summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c1023
1 files changed, 331 insertions, 692 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index bee3507ea1..e9c9a08306 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -113,41 +113,12 @@
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h> 116#include <stdio.h>
144#include <openssl/objects.h> 117#include <openssl/objects.h>
145#ifndef OPENSSL_NO_COMP 118#ifndef OPENSSL_NO_COMP
146#include <openssl/comp.h> 119#include <openssl/comp.h>
147#endif 120#endif
148#ifndef OPENSSL_NO_ENGINE 121
149#include <openssl/engine.h>
150#endif
151#include "ssl_locl.h" 122#include "ssl_locl.h"
152 123
153#define SSL_ENC_DES_IDX 0 124#define SSL_ENC_DES_IDX 0
@@ -155,18 +126,18 @@
155#define SSL_ENC_RC4_IDX 2 126#define SSL_ENC_RC4_IDX 2
156#define SSL_ENC_RC2_IDX 3 127#define SSL_ENC_RC2_IDX 3
157#define SSL_ENC_IDEA_IDX 4 128#define SSL_ENC_IDEA_IDX 4
158#define SSL_ENC_NULL_IDX 5 129#define SSL_ENC_eFZA_IDX 5
159#define SSL_ENC_AES128_IDX 6 130#define SSL_ENC_NULL_IDX 6
160#define SSL_ENC_AES256_IDX 7 131#define SSL_ENC_AES128_IDX 7
161#define SSL_ENC_CAMELLIA128_IDX 8 132#define SSL_ENC_AES256_IDX 8
162#define SSL_ENC_CAMELLIA256_IDX 9 133#define SSL_ENC_CAMELLIA128_IDX 9
163#define SSL_ENC_GOST89_IDX 10 134#define SSL_ENC_CAMELLIA256_IDX 10
164#define SSL_ENC_SEED_IDX 11 135#define SSL_ENC_SEED_IDX 11
165#define SSL_ENC_NUM_IDX 12 136#define SSL_ENC_NUM_IDX 12
166 137
167 138
168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 139static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
169 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, 140 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
170 }; 141 };
171 142
172#define SSL_COMP_NULL_IDX 0 143#define SSL_COMP_NULL_IDX 0
@@ -177,30 +148,9 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
177 148
178#define SSL_MD_MD5_IDX 0 149#define SSL_MD_MD5_IDX 0
179#define SSL_MD_SHA1_IDX 1 150#define SSL_MD_SHA1_IDX 1
180#define SSL_MD_GOST94_IDX 2 151#define SSL_MD_NUM_IDX 2
181#define SSL_MD_GOST89MAC_IDX 3
182/*Constant SSL_MAX_DIGEST equal to size of digests array should be
183 * defined in the
184 * ssl_locl.h */
185#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
186static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 152static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
187 NULL,NULL,NULL,NULL 153 NULL,NULL,
188 };
189/* PKEY_TYPE for GOST89MAC is known in advance, but, because
190 * implementation is engine-provided, we'll fill it only if
191 * corresponding EVP_PKEY_METHOD is found
192 */
193static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
194 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
195 };
196
197static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
198 0,0,0,0
199 };
200
201static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
202 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
203 SSL_HANDSHAKE_MAC_GOST94,0
204 }; 154 };
205 155
206#define CIPHER_ADD 1 156#define CIPHER_ADD 1
@@ -211,144 +161,72 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
211 161
212typedef struct cipher_order_st 162typedef struct cipher_order_st
213 { 163 {
214 const SSL_CIPHER *cipher; 164 SSL_CIPHER *cipher;
215 int active; 165 int active;
216 int dead; 166 int dead;
217 struct cipher_order_st *next,*prev; 167 struct cipher_order_st *next,*prev;
218 } CIPHER_ORDER; 168 } CIPHER_ORDER;
219 169
220static const SSL_CIPHER cipher_aliases[]={ 170static const SSL_CIPHER cipher_aliases[]={
221 /* "ALL" doesn't include eNULL (must be specifically enabled) */ 171 /* Don't include eNULL unless specifically enabled. */
222 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, 172 /* Don't include ECC in ALL because these ciphers are not yet official. */
223 /* "COMPLEMENTOFALL" */ 173 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
224 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, 174 /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
225 175 {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
226 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ 176 {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
227 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, 177 {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
228 178 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
229 /* key exchange aliases 179 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
230 * (some of those using only a single bit here combine 180 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
231 * multiple key exchange algs according to the RFCs, 181 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
232 * e.g. kEDH combines DHE_DSS and DHE_RSA) */ 182 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
233 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, 183 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
234 184 {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
235 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 185 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
236 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 186 {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
237 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ 187 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
238 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, 188 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
239 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, 189 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
240 190 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
241 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, 191 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0},
242 192 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
243 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, 193
244 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, 194 {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
245 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, 195 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
246 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, 196 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
247 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, 197 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
248 198#ifndef OPENSSL_NO_IDEA
249 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, 199 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
250 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
251
252 /* server authentication aliases */
253 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
254 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
255 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
256 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
257 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
258 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
259 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
260 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
261 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
262 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
263 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
264 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
265 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
266
267 /* aliases combining key exchange and server authentication */
268 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
269 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
270 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
271 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
272 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
273 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
274 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
