/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
#include <stdio.h>
#include <ctype.h>
#include <openssl/objects.h>
static uint32_t disabled_mkey_mask;
static uint32_t disabled_auth_mask;
-void ssl_load_ciphers(void)
+int ssl_load_ciphers(void)
{
size_t i;
const ssl_cipher_table *t;
disabled_enc_mask |= t->mask;
}
}
-#ifdef SSL_FORBID_ENULL
- disabled_enc_mask |= SSL_eNULL;
-#endif
disabled_mac_mask = 0;
for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
const EVP_MD *md = EVP_get_digestbynid(t->nid);
disabled_mac_mask |= t->mask;
} else {
int tmpsize = EVP_MD_size(md);
- OPENSSL_assert(tmpsize >= 0);
+ if (!ossl_assert(tmpsize >= 0))
+ return 0;
ssl_mac_secret_size[i] = tmpsize;
}
}
/* Make sure we can access MD5 and SHA1 */
- OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
- OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
+ if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
+ return 0;
+ if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL))
+ return 0;
disabled_mkey_mask = 0;
disabled_auth_mask = 0;
if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
(SSL_aGOST01 | SSL_aGOST12))
disabled_mkey_mask |= SSL_kGOST;
+
+ return 1;
}
#ifndef OPENSSL_NO_COMP
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
- /*
- * if (!sk_push(ca_list,(char *)c)) goto err;
- */
}
/*
#endif
}
-/* For a cipher return the index corresponding to the certificate type */
-int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
-{
- uint32_t alg_a;
-
- alg_a = c->algorithm_auth;
-
- if (alg_a & SSL_aECDSA)
- return SSL_PKEY_ECC;
- else if (alg_a & SSL_aDSS)
- return SSL_PKEY_DSA_SIGN;
- else if (alg_a & SSL_aRSA)
- return SSL_PKEY_RSA;
- else if (alg_a & SSL_aGOST12)
- return SSL_PKEY_GOST_EC;
- else if (alg_a & SSL_aGOST01)
- return SSL_PKEY_GOST01;
-
- return -1;
-}
-
const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
int all)
{
return ssl_cipher_table_auth[i].nid;
}
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
+{
+ int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
+
+ if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+ return NULL;
+ return ssl_digest_methods[idx];
+}
+
int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
{
return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
return 1;
}
+
+int ssl_cert_is_disabled(size_t idx)
+{
+ const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+ if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+ return 1;
+ return 0;
+}
projects / openssl.git / blobdiff