0a56042931e07c0b69ec6d25916ae4436747123a
[openssl.git] / ssl / ssl_ciph.c
1 /* ssl/ssl_ciph.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by 
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142
143 #include <stdio.h>
144 #include <openssl/objects.h>
145 #include <openssl/comp.h>
146 #include "ssl_locl.h"
147
148 #define SSL_ENC_DES_IDX         0
149 #define SSL_ENC_3DES_IDX        1
150 #define SSL_ENC_RC4_IDX         2
151 #define SSL_ENC_RC2_IDX         3
152 #define SSL_ENC_IDEA_IDX        4
153 #define SSL_ENC_NULL_IDX        5
154 #define SSL_ENC_AES128_IDX      6
155 #define SSL_ENC_AES256_IDX      7
156 #define SSL_ENC_CAMELLIA128_IDX 8
157 #define SSL_ENC_CAMELLIA256_IDX 9
158 #define SSL_ENC_GOST89_IDX      10
159 #define SSL_ENC_SEED_IDX        11
160 #define SSL_ENC_NUM_IDX         12
161
162
163 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
164         NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
165         };
166
167 #define SSL_COMP_NULL_IDX       0
168 #define SSL_COMP_ZLIB_IDX       1
169 #define SSL_COMP_NUM_IDX        2
170
171 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
172
173 #define SSL_MD_MD5_IDX  0
174 #define SSL_MD_SHA1_IDX 1
175 #define SSL_MD_NUM_IDX  2
176 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
177         NULL,NULL,
178         };
179
180 #define CIPHER_ADD      1
181 #define CIPHER_KILL     2
182 #define CIPHER_DEL      3
183 #define CIPHER_ORD      4
184 #define CIPHER_SPECIAL  5
185
186 typedef struct cipher_order_st
187         {
188         SSL_CIPHER *cipher;
189         int active;
190         int dead;
191         struct cipher_order_st *next,*prev;
192         } CIPHER_ORDER;
193
194 static const SSL_CIPHER cipher_aliases[]={
195         /* "ALL" doesn't include eNULL (must be specifically enabled) */
196         {0,SSL_TXT_ALL,0,     0,0,~SSL_eNULL,0,0,0,0,0,0},
197         /* "COMPLEMENTOFALL" */
198         {0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
199
200         /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
201         {0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
202
203         /* key exchange aliases
204          * (some of those using only a single bit here combine
205          * multiple key exchange algs according to the RFCs,
206          * e.g. kEDH combines DHE_DSS and DHE_RSA) */
207         {0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
208
209         {0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
210         {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
211         {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
212         {0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
213         {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
214
215         {0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
216
217         {0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
218         {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
219         {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
220         {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
221         {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
222
223         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
224
225
226         /* server authentication aliases */
227         {0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
228         {0,SSL_TXT_aDSS,0,    0,SSL_aDSS,  0,0,0,0,0,0,0},
229         {0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
230         {0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
231         {0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
232         {0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
233         {0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
234         {0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
235         {0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
236         {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
237
238
239         /* aliases combining key exchange and server authentication */
240         {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
241         {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
242         {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
243         {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
244         {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
245         {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
246         {0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
247         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
248
249
250         /* symmetric encryption aliases */
251         {0,SSL_TXT_DES,0,     0,0,SSL_DES,   0,0,0,0,0,0},
252         {0,SSL_TXT_3DES,0,    0,0,SSL_3DES,  0,0,0,0,0,0},
253         {0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
254         {0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
255         {0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
256         {0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
257         {0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
258         {0,SSL_TXT_AES128,0,  0,0,SSL_AES128,0,0,0,0,0,0},
259         {0,SSL_TXT_AES256,0,  0,0,SSL_AES256,0,0,0,0,0,0},
260         {0,SSL_TXT_AES,0,     0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
261         {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
262         {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
263         {0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
264
265         /* MAC aliases */       
266         {0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
267         {0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
268         {0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
269
270         /* protocol version aliases */
271         {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
272         {0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
273         {0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
274
275         /* export flag */
276         {0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
277         {0,SSL_TXT_EXPORT,0,  0,0,0,0,0,SSL_EXPORT,0,0,0},
278
279         /* strength classes */
280         {0,SSL_TXT_EXP40,0,   0,0,0,0,0,SSL_EXP40, 0,0,0},
281         {0,SSL_TXT_EXP56,0,   0,0,0,0,0,SSL_EXP56, 0,0,0},
282         {0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
283         {0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
284         {0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
285         };
286
287 void ssl_load_ciphers(void)
288         {
289         ssl_cipher_methods[SSL_ENC_DES_IDX]= 
290                 EVP_get_cipherbyname(SN_des_cbc);
291         ssl_cipher_methods[SSL_ENC_3DES_IDX]=
292                 EVP_get_cipherbyname(SN_des_ede3_cbc);
293         ssl_cipher_methods[SSL_ENC_RC4_IDX]=
294                 EVP_get_cipherbyname(SN_rc4);
295         ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
296                 EVP_get_cipherbyname(SN_rc2_cbc);