275 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
276
277
278 /* symmetric encryption aliases */
279 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
280 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
281 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
282 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
283 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
284 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
285 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
286 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
287 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
288 {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
289 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
290 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
291 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
292
293 /* MAC aliases */
294 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
295 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
296 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
297 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
298 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
299
300 /* protocol version aliases */
301 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
302 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
303 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
304
305 /* export flag */
306 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
307 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
308
309 /* strength classes */
310 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
311 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
312 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
313 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
314 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
315 /* FIPS 140-2 approved ciphersuite */
316 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
317 };
318/* Search for public key algorithm with given name and
319 * return its pkey_id if it is available. Otherwise return 0
320 */
321#ifdef OPENSSL_NO_ENGINE
322
323static int get_optional_pkey_id(const char *pkey_name)
324 {
325 const EVP_PKEY_ASN1_METHOD *ameth;
326 int pkey_id=0;
327 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
328 if (ameth)
329 {
330 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
331 }
332 return pkey_id;
333 }
334
335#else
336
337static int get_optional_pkey_id(const char *pkey_name)
338 {
339 const EVP_PKEY_ASN1_METHOD *ameth;
340 ENGINE *tmpeng = NULL;
341 int pkey_id=0;
342 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
343 if (ameth)
344 {
345 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
346 }
347 if (tmpeng) ENGINE_finish(tmpeng);
348 return pkey_id;
349 }
350
351#endif 200#endif
201 {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0},
202 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
203 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
204 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
205 {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
206
207 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
208 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
209 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
210
211 {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
212 {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
213 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
214 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
215 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
216
217 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
218 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
219 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
220
221 {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
222 {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
223 {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
224 {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
225 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
226 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
227 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
228 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
229 };
352 230
353void ssl_load_ciphers(void) 231void ssl_load_ciphers(void)
354 { 232 {
@@ -374,37 +252,16 @@ void ssl_load_ciphers(void)
374 EVP_get_cipherbyname(SN_camellia_128_cbc); 252 EVP_get_cipherbyname(SN_camellia_128_cbc);
375 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 253 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
376 EVP_get_cipherbyname(SN_camellia_256_cbc); 254 EVP_get_cipherbyname(SN_camellia_256_cbc);
377 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
378 EVP_get_cipherbyname(SN_gost89_cnt);
379 ssl_cipher_methods[SSL_ENC_SEED_IDX]= 255 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
380 EVP_get_cipherbyname(SN_seed_cbc); 256 EVP_get_cipherbyname(SN_seed_cbc);
381 257
382 ssl_digest_methods[SSL_MD_MD5_IDX]= 258 ssl_digest_methods[SSL_MD_MD5_IDX]=
383 EVP_get_digestbyname(SN_md5); 259 EVP_get_digestbyname(SN_md5);
384 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
385 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
386 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
387 ssl_digest_methods[SSL_MD_SHA1_IDX]= 260 ssl_digest_methods[SSL_MD_SHA1_IDX]=
388 EVP_get_digestbyname(SN_sha1); 261 EVP_get_digestbyname(SN_sha1);
389 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
390 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
391 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
392 ssl_digest_methods[SSL_MD_GOST94_IDX]=
393 EVP_get_digestbyname(SN_id_GostR3411_94);
394 if (ssl_digest_methods[SSL_MD_GOST94_IDX])
395 {
396 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
397 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
398 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
399 }
400 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
401 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
402 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
403 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
404 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
405 }
406
407 } 262 }
263
264
408#ifndef OPENSSL_NO_COMP 265#ifndef OPENSSL_NO_COMP
409 266
410static int sk_comp_cmp(const SSL_COMP * const *a, 267static int sk_comp_cmp(const SSL_COMP * const *a,
@@ -459,10 +316,10 @@ static void load_builtin_compressions(void)
459#endif 316#endif
460 317
461int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 318int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
462 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) 319 const EVP_MD **md, SSL_COMP **comp)
463 { 320 {
464 int i; 321 int i;
465 const SSL_CIPHER *c; 322 SSL_CIPHER *c;
466 323
467 c=s->cipher; 324 c=s->cipher;
468 if (c == NULL) return(0); 325 if (c == NULL) return(0);
@@ -487,7 +344,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
487 344
488 if ((enc == NULL) || (md == NULL)) return(0); 345 if ((enc == NULL) || (md == NULL)) return(0);
489 346
490 switch (c->algorithm_enc) 347 switch (c->algorithms & SSL_ENC_MASK)
491 { 348 {
492 case SSL_DES: 349 case SSL_DES:
493 i=SSL_ENC_DES_IDX; 350 i=SSL_ENC_DES_IDX;
@@ -507,30 +364,32 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
507 case SSL_eNULL: 364 case SSL_eNULL:
508 i=SSL_ENC_NULL_IDX; 365 i=SSL_ENC_NULL_IDX;
509 break; 366 break;
510 case SSL_AES128: 367 case SSL_AES:
511 i=SSL_ENC_AES128_IDX; 368 switch(c->alg_bits)
512 break; 369 {
513 case SSL_AES256: 370 case 128: i=SSL_ENC_AES128_IDX; break;
514 i=SSL_ENC_AES256_IDX; 371 case 256: i=SSL_ENC_AES256_IDX; break;
515 break; 372 default: i=-1; break;
516 case SSL_CAMELLIA128: 373 }
517 i=SSL_ENC_CAMELLIA128_IDX;
518 break;
519 case SSL_CAMELLIA256:
520 i=SSL_ENC_CAMELLIA256_IDX;
521 break; 374 break;
522 case SSL_eGOST2814789CNT: 375 case SSL_CAMELLIA:
523 i=SSL_ENC_GOST89_IDX; 376 switch(c->alg_bits)
377 {
378 case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
379 case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
380 default: i=-1; break;
381 }
524 break; 382 break;
525 case SSL_SEED: 383 case SSL_SEED:
526 i=SSL_ENC_SEED_IDX; 384 i=SSL_ENC_SEED_IDX;
527 break; 385 break;
386
528 default: 387 default:
529 i= -1; 388 i= -1;
530 break; 389 break;
531 } 390 }
532 391
533 if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 392 if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
534 *enc=NULL; 393 *enc=NULL;
535 else 394 else
536 { 395 {
@@ -540,7 +399,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
540 *enc=ssl_cipher_methods[i]; 399 *enc=ssl_cipher_methods[i];
541 } 400 }
542 401
543 switch (c->algorithm_mac) 402 switch (c->algorithms & SSL_MAC_MASK)
544 { 403 {
545 case SSL_MD5: 404 case SSL_MD5:
546 i=SSL_MD_MD5_IDX; 405 i=SSL_MD_MD5_IDX;
@@ -548,48 +407,21 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
548 case SSL_SHA1: 407 case SSL_SHA1:
549 i=SSL_MD_SHA1_IDX; 408 i=SSL_MD_SHA1_IDX;
550 break; 409 break;
551 case SSL_GOST94:
552 i = SSL_MD_GOST94_IDX;
553 break;
554 case SSL_GOST89MAC:
555 i = SSL_MD_GOST89MAC_IDX;
556 break;
557 default: 410 default:
558 i= -1; 411 i= -1;
559 break; 412 break;
560 } 413 }
561 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 414 if ((i < 0) || (i >= SSL_MD_NUM_IDX))
562 { 415 *md=NULL;
563 *md=NULL;
564 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
565 if (mac_secret_size!=NULL) *mac_secret_size = 0;
566
567 }
568 else 416 else
569 {
570 *md=ssl_digest_methods[i]; 417 *md=ssl_digest_methods[i];
571 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
572 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
573 }
574 418
575 if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef)) 419 if ((*enc != NULL) && (*md != NULL))
576 return(1); 420 return(1);
577 else 421 else
578 return(0); 422 return(0);
579 } 423 }
580 424
581int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
582{
583 if (idx <0||idx>=SSL_MD_NUM_IDX)
584 {
585 return 0;
586 }
587 if (ssl_handshake_digest_flag[idx]==0) return 0;
588 *mask = ssl_handshake_digest_flag[idx];
589 *md = ssl_digest_methods[idx];
590 return 1;
591}
592
593#define ITEM_SEP(a) \ 425#define ITEM_SEP(a) \
594 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 426 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
595 427
@@ -601,7 +433,7 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
601 *head=curr->next; 433 *head=curr->next;
602 if (curr->prev != NULL) 434 if (curr->prev != NULL)
603 curr->prev->next=curr->next; 435 curr->prev->next=curr->next;
604 if (curr->next != NULL) 436 if (curr->next != NULL) /* should always be true */
605 curr->next->prev=curr->prev; 437 curr->next->prev=curr->prev;
606 (*tail)->next=curr; 438 (*tail)->next=curr;
607 curr->prev= *tail; 439 curr->prev= *tail;
@@ -609,105 +441,69 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
609 *tail=curr; 441 *tail=curr;
610 } 442 }
611 443
612static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, 444struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
613 CIPHER_ORDER **tail) 445 * where 128-bit and 256-bit algorithms simply will get
614 { 446 * separate bits. */
615 if (curr == *head) return; 447 unsigned long mask; /* everything except m256 */
616 if (curr == *tail) 448 unsigned long m256; /* applies to 256-bit algorithms only */
617 *tail=curr->prev; 449};
618 if (curr->next != NULL)
619 curr->next->prev=curr->prev;
620 if (curr->prev != NULL)
621 curr->prev->next=curr->next;
622 (*head)->prev=curr;
623 curr->next= *head;
624 curr->prev=NULL;
625 *head=curr;
626 }
627 450
628static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) 451static struct disabled_masks ssl_cipher_get_disabled(void)
629 { 452 {
630 *mkey = 0; 453 unsigned long mask;
631 *auth = 0; 454 unsigned long m256;
632 *enc = 0; 455 struct disabled_masks ret;
633 *mac = 0;
634 *ssl = 0;
635 456
457 mask = SSL_kFZA;
636#ifdef OPENSSL_NO_RSA 458#ifdef OPENSSL_NO_RSA
637 *mkey |= SSL_kRSA; 459 mask |= SSL_aRSA|SSL_kRSA;
638 *auth |= SSL_aRSA;
639#endif 460#endif
640#ifdef OPENSSL_NO_DSA 461#ifdef OPENSSL_NO_DSA
641 *auth |= SSL_aDSS; 462 mask |= SSL_aDSS;
642#endif 463#endif
643 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
644 *auth |= SSL_aDH;
645#ifdef OPENSSL_NO_DH 464#ifdef OPENSSL_NO_DH
646 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH; 465 mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
647 *auth |= SSL_aDH;
648#endif 466#endif
649#ifdef OPENSSL_NO_KRB5 467#ifdef OPENSSL_NO_KRB5
650 *mkey |= SSL_kKRB5; 468 mask |= SSL_kKRB5|SSL_aKRB5;
651 *auth |= SSL_aKRB5;
652#endif
653#ifdef OPENSSL_NO_ECDSA
654 *auth |= SSL_aECDSA;
655#endif 469#endif
656#ifdef OPENSSL_NO_ECDH 470#ifdef OPENSSL_NO_ECDH
657 *mkey |= SSL_kECDHe|SSL_kECDHr; 471 mask |= SSL_kECDH|SSL_kECDHE;
658 *auth |= SSL_aECDH;
659#endif 472#endif
660#ifdef OPENSSL_NO_PSK
661 *mkey |= SSL_kPSK;
662 *auth |= SSL_aPSK;
663#endif
664 /* Check for presence of GOST 34.10 algorithms, and if they
665 * do not present, disable appropriate auth and key exchange */
666 if (!get_optional_pkey_id("gost94")) {
667 *auth |= SSL_aGOST94;
668 }
669 if (!get_optional_pkey_id("gost2001")) {
670 *auth |= SSL_aGOST01;
671 }
672 /* Disable GOST key exchange if no GOST signature algs are available * */
673 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
674 *mkey |= SSL_kGOST;
675 }
676#ifdef SSL_FORBID_ENULL 473#ifdef SSL_FORBID_ENULL
677 *enc |= SSL_eNULL; 474 mask |= SSL_eNULL;
678#endif 475#endif
679
680
681
682 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
683 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
684 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
685 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
686 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
687 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
688 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
689 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
690 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
691 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
692 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
693
694 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
695 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
696 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
697 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
698 476
477 mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
478 mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
479 mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
480 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
481 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
482 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
483 mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
484
485 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
486 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
487
488 /* finally consider algorithms where mask and m256 differ */
489 m256 = mask;
490 mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
491 mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
492 m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
493 m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
494
495 ret.mask = mask;
496 ret.m256 = m256;
497 return ret;
699 } 498 }
700 499
701static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 500static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
702 int num_of_ciphers, 501 int num_of_ciphers, unsigned long mask, unsigned long m256,
