/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
#include <openssl/comp.h>
#include <openssl/engine.h>
#include <openssl/crypto.h>
-#include "ssl_locl.h"
+#include <openssl/conf.h>
+#include <openssl/trace.h>
+#include "internal/nelem.h"
+#include "ssl_local.h"
#include "internal/thread_once.h"
+#include "internal/cryptlib.h"
#define SSL_ENC_DES_IDX 0
#define SSL_ENC_3DES_IDX 1
#define SSL_ENC_AES256CCM8_IDX 17
#define SSL_ENC_GOST8912_IDX 18
#define SSL_ENC_CHACHA_IDX 19
-#define SSL_ENC_NUM_IDX 20
+#define SSL_ENC_ARIA128GCM_IDX 20
+#define SSL_ENC_ARIA256GCM_IDX 21
+#define SSL_ENC_NUM_IDX 22
/* NB: make sure indices in these tables match values above */
{SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
{SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
{SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
- {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */
- {SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
+ {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */
+ {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
+ {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
+ {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
};
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
/*
* Constant SSL_MAX_DIGEST equal to size of digests array should be defined
- * in the ssl_locl.h
+ * in the ssl_local.h
*/
#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
/* GOST2012_512 */
EVP_PKEY_HMAC,
+ /* MD5/SHA1, SHA224, SHA512 */
+ NID_undef, NID_undef, NID_undef
};
static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
+ {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
+ {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
+ {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM},
+ {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM},
+
/* MAC aliases */
{0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
{0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
#endif
#ifdef OPENSSL_NO_EC
- disabled_mkey_mask |= SSL_kECDHEPSK;
+ disabled_mkey_mask |= SSL_kECDHE | SSL_kECDHEPSK;
disabled_auth_mask |= SSL_aECDSA;
#endif
#ifdef OPENSSL_NO_PSK
SSL_COMP *comp = NULL;
COMP_METHOD *method = COMP_zlib();
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
sk_SSL_COMP_sort(ssl_comp_methods);
}
}
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
return 1;
}
ctmp.id = s->compress_meth;
if (ssl_comp_methods != NULL) {
i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
- if (i >= 0)
- *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
- else
- *comp = NULL;
+ *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
}
/* If were only interested in comp then return success */
if ((enc == NULL) && (md == NULL))
const SSL_CIPHER *cp;
int reverse = 0;
-#ifdef CIPHER_DEBUG
- fprintf(stderr,
- "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
- rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
- algo_strength, strength_bits);
-#endif
+ OSSL_TRACE_BEGIN(TLS_CIPHER){
+ BIO_printf(trc_out,
+ "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+ rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
+ algo_strength, strength_bits);
+ }
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
reverse = 1; /* needed to maintain sorting between currently
if (strength_bits != cp->strength_bits)
continue;
} else {
-#ifdef CIPHER_DEBUG
- fprintf(stderr,
- "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
- cp->name, cp->algorithm_mkey, cp->algorithm_auth,
- cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
- cp->algo_strength);
-#endif
+ if (trc_out != NULL) {
+ BIO_printf(trc_out,
+ "\nName: %s:"
+ "\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
+ cp->name, cp->algorithm_mkey, cp->algorithm_auth,
+ cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
+ cp->algo_strength);
+ }
if (cipher_id != 0 && (cipher_id != cp->id))
continue;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
}
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "Action = %d\n", rule);
-#endif
+ if (trc_out != NULL)
+ BIO_printf(trc_out, "Action = %d\n", rule);
/* add the cipher if it has not been added yet. */
if (rule == CIPHER_ADD) {
*head_p = head;
*tail_p = tail;
+
+ OSSL_TRACE_END(TLS_CIPHER);
}
static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
((ch >= 'a') && (ch <= 'z')) ||
(ch == '-') || (ch == '.') || (ch == '='))
#else
- while (isalnum(ch) || (ch == '-') || (ch == '.') || (ch == '='))
+ while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
+ || (ch == '='))
#endif
{
ch = *(++l);
}
#endif
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
- **cipher_list, STACK_OF(SSL_CIPHER)
- **cipher_list_by_id,
- const char *rule_str, CERT *c)
+static int ciphersuite_cb(const char *elem, int len, void *arg)
+{
+ STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg;
+ const SSL_CIPHER *cipher;
+ /* Arbitrary sized temp buffer for the cipher name. Should be big enough */
+ char name[80];
+
+ if (len > (int)(sizeof(name) - 1)) {
+ SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+
+ memcpy(name, elem, len);
+ name[len] = '\0';
+
+ cipher = ssl3_get_cipher_by_std_name(name);
+ if (cipher == NULL) {
+ SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+
+ if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
+ SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+{
+ STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
+
+ if (newciphers == NULL)
+ return 0;
+
+ /* Parse the list. We explicitly allow an empty list */
+ if (*str != '\0'
+ && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+ sk_SSL_CIPHER_free(newciphers);
+ return 0;
+ }
+ sk_SSL_CIPHER_free(*currciphers);
+ *currciphers = newciphers;
+
+ return 1;
+}
+
+static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+ STACK_OF(SSL_CIPHER) *cipherstack)
{
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+ STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+
+ if (tmp_cipher_list == NULL) {
+ return 0;
+ }
+
+ sk_SSL_CIPHER_free(*cipher_list_by_id);
+ *cipher_list_by_id = tmp_cipher_list;
+
+ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
+ sk_SSL_CIPHER_sort(*cipher_list_by_id);
+
+ return 1;
+}
+
+static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list,
+ STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites)
+{
+ int i;
+ STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list);
+
+ if (tmp_cipher_list == NULL)
+ return 0;
+
+ /*
+ * Delete any existing TLSv1.3 ciphersuites. These are always first in the
+ * list.
