summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c379
1 files changed, 307 insertions, 72 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index f622180c69..71b645da14 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -55,11 +55,67 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
59#include <stdio.h> 116#include <stdio.h>
60#include <openssl/objects.h> 117#include <openssl/objects.h>
61#include <openssl/comp.h> 118#include <openssl/comp.h>
62#include <openssl/fips.h>
63#include "ssl_locl.h" 119#include "ssl_locl.h"
64 120
65#define SSL_ENC_DES_IDX 0 121#define SSL_ENC_DES_IDX 0
@@ -71,12 +127,20 @@
71#define SSL_ENC_NULL_IDX 6 127#define SSL_ENC_NULL_IDX 6
72#define SSL_ENC_AES128_IDX 7 128#define SSL_ENC_AES128_IDX 7
73#define SSL_ENC_AES256_IDX 8 129#define SSL_ENC_AES256_IDX 8
74#define SSL_ENC_NUM_IDX 9 130#define SSL_ENC_CAMELLIA128_IDX 9
131#define SSL_ENC_CAMELLIA256_IDX 10
132#define SSL_ENC_SEED_IDX 11
133#define SSL_ENC_NUM_IDX 12
134
75 135
76static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 136static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
77 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL 137 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
78 }; 138 };
79 139
140#define SSL_COMP_NULL_IDX 0
141#define SSL_COMP_ZLIB_IDX 1
142#define SSL_COMP_NUM_IDX 2
143
80static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 144static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
81 145
82#define SSL_MD_MD5_IDX 0 146#define SSL_MD_MD5_IDX 0
@@ -102,18 +166,20 @@ typedef struct cipher_order_st
102 166
103static const SSL_CIPHER cipher_aliases[]={ 167static const SSL_CIPHER cipher_aliases[]={
104 /* Don't include eNULL unless specifically enabled. */ 168 /* Don't include eNULL unless specifically enabled. */
105 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ 169 /* Don't include ECC in ALL because these ciphers are not yet official. */
106 {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ 170 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
171 /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
172 {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
107 {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, 173 {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
108 {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ 174 {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
109 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, 175 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
110 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, 176 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
111 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, 177 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
112 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, 178 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
113 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, 179 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
114 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, 180 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
181 {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
115 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, 182 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
116
117 {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ 183 {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
118 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, 184 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
119 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, 185 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
@@ -129,9 +195,11 @@ static const SSL_CIPHER cipher_aliases[]={
129#ifndef OPENSSL_NO_IDEA 195#ifndef OPENSSL_NO_IDEA
130 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 196 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
131#endif 197#endif
198 {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0},
132 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 199 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
133 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 200 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
134 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 201 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
202 {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
135 203
136 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, 204 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
137 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, 205 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
@@ -154,12 +222,9 @@ static const SSL_CIPHER cipher_aliases[]={
