From 018e57c74d9dc6b5676aead4be11cd28a8617ea4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 22 Jan 2000 03:17:06 +0000 Subject: [PATCH] Apply Lutz Behnke's 56 bit cipher patch with a few minor changes. Docs haven't been added at this stage. They are probably best included in the 'ciphers' program docs. --- CHANGES | 9 + apps/ciphers.c | 8 +- ssl/s2_lib.c | 57 +++- ssl/s3_clnt.c | 6 +- ssl/s3_lib.c | 236 +++++++++++--- ssl/s3_srvr.c | 4 +- ssl/ssl.h | 18 +- ssl/ssl_ciph.c | 830 +++++++++++++++++++++++++++++++------------------ ssl/ssl_err.c | 3 + ssl/ssl_lib.c | 6 +- ssl/ssl_locl.h | 106 +++++-- ssl/tls1.h | 2 +- 12 files changed, 894 insertions(+), 391 deletions(-) diff --git a/CHANGES b/CHANGES index cb4ec5b3e8..ab44b8c28e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,15 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Apply Lutz Behnke's 56bit cipher patch. This should fix the problems with cipher + ordering and the new EXPORT1024 ciphers. Only two minor changes have been + made, the error reason codes have been altered and the @STRENGTH sorting + behaviour changed so eNULL ciphers are also sorted (if present). + + One other addition: the "ciphers" program didn't check the return code + of SSL_CTX_set_cipher_list(). + [Lutz Behnke , minor changes by Steve Henson] + *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1 for the first serial number and places 2 in the serial number file. This avoids problems when the root CA is created with serial number zero and diff --git a/apps/ciphers.c b/apps/ciphers.c index 3c76782b7e..f473f4c3dc 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -145,8 +145,12 @@ int MAIN(int argc, char **argv) ctx=SSL_CTX_new(meth); if (ctx == NULL) goto err; - if (ciphers != NULL) - SSL_CTX_set_cipher_list(ctx,ciphers); + if (ciphers != NULL) { + if(!SSL_CTX_set_cipher_list(ctx,ciphers)) { + BIO_printf(bio_err, "Error in cipher list\n"); + goto err; + } + } ssl=SSL_new(ctx); if (ssl == NULL) goto err; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index e727b14406..8954bc3662 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -75,9 +75,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ 1, SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2, + SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, + SSL_EXPORT|SSL_EXP40, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, #endif /* RC4_128_EXPORT40_WITH_MD5 */ @@ -85,63 +88,91 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ 1, SSL2_TXT_RC4_128_EXPORT40_WITH_MD5, SSL2_CK_RC4_128_EXPORT40_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, + SSL_EXPORT|SSL_EXP40, SSL2_CF_5_BYTE_ENC, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* RC4_128_WITH_MD5 */ { 1, SSL2_TXT_RC4_128_WITH_MD5, SSL2_CK_RC4_128_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* RC2_128_CBC_EXPORT40_WITH_MD5 */ { 1, SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5, SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, + SSL_EXPORT|SSL_EXP40, SSL2_CF_5_BYTE_ENC, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* RC2_128_CBC_WITH_MD5 */ { 1, SSL2_TXT_RC2_128_CBC_WITH_MD5, SSL2_CK_RC2_128_CBC_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* IDEA_128_CBC_WITH_MD5 */ { 1, SSL2_TXT_IDEA_128_CBC_WITH_MD5, SSL2_CK_IDEA_128_CBC_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* DES_64_CBC_WITH_MD5 */ { 1, SSL2_TXT_DES_64_CBC_WITH_MD5, SSL2_CK_DES_64_CBC_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* DES_192_EDE3_CBC_WITH_MD5 */ { 1, SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, SSL2_CK_DES_192_EDE3_CBC_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH, + SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ #if 1 @@ -149,9 +180,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ 1, SSL2_TXT_RC4_64_WITH_MD5, SSL2_CK_RC4_64_WITH_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2, + SSL_NOT_EXP|SSL_LOW, SSL2_CF_8_BYTE_ENC, + 64, + 64, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, #endif /* NULL SSLeay (testing) */ @@ -161,7 +196,11 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + 0, + 0, + 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, #endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index cec0e3b35a..22e35c23fe 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1688,13 +1688,13 @@ static int ssl3_check_cert_and_algorithm(SSL *s) #endif #endif - if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP)) + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) { #ifndef NO_RSA if (algs & SSL_kRSA) { if (rsa == NULL - || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs)) + || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -1706,7 +1706,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s) if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) { if (dh == NULL - || DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs)) + || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 53e83d7757..8bcbe50f80 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -75,18 +75,26 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 02 */ { 1, SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* anon DH */ @@ -95,45 +103,65 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_ADH_RC4_40_MD5, SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 18 */ { 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_NOT_EXP, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 19 */ { 1, SSL3_TXT_ADH_DES_40_CBC_SHA, SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1A */ { 1, SSL3_TXT_ADH_DES_64_CBC_SHA, SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1B */ { 1, SSL3_TXT_ADH_DES_192_CBC_SHA, SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* RSA again */ @@ -142,72 +170,104 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_RSA_RC4_40_MD5, SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 04 */ { 1, SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 05 */ { 1, SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 06 */ { 1, SSL3_TXT_RSA_RC2_40_MD5, SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP40|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 07 */ { 1, SSL3_TXT_RSA_IDEA_128_SHA, SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, + SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_MEDIUM, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 08 */ { 1, SSL3_TXT_RSA_DES_40_CBC_SHA, SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 09 */ { 1, SSL3_TXT_RSA_DES_64_CBC_SHA, SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0A */ { 1, SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* The DH ciphers */ @@ -216,54 +276,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0C */ { 0, SSL3_TXT_DH_DSS_DES_64_CBC_SHA, SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0D */ { 0, SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0E */ { 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 0F */ { 0, SSL3_TXT_DH_RSA_DES_64_CBC_SHA, SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 10 */ { 0, SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* The Ephemeral DH ciphers */ @@ -272,54 +356,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 12 */ { 1, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 13 */ { 1, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 14 */ { 1, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3, + SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, + SSL_EXPORT|SSL_EXP40, 0, + 40, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 15 */ { 1, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, + SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_LOW, 0, + 56, + 56, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 16 */ { 1, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, + SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP|SSL_HIGH, 0, + 168, + 168, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Fortezza */ @@ -328,9 +436,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, - SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1D */ @@ -338,9 +450,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, - SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, + 0, + 0, 0, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 1E */ @@ -348,9 +464,13 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 0, SSL3_TXT_FZA_DMS_RC4_SHA, SSL3_CK_FZA_DMS_RC4_SHA, - SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, + SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, + SSL_NOT_EXP, 0, + 128, + 128, SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES @@ -360,54 +480,78 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 61 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 62 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 63 */ { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 56, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 64 */ { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 65 */ { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_EXP56|SSL_TLSV1, + SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_EXPORT|SSL_EXP56, 0, - SSL_ALL_CIPHERS + 56, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, }, /* Cipher 66 */ { @@ -415,8 +559,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP, 0, - SSL_ALL_CIPHERS + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS }, #endif @@ -897,7 +1045,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *have, emask=cert->export_mask; alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); - if (SSL_IS_EXPORT(c->algorithms)) + if (SSL_C_IS_EXPORT(c)) { ok=((alg & emask) == alg)?1:0; #ifdef CIPHER_DEBUG diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index fd20f8004a..d6158dbc65 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -270,8 +270,8 @@ int ssl3_accept(SSL *s) || (l & (SSL_DH|SSL_kFZA)) || ((l & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_IS_EXPORT(l) - && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) + && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) ) ) ) diff --git a/ssl/ssl.h b/ssl/ssl.h index 11796af105..5f99b3313e 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -123,8 +123,9 @@ extern "C" { #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" -#define SSL_TXT_EXP40 "EXP" +#define SSL_TXT_EXP "EXP" #define SSL_TXT_EXPORT "EXPORT" +#define SSL_TXT_EXP40 "EXPORT40" #define SSL_TXT_EXP56 "EXPORT56" #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" @@ -134,10 +135,10 @@ extern "C" { /* 'DEFAULT' at the start of the cipher list insert the following string * in addition to this being the default cipher string */ #ifndef NO_RSA -#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" #else #define SSL_ALLOW_ADH -#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP" +#define SSL_DEFAULT_CIPHER_LIST "ALL:ADH+3DES:ADH+RC4:ADH+DES:@STRENGTH" #endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ @@ -170,8 +171,12 @@ typedef struct ssl_cipher_st const char *name; /* text name */ unsigned long id; /* id, 4 bytes, first is version */ unsigned long algorithms; /* what ciphers are used */ + unsigned long algo_strength; /* strength and export flags */ unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ unsigned long mask; /* used for matching */ + unsigned long mask_strength; /* also used for matching */ } SSL_CIPHER; DECLARE_STACK_OF(SSL_CIPHER) @@ -890,7 +895,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio); #endif -int SSL_CTX_set_cipher_list(SSL_CTX *,char *str); +int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); @@ -922,7 +927,7 @@ void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); BIO * SSL_get_rbio(SSL *s); BIO * SSL_get_wbio(SSL *s); #endif -int SSL_set_cipher_list(SSL *s, char *str); +int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); int SSL_get_verify_mode(SSL *s); int SSL_get_verify_depth(SSL *s); @@ -1248,6 +1253,8 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL_CERT_INSTANTIATE 214 #define SSL_F_SSL_CERT_NEW 162 #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 #define SSL_F_SSL_CLEAR 164 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 #define SSL_F_SSL_CREATE_CIPHER_LIST 166 @@ -1370,6 +1377,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_HTTP_REQUEST 156 #define SSL_R_INTERNAL_ERROR 157 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 +#define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 #define SSL_R_LENGTH_MISMATCH 159 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 4c2989c47a..c86f41e0cc 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -83,24 +83,11 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ NULL,NULL, }; -typedef struct cipher_sort_st - { - SSL_CIPHER *cipher; - int pref; - } CIPHER_SORT; - #define CIPHER_ADD 1 #define CIPHER_KILL 2 #define CIPHER_DEL 3 #define CIPHER_ORD 4 - -typedef struct cipher_choice_st - { - int type; - unsigned long algorithms; - unsigned long mask; - long top; - } CIPHER_CHOICE; +#define CIPHER_SPECIAL 5 typedef struct cipher_order_st { @@ -110,59 +97,55 @@ typedef struct cipher_order_st struct cipher_order_st *next,*prev; } CIPHER_ORDER; -static SSL_CIPHER cipher_aliases[]={ +static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled */ - {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */ - {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK}, - {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK}, - {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK}, - {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,SSL_MKEY_MASK}, - {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,SSL_MKEY_MASK}, - {0,SSL_TXT_DH, 0,SSL_DH, 0,SSL_MKEY_MASK}, - {0,SSL_TXT_EDH, 0,SSL_EDH, 0,SSL_MKEY_MASK|SSL_AUTH_MASK}, - - {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,SSL_AUTH_MASK}, - {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,SSL_AUTH_MASK}, - {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,SSL_AUTH_MASK}, - {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK}, - {0,SSL_TXT_aDH, 0,SSL_aDH, 0,SSL_AUTH_MASK}, - {0,SSL_TXT_DSS, 0,SSL_DSS, 0,SSL_AUTH_MASK}, - - {0,SSL_TXT_DES, 0,SSL_DES, 0,SSL_ENC_MASK}, - {0,SSL_TXT_3DES,0,SSL_3DES, 0,SSL_ENC_MASK}, - {0,SSL_TXT_RC4, 0,SSL_RC4, 0,SSL_ENC_MASK}, - {0,SSL_TXT_RC2, 0,SSL_RC2, 0,SSL_ENC_MASK}, - {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,SSL_ENC_MASK}, - {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK}, - {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,SSL_ENC_MASK}, - - {0,SSL_TXT_MD5, 0,SSL_MD5, 0,SSL_MAC_MASK}, - {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,SSL_MAC_MASK}, - {0,SSL_TXT_SHA, 0,SSL_SHA, 0,SSL_MAC_MASK}, - - {0,SSL_TXT_NULL,0,SSL_NULL, 0,SSL_ENC_MASK}, - {0,SSL_TXT_RSA, 0,SSL_RSA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, - {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, - {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK}, - - {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,SSL_EXP_MASK}, - {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,SSL_EXP_MASK}, - {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,SSL_EXP_MASK}, - {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK}, - {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK}, - {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK}, - {0,SSL_TXT_LOW, 0,SSL_LOW, 0,SSL_STRONG_MASK}, - {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK}, - {0,SSL_TXT_HIGH, 0,SSL_HIGH, 0,SSL_STRONG_MASK}, + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, + + {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, + {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, + + {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, + + {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, + {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, + {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, + + {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, + {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, + {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, + + {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, + {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, + {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, + + {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, + {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, + {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, + {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, + {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, + {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, + {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, }; static int init_ciphers=1; -static void load_ciphers(); - -static int cmp_by_name(SSL_CIPHER **a, SSL_CIPHER **b) - { - return(strcmp((*a)->name,(*b)->name)); - } static