297 #ifndef OPENSSL_NO_IDEA
298         ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
299                 EVP_get_cipherbyname(SN_idea_cbc);
300 #else
301         ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
302 #endif
303         ssl_cipher_methods[SSL_ENC_AES128_IDX]=
304           EVP_get_cipherbyname(SN_aes_128_cbc);
305         ssl_cipher_methods[SSL_ENC_AES256_IDX]=
306           EVP_get_cipherbyname(SN_aes_256_cbc);
307         ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
308           EVP_get_cipherbyname(SN_camellia_128_cbc);
309         ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
310           EVP_get_cipherbyname(SN_camellia_256_cbc);
311         ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
312           EVP_get_cipherbyname(SN_gost89_cnt);
313         ssl_cipher_methods[SSL_ENC_SEED_IDX]=
314           EVP_get_cipherbyname(SN_seed_cbc);
315
316         ssl_digest_methods[SSL_MD_MD5_IDX]=
317                 EVP_get_digestbyname(SN_md5);
318         ssl_digest_methods[SSL_MD_SHA1_IDX]=
319                 EVP_get_digestbyname(SN_sha1);
320         }
321
322
323 #ifndef OPENSSL_NO_COMP
324
325 static int sk_comp_cmp(const SSL_COMP * const *a,
326                         const SSL_COMP * const *b)
327         {
328         return((*a)->id-(*b)->id);
329         }
330
331 static void load_builtin_compressions(void)
332         {
333         int got_write_lock = 0;
334
335         CRYPTO_r_lock(CRYPTO_LOCK_SSL);
336         if (ssl_comp_methods == NULL)
337                 {
338                 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
339                 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
340                 got_write_lock = 1;
341                 
342                 if (ssl_comp_methods == NULL)
343                         {
344                         SSL_COMP *comp = NULL;
345
346                         MemCheck_off();
347                         ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
348                         if (ssl_comp_methods != NULL)
349                                 {
350                                 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
351                                 if (comp != NULL)
352                                         {
353                                         comp->method=COMP_zlib();
354                                         if (comp->method
355                                                 && comp->method->type == NID_undef)
356                                                 OPENSSL_free(comp);
357                                         else
358                                                 {
359                                                 comp->id=SSL_COMP_ZLIB_IDX;
360                                                 comp->name=comp->method->name;
361                                                 sk_SSL_COMP_push(ssl_comp_methods,comp);
362                                                 }
363                                         }
364                                 }
365                         MemCheck_on();
366                         }
367                 }
368         
369         if (got_write_lock)
370                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
371         else
372                 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
373         }
374 #endif
375
376 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
377              const EVP_MD **md, SSL_COMP **comp)
378         {
379         int i;
380         SSL_CIPHER *c;
381
382         c=s->cipher;
383         if (c == NULL) return(0);
384         if (comp != NULL)
385                 {
386                 SSL_COMP ctmp;
387 #ifndef OPENSSL_NO_COMP
388                 load_builtin_compressions();
389 #endif
390
391                 *comp=NULL;
392                 ctmp.id=s->compress_meth;
393                 if (ssl_comp_methods != NULL)
394                         {
395                         i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
396                         if (i >= 0)
397                                 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
398                         else
399                                 *comp=NULL;
400                         }
401                 }
402
403         if ((enc == NULL) || (md == NULL)) return(0);
404
405         switch (c->algorithm_enc)
406                 {
407         case SSL_DES:
408                 i=SSL_ENC_DES_IDX;
409                 break;
410         case SSL_3DES:
411                 i=SSL_ENC_3DES_IDX;
412                 break;
413         case SSL_RC4:
414                 i=SSL_ENC_RC4_IDX;
415                 break;
416         case SSL_RC2:
417                 i=SSL_ENC_RC2_IDX;
418                 break;
419         case SSL_IDEA:
420                 i=SSL_ENC_IDEA_IDX;
421                 break;
422         case SSL_eNULL:
423                 i=SSL_ENC_NULL_IDX;
424                 break;
425         case SSL_AES128:
426                 i=SSL_ENC_AES128_IDX;
427                 break;
428         case SSL_AES256:
429                 i=SSL_ENC_AES256_IDX;
430                 break;
431         case SSL_CAMELLIA128:
432                 i=SSL_ENC_CAMELLIA128_IDX;
433                 break;
434         case SSL_CAMELLIA256:
435                 i=SSL_ENC_CAMELLIA256_IDX;
436                 break;
437         case SSL_eGOST2814789CNT:
438                 i=SSL_ENC_GOST89_IDX;
439                 break;
440         case SSL_SEED:
441                 i=SSL_ENC_SEED_IDX;
442                 break;
443         default:
444                 i= -1;
445                 break;
446                 }
447
448         if ((i < 0) || (i > SSL_ENC_NUM_IDX))
449                 *enc=NULL;
450         else
451                 {
452                 if (i == SSL_ENC_NULL_IDX)
453                         *enc=EVP_enc_null();
454                 else
455                         *enc=ssl_cipher_methods[i];
456                 }
457
458         switch (c->algorithm_mac)
459                 {
460         case SSL_MD5:
461                 i=SSL_MD_MD5_IDX;
462                 break;
463         case SSL_SHA1:
464                 i=SSL_MD_SHA1_IDX;
465                 break;
466         default:
467                 i= -1;
468                 break;
469                 }
470         if ((i < 0) || (i > SSL_MD_NUM_IDX))
471                 *md=NULL;
472         else
473                 *md=ssl_digest_methods[i];
474
475         if ((*enc != NULL) && (*md != NULL))
476                 return(1);
477         else
478                 return(0);
479         }
480
481 #define ITEM_SEP(a) \
482         (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
483
484 static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
485              CIPHER_ORDER **tail)
486         {
487         if (curr == *tail) return;
488         if (curr == *head)
489                 *head=curr->next;
490         if (curr->prev != NULL)
