summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c85
1 files changed, 42 insertions, 43 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 44c503eb04..532fb4e80d 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -73,7 +73,7 @@
73#define SSL_ENC_NUM_IDX 9 73#define SSL_ENC_NUM_IDX 9
74 74
75static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 75static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
76 NULL,NULL,NULL,NULL,NULL,NULL, 76 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
77 }; 77 };
78 78
79static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; 79static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
@@ -251,7 +251,7 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
251 break; 251 break;
252 } 252 }
253 253
254 if ((i < 0) || (i > SSL_ENC_NUM_IDX)) 254 if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
255 *enc=NULL; 255 *enc=NULL;
256 else 256 else
257 { 257 {
@@ -273,7 +273,7 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
273 i= -1; 273 i= -1;
274 break; 274 break;
275 } 275 }
276 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 276 if ((i < 0) || (i >= SSL_MD_NUM_IDX))
277 *md=NULL; 277 *md=NULL;
278 else 278 else
279 *md=ssl_digest_methods[i]; 279 *md=ssl_digest_methods[i];
@@ -340,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
340 } 340 }
341 341
342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 342static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, 343 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 344 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
345 { 345 {
346 int i, co_list_num; 346 int i, list_num;
347 SSL_CIPHER *c; 347 SSL_CIPHER *c;
348 348
349 /* 349 /*
@@ -354,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
354 */ 354 */
355 355
356 /* Get the initial list of ciphers */ 356 /* Get the initial list of ciphers */
357 co_list_num = 0; /* actual count of ciphers */ 357 list_num = 0; /* actual count of ciphers */
358 for (i = 0; i < num_of_ciphers; i++) 358 for (i = 0; i < num_of_ciphers; i++)
359 { 359 {
360 c = ssl_method->get_cipher(i); 360 c = ssl_method->get_cipher(i);
361 /* drop those that use any of that is not available */ 361 /* drop those that use any of that is not available */
362 if ((c != NULL) && c->valid && !(c->algorithms & mask)) 362 if ((c != NULL) && c->valid && !(c->algorithms & mask))
363 { 363 {
364 co_list[co_list_num].cipher = c; 364 list[list_num].cipher = c;
365 co_list[co_list_num].next = NULL; 365 list[list_num].next = NULL;
366 co_list[co_list_num].prev = NULL; 366 list[list_num].prev = NULL;
367 co_list[co_list_num].active = 0; 367 list[list_num].active = 0;
368 co_list_num++; 368 list_num++;
369#ifdef KSSL_DEBUG 369#ifdef KSSL_DEBUG
370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 370 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
371#endif /* KSSL_DEBUG */ 371#endif /* KSSL_DEBUG */
@@ -378,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
378 /* 378 /*
379 * Prepare linked list from list entries 379 * Prepare linked list from list entries
380 */ 380 */
381 for (i = 1; i < co_list_num - 1; i++) 381 for (i = 1; i < list_num - 1; i++)
382 { 382 {
383 co_list[i].prev = &(co_list[i-1]); 383 list[i].prev = &(list[i-1]);
384 co_list[i].next = &(co_list[i+1]); 384 list[i].next = &(list[i+1]);
385 } 385 }
386 if (co_list_num > 0) 386 if (list_num > 0)
387 { 387 {
388 (*head_p) = &(co_list[0]); 388 (*head_p) = &(list[0]);
389 (*head_p)->prev = NULL; 389 (*head_p)->prev = NULL;
390 (*head_p)->next = &(co_list[1]); 390 (*head_p)->next = &(list[1]);
391 (*tail_p) = &(co_list[co_list_num - 1]); 391 (*tail_p) = &(list[list_num - 1]);
392 (*tail_p)->prev = &(co_list[co_list_num - 2]); 392 (*tail_p)->prev = &(list[list_num - 2]);
393 (*tail_p)->next = NULL; 393 (*tail_p)->next = NULL;
394 } 394 }
395 } 395 }
@@ -435,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
435 435
436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, 436static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
437 unsigned long algo_strength, unsigned long mask_strength, 437 unsigned long algo_strength, unsigned long mask_strength,