void load_ciphers(void) { @@ -294,170 +277,328 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, *tail=curr; } -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method, - STACK_OF(SSL_CIPHER) **cipher_list, - STACK_OF(SSL_CIPHER) **cipher_list_by_id, - char *str) +static unsigned long ssl_cipher_get_disabled(void) { - SSL_CIPHER *c; - char *l; - STACK_OF(SSL_CIPHER) *ret=NULL,*ok=NULL; -#define CL_BUF 40 - char buf[CL_BUF]; - char *tmp_str=NULL; - unsigned long mask,algorithms,ma; - char *start; - int i,j,k,num=0,ch,multi; - unsigned long al; - STACK *ca_list=NULL; - int current_x,num_x; - CIPHER_CHOICE *ops=NULL; - CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2; - int list_num; - int type; - SSL_CIPHER c_tmp,*cp; - - if (str == NULL) return(NULL); - - if (strncmp(str,"DEFAULT",7) == 0) - { - i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST); - if ((tmp_str=Malloc(i)) == NULL) - { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); - goto err; - } - strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST); - strcat(tmp_str,":"); - strcat(tmp_str,&(str[7])); - str=tmp_str; - } - if (init_ciphers) load_ciphers(); - - num=ssl_method->num_ciphers(); - - if ((ret=sk_SSL_CIPHER_new(NULL)) == NULL) goto err; - if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err; + unsigned long mask; - mask =SSL_kFZA; + mask = SSL_kFZA; #ifdef NO_RSA - mask|=SSL_aRSA|SSL_kRSA; + mask |= SSL_aRSA|SSL_kRSA; #endif #ifdef NO_DSA - mask|=SSL_aDSS; + mask |= SSL_aDSS; #endif #ifdef NO_DH - mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; + mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; #endif #ifdef SSL_FORBID_ENULL - mask|=SSL_eNULL; + mask |= SSL_eNULL; #endif - mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0; - mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0; - mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0; - mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0; - mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0; - mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0; + mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; + mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; + mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; + mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; + mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; + mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; - mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0; - mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0; + mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; + mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; - if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL) - goto err; + return(mask); + } + +static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, + int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, + CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) + { + unsigned int i, list_num; + SSL_CIPHER *c; + + /* + * We have num_of_ciphers descriptions compiled in, depending on the + * method selected (SSLv2 and/or SSLv3, TLSv1 etc). + * These will later be sorted in a linked list with at most num + * entries. + */ /* Get the initial list of ciphers */ - list_num=0; - for (i=0; iget_cipher((unsigned int)i); + c = ssl_method->get_cipher(i); /* drop those that use any of that is not available */ if ((c != NULL) && c->valid && !(c->algorithms & mask)) { - list[list_num].cipher=c; - list[list_num].next=NULL; - list[list_num].prev=NULL; - list[list_num].active=0; + list[list_num].cipher = c; + list[list_num].next = NULL; + list[list_num].prev = NULL; + list[list_num].active = 0; list_num++; + /* if (!sk_push(ca_list,(char *)c)) goto err; + */ } } - - for (i=1; i 0) { - head= &(list[0]); - head->prev=NULL; - head->next= &(list[1]); - tail= &(list[list_num-1]); - tail->prev= &(list[list_num-2]); - tail->next=NULL; + (*head_p) = &(list[0]); + (*head_p)->prev = NULL; + (*head_p)->next = &(list[1]); + (*tail_p) = &(list[list_num - 1]); + (*tail_p)->prev = &(list[list_num - 2]); + (*tail_p)->next = NULL; } + } - /* special case */ - cipher_aliases[0].algorithms &= ~mask; +static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, + int num_of_group_aliases, unsigned long mask, + CIPHER_ORDER *head) + { + CIPHER_ORDER *ciph_curr; + SSL_CIPHER **ca_curr; + int i; - /* get the aliases */ - k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER); - for (j=0; jcipher; + ca_curr++; + ciph_curr = ciph_curr->next; } - /* ca_list now holds a 'stack' of SSL_CIPHERS, some real, some - * 'aliases' */ + /* + * Now we add the available ones from the cipher_aliases[] table. + * They represent either an algorithm, that must be fully + * supported (not match any bit in mask) or represent a cipher + * strength value (will be added in any case because algorithms=0). + */ + for (i = 0; i < num_of_group_aliases; i++) + { + if ((i == 0) || /* always fetch "ALL" */ + !