703 unsigned long disabled_mkey, unsigned long disabled_auth, 502 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
704 unsigned long disabled_enc, unsigned long disabled_mac, 503 CIPHER_ORDER **tail_p)
705 unsigned long disabled_ssl,
706 CIPHER_ORDER *co_list,
707 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
708 { 504 {
709 int i, co_list_num; 505 int i, co_list_num;
710 const SSL_CIPHER *c; 506 SSL_CIPHER *c;
711 507
712 /* 508 /*
713 * We have num_of_ciphers descriptions compiled in, depending on the 509 * We have num_of_ciphers descriptions compiled in, depending on the
@@ -721,13 +517,14 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
721 for (i = 0; i < num_of_ciphers; i++) 517 for (i = 0; i < num_of_ciphers; i++)
722 { 518 {
723 c = ssl_method->get_cipher(i); 519 c = ssl_method->get_cipher(i);
520#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
724 /* drop those that use any of that is not available */ 521 /* drop those that use any of that is not available */
725 if ((c != NULL) && c->valid && 522#ifdef OPENSSL_FIPS
726 !(c->algorithm_mkey & disabled_mkey) && 523 if ((c != NULL) && c->valid && !IS_MASKED(c)
727 !(c->algorithm_auth & disabled_auth) && 524 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
728 !(c->algorithm_enc & disabled_enc) && 525#else
729 !(c->algorithm_mac & disabled_mac) && 526 if ((c != NULL) && c->valid && !IS_MASKED(c))
730 !(c->algorithm_ssl & disabled_ssl)) 527#endif
731 { 528 {
732 co_list[co_list_num].cipher = c; 529 co_list[co_list_num].cipher = c;
733 co_list[co_list_num].next = NULL; 530 co_list[co_list_num].next = NULL;
@@ -735,7 +532,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
735 co_list[co_list_num].active = 0; 532 co_list[co_list_num].active = 0;
736 co_list_num++; 533 co_list_num++;
737#ifdef KSSL_DEBUG 534#ifdef KSSL_DEBUG
738 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); 535 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
739#endif /* KSSL_DEBUG */ 536#endif /* KSSL_DEBUG */
740 /* 537 /*
741 if (!sk_push(ca_list,(char *)c)) goto err; 538 if (!sk_push(ca_list,(char *)c)) goto err;
@@ -746,45 +543,29 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
746 /* 543 /*
747 * Prepare linked list from list entries 544 * Prepare linked list from list entries
748 */ 545 */
546 for (i = 1; i < co_list_num - 1; i++)
547 {
548 co_list[i].prev = &(co_list[i-1]);
549 co_list[i].next = &(co_list[i+1]);
550 }
749 if (co_list_num > 0) 551 if (co_list_num > 0)
750 { 552 {
751 co_list[0].prev = NULL; 553 (*head_p) = &(co_list[0]);
752 554 (*head_p)->prev = NULL;
753 if (co_list_num > 1) 555 (*head_p)->next = &(co_list[1]);
754 { 556 (*tail_p) = &(co_list[co_list_num - 1]);
755 co_list[0].next = &co_list[1]; 557 (*tail_p)->prev = &(co_list[co_list_num - 2]);
756 558 (*tail_p)->next = NULL;
757 for (i = 1; i < co_list_num - 1; i++)
758 {
759 co_list[i].prev = &co_list[i - 1];
760 co_list[i].next = &co_list[i + 1];
761 }
762
763 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
764 }
765
766 co_list[co_list_num - 1].next = NULL;
767
768 *head_p = &co_list[0];
769 *tail_p = &co_list[co_list_num - 1];
770 } 559 }
771 } 560 }
772 561
773static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, 562static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
774 int num_of_group_aliases, 563 int num_of_group_aliases, unsigned long mask,
775 unsigned long disabled_mkey, unsigned long disabled_auth,
776 unsigned long disabled_enc, unsigned long disabled_mac,
777 unsigned long disabled_ssl,
778 CIPHER_ORDER *head) 564 CIPHER_ORDER *head)
779 { 565 {
780 CIPHER_ORDER *ciph_curr; 566 CIPHER_ORDER *ciph_curr;
781 const SSL_CIPHER **ca_curr; 567 SSL_CIPHER **ca_curr;
782 int i; 568 int i;
783 unsigned long mask_mkey = ~disabled_mkey;
784 unsigned long mask_auth = ~disabled_auth;
785 unsigned long mask_enc = ~disabled_enc;
786 unsigned long mask_mac = ~disabled_mac;
787 unsigned long mask_ssl = ~disabled_ssl;
788 569
789 /* 570 /*
790 * First, add the real ciphers as already collected 571 * First, add the real ciphers as already collected
@@ -800,118 +581,84 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
800 581
801 /* 582 /*
802 * Now we add the available ones from the cipher_aliases[] table. 583 * Now we add the available ones from the cipher_aliases[] table.
803 * They represent either one or more algorithms, some of which 584 * They represent either an algorithm, that must be fully
804 * in any affected category must be supported (set in enabled_mask), 585 * supported (not match any bit in mask) or represent a cipher
805 * or represent a cipher strength value (will be added in any case because algorithms=0). 586 * strength value (will be added in any case because algorithms=0).
806 */ 587 */
807 for (i = 0; i < num_of_group_aliases; i++) 588 for (i = 0; i < num_of_group_aliases; i++)
808 { 589 {
809 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; 590 if ((i == 0) || /* always fetch "ALL" */
810 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; 591 !(cipher_aliases[i].algorithms & mask))
811 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; 592 {
812 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; 593 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
813 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; 594 ca_curr++;
814 595 }
815 if (algorithm_mkey)
816 if ((algorithm_mkey & mask_mkey) == 0)
817 continue;
818
819 if (algorithm_auth)
820 if ((algorithm_auth & mask_auth) == 0)
821 continue;
822
823 if (algorithm_enc)
824 if ((algorithm_enc & mask_enc) == 0)
825 continue;
826
827 if (algorithm_mac)
828 if ((algorithm_mac & mask_mac) == 0)
829 continue;
830
831 if (algorithm_ssl)
832 if ((algorithm_ssl & mask_ssl) == 0)
833 continue;
834
835 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
836 ca_curr++;
837 } 596 }
838 597
839 *ca_curr = NULL; /* end of list */ 598 *ca_curr = NULL; /* end of list */
840 } 599 }
841 600
842static void ssl_cipher_apply_rule(unsigned long cipher_id, 601static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
843 unsigned long alg_mkey, unsigned long alg_auth, 602 unsigned long algorithms, unsigned long mask,
844 unsigned long alg_enc, unsigned long alg_mac, 603 unsigned long algo_strength, unsigned long mask_strength,
845 unsigned long alg_ssl, 604 int rule, int strength_bits, CIPHER_ORDER *co_list,
846 unsigned long algo_strength,
847 int rule, int strength_bits,
848 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 605 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
849 { 606 {
850 CIPHER_ORDER *head, *tail, *curr, *curr2, *last; 607 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
851 const SSL_CIPHER *cp; 608 SSL_CIPHER *cp;
852 int reverse = 0; 609 unsigned long ma, ma_s;
853 610
854#ifdef CIPHER_DEBUG 611#ifdef CIPHER_DEBUG
855 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", 612 printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
856 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); 613 rule, algorithms, mask, algo_strength, mask_strength,
614 strength_bits);
857#endif 615#endif
858 616
859 if (rule == CIPHER_DEL) 617 curr = head = *head_p;
860 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ 618 curr2 = head;
861 619 tail2 = tail = *tail_p;
862 head = *head_p;
863 tail = *tail_p;
864
865 if (reverse)
866 {
867 curr = tail;
868 last = head;
869 }
870 else
871 {
872 curr = head;
873 last = tail;
874 }
875
876 curr2 = curr;
877 for (;;) 620 for (;;)
878 { 621 {
879 if ((curr == NULL) || (curr == last)) break; 622 if ((curr == NULL) || (curr == tail2)) break;
880 curr = curr2; 623 curr = curr2;
881 curr2 = reverse ? curr->prev : curr->next; 624 curr2 = curr->next;
882 625
883 cp = curr->cipher; 626 cp = curr->cipher;
884 627
885 /* 628 /* If explicit cipher suite, match only that one for its own protocol version.