154 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 222 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
155 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 223 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
156 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 224 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
157 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
158 }; 225 };
159 226
160static int init_ciphers=1; 227void ssl_load_ciphers(void)
161
162static void load_ciphers(void)
163 { 228 {
164 ssl_cipher_methods[SSL_ENC_DES_IDX]= 229 ssl_cipher_methods[SSL_ENC_DES_IDX]=
165 EVP_get_cipherbyname(SN_des_cbc); 230 EVP_get_cipherbyname(SN_des_cbc);
@@ -179,14 +244,73 @@ static void load_ciphers(void)
179 EVP_get_cipherbyname(SN_aes_128_cbc); 244 EVP_get_cipherbyname(SN_aes_128_cbc);
180 ssl_cipher_methods[SSL_ENC_AES256_IDX]= 245 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
181 EVP_get_cipherbyname(SN_aes_256_cbc); 246 EVP_get_cipherbyname(SN_aes_256_cbc);
247 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
248 EVP_get_cipherbyname(SN_camellia_128_cbc);
249 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
250 EVP_get_cipherbyname(SN_camellia_256_cbc);
251 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
252 EVP_get_cipherbyname(SN_seed_cbc);
182 253
183 ssl_digest_methods[SSL_MD_MD5_IDX]= 254 ssl_digest_methods[SSL_MD_MD5_IDX]=
184 EVP_get_digestbyname(SN_md5); 255 EVP_get_digestbyname(SN_md5);
185 ssl_digest_methods[SSL_MD_SHA1_IDX]= 256 ssl_digest_methods[SSL_MD_SHA1_IDX]=
186 EVP_get_digestbyname(SN_sha1); 257 EVP_get_digestbyname(SN_sha1);
187 init_ciphers=0;
188 } 258 }
189 259
260
261#ifndef OPENSSL_NO_COMP
262
263static int sk_comp_cmp(const SSL_COMP * const *a,
264 const SSL_COMP * const *b)
265 {
266 return((*a)->id-(*b)->id);
267 }
268
269static void load_builtin_compressions(void)
270 {
271 int got_write_lock = 0;
272
273 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
274 if (ssl_comp_methods == NULL)
275 {
276 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
277 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
278 got_write_lock = 1;
279
280 if (ssl_comp_methods == NULL)
281 {
282 SSL_COMP *comp = NULL;
283
284 MemCheck_off();
285 ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
286 if (ssl_comp_methods != NULL)
287 {
288 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
289 if (comp != NULL)
290 {
291 comp->method=COMP_zlib();
292 if (comp->method
293 && comp->method->type == NID_undef)
294 OPENSSL_free(comp);
295 else
296 {
297 comp->id=SSL_COMP_ZLIB_IDX;
298 comp->name=comp->method->name;
299 sk_SSL_COMP_push(ssl_comp_methods,comp);
300 }
301 }
302 }
303 MemCheck_on();
304 }
305 }
306
307 if (got_write_lock)
308 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
309 else
310 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
311 }
312#endif
313
190int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 314int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
191 const EVP_MD **md, SSL_COMP **comp) 315 const EVP_MD **md, SSL_COMP **comp)
192 { 316 {
@@ -198,18 +322,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
198 if (comp != NULL) 322 if (comp != NULL)
199 { 323 {
200 SSL_COMP ctmp; 324 SSL_COMP ctmp;
325#ifndef OPENSSL_NO_COMP
326 load_builtin_compressions();
327#endif
201 328
202 if (s->compress_meth == 0) 329 *comp=NULL;
203 *comp=NULL; 330 ctmp.id=s->compress_meth;
204 else if (ssl_comp_methods == NULL) 331 if (ssl_comp_methods != NULL)
205 { 332 {
206 /* bad */
207 *comp=NULL;
208 }
209 else
210 {
211
212 ctmp.id=s->compress_meth;
213 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); 333 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
214 if (i >= 0) 334 if (i >= 0)
215 *comp=sk_SSL_COMP_value(ssl_comp_methods,i); 335 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
@@ -248,6 +368,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
248 default: i=-1; break; 368 default: i=-1; break;
249 } 369 }
250 break; 370 break;
371 case SSL_CAMELLIA:
372 switch(c->alg_bits)
373 {
374 case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
375 case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
376 default: i=-1; break;
377 }
378 break;
379 case SSL_SEED:
380 i=SSL_ENC_SEED_IDX;
381 break;
382
251 default: 383 default:
252 i= -1; 384 i= -1;
253 break; 385 break;
@@ -305,9 +437,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
305 *tail=curr; 437 *tail=curr;
306 } 438 }
307 439
308static unsigned long ssl_cipher_get_disabled(void) 440struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
441 * where 128-bit and 256-bit algorithms simply will get
442 * separate bits. */