491                 curr->prev->next=curr->next;
492         if (curr->next != NULL)
493                 curr->next->prev=curr->prev;
494         (*tail)->next=curr;
495         curr->prev= *tail;
496         curr->next=NULL;
497         *tail=curr;
498         }
499
500 static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
501              CIPHER_ORDER **tail)
502         {
503         if (curr == *head) return;
504         if (curr == *tail)
505                 *tail=curr->prev;
506         if (curr->next != NULL)
507                 curr->next->prev=curr->prev;
508         if (curr->prev != NULL)
509                 curr->prev->next=curr->next;
510         (*head)->prev=curr;
511         curr->next= *head;
512         curr->prev=NULL;
513         *head=curr;
514         }
515
516 static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
517         {
518         *mkey = 0;
519         *auth = 0;
520         *enc = 0;
521         *mac = 0;
522         *ssl = 0;
523
524 #ifdef OPENSSL_NO_RSA
525         *mkey |= SSL_kRSA;
526         *auth |= SSL_aRSA;
527 #endif
528 #ifdef OPENSSL_NO_DSA
529         *auth |= SSL_aDSS;
530 #endif
531         *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
532         *auth |= SSL_aDH;
533 #ifdef OPENSSL_NO_DH
534         *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
535         *auth |= SSL_aDH;
536 #endif
537 #ifdef OPENSSL_NO_KRB5
538         *mkey |= SSL_kKRB5;
539         *auth |= SSL_aKRB5;
540 #endif
541 #ifdef OPENSSL_NO_ECDSA
542         *auth |= SSL_aECDSA;
543 #endif
544 #ifdef OPENSSL_NO_ECDH
545         *mkey |= SSL_kECDHe|SSL_kECDHr;
546         *auth |= SSL_aECDH;
547 #endif
548 #ifdef OPENSSL_NO_PSK
549         *mkey |= SSL_kPSK;
550         *auth |= SSL_aPSK;
551 #endif
552 #ifdef SSL_FORBID_ENULL
553         *enc |= SSL_eNULL;
554 #endif
555
556         *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
557         *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
558         *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
559         *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
560         *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
561         *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
562         *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
563         *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
564         *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
565         *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
566         *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
567
568         *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
569         *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
570         }
571
572 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
573                 int num_of_ciphers,
574                 unsigned long disabled_mkey, unsigned long disabled_auth,
575                 unsigned long disabled_enc, unsigned long disabled_mac,
576                 unsigned long disabled_ssl,
577                 CIPHER_ORDER *co_list,
578                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
579         {
580         int i, co_list_num;
581         SSL_CIPHER *c;
582
583         /*
584          * We have num_of_ciphers descriptions compiled in, depending on the
585          * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
586          * These will later be sorted in a linked list with at most num
587          * entries.
588          */
589
590         /* Get the initial list of ciphers */
591         co_list_num = 0;        /* actual count of ciphers */
592         for (i = 0; i < num_of_ciphers; i++)
593                 {
594                 c = ssl_method->get_cipher(i);
595                 /* drop those that use any of that is not available */
596                 if ((c != NULL) && c->valid &&
597                     !(c->algorithm_mkey & disabled_mkey) &&
598                     !(c->algorithm_auth & disabled_auth) &&
599                     !(c->algorithm_enc & disabled_enc) &&
600                     !(c->algorithm_mac & disabled_mac) &&
601                     !(c->algorithm_ssl & disabled_ssl))
602                         {
603                         co_list[co_list_num].cipher = c;
604                         co_list[co_list_num].next = NULL;
605                         co_list[co_list_num].prev = NULL;
606                         co_list[co_list_num].active = 0;
607                         co_list_num++;
608 #ifdef KSSL_DEBUG
609                         printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
610 #endif  /* KSSL_DEBUG */
611                         /*
612                         if (!sk_push(ca_list,(char *)c)) goto err;
613                         */
614                         }
615                 }
616
617         /*
618          * Prepare linked list from list entries
619          */     
620         if (co_list_num > 0)
621                 {
622                 co_list[0].prev = NULL;
623
624                 if (co_list_num > 1)
625                         {
626                         co_list[0].next = &co_list[1];
627                         
628                         for (i = 1; i < co_list_num - 1; i++)
629                                 {
630                                 co_list[i].prev = &co_list[i - 1];
631                                 co_list[i].next = &co_list[i + 1];
632                                 }
633
634                         co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
635                         }
636                 
637                 co_list[co_list_num - 1].next = NULL;
638
639                 *head_p = &co_list[0];
640                 *tail_p = &co_list[co_list_num - 1];
641                 }
642         }
643
644 static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
645                         int num_of_group_aliases,
646                         unsigned long disabled_mkey, unsigned long disabled_auth,
647                         unsigned long disabled_enc, unsigned long disabled_mac,
648                         unsigned long disabled_ssl,
649                         CIPHER_ORDER *head)
650         {
651         CIPHER_ORDER *ciph_curr;
652         SSL_CIPHER **ca_curr;
653         int i;
654         unsigned long mask_mkey = ~disabled_mkey;
655         unsigned long mask_auth = ~disabled_auth;
656         unsigned long mask_enc = ~disabled_enc;
657         unsigned long mask_mac = ~disabled_mac;
658         unsigned long mask_ssl = ~disabled_ssl;
659
660         /*
661          * First, add the real ciphers as already collected
662          */
663         ciph_curr = head;
664         ca_curr = ca_list;
665         while (ciph_curr != NULL)
666                 {
667                 *ca_curr = ciph_curr->cipher;
668                 ca_curr++;
669                 ciph_curr = ciph_curr->next;
670                 }
671
672         /*
673          * Now we add the available ones from the cipher_aliases[] table.