886 * Selection criteria is either the value of strength_bits 629 * Usual selection criteria will be used for similar ciphersuites from other version! */
887 * or the algorithms used. 630
888 */ 631 if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
889 if (strength_bits >= 0)
890 { 632 {
891 if (strength_bits != cp->strength_bits) 633 if (cp->id != cipher_id)
892 continue; 634 continue;
893 } 635 }
894 else 636
637 /*
638 * Selection criteria is either the number of strength_bits
639 * or the algorithm used.
640 */
641 else if (strength_bits == -1)
895 { 642 {
643 ma = mask & cp->algorithms;
644 ma_s = mask_strength & cp->algo_strength;
645
896#ifdef CIPHER_DEBUG 646#ifdef CIPHER_DEBUG
897 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); 647 printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
648 printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
898#endif 649#endif
899 650 /*
900 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) 651 * Select: if none of the mask bit was met from the
901 continue; 652 * cipher or not all of the bits were met, the
902 if (alg_auth && !(alg_auth & cp->algorithm_auth)) 653 * selection does not apply.
903 continue; 654 */
904 if (alg_enc && !(alg_enc & cp->algorithm_enc)) 655 if (((ma == 0) && (ma_s == 0)) ||
905 continue; 656 ((ma & algorithms) != ma) ||
906 if (alg_mac && !(alg_mac & cp->algorithm_mac)) 657 ((ma_s & algo_strength) != ma_s))
907 continue; 658 continue; /* does not apply */
908 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
909 continue;
910 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
911 continue;
912 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
913 continue;
914 } 659 }
660 else if (strength_bits != cp->strength_bits)
661 continue; /* does not apply */
915 662
916#ifdef CIPHER_DEBUG 663#ifdef CIPHER_DEBUG
917 printf("Action = %d\n", rule); 664 printf("Action = %d\n", rule);
@@ -920,37 +667,38 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
920 /* add the cipher if it has not been added yet. */ 667 /* add the cipher if it has not been added yet. */
921 if (rule == CIPHER_ADD) 668 if (rule == CIPHER_ADD)
922 { 669 {
923 /* reverse == 0 */
924 if (!curr->active) 670 if (!curr->active)
925 { 671 {
926 ll_append_tail(&head, curr, &tail); 672 int add_this_cipher = 1;
927 curr->active = 1; 673
674 if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
675 {
676 /* Make sure "ECCdraft" ciphersuites are activated only if
677 * *explicitly* requested, but not implicitly (such as
678 * as part of the "AES" alias). */
679
680 add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
681 }
682
683 if (add_this_cipher)
684 {
685 ll_append_tail(&head, curr, &tail);
686 curr->active = 1;
687 }
928 } 688 }
929 } 689 }
930 /* Move the added cipher to this location */ 690 /* Move the added cipher to this location */
931 else if (rule == CIPHER_ORD) 691 else if (rule == CIPHER_ORD)
932 { 692 {
933 /* reverse == 0 */
934 if (curr->active) 693 if (curr->active)
935 { 694 {
936 ll_append_tail(&head, curr, &tail); 695 ll_append_tail(&head, curr, &tail);
937 } 696 }
938 } 697 }
939 else if (rule == CIPHER_DEL) 698 else if (rule == CIPHER_DEL)
940 { 699 curr->active = 0;
941 /* reverse == 1 */
942 if (curr->active)
943 {
944 /* most recently deleted ciphersuites get best positions
945 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
946 * works in reverse to maintain the order) */
947 ll_append_head(&head, curr, &tail);
948 curr->active = 0;
949 }
950 }
951 else if (rule == CIPHER_KILL) 700 else if (rule == CIPHER_KILL)
952 { 701 {
953 /* reverse == 0 */
954 if (head == curr) 702 if (head == curr)
955 head = curr->next; 703 head = curr->next;
956 else 704 else
@@ -971,7 +719,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
971 *tail_p = tail; 719 *tail_p = tail;
972 } 720 }
973 721
974static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, 722static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
723 CIPHER_ORDER **head_p,
975 CIPHER_ORDER **tail_p) 724 CIPHER_ORDER **tail_p)
976 { 725 {
977 int max_strength_bits, i, *number_uses; 726 int max_strength_bits, i, *number_uses;
@@ -994,10 +743,10 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
994 743
995 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 744 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
996 if (!number_uses) 745 if (!number_uses)
997 { 746 {
998 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); 747 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
999 return(0); 748 return(0);
1000 } 749 }
1001 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 750 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
1002 751
1003 /* 752 /*
@@ -1016,20 +765,21 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
1016 */ 765 */
1017 for (i = max_strength_bits; i >= 0; i--) 766 for (i = max_strength_bits; i >= 0; i--)
1018 if (number_uses[i] > 0) 767 if (number_uses[i] > 0)
1019 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); 768 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
769 co_list, head_p, tail_p);
1020 770
1021 OPENSSL_free(number_uses); 771 OPENSSL_free(number_uses);
1022 return(1); 772 return(1);
1023 } 773 }
1024 774
1025static int ssl_cipher_process_rulestr(const char *rule_str, 775static int ssl_cipher_process_rulestr(const char *rule_str,
1026 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, 776 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
1027 const SSL_CIPHER **ca_list) 777 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
1028 { 778 {
1029 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; 779 unsigned long algorithms, mask, algo_strength, mask_strength;
1030 const char *l, *start, *buf; 780 const char *l, *start, *buf;
1031 int j, multi, found, rule, retval, ok, buflen; 781 int j, multi, found, rule, retval, ok, buflen;
1032 unsigned long cipher_id = 0; 782 unsigned long cipher_id = 0, ssl_version = 0;
1033 char ch; 783 char ch;
1034 784
1035 retval = 1; 785 retval = 1;
@@ -1057,12 +807,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1057 continue; 807 continue;
1058 } 808 }
1059 809
1060 alg_mkey = 0; 810 algorithms = mask = algo_strength = mask_strength = 0;
1061 alg_auth = 0;
1062 alg_enc = 0;
1063 alg_mac = 0;
1064 alg_ssl = 0;
1065 algo_strength = 0;
1066 811
1067 start=l; 812 start=l;
1068 for (;;) 813 for (;;)
@@ -1123,9 +868,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1123 * sufficient, we have to strncmp() anyway. (We cannot 868 * sufficient, we have to strncmp() anyway. (We cannot
1124 * use strcmp(), because buf is not '\0' terminated.) 869 * use strcmp(), because buf is not '\0' terminated.)