443 unsigned long mask; /* everything except m256 */
444 unsigned long m256; /* applies to 256-bit algorithms only */
445};
446
447static struct disabled_masks ssl_cipher_get_disabled(void)
309 { 448 {
310 unsigned long mask; 449 unsigned long mask;
450 unsigned long m256;
451 struct disabled_masks ret;
311 452
312 mask = SSL_kFZA; 453 mask = SSL_kFZA;
313#ifdef OPENSSL_NO_RSA 454#ifdef OPENSSL_NO_RSA
@@ -322,7 +463,9 @@ static unsigned long ssl_cipher_get_disabled(void)
322#ifdef OPENSSL_NO_KRB5 463#ifdef OPENSSL_NO_KRB5
323 mask |= SSL_kKRB5|SSL_aKRB5; 464 mask |= SSL_kKRB5|SSL_aKRB5;
324#endif 465#endif
325 466#ifdef OPENSSL_NO_ECDH
467 mask |= SSL_kECDH|SSL_kECDHE;
468#endif
326#ifdef SSL_FORBID_ENULL 469#ifdef SSL_FORBID_ENULL
327 mask |= SSL_eNULL; 470 mask |= SSL_eNULL;
328#endif 471#endif
@@ -333,17 +476,27 @@ static unsigned long ssl_cipher_get_disabled(void)
333 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; 476 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
334 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; 477 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
335 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; 478 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
336 mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; 479 mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
337 480
338 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; 481 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
339 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; 482 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
340 483
341 return(mask); 484 /* finally consider algorithms where mask and m256 differ */
485 m256 = mask;
486 mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
487 mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
488 m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
489 m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
490
491 ret.mask = mask;
492 ret.m256 = m256;
493 return ret;
342 } 494 }
343 495
344static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 496static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
345 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, 497 int num_of_ciphers, unsigned long mask, unsigned long m256,
346 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 498 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
499 CIPHER_ORDER **tail_p)
347 { 500 {
348 int i, co_list_num; 501 int i, co_list_num;
349 SSL_CIPHER *c; 502 SSL_CIPHER *c;
@@ -360,13 +513,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
360 for (i = 0; i < num_of_ciphers; i++) 513 for (i = 0; i < num_of_ciphers; i++)
361 { 514 {
362 c = ssl_method->get_cipher(i); 515 c = ssl_method->get_cipher(i);
516#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
363 /* drop those that use any of that is not available */ 517 /* drop those that use any of that is not available */
364#ifdef OPENSSL_FIPS 518 if ((c != NULL) && c->valid && !IS_MASKED(c))
365 if ((c != NULL) && c->valid && !(c->algorithms & mask)
366 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
367#else
368 if ((c != NULL) && c->valid && !(c->algorithms & mask))
369#endif
370 { 519 {
371 co_list[co_list_num].cipher = c; 520 co_list[co_list_num].cipher = c;
372 co_list[co_list_num].next = NULL; 521 co_list[co_list_num].next = NULL;
@@ -440,7 +589,8 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
440 *ca_curr = NULL; /* end of list */ 589 *ca_curr = NULL; /* end of list */
441 } 590 }
442 591
443static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 592static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
593 unsigned long algorithms, unsigned long mask,
444 unsigned long algo_strength, unsigned long mask_strength, 594 unsigned long algo_strength, unsigned long mask_strength,
445 int rule, int strength_bits, CIPHER_ORDER *co_list, 595 int rule, int strength_bits, CIPHER_ORDER *co_list,
446 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 596 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
@@ -466,11 +616,20 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
466 616
467 cp = curr->cipher; 617 cp = curr->cipher;
468 618
619 /* If explicit cipher suite, match only that one for its own protocol version.
620 * Usual selection criteria will be used for similar ciphersuites from other version! */
621
622 if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
623 {
624 if (cp->id != cipher_id)
625 continue;
626 }
627
469 /* 628 /*
470 * Selection criteria is either the number of strength_bits 629 * Selection criteria is either the number of strength_bits
471 * or the algorithm used. 630 * or the algorithm used.