(cipher_aliases[i].algorithms & mask)) + { + *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); + ca_curr++; + } + } - /* how many parameters are there? */ - num=1; - for (l=str; *l; l++) - if (ITEM_SEP(*l)) - num++; - ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num); - if (ops == NULL) goto err; - memset(ops,0,sizeof(CIPHER_CHOICE)*num); + *ca_curr = NULL; /* end of list */ + } - /* we now parse the input string and create our operations */ - l=str; - i=0; - current_x=0; +static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, + unsigned long algo_strength, unsigned long mask_strength, + int rule, int strength_bits, CIPHER_ORDER *list, + CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) + { + CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; + SSL_CIPHER *cp; + unsigned long ma, ma_s; + +#ifdef CIPHER_DEBUG + printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", + rule, algorithms, mask, algo_strength, mask_strength, + strength_bits); +#endif + curr = head = *head_p; + curr2 = head; + tail2 = tail = *tail_p; for (;;) { - ch= *l; + if ((curr == NULL) || (curr == tail2)) break; + curr = curr2; + curr2 = curr->next; + + cp = curr->cipher; + + /* + * Selection criteria is either the number of strength_bits + * or the algorithm used. + */ + if (strength_bits == -1) + { + ma = mask & cp->algorithms; + ma_s = mask_strength & cp->algo_strength; + +#ifdef CIPHER_DEBUG + printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); + printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength); +#endif + /* + * Select: if none of the mask bit was met from the + * cipher or not all of the bits were met, the + * selection does not apply. + */ + if (((ma == 0) && (ma_s == 0)) || + ((ma & algorithms) != ma) || + ((ma_s & algo_strength) != ma_s)) + continue; /* does not apply */ + } + else if (strength_bits != cp->strength_bits) + continue; /* does not apply */ + +#ifdef CIPHER_DEBUG + printf("Action = %d\n", rule); +#endif + + /* add the cipher if it has not been added yet. */ + if (rule == CIPHER_ADD) + { + if (!curr->active) + { + ll_append_tail(&head, curr, &tail); + curr->active = 1; + } + } + /* Move the added cipher to this location */ + else if (rule == CIPHER_ORD) + { + if (curr->active) + { + ll_append_tail(&head, curr, &tail); + } + } + else if (rule == CIPHER_DEL) + curr->active = 0; + else if (rule == CIPHER_KILL) + { + if (head == curr) + head = curr->next; + else + curr->prev->next = curr->next; + if (tail == curr) + tail = curr->prev; + curr->active = 0; + if (curr->next != NULL) + curr->next->prev = curr->prev; + if (curr->prev != NULL) + curr->prev->next = curr->next; + curr->next = NULL; + curr->prev = NULL; + } + } + + *head_p = head; + *tail_p = tail; + } + +static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) + { + int max_strength_bits, i, *number_uses; + CIPHER_ORDER *curr; + + /* + * This routine sorts the ciphers with descending strength. The sorting + * must keep the pre-sorted sequence, so we apply the normal sorting + * routine as '+' movement to the end of the list. + */ + max_strength_bits = 0; + curr = *head_p; + while (curr != NULL) + { + if (curr->active && + (curr->cipher->strength_bits > max_strength_bits)) + max_strength_bits = curr->cipher->strength_bits; + curr = curr->next; + } + + number_uses = Malloc((max_strength_bits + 1) * sizeof(int)); + if (!number_uses) + { + SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); + return(0); + } + memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); + + /* + * Now find the strength_bits values actually used + */ + curr = *head_p; + while (curr != NULL) + { + if (curr->active) + number_uses[curr->cipher->strength_bits]++; + curr = curr->next; + } +#if 0 + /* + * Go through the list of used strength_bits values in descending + * order, omit strength_bits "0". + */ + for (i = max_strength_bits; i > 0; i--) + /* Do we really want this? If so "ALL:eNULL:@STRENGTH" puts eNULL + * ciphers first??? + */ + +#else + for (i = max_strength_bits; i >= 0; i--) +#endif + if (number_uses[i] > 0) + ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, + list, head_p, tail_p); + + Free(number_uses); + return(1); + } + +static int ssl_cipher_process_rulestr(const char *rule_str, + CIPHER_ORDER *list, CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) + { + unsigned long algorithms, mask, algo_strength, mask_strength; + const char *l, *start, *buf; + int j, multi, found, rule, retval, ok, buflen; + char ch; - if (ch == '\0') break; + retval = 1; + l = rule_str; + for (;;) + { + ch = *l; + if (ch == '\0') + break; /* done */ if (ch == '-') - { j=CIPHER_DEL; l++; } + { rule = CIPHER_DEL; l++; } else if (ch == '+') - { j=CIPHER_ORD; l++; } + { rule = CIPHER_ORD; l++; } else if (ch == '!') - { j=CIPHER_KILL; l++; } - else - { j=CIPHER_ADD; } + { rule = CIPHER_KILL; l++; } + else if (ch == '@') + { rule = CIPHER_SPECIAL; l++; } + else + { rule = CIPHER_ADD; } if (ITEM_SEP(ch)) { l++; continue; } - ops[current_x].type=j; - ops[current_x].algorithms=0; - ops[current_x].mask=0; + + algorithms = mask = algo_strength = mask_strength = 0; start=l; for (;;) { - ch= *l; - i=0; + ch = *l; + buf = l; + buflen = 0; #ifndef CHARSET_EBCDIC while ( ((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) || @@ -467,12 +608,28 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method, while ( isalnum(ch) || (ch == '-')) #endif { - buf[i]=ch; - ch= *(++l); - i++; - if (i >= (CL_BUF-2)) break; + ch = *(++l); + buflen++; } - buf[i]='\0'; + + if (buflen == 0) + { + /* + * We hit something, we cannot deal with, + * it is no command or seperator nor + * alphanumeric, so we call this an error. + */ + SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, + SSL_R_INVALID_COMMAND); + retval = found = 0; + l++; + break; + } + + if (rule == CIPHER_SPECIAL) + { + break; /* special treatment */ + } /* check for multi-part specification */ if (ch == '+') @@ -483,133 +640,236 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *ssl_method, else multi=0; - c_tmp.name=buf; - j=sk_find(ca_list,(char *)&c_tmp); - if (j < 0) - goto end_loop; + /* + * Now search for the name in the ca_list. Be carefule + * with the strncmp, because the "buflen" limitation + * will make the rule "ADH:SOME" and the cipher + * "ADH-MY-CIPHER" look like a match for buflen=3. + * So additionally check, whether the cipher name found + * has the correct length. We can save a strlen() call, + * just checking for the '\0' at the right place is + * sufficient, we have to strncmp() anyway. + */ + j = found = 0; + while (ca_list[j]) + { + if ((ca_list[j]->name[buflen] == '\0') && + !strncmp(buf, ca_list[j]->name, buflen)) + { + found = 1; + break; + } + else + j++; + } + if (!found) + break; /* ignore this entry */ + + algorithms |= ca_list[j]->algorithms; + mask |= ca_list[j]->mask; + algo_strength |= ca_list[j]->algo_strength; + mask_strength |= ca_list[j]->mask_strength; - cp=(SSL_CIPHER *)sk_value(ca_list,j); - ops[current_x].algorithms|=cp->algorithms; - /* We add the SSL_SSL_MASK so we can match the - * SSLv2 and SSLv3 versions of RC4-MD5 */ - ops[current_x].mask|=cp->mask; if (!multi) break; } - current_x++; - if (ch == '\0') break; -end_loop: - /* Make sure we scan until the next valid start point */ - while ((*l != '\0') && ITEM_SEP(*l)) - l++; + + /* + * Ok, we have the rule, now apply it + */ + if (rule == CIPHER_SPECIAL) + { /* special command */ + ok = 0; + if (!strncmp(buf, "STRENGTH", buflen)) + ok = ssl_cipher_strength_sort(list, + head_p, tail_p); + else + SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, + SSL_R_INVALID_COMMAND); + if (ok == 0) + retval = 0; + /* + * We do not support any "multi" options + * together with "@", so through away the + * rest of the command, if any left, until + * end or ':' is found. + */ + while ((*l != '\0') && ITEM_SEP(*l)) + l++; + } + else if (found) + { + ssl_cipher_apply_rule(algorithms, mask, + algo_strength, mask_strength, rule, -1, + list, head_p, tail_p); + } + else + { + while ((*l != '\0') && ITEM_SEP(*l)) + l++; + } + if (*l == '\0') break; /* done */ } - num_x=current_x; - current_x=0; + return(retval); + } + +STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) **cipher_list, + STACK_OF(SSL_CIPHER) **cipher_list_by_id, + const char *rule_str) + { + int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; + unsigned long disabled_mask; + STACK_OF(SSL_CIPHER) *cipherstack; + const char *rule_p; + CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; + SSL_CIPHER **ca_list = NULL; + + /* + * Return with error if nothing to do. + */ + if (rule_str == NULL) return(NULL); + + if (init_ciphers) load_ciphers(); - /* We will now process the list of ciphers, once for each category, to - * decide what we should do with it. */ - for (j=0; jnum_ciphers(); + list = (CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + if (list == NULL) { - algorithms=ops[j].algorithms; - type=ops[j].type; - mask=ops[j].mask; + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + return(NULL); /* Failure */ + } - curr=head; - curr2=head; - tail2=tail; - for (;;) - { - if ((curr == NULL) || (curr == tail2)) break; - curr=curr2; - curr2=curr->next; + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, + list, &head, &tail); + + /* + * We also need cipher aliases for selecting based on the rule_str. + * There might be two types of entries in the rule_str: 1) names + * of ciphers themselves 2) aliases for groups of ciphers. + * For 1) we need the available ciphers and for 2) the cipher + * groups of cipher_aliases added togehter in one list (otherwise + * we would be happy with just the cipher_aliases table). + */ + num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); + num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; + ca_list = + (SSL_CIPHER **)Malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + if (ca_list == NULL) + { + Free(list); + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); + return(NULL); /* Failure */ + } + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, + head); + + /* + * If the rule_string begins with DEFAULT, apply the default rule + * before using the (possibly available) additional rules. + */ + ok = 1; + rule_p = rule_str; + if (strncmp(rule_str,"DEFAULT",7) == 0) + { + ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, + list, &head, &tail, ca_list); + rule_p += 7; + if (*rule_p == ':') + rule_p++; + } - cp=curr->cipher; - ma=mask & cp->algorithms; - if ((ma == 0) || ((ma & algorithms) != ma)) - { - /* does not apply */ - continue; - } + if (ok && (strlen(rule_p) > 0)) + ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, + ca_list); - /* add the cipher if it has not been added yet. */ - if (type == CIPHER_ADD) - { - if (!curr->active) - { - ll_append_tail(&head,curr,&tail); - curr->active=1; - } - } - /* Move the added cipher to this location */ - else if (type == CIPHER_ORD) - { - if (curr->active) - { - ll_append_tail(&head,curr,&tail); - } - } - else if (type == CIPHER_DEL) - curr->active=0; - if (type == CIPHER_KILL) - { - if (head == curr) - head=curr->next; - else - curr->prev->next=curr->next; - if (tail == curr) - tail=curr->prev; - curr->active=0; - if (curr->next != NULL) - curr->next->prev=curr->prev; - if (curr->prev != NULL) - curr->prev->next=curr->next; - curr->next=NULL; - curr->prev=NULL; - } - } + Free(ca_list); /* Not needed anymore */ + + if (!ok) + { /* Rule processing failure */ + Free(list); + return(NULL); + } + /* + * Allocate new "cipherstack" for the result, return with error + * if we cannot get one. + */ + if ((cipherstack = sk_SSL_CIPHER_new(NULL)) == NULL) + { + Free(list); + return(NULL); } - for (curr=head; curr != NULL; curr=curr->next) + /* + * The cipher selection for the list is done. The ciphers are added + * to the resulting