1125 */ 870 */
1126 j = found = 0; 871 j = found = 0;
1127 cipher_id = 0; 872 cipher_id = 0;
1128 while (ca_list[j]) 873 ssl_version = 0;
874 while (ca_list[j])
1129 { 875 {
1130 if (!strncmp(buf, ca_list[j]->name, buflen) && 876 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1131 (ca_list[j]->name[buflen] == '\0')) 877 (ca_list[j]->name[buflen] == '\0'))
@@ -1136,100 +882,31 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1136 else 882 else
1137 j++; 883 j++;
1138 } 884 }
1139
1140 if (!found) 885 if (!found)
1141 break; /* ignore this entry */ 886 break; /* ignore this entry */
1142 887
1143 if (ca_list[j]->algorithm_mkey) 888 /* New algorithms:
1144 { 889 * 1 - any old restrictions apply outside new mask
1145 if (alg_mkey) 890 * 2 - any new restrictions apply outside old mask
1146 { 891 * 3 - enforce old & new where masks intersect
1147 alg_mkey &= ca_list[j]->algorithm_mkey; 892 */
1148 if (!alg_mkey) { found = 0; break; } 893 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
1149 } 894 (ca_list[j]->algorithms & ~mask) | /* 2 */
1150 else 895 (algorithms & ca_list[j]->algorithms); /* 3 */
1151 alg_mkey = ca_list[j]->algorithm_mkey; 896 mask |= ca_list[j]->mask;
1152 } 897 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
1153 898 (ca_list[j]->algo_strength & ~mask_strength) |
1154 if (ca_list[j]->algorithm_auth) 899 (algo_strength & ca_list[j]->algo_strength);
1155 { 900 mask_strength |= ca_list[j]->mask_strength;
1156 if (alg_auth) 901
1157 { 902 /* explicit ciphersuite found */
1158 alg_auth &= ca_list[j]->algorithm_auth;
1159 if (!alg_auth) { found = 0; break; }
1160 }
1161 else
1162 alg_auth = ca_list[j]->algorithm_auth;
1163 }
1164
1165 if (ca_list[j]->algorithm_enc)
1166 {
1167 if (alg_enc)
1168 {
1169 alg_enc &= ca_list[j]->algorithm_enc;
1170 if (!alg_enc) { found = 0; break; }
1171 }
1172 else
1173 alg_enc = ca_list[j]->algorithm_enc;
1174 }
1175
1176 if (ca_list[j]->algorithm_mac)
1177 {
1178 if (alg_mac)
1179 {
1180 alg_mac &= ca_list[j]->algorithm_mac;
1181 if (!alg_mac) { found = 0; break; }
1182 }
1183 else
1184 alg_mac = ca_list[j]->algorithm_mac;
1185 }
1186
1187 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1188 {
1189 if (algo_strength & SSL_EXP_MASK)
1190 {
1191 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1192 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1193 }
1194 else
1195 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1196 }
1197
1198 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1199 {
1200 if (algo_strength & SSL_STRONG_MASK)
1201 {
1202 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1203 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1204 }
1205 else
1206 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1207 }
1208
1209 if (ca_list[j]->valid) 903 if (ca_list[j]->valid)
1210 { 904 {
1211 /* explicit ciphersuite found; its protocol version
1212 * does not become part of the search pattern!*/
1213
1214 cipher_id = ca_list[j]->id; 905 cipher_id = ca_list[j]->id;
906 ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
907 break;
1215 } 908 }
1216 else
1217 {
1218 /* not an explicit ciphersuite; only in this case, the
1219 * protocol version is considered part of the search pattern */
1220 909
1221 if (ca_list[j]->algorithm_ssl)
1222 {
1223 if (alg_ssl)
1224 {
1225 alg_ssl &= ca_list[j]->algorithm_ssl;
1226 if (!alg_ssl) { found = 0; break; }
1227 }
1228 else
1229 alg_ssl = ca_list[j]->algorithm_ssl;
1230 }
1231 }
1232
1233 if (!multi) break; 910 if (!multi) break;
1234 } 911 }
1235 912
@@ -1241,7 +918,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1241 ok = 0; 918 ok = 0;
1242 if ((buflen == 8) && 919 if ((buflen == 8) &&
1243 !strncmp(buf, "STRENGTH", 8)) 920 !strncmp(buf, "STRENGTH", 8))
1244 ok = ssl_cipher_strength_sort(head_p, tail_p); 921 ok = ssl_cipher_strength_sort(co_list,
922 head_p, tail_p);
1245 else 923 else
1246 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 924 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1247 SSL_R_INVALID_COMMAND); 925 SSL_R_INVALID_COMMAND);
@@ -1258,9 +936,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
1258 } 936 }
1259 else if (found) 937 else if (found)
1260 { 938 {
1261 ssl_cipher_apply_rule(cipher_id, 939 ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
1262 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, 940 algo_strength, mask_strength, rule, -1,
1263 rule, -1, head_p, tail_p); 941 co_list, head_p, tail_p);
1264 } 942 }
1265 else 943 else
1266 { 944 {
@@ -1279,11 +957,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1279 const char *rule_str) 957 const char *rule_str)
1280 { 958 {
1281 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 959 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1282 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; 960 unsigned long disabled_mask;
961 unsigned long disabled_m256;
1283 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 962 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1284 const char *rule_p; 963 const char *rule_p;
1285 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 964 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1286 const SSL_CIPHER **ca_list = NULL; 965 SSL_CIPHER **ca_list = NULL;
1287 966
1288 /* 967 /*
1289 * Return with error if nothing to do. 968 * Return with error if nothing to do.