674          * They represent either one or more algorithms, some of which
675          * in any affected category must be supported (set in enabled_mask),
676          * or represent a cipher strength value (will be added in any case because algorithms=0).
677          */
678         for (i = 0; i < num_of_group_aliases; i++)
679                 {
680                 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
681                 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
682                 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
683                 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
684                 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
685
686                 if (algorithm_mkey)
687                         if ((algorithm_mkey & mask_mkey) == 0)
688                                 continue;
689         
690                 if (algorithm_auth)
691                         if ((algorithm_auth & mask_auth) == 0)
692                                 continue;
693                 
694                 if (algorithm_enc)
695                         if ((algorithm_enc & mask_enc) == 0)
696                                 continue;
697                 
698                 if (algorithm_mac)
699                         if ((algorithm_mac & mask_mac) == 0)
700                                 continue;
701                 
702                 if (algorithm_ssl)
703                         if ((algorithm_ssl & mask_ssl) == 0)
704                                 continue;
705                 
706                 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
707                 ca_curr++;
708                 }
709
710         *ca_curr = NULL;        /* end of list */
711         }
712
713 static void ssl_cipher_apply_rule(unsigned long cipher_id,
714                 unsigned long alg_mkey, unsigned long alg_auth,
715                 unsigned long alg_enc, unsigned long alg_mac,
716                 unsigned long alg_ssl,
717                 unsigned long algo_strength,
718                 int rule, int strength_bits,
719                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
720         {
721         CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
722         SSL_CIPHER *cp;
723         int reverse = 0;
724
725 #ifdef CIPHER_DEBUG
726         printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
727                 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
728 #endif
729
730         if (rule == CIPHER_DEL)
731                 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
732
733         head = *head_p;
734         tail = *tail_p;
735
736         if (reverse)
737                 {
738                 curr = tail;
739                 last = head;
740                 }
741         else
742                 {
743                 curr = head;
744                 last = tail;
745                 }
746
747         curr2 = curr;
748         for (;;)
749                 {
750                 if ((curr == NULL) || (curr == last)) break;
751                 curr = curr2;
752                 curr2 = reverse ? curr->prev : curr->next;
753
754                 cp = curr->cipher;
755
756                 /*
757                  * Selection criteria is either the value of strength_bits
758                  * or the algorithms used.
759                  */
760                 if (strength_bits >= 0)
761                         {
762                         if (strength_bits != cp->strength_bits)
763                                 continue;
764                         }
765                 else
766                         {
767 #ifdef CIPHER_DEBUG
768                         printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
769 #endif
770
771                         if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
772                                 continue;
773                         if (alg_auth && !(alg_auth & cp->algorithm_auth))
774                                 continue;
775                         if (alg_enc && !(alg_enc & cp->algorithm_enc))
776                                 continue;
777                         if (alg_mac && !(alg_mac & cp->algorithm_mac))
778                                 continue;
779                         if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
780                                 continue;
781                         if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
782                                 continue;
783                         if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
784                                 continue;
785                         }
786
787 #ifdef CIPHER_DEBUG
788                 printf("Action = %d\n", rule);
789 #endif
790
791                 /* add the cipher if it has not been added yet. */
792                 if (rule == CIPHER_ADD)
793                         {
794                         /* reverse == 0 */
795                         if (!curr->active)
796                                 {
797                                 ll_append_tail(&head, curr, &tail);
798                                 curr->active = 1;
799                                 }
800                         }
801                 /* Move the added cipher to this location */
802                 else if (rule == CIPHER_ORD)
803                         {
804                         /* reverse == 0 */
805                         if (curr->active)
806                                 {
807                                 ll_append_tail(&head, curr, &tail);
808                                 }
809                         }
810                 else if (rule == CIPHER_DEL)
811                         {
812                         /* reverse == 1 */
813                         if (curr->active)
814                                 {
815                                 /* most recently deleted ciphersuites get best positions
816                                  * for any future CIPHER_ADD (note that the CIPHER_DEL loop
817                                  * works in reverse to maintain the order) */
818                                 ll_append_head(&head, curr, &tail);
819                                 curr->active = 0;
820                                 }
821                         }
822                 else if (rule == CIPHER_KILL)
823                         {
824                         /* reverse == 0 */
825                         if (head == curr)
826                                 head = curr->next;
827                         else
828                                 curr->prev->next = curr->next;
829                         if (tail == curr)
830                                 tail = curr->prev;
831                         curr->active = 0;
832                         if (curr->next != NULL)
833                                 curr->next->prev = curr->prev;
834                         if (curr->prev != NULL)
835                                 curr->prev->next = curr->next;
836                         curr->next = NULL;
837                         curr->prev = NULL;
838                         }
839                 }
840
841         *head_p = head;
842         *tail_p = tail;
843         }
844
845 static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
846                                     CIPHER_ORDER **tail_p)
847         {
848         int max_strength_bits, i, *number_uses;
849         CIPHER_ORDER *curr;
850
851         /*
852          * This routine sorts the ciphers with descending strength. The sorting
853          * must keep the pre-sorted sequence, so we apply the normal sorting
854          * routine as '+' movement to the end of the list.
