p)->prev = &(list[list_num - 2]); 392 (*tail_p)->prev = &(co_list[co_list_num - 2]);
393 (*tail_p)->next = NULL; 393 (*tail_p)->next = NULL;
394 } 394 }
395 } 395 }
@@ -435,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
435 435
436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
437 unsigned long algo_strength, unsigned long mask_strength, 437 unsigned long algo_strength, unsigned long mask_strength,
438 int rule, int strength_bits, CIPHER_ORDER *list, 438 int rule, int strength_bits, CIPHER_ORDER *co_list,
439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
440 { 440 {
441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -530,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
530 *tail_p = tail; 530 *tail_p = tail;
531 } 531 }
532 532
533static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, 533static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
534 CIPHER_ORDER **tail_p) 534 CIPHER_ORDER **head_p,
535 CIPHER_ORDER **tail_p)
535 { 536 {
536 int max_strength_bits, i, *number_uses; 537 int max_strength_bits, i, *number_uses;
537 CIPHER_ORDER *curr; 538 CIPHER_ORDER *curr;
@@ -576,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
576 for (i = max_strength_bits; i >= 0; i--) 577 for (i = max_strength_bits; i >= 0; i--)
577 if (number_uses[i] > 0) 578 if (number_uses[i] > 0)
578 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 579 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
579 list, head_p, tail_p); 580 co_list, head_p, tail_p);
580 581
581 OPENSSL_free(number_uses); 582 OPENSSL_free(number_uses);
582 return(1); 583 return(1);
583 } 584 }
584 585
585static int ssl_cipher_process_rulestr(const char *rule_str, 586static int ssl_cipher_process_rulestr(const char *rule_str,
586 CIPHER_ORDER *list, CIPHER_ORDER **head_p, 587 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
587 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 588 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
588 { 589 {
589 unsigned long algorithms, mask, algo_strength, mask_strength; 590 unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -708,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
708 ok = 0; 709 ok = 0;
709 if ((buflen == 8) && 710 if ((buflen == 8) &&
710 !strncmp(buf, "STRENGTH", 8)) 711 !strncmp(buf, "STRENGTH", 8))
711 ok = ssl_cipher_strength_sort(list, 712 ok = ssl_cipher_strength_sort(co_list,
712 head_p, tail_p); 713 head_p, tail_p);
713 else 714 else
714 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 715 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -728,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
728 { 729 {
729 ssl_cipher_apply_rule(algorithms, mask, 730 ssl_cipher_apply_rule(algorithms, mask,
730 algo_strength, mask_strength, rule, -1, 731 algo_strength, mask_strength, rule, -1,
731 list, head_p, tail_p); 732 co_list, head_p, tail_p);
732 } 733 }
733 else 734 else
734 { 735 {
@@ -750,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
750 unsigned long disabled_mask; 751 unsigned long disabled_mask;
751 STACK_OF(SSL_CIPHER) *cipherstack; 752 STACK_OF(SSL_CIPHER) *cipherstack;
752 const char *rule_p; 753 const char *rule_p;
753 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; 754 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
754 SSL_CIPHER **ca_list = NULL; 755 SSL_CIPHER **ca_list = NULL;
755 756
756 /* 757 /*
@@ -780,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
780#ifdef KSSL_DEBUG 781#ifdef KSSL_DEBUG
781 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 782 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
782#endif /* KSSL_DEBUG */ 783#endif /* KSSL_DEBUG */
783 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 784 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
784 if (list == NULL) 785 if (co_list == NULL)
785 { 786 {
786 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 787 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
787 return(NULL); /* Failure */ 788 return(NULL); /* Failure */
788 } 789 }
789 790
790 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 791 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
791 list, &head, &tail); 792 co_list, &head, &tail);
792 793
793 /* 794 /*
794 * We also need cipher aliases for selecting based on the rule_str. 795 * We also need cipher aliases for selecting based on the rule_str.
@@ -804,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
804 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 805 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
805 if (ca_list == NULL) 806 if (ca_list == NULL)
806 { 807 {
807 OPENSSL_free(list); 808 OPENSSL_free(co_list);
808 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 809 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
809 return(NULL); /* Failure */ 810 return(NULL); /* Failure */
810 } 811 }
@@ -820,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
820 if (strncmp(rule_str,"DEFAULT",7) == 0) 821 if (strncmp(rule_str,"DEFAULT",7) == 0)
821 { 822 {
822 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 823 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
823 list, &head, &tail, ca_list); 824 co_list, &head, &tail, ca_list);
824 rule_p += 7; 825 rule_p += 7;
825 if (*rule_p == ':') 826 if (*rule_p == ':')
826 rule_p++; 827 rule_p++;
827 } 828 }
828 829
829 if (ok && (strlen(rule_p) > 0)) 830 if (ok && (strlen(rule_p) > 0))
830 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, 831 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
831 ca_list); 832 ca_list);
832 833
833 OPENSSL_free(ca_list); /* Not needed anymore */ 834 OPENSSL_free(ca_list); /* Not needed anymore */
834 835
835 if (!ok) 836 if (!ok)
836 { /* Rule processing failure */ 837 { /* Rule processing failure */
837 OPENSSL_free(list); 838 OPENSSL_free(co_list);
838 return(NULL); 839 return(NULL);
839 } 840 }
840 /* 841 /*
@@ -843,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
843 */ 844 */
844 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 845 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
845 { 846 {
846 OPENSSL_free(list); 847 OPENSSL_free(co_list);
847 return(NULL); 848 return(NULL);
848 } 849 }
849 850
@@ -861,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
861#endif 862#endif
862 } 863 }
863 } 864 }
864 OPENSSL_free(list); /* Not needed any longer */ 865 OPENSSL_free(co_list); /* Not needed any longer */
865 866
866 /* 867 /*
867 * The following passage is a little bit odd. If pointer variables 868 * The following passage is a little bit odd. If pointer variables
@@ -911,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
911char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 912char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
912 { 913 {
913 int is_export,pkl,kl; 914 int is_export,pkl,kl;
914 char *ver,*exp; 915 char *ver,*exp_str;
915 char *kx,*au,*enc,*mac; 916 char *kx,*au,*enc,*mac;
916 unsigned long alg,alg2,alg_s; 917 unsigned long alg,alg2,alg_s;
917#ifdef KSSL_DEBUG 918#ifdef KSSL_DEBUG
@@ -927,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
927 is_export=SSL_C_IS_EXPORT(cipher); 928 is_export=SSL_C_IS_EXPORT(cipher);
928 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 929 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
929 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 930 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
930 exp=is_export?" export":""; 931 exp_str=is_export?" export":"";
931 932
932 if (alg & SSL_SSLV2) 933 if (alg & SSL_SSLV2)
933 ver="SSLv2"; 934 ver="SSLv2";
@@ -1046,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1046 return("Buffer too small"); 1047 return("Buffer too small");
1047 1048
1048#ifdef KSSL_DEBUG 1049#ifdef KSSL_DEBUG
1049 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); 1050 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1050#else 1051#else
1051 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); 1052 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1052#endif /* KSSL_DEBUG */ 1053#endif /* KSSL_DEBUG */
1053 return(buf); 1054 return(buf);
1054 } 1055 }
@@ -1135,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1135 { 1136 {
1136 MemCheck_on(); 1137 MemCheck_on();
1137 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1138 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1138 return(0); 1139 return(1);
1139 } 1140 }
1140 else 1141 else
1141 { 1142 {
1142 MemCheck_on(); 1143 MemCheck_on();
1143 return(1); 1144 return(0);
1144 } 1145 }
1145 } 1146 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 06:54:10 +0000