@@ -1295,7 +974,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1295 * To reduce the work to do we only want to process the compiled 974 * To reduce the work to do we only want to process the compiled
1296 * in algorithms, so we first get the mask of disabled ciphers. 975 * in algorithms, so we first get the mask of disabled ciphers.
1297 */ 976 */
1298 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); 977 {
978 struct disabled_masks d;
979 d = ssl_cipher_get_disabled();
980 disabled_mask = d.mask;
981 disabled_m256 = d.m256;
982 }
1299 983
1300 /* 984 /*
1301 * Now we have to collect the available ciphers from the compiled 985 * Now we have to collect the available ciphers from the compiled
@@ -1313,52 +997,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1313 return(NULL); /* Failure */ 997 return(NULL); /* Failure */
1314 } 998 }
1315 999
1316 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1000 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
1317 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, 1001 disabled_m256, co_list, &head, &tail);
1318 co_list, &head, &tail);
1319
1320
1321 /* Now arrange all ciphers by preference: */
1322
1323 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1324 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1325 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1326
1327 /* AES is our preferred symmetric cipher */
1328 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1329
1330 /* Temporarily enable everything else for sorting */
1331 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1332
1333 /* Low priority for MD5 */
1334 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1335
1336 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1337 * (For applications that allow them, they aren't too bad, but we prefer
1338 * authenticated ciphers.) */
1339 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1340
1341 /* Move ciphers without forward secrecy to the end */
1342 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1343 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1344 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1345 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1346 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1347
1348 /* RC4 is sort-of broken -- move the the end */
1349 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1350
1351 /* Now sort by symmetric encryption strength. The above ordering remains
1352 * in force within each class */
1353 if (!ssl_cipher_strength_sort(&head, &tail))
1354 {
1355 OPENSSL_free(co_list);
1356 return NULL;
1357 }
1358
1359 /* Now disable everything (maintaining the ordering!) */
1360 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1361
1362 1002
1363 /* 1003 /*
1364 * We also need cipher aliases for selecting based on the rule_str. 1004 * We also need cipher aliases for selecting based on the rule_str.
@@ -1370,7 +1010,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1370 */ 1010 */
1371 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1011 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1372 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1012 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1373 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 1013 ca_list =
1014 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1374 if (ca_list == NULL) 1015 if (ca_list == NULL)
1375 { 1016 {
1376 OPENSSL_free(co_list); 1017 OPENSSL_free(co_list);
@@ -1378,8 +1019,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1378 return(NULL); /* Failure */ 1019 return(NULL); /* Failure */
1379 } 1020 }
1380 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1021 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1381 disabled_mkey, disabled_auth, disabled_enc, 1022 (disabled_mask & disabled_m256), head);
1382 disabled_mac, disabled_ssl, head);
1383 1023
1384 /* 1024 /*
1385 * If the rule_string begins with DEFAULT, apply the default rule 1025 * If the rule_string begins with DEFAULT, apply the default rule
@@ -1390,23 +1030,23 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1390 if (strncmp(rule_str,"DEFAULT",7) == 0) 1030 if (strncmp(rule_str,"DEFAULT",7) == 0)
1391 { 1031 {
1392 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1032 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1393 &head, &tail, ca_list); 1033 co_list, &head, &tail, ca_list);
1394 rule_p += 7; 1034 rule_p += 7;
1395 if (*rule_p == ':') 1035 if (*rule_p == ':')
1396 rule_p++; 1036 rule_p++;
1397 } 1037 }
1398 1038
1399 if (ok && (strlen(rule_p) > 0)) 1039 if (ok && (strlen(rule_p) > 0))
1400 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); 1040 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
1041 ca_list);
1401 1042
1402 OPENSSL_free((void *)ca_list); /* Not needed anymore */ 1043 OPENSSL_free(ca_list); /* Not needed anymore */
1403 1044
1404 if (!ok) 1045 if (!ok)
1405 { /* Rule processing failure */ 1046 { /* Rule processing failure */
1406 OPENSSL_free(co_list); 1047 OPENSSL_free(co_list);
1407 return(NULL); 1048 return(NULL);
1408 } 1049 }
1409
1410 /* 1050 /*
1411 * Allocate new "cipherstack" for the result, return with error 1051 * Allocate new "cipherstack" for the result, return with error
1412 * if we cannot get one. 1052 * if we cannot get one.