855          */
856         max_strength_bits = 0;
857         curr = *head_p;
858         while (curr != NULL)
859                 {
860                 if (curr->active &&
861                     (curr->cipher->strength_bits > max_strength_bits))
862                     max_strength_bits = curr->cipher->strength_bits;
863                 curr = curr->next;
864                 }
865
866         number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
867         if (!number_uses)
868                 {
869                 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
870                 return(0);
871                 }
872         memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
873
874         /*
875          * Now find the strength_bits values actually used
876          */
877         curr = *head_p;
878         while (curr != NULL)
879                 {
880                 if (curr->active)
881                         number_uses[curr->cipher->strength_bits]++;
882                 curr = curr->next;
883                 }
884         /*
885          * Go through the list of used strength_bits values in descending
886          * order.
887          */
888         for (i = max_strength_bits; i >= 0; i--)
889                 if (number_uses[i] > 0)
890                         ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
891
892         OPENSSL_free(number_uses);
893         return(1);
894         }
895
896 static int ssl_cipher_process_rulestr(const char *rule_str,
897                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
898                 SSL_CIPHER **ca_list)
899         {
900         unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
901         const char *l, *start, *buf;
902         int j, multi, found, rule, retval, ok, buflen;
903         unsigned long cipher_id = 0;
904         char ch;
905
906         retval = 1;
907         l = rule_str;
908         for (;;)
909                 {
910                 ch = *l;
911
912                 if (ch == '\0')
913                         break;          /* done */
914                 if (ch == '-')
915                         { rule = CIPHER_DEL; l++; }
916                 else if (ch == '+')
917                         { rule = CIPHER_ORD; l++; }
918                 else if (ch == '!')
919                         { rule = CIPHER_KILL; l++; }
920                 else if (ch == '@')
921                         { rule = CIPHER_SPECIAL; l++; }
922                 else
923                         { rule = CIPHER_ADD; }
924
925                 if (ITEM_SEP(ch))
926                         {
927                         l++;
928                         continue;
929                         }
930
931                 alg_mkey = 0;
932                 alg_auth = 0;
933                 alg_enc = 0;
934                 alg_mac = 0;
935                 alg_ssl = 0;
936                 algo_strength = 0;
937
938                 start=l;
939                 for (;;)
940                         {
941                         ch = *l;
942                         buf = l;
943                         buflen = 0;
944 #ifndef CHARSET_EBCDIC
945                         while ( ((ch >= 'A') && (ch <= 'Z')) ||
946                                 ((ch >= '0') && (ch <= '9')) ||
947                                 ((ch >= 'a') && (ch <= 'z')) ||
948                                  (ch == '-'))
949 #else
950                         while ( isalnum(ch) || (ch == '-'))
951 #endif
952                                  {
953                                  ch = *(++l);
954                                  buflen++;
955                                  }
956
957                         if (buflen == 0)
958                                 {
959                                 /*
960                                  * We hit something we cannot deal with,
961                                  * it is no command or separator nor
962                                  * alphanumeric, so we call this an error.
963                                  */
964                                 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
965                                        SSL_R_INVALID_COMMAND);
966                                 retval = found = 0;
967                                 l++;
968                                 break;
969                                 }
970
971                         if (rule == CIPHER_SPECIAL)
972                                 {
973                                 found = 0; /* unused -- avoid compiler warning */
974                                 break;  /* special treatment */
975                                 }
976
977                         /* check for multi-part specification */
978                         if (ch == '+')
979                                 {
980                                 multi=1;
981                                 l++;
982                                 }
983                         else
984                                 multi=0;
985
986                         /*
987                          * Now search for the cipher alias in the ca_list. Be careful
988                          * with the strncmp, because the "buflen" limitation
989                          * will make the rule "ADH:SOME" and the cipher
990                          * "ADH-MY-CIPHER" look like a match for buflen=3.
991                          * So additionally check whether the cipher name found
992                          * has the correct length. We can save a strlen() call:
993                          * just checking for the '\0' at the right place is
994                          * sufficient, we have to strncmp() anyway. (We cannot
995                          * use strcmp(), because buf is not '\0' terminated.)