472 */ 631 */
473 if (strength_bits == -1) 632 else if (strength_bits == -1)
474 { 633 {
475 ma = mask & cp->algorithms; 634 ma = mask & cp->algorithms;
476 ma_s = mask_strength & cp->algo_strength; 635 ma_s = mask_strength & cp->algo_strength;
@@ -501,8 +660,22 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
501 { 660 {
502 if (!curr->active) 661 if (!curr->active)
503 { 662 {
504 ll_append_tail(&head, curr, &tail); 663 int add_this_cipher = 1;
505 curr->active = 1; 664
665 if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
666 {
667 /* Make sure "ECCdraft" ciphersuites are activated only if
668 * *explicitly* requested, but not implicitly (such as
669 * as part of the "AES" alias). */
670
671 add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
672 }
673
674 if (add_this_cipher)
675 {
676 ll_append_tail(&head, curr, &tail);
677 curr->active = 1;
678 }
506 } 679 }
507 } 680 }
508 /* Move the added cipher to this location */ 681 /* Move the added cipher to this location */
@@ -583,7 +756,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
583 */ 756 */
584 for (i = max_strength_bits; i >= 0; i--) 757 for (i = max_strength_bits; i >= 0; i--)
585 if (number_uses[i] > 0) 758 if (number_uses[i] > 0)
586 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 759 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
587 co_list, head_p, tail_p); 760 co_list, head_p, tail_p);
588 761
589 OPENSSL_free(number_uses); 762 OPENSSL_free(number_uses);
@@ -597,6 +770,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
597 unsigned long algorithms, mask, algo_strength, mask_strength; 770 unsigned long algorithms, mask, algo_strength, mask_strength;
598 const char *l, *start, *buf; 771 const char *l, *start, *buf;
599 int j, multi, found, rule, retval, ok, buflen; 772 int j, multi, found, rule, retval, ok, buflen;
773 unsigned long cipher_id = 0, ssl_version = 0;
600 char ch; 774 char ch;
601 775
602 retval = 1; 776 retval = 1;
@@ -686,6 +860,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
686 * use strcmp(), because buf is not '\0' terminated.) 860 * use strcmp(), because buf is not '\0' terminated.)
687 */ 861 */
688 j = found = 0; 862 j = found = 0;
863 cipher_id = 0;
864 ssl_version = 0;
689 while (ca_list[j]) 865 while (ca_list[j])
690 { 866 {
691 if (!strncmp(buf, ca_list[j]->name, buflen) && 867 if (!strncmp(buf, ca_list[j]->name, buflen) &&
@@ -714,6 +890,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
714 (algo_strength & ca_list[j]->algo_strength); 890 (algo_strength & ca_list[j]->algo_strength);
715 mask_strength |= ca_list[j]->mask_strength; 891 mask_strength |= ca_list[j]->mask_strength;
716 892
893 /* explicit ciphersuite found */
894 if (ca_list[j]->valid)
895 {
896 cipher_id = ca_list[j]->id;
897 ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
898 break;
899 }
900
717 if (!multi) break; 901 if (!multi) break;
718 } 902 }
719 903
@@ -738,18 +922,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
738 * rest of the command, if any left, until 922 * rest of the command, if any left, until
739 * end or ':' is found. 923 * end or ':' is found.
740 */ 924 */
741 while ((*l != '\0') && ITEM_SEP(*l)) 925 while ((*l != '\0') && !ITEM_SEP(*l))
742 l++; 926 l++;
743 } 927 }
744 else if (found) 928 else if (found)
745 { 929 {
746 ssl_cipher_apply_rule(algorithms, mask, 930 ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
747 algo_strength, mask_strength, rule, -1, 931 algo_strength, mask_strength, rule, -1,
748 co_list, head_p, tail_p); 932 co_list, head_p, tail_p);
749 } 933 }
750 else 934 else
751 { 935 {
752 while ((*l != '\0') && ITEM_SEP(*l)) 936 while ((*l != '\0') && !ITEM_SEP(*l))
753 l++; 937 l++;
754 } 938 }
755 if (*l == '\0') break; /* done */ 939 if (*l == '\0') break; /* done */
@@ -765,6 +949,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
765 { 949 {
766 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 950 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
767 unsigned long disabled_mask; 951 unsigned long disabled_mask;
952 unsigned long disabled_m256;
768 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 953 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
769 const char *rule_p; 954 const char *rule_p;
770 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 955 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@@ -776,18 +961,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
776 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) 961 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
777 return NULL; 962 return NULL;
778 963
779 if (init_ciphers)
780 {
781 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
782 if (init_ciphers) load_ciphers();
783 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
784 }
785
786 /* 964 /*
787 * To reduce the work to do we only want to process the compiled 965 * To reduce the work to do we only want to process the compiled
788 * in algorithms, so we first get the mask of disabled ciphers. 966 * in algorithms, so we first get the mask of disabled ciphers.