precedence to the STACK_OF(SSL_CIPHER). + */ + for (curr = head; curr != NULL; curr = curr->next) { if (curr->active) { - sk_SSL_CIPHER_push(ret,curr->cipher); + sk_SSL_CIPHER_push(cipherstack, curr->cipher); #ifdef CIPHER_DEBUG printf("<%s>\n",curr->cipher->name); #endif } } - + Free(list); /* Not needed any longer */ + + /* + * The following passage is a little bit odd. If pointer variables + * were supplied to hold STACK_OF(SSL_CIPHER) return information, + * the old memory pointed to is free()ed. Then, however, the + * cipher_list entry will be assigned just a copy of the returned + * cipher stack. For cipher_list_by_id a copy of the cipher stack + * will be created. See next comment... + */ if (cipher_list != NULL) { if (*cipher_list != NULL) sk_SSL_CIPHER_free(*cipher_list); - *cipher_list=ret; + *cipher_list = cipherstack; } if (cipher_list_by_id != NULL) { if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); - *cipher_list_by_id=sk_SSL_CIPHER_dup(ret); + *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack); } + /* + * Now it is getting really strange. If something failed during + * the previous pointer assignement or if one of the pointers was + * not requested, the error condition is met. That might be + * discussable. The strange thing is however that in this case + * the memory "ret" pointed to is "free()ed" and hence the pointer + * cipher_list becomes wild. The memory reserved for + * cipher_list_by_id however is not "free()ed" and stays intact. + */ if ( (cipher_list_by_id == NULL) || (*cipher_list_by_id == NULL) || (cipher_list == NULL) || (*cipher_list == NULL)) - goto err; + { + sk_SSL_CIPHER_free(cipherstack); + return(NULL); + } + sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); - ok=ret; - ret=NULL; -err: - if (tmp_str) Free(tmp_str); - if (ops != NULL) Free(ops); - if (ret != NULL) sk_SSL_CIPHER_free(ret); - if (ca_list != NULL) sk_free(ca_list); - if (list != NULL) Free(list); - return(ok); + return(cipherstack); } char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) @@ -617,15 +877,16 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) int is_export,pkl,kl; char *ver,*exp; char *kx,*au,*enc,*mac; - unsigned long alg,alg2; + unsigned long alg,alg2,alg_s; static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; alg=cipher->algorithms; + alg_s=cipher->algo_strength; alg2=cipher->algorithm2; - is_export=SSL_IS_EXPORT(alg); - pkl=SSL_EXPORT_PKEYLENGTH(alg); - kl=SSL_EXPORT_KEYLENGTH(alg); + is_export=SSL_C_IS_EXPORT(cipher); + pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); + kl=SSL_C_EXPORT_KEYLENGTH(cipher); exp=is_export?" export":""; if (alg & SSL_SSLV2) @@ -755,34 +1016,13 @@ const char *SSL_CIPHER_get_name(SSL_CIPHER *c) /* number of bits for symetric cipher */ int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) { - int ret=0,a=0; - const EVP_CIPHER *enc; - const EVP_MD *md; - SSL_SESSION ss; + int ret=0; if (c != NULL) { - ss.cipher=c; - if (!ssl_cipher_get_evp(&ss,&enc,&md,NULL)) - return(0); - - a=EVP_CIPHER_key_length(enc)*8; - - if (SSL_C_IS_EXPORT(c)) - { - ret=SSL_C_EXPORT_KEYLENGTH(c)*8; - } - else - { - if (c->algorithm2 & SSL2_CF_8_BYTE_ENC) - ret=64; - else - ret=a; - } + if (alg_bits != NULL) *alg_bits = c->alg_bits; + ret = c->strength_bits; } - - if (alg_bits != NULL) *alg_bits=a; - return(ret); } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index ff7e1c7aab..d387cf36c2 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -135,6 +135,8 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"}, {ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, {ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, +{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"}, +{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"}, {ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"}, {ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"}, {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, @@ -260,6 +262,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_HTTP_REQUEST ,"http request"}, {SSL_R_INTERNAL_ERROR ,"internal error"}, {SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, +{SSL_R_INVALID_COMMAND ,"invalid command"}, {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, {SSL_R_INVALID_TRUST ,"invalid trust"}, {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 39ee0280b8..4d74f6e45c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -923,7 +923,7 @@ const char *SSL_get_cipher_list(SSL *s,int n) } /** specify the ciphers to be used by default by the SSL_CTX */ -int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str) +int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { STACK_OF(SSL_CIPHER) *sk; @@ -934,7 +934,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx,char *str) } /** specify the ciphers to be used by the SSL */ -int SSL_set_cipher_list(SSL *s,char *str) +int SSL_set_cipher_list(SSL *s,const char *str) { STACK_OF(SSL_CIPHER) *sk; @@ -1362,7 +1362,7 @@ X509 *ssl_get_server_send_cert(SSL *s) c=s->cert; ssl_set_cert_masks(c, s->s3->tmp.new_cipher); alg=s->s3->tmp.new_cipher->algorithms; - is_export=SSL_IS_EXPORT(alg); + is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); mask=is_export?c->export_mask:c->mask; kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b8f43c20e0..7b9d29dfc0 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -155,6 +155,19 @@ #define DEC32(a) ((a)=((a)-1)&0xffffffffL) #define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ +/* + * Define the Bitmasks for SSL_CIPHER.algorithms. + * This bits are used packed as dense as possible. If new