996                          */
997                         j = found = 0;
998                         cipher_id = 0;
999                         while (ca_list[j])
1000                                 {
1001                                 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1002                                     (ca_list[j]->name[buflen] == '\0'))
1003                                         {
1004                                         found = 1;
1005                                         break;
1006                                         }
1007                                 else
1008                                         j++;
1009                                 }
1010
1011                         if (!found)
1012                                 break;  /* ignore this entry */
1013
1014                         if (ca_list[j]->algorithm_mkey)
1015                                 {
1016                                 if (alg_mkey)
1017                                         {
1018                                         alg_mkey &= ca_list[j]->algorithm_mkey;
1019                                         if (!alg_mkey) { found = 0; break; }
1020                                         }
1021                                 else
1022                                         alg_mkey = ca_list[j]->algorithm_mkey;
1023                                 }
1024
1025                         if (ca_list[j]->algorithm_auth)
1026                                 {
1027                                 if (alg_auth)
1028                                         {
1029                                         alg_auth &= ca_list[j]->algorithm_auth;
1030                                         if (!alg_auth) { found = 0; break; }
1031                                         }
1032                                 else
1033                                         alg_auth = ca_list[j]->algorithm_auth;
1034                                 }
1035                         
1036                         if (ca_list[j]->algorithm_enc)
1037                                 {
1038                                 if (alg_enc)
1039                                         {
1040                                         alg_enc &= ca_list[j]->algorithm_enc;
1041                                         if (!alg_enc) { found = 0; break; }
1042                                         }
1043                                 else
1044                                         alg_enc = ca_list[j]->algorithm_enc;
1045                                 }
1046                                                 
1047                         if (ca_list[j]->algorithm_mac)
1048                                 {
1049                                 if (alg_mac)
1050                                         {
1051                                         alg_mac &= ca_list[j]->algorithm_mac;
1052                                         if (!alg_mac) { found = 0; break; }
1053                                         }
1054                                 else
1055                                         alg_mac = ca_list[j]->algorithm_mac;
1056                                 }
1057                         
1058                         if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1059                                 {
1060                                 if (algo_strength & SSL_EXP_MASK)
1061                                         {
1062                                         algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1063                                         if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1064                                         }
1065                                 else
1066                                         algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1067                                 }
1068
1069                         if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1070                                 {
1071                                 if (algo_strength & SSL_STRONG_MASK)
1072                                         {
1073                                         algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1074                                         if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1075                                         }
1076                                 else
1077                                         algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1078                                 }
1079                         
1080                         if (ca_list[j]->valid)
1081                                 {
1082                                 /* explicit ciphersuite found; its protocol version
1083                                  * does not become part of the search pattern!*/
1084
1085                                 cipher_id = ca_list[j]->id;
1086                                 }
1087                         else
1088                                 {
1089                                 /* not an explicit ciphersuite; only in this case, the
1090                                  * protocol version is considered part of the search pattern */
1091
1092                                 if (ca_list[j]->algorithm_ssl)
1093                                         {
1094                                         if (alg_ssl)
1095                                                 {
1096                                                 alg_ssl &= ca_list[j]->algorithm_ssl;
1097                                                 if (!alg_ssl) { found = 0; break; }
1098                                                 }
1099                                         else
1100                                                 alg_ssl = ca_list[j]->algorithm_ssl;
1101                                         }
1102                                 }
1103                         
1104                         if (!multi) break;
1105                         }
1106
1107                 /*
1108                  * Ok, we have the rule, now apply it
1109                  */
1110                 if (rule == CIPHER_SPECIAL)
1111                         {       /* special command */
1112                         ok = 0;
1113                         if ((buflen == 8) &&
1114                                 !strncmp(buf, "STRENGTH", 8))
1115                                 ok = ssl_cipher_strength_sort(head_p, tail_p);
1116                         else
1117                                 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1118                                         SSL_R_INVALID_COMMAND);
1119                         if (ok == 0)
1120                                 retval = 0;
1121                         /*
1122                          * We do not support any "multi" options
1123                          * together with "@", so throw away the
1124                          * rest of the command, if any left, until
1125                          * end or ':' is found.
1126                          */
1127                         while ((*l != '\0') && !ITEM_SEP(*l))
1128                                 l++;
1129                         }
1130                 else if (found)
1131                         {
1132                         ssl_cipher_apply_rule(cipher_id,
1133                                 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1134                                 rule, -1, head_p, tail_p);
1135                         }
1136                 else
1137                         {
1138                         while ((*l != '\0') && !ITEM_SEP(*l))
1139                                 l++;
1140                         }
1141                 if (*l == '\0') break; /* done */
1142                 }
1143
1144         return(retval);
1145         }
1146
1147 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1148                 STACK_OF(SSL_CIPHER) **cipher_list,
1149                 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1150                 const char *rule_str)
1151         {
1152         int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1153         unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1154         STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1155         const char *rule_p;
1156         CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1157         SSL_CIPHER **ca_list = NULL;
1158
1159         /*
1160          * Return with error if nothing to do.
1161          */
1162         if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1163                 return NULL;
1164
1165         /*
1166          * To reduce the work to do we only want to process the compiled
1167          * in algorithms, so we first get the mask of disabled ciphers.
1168          */
1169         ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1170
1171         /*
1172          * Now we have to collect the available ciphers from the compiled
1173          * in ciphers. We cannot get more than the number compiled in, so
1174          * it is used for allocation.
1175          */
1176         num_of_ciphers = ssl_method->num_ciphers();
1177 #ifdef KSSL_DEBUG
1178         printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1179 #endif    /* KSSL_DEBUG */
1180         co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1181         if (co_list == NULL)
1182                 {
1183                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1184                 return(NULL);   /* Failure */
1185                 }
1186
1187         ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1188                                    disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1189                                    co_list, &head, &tail);
1190
1191
1192         /* Now arrange all ciphers by preference: */
1193
1194         /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1195         ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1196         ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1197
1198         /* AES is our preferred symmetric cipher */
1199         ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1200
1201         /* Temporarily enable everything else for sorting */
1202         ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1203
1204         /* Low priority for MD5 */
1205         ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1206
1207         /* Move anonymous ciphers to the end.  Usually, these will remain disabled.
1208          * (For applications that allow them, they aren't too bad, but we prefer
1209          * authenticated ciphers.) */
1210         ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1211
1212         /* Move ciphers without forward secrecy to the end */
1213         ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1214         /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1215         ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1216         ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1217         ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1218
1219         /* RC4 is sort-of broken -- move the the end */
1220         ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1221
1222         /* Now sort by symmetric encryption strength.  The above ordering remains
1223          * in force within each class */
1224         if (!ssl_cipher_strength_sort(&head, &tail))
1225                 {
1226                 OPENSSL_free(co_list);
1227                 return NULL;
1228                 }
1229
1230         /* Now disable everything (maintaining the ordering!) */
1231         ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1232
1233
1234         /*
1235          * We also need cipher aliases for selecting based on the rule_str.