789 */ 967 */
790 disabled_mask = ssl_cipher_get_disabled(); 968 {
969 struct disabled_masks d;
970 d = ssl_cipher_get_disabled();
971 disabled_mask = d.mask;
972 disabled_m256 = d.m256;
973 }
791 974
792 /* 975 /*
793 * Now we have to collect the available ciphers from the compiled 976 * Now we have to collect the available ciphers from the compiled
@@ -806,7 +989,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
806 } 989 }
807 990
808 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 991 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
809 co_list, &head, &tail); 992 disabled_m256, co_list, &head, &tail);
810 993
811 /* 994 /*
812 * We also need cipher aliases for selecting based on the rule_str. 995 * We also need cipher aliases for selecting based on the rule_str.
@@ -826,8 +1009,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
826 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 1009 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
827 return(NULL); /* Failure */ 1010 return(NULL); /* Failure */
828 } 1011 }
829 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, 1012 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
830 head); 1013 (disabled_mask & disabled_m256), head);
831 1014
832 /* 1015 /*
833 * If the rule_string begins with DEFAULT, apply the default rule 1016 * If the rule_string begins with DEFAULT, apply the default rule
@@ -871,11 +1054,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
871 */ 1054 */
872 for (curr = head; curr != NULL; curr = curr->next) 1055 for (curr = head; curr != NULL; curr = curr->next)
873 { 1056 {
874#ifdef OPENSSL_FIPS
875 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
876#else
877 if (curr->active) 1057 if (curr->active)
878#endif
879 { 1058 {
880 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1059 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
881#ifdef CIPHER_DEBUG 1060#ifdef CIPHER_DEBUG
@@ -897,7 +1076,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
897 if (*cipher_list_by_id != NULL) 1076 if (*cipher_list_by_id != NULL)
898 sk_SSL_CIPHER_free(*cipher_list_by_id); 1077 sk_SSL_CIPHER_free(*cipher_list_by_id);
899 *cipher_list_by_id = tmp_cipher_list; 1078 *cipher_list_by_id = tmp_cipher_list;
900 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 1079 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
901 1080
902 return(cipherstack); 1081 return(cipherstack);
903 } 1082 }
@@ -905,13 +1084,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
905char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 1084char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
906 { 1085 {
907 int is_export,pkl,kl; 1086 int is_export,pkl,kl;
908 char *ver,*exp_str; 1087 const char *ver,*exp_str;
909 char *kx,*au,*enc,*mac; 1088 const char *kx,*au,*enc,*mac;
910 unsigned long alg,alg2,alg_s; 1089 unsigned long alg,alg2,alg_s;
911#ifdef KSSL_DEBUG 1090#ifdef KSSL_DEBUG
912 static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; 1091 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
913#else 1092#else
914 static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1093 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
915#endif /* KSSL_DEBUG */ 1094#endif /* KSSL_DEBUG */
916 1095
917 alg=cipher->algorithms; 1096 alg=cipher->algorithms;
@@ -922,7 +1101,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
922 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 1101 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
923 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 1102 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
924 exp_str=is_export?" export":""; 1103 exp_str=is_export?" export":"";
925 1104
926 if (alg & SSL_SSLV2) 1105 if (alg & SSL_SSLV2)
927 ver="SSLv2"; 1106 ver="SSLv2";
928 else if (alg & SSL_SSLV3) 1107 else if (alg & SSL_SSLV3)
@@ -951,6 +1130,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
951 case SSL_kEDH: 1130 case SSL_kEDH:
952 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1131 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