@@ -1423,7 +1063,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1423 */ 1063 */
1424 for (curr = head; curr != NULL; curr = curr->next) 1064 for (curr = head; curr != NULL; curr = curr->next)
1425 { 1065 {
1066#ifdef OPENSSL_FIPS
1067 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1068#else
1426 if (curr->active) 1069 if (curr->active)
1070#endif
1427 { 1071 {
1428 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1072 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1429#ifdef CIPHER_DEBUG 1073#ifdef CIPHER_DEBUG
@@ -1447,28 +1091,22 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1447 *cipher_list_by_id = tmp_cipher_list; 1091 *cipher_list_by_id = tmp_cipher_list;
1448 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 1092 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1449 1093
1450 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1451 return(cipherstack); 1094 return(cipherstack);
1452 } 1095 }
1453 1096
1454char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) 1097char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1455 { 1098 {
1456 int is_export,pkl,kl; 1099 int is_export,pkl,kl;
1457 const char *ver,*exp_str; 1100 const char *ver,*exp_str;
1458 const char *kx,*au,*enc,*mac; 1101 const char *kx,*au,*enc,*mac;
1459 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s; 1102 unsigned long alg,alg2,alg_s;
1460#ifdef KSSL_DEBUG 1103#ifdef KSSL_DEBUG
1461 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; 1104 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
1462#else 1105#else
1463 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1106 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1464#endif /* KSSL_DEBUG */ 1107#endif /* KSSL_DEBUG */
1465 1108
1466 alg_mkey = cipher->algorithm_mkey; 1109 alg=cipher->algorithms;
1467 alg_auth = cipher->algorithm_auth;
1468 alg_enc = cipher->algorithm_enc;
1469 alg_mac = cipher->algorithm_mac;
1470 alg_ssl = cipher->algorithm_ssl;
1471
1472 alg_s=cipher->algo_strength; 1110 alg_s=cipher->algo_strength;
1473 alg2=cipher->algorithm2; 1111 alg2=cipher->algorithm2;
1474 1112
@@ -1477,14 +1115,14 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1477 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 1115 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1478 exp_str=is_export?" export":""; 1116 exp_str=is_export?" export":"";
1479 1117
1480 if (alg_ssl & SSL_SSLV2) 1118 if (alg & SSL_SSLV2)
1481 ver="SSLv2"; 1119 ver="SSLv2";
1482 else if (alg_ssl & SSL_SSLV3) 1120 else if (alg & SSL_SSLV3)
1483 ver="SSLv3"; 1121 ver="SSLv3";
1484 else 1122 else
1485 ver="unknown"; 1123 ver="unknown";
1486 1124
1487 switch (alg_mkey) 1125 switch (alg&SSL_MKEY_MASK)
1488 { 1126 {
1489 case SSL_kRSA: 1127 case SSL_kRSA:
1490 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1128 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
@@ -1495,29 +1133,25 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1495 case SSL_kDHd: 1133 case SSL_kDHd:
1496 kx="DH/DSS"; 1134 kx="DH/DSS";
1497 break; 1135 break;
1498 case SSL_kKRB5: 1136 case SSL_kKRB5: /* VRS */
1499 kx="KRB5"; 1137 case SSL_KRB5: /* VRS */
1138 kx="KRB5";
1139 break;
1140 case SSL_kFZA:
1141 kx="Fortezza";
1500 break; 1142 break;
1501 case SSL_kEDH: 1143 case SSL_kEDH:
1502 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1144 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1503 break; 1145 break;
1504 case SSL_kECDHr: 1146 case SSL_kECDH:
1505 kx="ECDH/RSA"; 1147 case SSL_kECDHE:
1506 break; 1148 kx=is_export?"ECDH(<=163)":"ECDH";
1507 case SSL_kECDHe:
1508 kx="ECDH/ECDSA";
1509 break;
1510 case SSL_kEECDH:
1511 kx="ECDH";
1512 break;
1513 case SSL_kPSK:
1514 kx="PSK";
1515 break; 1149 break;
1516 default: 1150 default:
1517 kx="unknown"; 1151 kx="unknown";
1518 } 1152 }
1519 1153
1520 switch (alg_auth) 1154 switch (alg&SSL_AUTH_MASK)
1521 { 1155 {
1522 case SSL_aRSA: 1156 case SSL_aRSA:
1523 au="RSA"; 1157 au="RSA";
@@ -1528,27 +1162,23 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1528 case SSL_aDH: 1162 case SSL_aDH:
1529 au="DH"; 1163 au="DH";
1530 break; 1164 break;
1531 case SSL_aKRB5: 1165 case SSL_aKRB5: /* VRS */
1532 au="KRB5"; 1166 case SSL_KRB5: /* VRS */
1533 break; 1167 au="KRB5";
1534 case SSL_aECDH: 1168 break;
1535 au="ECDH"; 1169 case SSL_aFZA:
1536 break;
1537 case SSL_aNULL: 1170 case SSL_aNULL:
1538 au="None"; 1171 au="None";
1539 break; 1172 break;
1540 case SSL_aECDSA: 1173 case SSL_aECDSA:
1541 au="ECDSA"; 1174 au="ECDSA";
1542 break; 1175 break;
1543 case SSL_aPSK:
1544 au="PSK";
1545 break;
1546 default: 1176 default:
1547 au="unknown"; 1177 au="unknown";
1548 break; 1178 break;
1549 } 1179 }
1550 1180
1551 switch (alg_enc) 1181 switch (alg&SSL_ENC_MASK)
1552 { 1182 {
1553 case SSL_DES: 1183 case SSL_DES:
1554 enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 1184 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
@@ -1566,30 +1196,39 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1566 case SSL_IDEA: 1196 case SSL_IDEA:
1567 enc="IDEA(128)"; 1197 enc="IDEA(128)";
1568 break; 1198 break;
1199 case SSL_eFZA:
1200 enc="Fortezza";
1201 break;
1569 case SSL_eNULL: 1202 case SSL_eNULL:
1570 enc="None"; 1203 enc="None";
1571 break; 1204 break;
1572 case SSL_AES128: 1205 case SSL_AES:
1573 enc="AES(128)"; 1206 switch(cipher->strength_bits)
1574 break; 1207 {
1575 case SSL_AES256: 1208 case 128: enc="AES(128)"; break;
1576 enc="AES(256)"; 1209 case 192: enc="AES(192)"; break;
1577 break; 1210 case 256: enc="AES(256)"; break;
1578 case SSL_CAMELLIA128: 1211 default: enc="AES(?""?""?)"; break;
1579 enc="Camellia(128)"; 1212 }
1580 break; 1213 break;
1581 case SSL_CAMELLIA256: 1214 case SSL_CAMELLIA:
1582 enc="Camellia(256)"; 1215 switch(cipher->strength_bits)
1216 {
1217 case 128: enc="Camellia(128)"; break;
1218 case 256: enc="Camellia(256)"; break;
1219 default: enc="Camellia(?""?""?)"; break;
1220 }
1583 break; 1221 break;
1584 case SSL_SEED: 1222 case SSL_SEED:
1585 enc="SEED(128)"; 1223 enc="SEED(128)";
1586 break; 1224 break;
1225
1587 default: 1226 default:
1588 enc="unknown"; 1227 enc="unknown";
1589 break; 1228 break;
1590 } 1229 }
1591 1230
1592 switch (alg_mac) 1231 switch (alg&SSL_MAC_MASK)
1593 { 1232 {
1594 case SSL_MD5: 1233 case SSL_MD5:
1595 mac="MD5"; 1234 mac="MD5";
@@ -1612,7 +1251,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1612 return("Buffer too small"); 1251 return("Buffer too small");
1613 1252
1614#ifdef KSSL_DEBUG 1253#ifdef KSSL_DEBUG
1615 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); 1254 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
1616#else 1255#else
1617 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 1256 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1618#endif /* KSSL_DEBUG */ 1257#endif /* KSSL_DEBUG */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:36:21 +0000