1236          * There might be two types of entries in the rule_str: 1) names
1237          * of ciphers themselves 2) aliases for groups of ciphers.
1238          * For 1) we need the available ciphers and for 2) the cipher
1239          * groups of cipher_aliases added together in one list (otherwise
1240          * we would be happy with just the cipher_aliases table).
1241          */
1242         num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1243         num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1244         ca_list =
1245                 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1246         if (ca_list == NULL)
1247                 {
1248                 OPENSSL_free(co_list);
1249                 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1250                 return(NULL);   /* Failure */
1251                 }
1252         ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1253                                    disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1254                                    head);
1255
1256         /*
1257          * If the rule_string begins with DEFAULT, apply the default rule
1258          * before using the (possibly available) additional rules.
1259          */
1260         ok = 1;
1261         rule_p = rule_str;
1262         if (strncmp(rule_str,"DEFAULT",7) == 0)
1263                 {
1264                 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1265                         &head, &tail, ca_list);
1266                 rule_p += 7;
1267                 if (*rule_p == ':')
1268                         rule_p++;
1269                 }
1270
1271         if (ok && (strlen(rule_p) > 0))
1272                 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1273
1274         OPENSSL_free(ca_list);  /* Not needed anymore */
1275
1276         if (!ok)
1277                 {       /* Rule processing failure */
1278                 OPENSSL_free(co_list);
1279                 return(NULL);
1280                 }
1281         
1282         /*
1283          * Allocate new "cipherstack" for the result, return with error
1284          * if we cannot get one.
1285          */
1286         if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1287                 {
1288                 OPENSSL_free(co_list);
1289                 return(NULL);
1290                 }
1291
1292         /*
1293          * The cipher selection for the list is done. The ciphers are added
1294          * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1295          */
1296         for (curr = head; curr != NULL; curr = curr->next)
1297                 {
1298                 if (curr->active)
1299                         {
1300                         sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1301 #ifdef CIPHER_DEBUG
1302                         printf("<%s>\n",curr->cipher->name);
1303 #endif
1304                         }
1305                 }
1306         OPENSSL_free(co_list);  /* Not needed any longer */
1307
1308         tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1309         if (tmp_cipher_list == NULL)
1310                 {
1311                 sk_SSL_CIPHER_free(cipherstack);
1312                 return NULL;
1313                 }
1314         if (*cipher_list != NULL)
1315                 sk_SSL_CIPHER_free(*cipher_list);
1316         *cipher_list = cipherstack;
1317         if (*cipher_list_by_id != NULL)
1318                 sk_SSL_CIPHER_free(*cipher_list_by_id);
1319         *cipher_list_by_id = tmp_cipher_list;
1320         sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1321
1322         return(cipherstack);
1323         }
1324
1325 char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1326         {
1327         int is_export,pkl,kl;
1328         const char *ver,*exp_str;
1329         const char *kx,*au,*enc,*mac;
1330         unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
1331 #ifdef KSSL_DEBUG
1332         static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1333 #else
1334         static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1335 #endif /* KSSL_DEBUG */
1336
1337         alg_mkey = cipher->algorithm_mkey;
1338         alg_auth = cipher->algorithm_auth;
1339         alg_enc = cipher->algorithm_enc;
1340         alg_mac = cipher->algorithm_mac;
1341         alg_ssl = cipher->algorithm_ssl;
1342
1343         alg_s=cipher->algo_strength;
1344         alg2=cipher->algorithm2;
1345
1346         is_export=SSL_C_IS_EXPORT(cipher);
1347         pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1348         kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1349         exp_str=is_export?" export":"";
1350         
1351         if (alg_ssl & SSL_SSLV2)
1352                 ver="SSLv2";
1353         else if (alg_ssl & SSL_SSLV3)
1354                 ver="SSLv3";
1355         else
1356                 ver="unknown";
1357
1358         switch (alg_mkey)
1359                 {
1360         case SSL_kRSA:
1361                 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1362                 break;
1363         case SSL_kDHr:
1364                 kx="DH/RSA";
1365                 break;
1366         case SSL_kDHd:
1367                 kx="DH/DSS";
1368                 break;
1369         case SSL_kKRB5:
1370                 kx="KRB5";
1371                 break;
1372         case SSL_kEDH:
1373                 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1374                 break;
1375         case SSL_kECDHr:
1376                 kx="ECDH/RSA";
1377                 break;
1378         case SSL_kECDHe:
1379                 kx="ECDH/ECDSA";
1380                 break;
1381         case SSL_kEECDH:
1382                 kx="ECDH";
1383                 break;
1384         case SSL_kPSK:
1385                 kx="PSK";
1386                 break;
1387         default:
1388                 kx="unknown";
1389                 }
1390
1391         switch (alg_auth)
1392                 {
1393         case SSL_aRSA:
1394                 au="RSA";
1395                 break;
1396         case SSL_aDSS:
1397                 au="DSS";
1398                 break;
1399         case SSL_aDH:
1400                 au="DH";
1401                 break;
1402         case SSL_aKRB5:
1403                 au="KRB5";
1404                 break;
1405         case SSL_aECDH:
1406                 au="ECDH";
1407                 break;
1408         case SSL_aNULL:
1409                 au="None";
1410                 break;