953 break; 1132 break;
1133 case SSL_kECDH:
1134 case SSL_kECDHE:
1135 kx=is_export?"ECDH(<=163)":"ECDH";
1136 break;
954 default: 1137 default:
955 kx="unknown"; 1138 kx="unknown";
956 } 1139 }
@@ -974,6 +1157,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
974 case SSL_aNULL: 1157 case SSL_aNULL:
975 au="None"; 1158 au="None";
976 break; 1159 break;
1160 case SSL_aECDSA:
1161 au="ECDSA";
1162 break;
977 default: 1163 default:
978 au="unknown"; 1164 au="unknown";
979 break; 1165 break;
@@ -1012,6 +1198,18 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1012 default: enc="AES(?""?""?)"; break; 1198 default: enc="AES(?""?""?)"; break;
1013 } 1199 }
1014 break; 1200 break;
1201 case SSL_CAMELLIA:
1202 switch(cipher->strength_bits)
1203 {
1204 case 128: enc="Camellia(128)"; break;
1205 case 256: enc="Camellia(256)"; break;
1206 default: enc="Camellia(?""?""?)"; break;
1207 }
1208 break;
1209 case SSL_SEED:
1210 enc="SEED(128)";
1211 break;
1212
1015 default: 1213 default:
1016 enc="unknown"; 1214 enc="unknown";
1017 break; 1215 break;
@@ -1098,35 +1296,63 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1098 return(NULL); 1296 return(NULL);
1099 } 1297 }
1100 1298
1101static int sk_comp_cmp(const SSL_COMP * const *a, 1299#ifdef OPENSSL_NO_COMP
1102 const SSL_COMP * const *b) 1300void *SSL_COMP_get_compression_methods(void)
1103 { 1301 {
1104 return((*a)->id-(*b)->id); 1302 return NULL;
1303 }
1304int SSL_COMP_add_compression_method(int id, void *cm)
1305 {
1306 return 1;
1105 } 1307 }
1106 1308
1309const char *SSL_COMP_get_name(const void *comp)
1310 {
1311 return NULL;
1312 }
1313#else
1107STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) 1314STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1108 { 1315 {
1316 load_builtin_compressions();
1109 return(ssl_comp_methods); 1317 return(ssl_comp_methods);
1110 } 1318 }
1111 1319
1112int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 1320int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1113 { 1321 {
1114 SSL_COMP *comp; 1322 SSL_COMP *comp;
1115 STACK_OF(SSL_COMP) *sk;
1116 1323
1117 if (cm == NULL || cm->type == NID_undef) 1324 if (cm == NULL || cm->type == NID_undef)
1118 return 1; 1325 return 1;
1119 1326
1327 /* According to draft-ietf-tls-compression-04.txt, the
1328 compression number ranges should be the following:
1329
1330 0 to 63: methods defined by the IETF
1331 64 to 192: external party methods assigned by IANA
1332 193 to 255: reserved for private use */
1333 if (id < 193 || id > 255)
1334 {
1335 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1336 return 0;
1337 }
1338
1120 MemCheck_off(); 1339 MemCheck_off();
1121 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); 1340 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1122 comp->id=id; 1341 comp->id=id;
1123 comp->method=cm; 1342 comp->method=cm;
1124 if (ssl_comp_methods == NULL) 1343 load_builtin_compressions();
1125 sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); 1344 if (ssl_comp_methods
1126 else 1345 && !sk_SSL_COMP_find(ssl_comp_methods,comp))
1127 sk=ssl_comp_methods;
1128 if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
1129 { 1346 {
1347 OPENSSL_free(comp);
1348 MemCheck_on();
1349 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1350 return(1);
1351 }
1352 else if ((ssl_comp_methods == NULL)
1353 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1354 {
1355 OPENSSL_free(comp);
1130 MemCheck_on(); 1356 MemCheck_on();
1131 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1357 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1132 return(1); 1358 return(1);
@@ -1137,3 +1363,12 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1137 return(0); 1363 return(0);
1138 } 1364 }
1139 } 1365 }
1366
1367const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1368 {
1369 if (comp)
1370 return comp->name;
1371 return NULL;
1372 }
1373
1374#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:38:01 +0000