438 int rule, int strength_bits, CIPHER_ORDER *co_list, 438 int rule, int strength_bits, CIPHER_ORDER *list,
439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 439 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
440 { 440 {
441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 441 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@@ -530,9 +530,8 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
530 *tail_p = tail; 530 *tail_p = tail;
531 } 531 }
532 532
533static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, 533static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
534 CIPHER_ORDER **head_p, 534 CIPHER_ORDER **tail_p)
535 CIPHER_ORDER **tail_p)
536 { 535 {
537 int max_strength_bits, i, *number_uses; 536 int max_strength_bits, i, *number_uses;
538 CIPHER_ORDER *curr; 537 CIPHER_ORDER *curr;
@@ -577,14 +576,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
577 for (i = max_strength_bits; i >= 0; i--) 576 for (i = max_strength_bits; i >= 0; i--)
578 if (number_uses[i] > 0) 577 if (number_uses[i] > 0)
579 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, 578 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
580 co_list, head_p, tail_p); 579 list, head_p, tail_p);
581 580
582 OPENSSL_free(number_uses); 581 OPENSSL_free(number_uses);
583 return(1); 582 return(1);
584 } 583 }
585 584
586static int ssl_cipher_process_rulestr(const char *rule_str, 585static int ssl_cipher_process_rulestr(const char *rule_str,
587 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 586 CIPHER_ORDER *list, CIPHER_ORDER **head_p,
588 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 587 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
589 { 588 {
590 unsigned long algorithms, mask, algo_strength, mask_strength; 589 unsigned long algorithms, mask, algo_strength, mask_strength;
@@ -709,7 +708,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
709 ok = 0; 708 ok = 0;
710 if ((buflen == 8) && 709 if ((buflen == 8) &&
711 !strncmp(buf, "STRENGTH", 8)) 710 !strncmp(buf, "STRENGTH", 8))
712 ok = ssl_cipher_strength_sort(co_list, 711 ok = ssl_cipher_strength_sort(list,
713 head_p, tail_p); 712 head_p, tail_p);
714 else 713 else
715 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 714 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@@ -729,7 +728,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
729 { 728 {
730 ssl_cipher_apply_rule(algorithms, mask, 729 ssl_cipher_apply_rule(algorithms, mask,
731 algo_strength, mask_strength, rule, -1, 730 algo_strength, mask_strength, rule, -1,
732 co_list, head_p, tail_p); 731 list, head_p, tail_p);
733 } 732 }
734 else 733 else
735 { 734 {
@@ -751,7 +750,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
751 unsigned long disabled_mask; 750 unsigned long disabled_mask;
752 STACK_OF(SSL_CIPHER) *cipherstack; 751 STACK_OF(SSL_CIPHER) *cipherstack;
753 const char *rule_p; 752 const char *rule_p;
754 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 753 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
755 SSL_CIPHER **ca_list = NULL; 754 SSL_CIPHER **ca_list = NULL;
756 755
757 /* 756 /*
@@ -781,15 +780,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
781#ifdef KSSL_DEBUG 780#ifdef KSSL_DEBUG
782 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); 781 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
783#endif /* KSSL_DEBUG */ 782#endif /* KSSL_DEBUG */
784 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); 783 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
785 if (co_list == NULL) 784 if (list == NULL)
786 { 785 {
787 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 786 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
788 return(NULL); /* Failure */ 787 return(NULL); /* Failure */
789 } 788 }
790 789
791 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 790 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
792 co_list, &head, &tail); 791 list, &head, &tail);
793 792
794 /* 793 /*
795 * We also need cipher aliases for selecting based on the rule_str. 794 * We also need cipher aliases for selecting based on the rule_str.