+ */
+ while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0
+ && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls
+ == TLS1_3_VERSION)
+ sk_SSL_CIPHER_delete(tmp_cipher_list, 0);
+
+ /* Insert the new TLSv1.3 ciphersuites */
+ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++)
+ sk_SSL_CIPHER_insert(tmp_cipher_list,
+ sk_SSL_CIPHER_value(tls13_ciphersuites, i), i);
+
+ if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list))
+ return 0;
+
+ sk_SSL_CIPHER_free(*cipher_list);
+ *cipher_list = tmp_cipher_list;
+
+ return 1;
+}
+
+int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
+{
+ int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
+
+ if (ret && ctx->cipher_list != NULL)
+ return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
+ ctx->tls13_ciphersuites);
+
+ return ret;
+}
+
+int SSL_set_ciphersuites(SSL *s, const char *str)
+{
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
+
+ if (s->cipher_list == NULL) {
+ if ((cipher_list = SSL_get_ciphers(s)) != NULL)
+ s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
+ }
+ if (ret && s->cipher_list != NULL)
+ return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
+ s->tls13_ciphersuites);
+
+ return ret;
+}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+ STACK_OF(SSL_CIPHER) **cipher_list,
+ STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+ const char *rule_str,
+ CERT *c)
+{
+ int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+ STACK_OF(SSL_CIPHER) *cipherstack;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
- /*
- * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
- * &head, &tail);
- */
ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
ok = 1;
rule_p = rule_str;
if (strncmp(rule_str, "DEFAULT", 7) == 0) {
- ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+ ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),
&head, &tail, ca_list, c);
rule_p += 7;
if (*rule_p == ':')
rule_p++;
}
- if (ok && (strlen(rule_p) > 0))
+ if (ok && (rule_p[0] != '\0'))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
OPENSSL_free(ca_list); /* Not needed anymore */
return NULL;
}
+ /* Add TLSv1.3 ciphers first - we always prefer those if possible */
+ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
+ if (!sk_SSL_CIPHER_push(cipherstack,
+ sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+ sk_SSL_CIPHER_free(cipherstack);
+ return NULL;
+ }
+ }
+
+ OSSL_TRACE_BEGIN(TLS_CIPHER) {
+ BIO_printf(trc_out, "cipher selection:\n");
+ }
/*
* The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
+ OSSL_TRACE_CANCEL(TLS_CIPHER);
return NULL;
}
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "<%s>\n", curr->cipher->name);
-#endif
+ if (trc_out != NULL)
+ BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
}
}
OPENSSL_free(co_list); /* Not needed any longer */
+ OSSL_TRACE_END(TLS_CIPHER);
- tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
- if (tmp_cipher_list == NULL) {
+ if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
sk_SSL_CIPHER_free(*cipher_list);
*cipher_list = cipherstack;
- if (*cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(*cipher_list_by_id);
- *cipher_list_by_id = tmp_cipher_list;
- (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
- sk_SSL_CIPHER_sort(*cipher_list_by_id);
return cipherstack;
}
const char *ver;
const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
- static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+ static const char *format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-9s Mac=%-4s\n";
if (buf == NULL) {
len = 128;
- buf = OPENSSL_malloc(len);
- if (buf == NULL)
+ if ((buf = OPENSSL_malloc(len)) == NULL) {
+ SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
} else if (len < 128) {
return NULL;
}
case SSL_CAMELLIA256:
enc = "Camellia(256)";
break;
+ case SSL_ARIA128GCM:
+ enc = "ARIAGCM(128)";
+ break;
+ case SSL_ARIA256GCM:
+ enc = "ARIAGCM(256)";
+ break;
case SSL_SEED:
enc = "SEED(128)";
break;
return c->id;
}
+uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c)
+{
+ return c->id & 0xFFFF;
+}
+
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
{
SSL_COMP *ctmp;
int i, nn;
if ((n == 0) || (sk == NULL))
- return (NULL);
+ return NULL;
nn = sk_SSL_COMP_num(sk);
for (i = 0; i < nn; i++) {
ctmp = sk_SSL_COMP_value(sk, i);
return 1;
}
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
comp = OPENSSL_malloc(sizeof(*comp));
if (comp == NULL) {
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
return 1;
}
load_builtin_compressions();
if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
OPENSSL_free(comp);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_DUPLICATE_COMPRESSION_ID);
return 1;
}
if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
return 1;
}
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
return 0;
}
#endif
/* Some hard-coded numbers for the CCM/Poly1305 MAC overhead
* because there are no handy #defines for those. */
- if (c->algorithm_enc & SSL_AESGCM) {
+ if (c->algorithm_enc & (SSL_AESGCM | SSL_ARIAGCM)) {
out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
} else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) {
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
return 1;
return 0;
}
+
+/*
+ * Default list of TLSv1.2 (and earlier) ciphers
+ * SSL_DEFAULT_CIPHER_LIST deprecated in 3.0.0
+ * Update both macro and function simultaneously
+ */
+const char *OSSL_default_cipher_list(void)
+{
+ return "ALL:!COMPLEMENTOFDEFAULT:!eNULL";
+}
+
+/*
+ * Default list of TLSv1.3 (and later) ciphers
+ * TLS_DEFAULT_CIPHERSUITES deprecated in 3.0.0
+ * Update both macro and function simultaneously
+ */
+const char *OSSL_default_ciphersuites(void)
+{
+ return "TLS_AES_256_GCM_SHA384:"
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ "TLS_CHACHA20_POLY1305_SHA256:"
+#endif
+ "TLS_AES_128_GCM_SHA256";
+}
projects / openssl.git / blobdiff