1411         case SSL_aECDSA:
1412                 au="ECDSA";
1413                 break;
1414         case SSL_aPSK:
1415                 au="PSK";
1416                 break;
1417         default:
1418                 au="unknown";
1419                 break;
1420                 }
1421
1422         switch (alg_enc)
1423                 {
1424         case SSL_DES:
1425                 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1426                 break;
1427         case SSL_3DES:
1428                 enc="3DES(168)";
1429                 break;
1430         case SSL_RC4:
1431                 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1432                   :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1433                 break;
1434         case SSL_RC2:
1435                 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1436                 break;
1437         case SSL_IDEA:
1438                 enc="IDEA(128)";
1439                 break;
1440         case SSL_eNULL:
1441                 enc="None";
1442                 break;
1443         case SSL_AES128:
1444                 enc="AES(128)";
1445                 break;
1446         case SSL_AES256:
1447                 enc="AES(256)";
1448                 break;
1449         case SSL_CAMELLIA128:
1450                 enc="Camellia(128)";
1451                 break;
1452         case SSL_CAMELLIA256:
1453                 enc="Camellia(256)";
1454                 break;
1455         case SSL_SEED:
1456                 enc="SEED(128)";
1457                 break;
1458         default:
1459                 enc="unknown";
1460                 break;
1461                 }
1462
1463         switch (alg_mac)
1464                 {
1465         case SSL_MD5:
1466                 mac="MD5";
1467                 break;
1468         case SSL_SHA1:
1469                 mac="SHA1";
1470                 break;
1471         default:
1472                 mac="unknown";
1473                 break;
1474                 }
1475
1476         if (buf == NULL)
1477                 {
1478                 len=128;
1479                 buf=OPENSSL_malloc(len);
1480                 if (buf == NULL) return("OPENSSL_malloc Error");
1481                 }
1482         else if (len < 128)
1483                 return("Buffer too small");
1484
1485 #ifdef KSSL_DEBUG
1486         BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1487 #else
1488         BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1489 #endif /* KSSL_DEBUG */
1490         return(buf);
1491         }
1492
1493 char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1494         {
1495         int i;
1496
1497         if (c == NULL) return("(NONE)");
1498         i=(int)(c->id>>24L);
1499         if (i == 3)
1500                 return("TLSv1/SSLv3");
1501         else if (i == 2)
1502                 return("SSLv2");
1503         else
1504                 return("unknown");
1505         }
1506
1507 /* return the actual cipher being used */
1508 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1509         {
1510         if (c != NULL)
1511                 return(c->name);
1512         return("(NONE)");
1513         }
1514
1515 /* number of bits for symmetric cipher */
1516 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1517         {
1518         int ret=0;
1519
1520         if (c != NULL)
1521                 {
1522                 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1523                 ret = c->strength_bits;
1524                 }
1525         return(ret);
1526         }
1527
1528 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1529         {
1530         SSL_COMP *ctmp;
1531         int i,nn;
1532
1533         if ((n == 0) || (sk == NULL)) return(NULL);
1534         nn=sk_SSL_COMP_num(sk);
1535         for (i=0; i<nn; i++)
1536                 {
1537                 ctmp=sk_SSL_COMP_value(sk,i);
1538                 if (ctmp->id == n)
1539                         return(ctmp);
1540                 }
1541         return(NULL);
1542         }
1543
1544 #ifdef OPENSSL_NO_COMP
1545 void *SSL_COMP_get_compression_methods(void)
1546         {
1547         return NULL;
1548         }
1549 int SSL_COMP_add_compression_method(int id, void *cm)
1550         {
1551         return 1;
1552         }
1553
1554 const char *SSL_COMP_get_name(const void *comp)
1555         {
1556         return NULL;
1557         }
1558 #else
1559 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1560         {
1561         load_builtin_compressions();
1562         return(ssl_comp_methods);
1563         }
1564
1565 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1566         {
1567         SSL_COMP *comp;
1568
1569         if (cm == NULL || cm->type == NID_undef)
1570                 return 1;
1571
1572         /* According to draft-ietf-tls-compression-04.txt, the
1573            compression number ranges should be the following:
1574
1575            0 to 63:    methods defined by the IETF
1576            64 to 192:  external party methods assigned by IANA
1577            193 to 255: reserved for private use */
1578         if (id < 193 || id > 255)
1579                 {
1580                 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1581                 return 0;
1582                 }
1583
1584         MemCheck_off();
1585         comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1586         comp->id=id;
1587         comp->method=cm;
1588         load_builtin_compressions();
1589         if (ssl_comp_methods
1590                 && !sk_SSL_COMP_find(ssl_comp_methods,comp))
1591                 {
1592                 OPENSSL_free(comp);
1593                 MemCheck_on();
1594                 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1595                 return(1);
1596                 }
1597         else if ((ssl_comp_methods == NULL)
1598                 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1599                 {
1600                 OPENSSL_free(comp);
1601                 MemCheck_on();
1602                 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1603                 return(1);
1604                 }
1605         else
1606                 {
1607                 MemCheck_on();
1608                 return(0);
1609                 }
1610         }
1611
1612 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1613         {
1614         if (comp)
1615                 return comp->name;
1616         return NULL;
1617         }
1618
1619 #endif