@@ -805,7 +804,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
805 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); 804 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
806 if (ca_list == NULL) 805 if (ca_list == NULL)
807 { 806 {
808 OPENSSL_free(co_list); 807 OPENSSL_free(list);
809 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); 808 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
810 return(NULL); /* Failure */ 809 return(NULL); /* Failure */
811 } 810 }
@@ -821,21 +820,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
821 if (strncmp(rule_str,"DEFAULT",7) == 0) 820 if (strncmp(rule_str,"DEFAULT",7) == 0)
822 { 821 {
823 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 822 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
824 co_list, &head, &tail, ca_list); 823 list, &head, &tail, ca_list);
825 rule_p += 7; 824 rule_p += 7;
826 if (*rule_p == ':') 825 if (*rule_p == ':')
827 rule_p++; 826 rule_p++;
828 } 827 }
829 828
830 if (ok && (strlen(rule_p) > 0)) 829 if (ok && (strlen(rule_p) > 0))
831 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, 830 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
832 ca_list); 831 ca_list);
833 832
834 OPENSSL_free(ca_list); /* Not needed anymore */ 833 OPENSSL_free(ca_list); /* Not needed anymore */
835 834
836 if (!ok) 835 if (!ok)
837 { /* Rule processing failure */ 836 { /* Rule processing failure */
838 OPENSSL_free(co_list); 837 OPENSSL_free(list);
839 return(NULL); 838 return(NULL);
840 } 839 }
841 /* 840 /*
@@ -844,7 +843,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
844 */ 843 */
845 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) 844 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
846 { 845 {
847 OPENSSL_free(co_list); 846 OPENSSL_free(list);
848 return(NULL); 847 return(NULL);
849 } 848 }
850 849
@@ -862,7 +861,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
862#endif 861#endif
863 } 862 }
864 } 863 }
865 OPENSSL_free(co_list); /* Not needed any longer */ 864 OPENSSL_free(list); /* Not needed any longer */
866 865
867 /* 866 /*
868 * The following passage is a little bit odd. If pointer variables 867 * The following passage is a little bit odd. If pointer variables
@@ -912,7 +911,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
912char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 911char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
913 { 912 {
914 int is_export,pkl,kl; 913 int is_export,pkl,kl;
915 char *ver,*exp_str; 914 char *ver,*exp;
916 char *kx,*au,*enc,*mac; 915 char *kx,*au,*enc,*mac;
917 unsigned long alg,alg2,alg_s; 916 unsigned long alg,alg2,alg_s;
918#ifdef KSSL_DEBUG 917#ifdef KSSL_DEBUG
@@ -928,7 +927,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
928 is_export=SSL_C_IS_EXPORT(cipher); 927 is_export=SSL_C_IS_EXPORT(cipher);
929 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); 928 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
930 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 929 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
931 exp_str=is_export?" export":""; 930 exp=is_export?" export":"";
932 931
933 if (alg & SSL_SSLV2) 932 if (alg & SSL_SSLV2)
934 ver="SSLv2"; 933 ver="SSLv2";
@@ -1047,9 +1046,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1047 return("Buffer too small"); 1046 return("Buffer too small");
1048 1047
1049#ifdef KSSL_DEBUG 1048#ifdef KSSL_DEBUG
1050 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); 1049 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
1051#else 1050#else
1052 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 1051 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
1053#endif /* KSSL_DEBUG */ 1052#endif /* KSSL_DEBUG */
1054 return(buf); 1053 return(buf);
1055 } 1054 }
@@ -1136,11 +1135,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1136 { 1135 {
1137 MemCheck_on(); 1136 MemCheck_on();
1138 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); 1137 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1139 return(1); 1138 return(0);
1140 } 1139 }
1141 else 1140 else
1142 { 1141 {
1143 MemCheck_on(); 1142 MemCheck_on();
1144 return(0); 1143 return(1);
1145 } 1144 }
1146 } 1145 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 02:49:01 +0000