methods/ciphers + * etc will be added, the bits a likely to change, so this information + * is for internal library use only, even though SSL_CIPHER.algorithms + * can be publicly accessed. + * Use the according functions for cipher management instead. + * + * The bit mask hendling in the selection and sorting scheme in + * ssl_create_cipher_list() has only limited capabilities, reflecting + * that the different entities within are mutually exclusiv: + * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. + */ #define SSL_MKEY_MASK 0x0000001FL #define SSL_kRSA 0x00000001L /* RSA key exchange */ #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ @@ -191,36 +204,75 @@ #define SSL_SHA1 0x00040000L #define SSL_SHA (SSL_SHA1) -#define SSL_EXP_MASK 0x00300000L -#define SSL_EXP40 0x00100000L -#define SSL_NOT_EXP 0x00200000L -#define SSL_EXP56 0x00300000L -#define SSL_IS_EXPORT(a) ((a)&SSL_EXP40) -#define SSL_IS_EXPORT56(a) (((a)&SSL_EXP_MASK) == SSL_EXP56) -#define SSL_IS_EXPORT40(a) (((a)&SSL_EXP_MASK) == SSL_EXP40) -#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algorithms) -#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algorithms) -#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algorithms) -#define SSL_EXPORT_KEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 5 : \ +#define SSL_SSL_MASK 0x00180000L +#define SSL_SSLV2 0x00080000L +#define SSL_SSLV3 0x00100000L +#define SSL_TLSV1 SSL_SSLV3 /* for now */ + +/* we have used 001fffff - 11 bits left to go */ + +/* + * Export and cipher strenght information. For each cipher we have to decide + * whether it is exportable or not. This information is likely to change + * over time, since the export control rules are no static technical issue. + * + * Independent of the export flag the cipher strength is sorted into classes. + * SSL_EXP40 was denoting the 40bit US export limit of past times, which now + * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change + * againg (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, + * since SSL_EXP64 could be similar to SSL_LOW. + * For this reason SSL_MICRO and SSL_MINI macros are included to widen the + * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed + * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would + * be possible. + */ +#define SSL_EXP_MASK 0x00000003L +#define SSL_NOT_EXP 0x00000001L +#define SSL_EXPORT 0x00000002L + +#define SSL_STRONG_MASK 0x0000007cL +#define SSL_EXP40 0x00000004L +#define SSL_MICRO (SSL_EXP40) +#define SSL_EXP56 0x00000008L +#define SSL_MINI (SSL_EXP56) +#define SSL_LOW 0x00000010L +#define SSL_MEDIUM 0x00000020L +#define SSL_HIGH 0x00000040L + +/* we have used 0000007f - 25 bits left to go */ + +/* + * Macros to check the export status and cipher strength for export ciphers. + * Even though the macros for EXPORT and EXPORT40/56 have similar names, + * their meaning is different: + * *_EXPORT macros check the 'exportable' status. + * *_EXPORT40/56 macros are used to check whether a certain cipher strength + * is given. + * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct + * algorithm structure element to be passed (algorithms, algo_strength) and no + * typechecking can be done as they are all of type unsigned long, their + * direct usage is discouraged. + * Use the SSL_C_* macros instead. + */ +#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) +#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) +#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) +#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) +#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) +#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) + +#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7) #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) -#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms) -#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algorithms) - -#define SSL_SSL_MASK 0x00c00000L -#define SSL_SSLV2 0x00400000L -#define SSL_SSLV3 0x00800000L -#define SSL_TLSV1 SSL_SSLV3 /* for now */ +#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \ + (c)->algo_strength) +#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) -#define SSL_STRONG_MASK 0x07000000L -#define SSL_LOW 0x01000000L -#define SSL_MEDIUM 0x02000000L -#define SSL_HIGH 0x04000000L -/* we have used 0fffffff - 4 bits left to go */ #define SSL_ALL 0xffffffffL #define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ - SSL_MAC_MASK|SSL_EXP_MASK) + SSL_MAC_MASK) +#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK) /* Mostly for SSLv3 */ #define SSL_PKEY_RSA_ENC 0 @@ -256,7 +308,7 @@ typedef struct cert_st CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array * Probably it would make more sense to store * an index, not a pointer. */ - + /* The following masks are for the key and auth * algorithms that are supported by the certs below */ int valid; @@ -376,10 +428,10 @@ int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp); int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); -STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_METHOD *meth, +STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted, - char *str); + const char *rule_str); void ssl_update_cache(SSL *s, int mode); int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md, SSL_COMP **comp); diff --git a/ssl/tls1.h b/ssl/tls1.h index a931efa936..afb1e10ac9 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -65,7 +65,7 @@ extern "C" { #endif -#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 #define TLS1_VERSION 0x0301 #define TLS1_VERSION_MAJOR 0x03 -- 2.34.1