Make SSL_CIPHER_get_version return a const char *

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index acf5c00dade5db316f796e24dab7b57fc04ac081..16ff0b23b52e8e4cefc217c59e933b498e0491e3 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -147,6 +147,7 @@
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
 #endif
+#include "internal/threads.h"
 #include "ssl_locl.h"
 
 #define SSL_ENC_DES_IDX         0
@@ -213,6 +214,8 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
 
 static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 
+static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+
 /*
  * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
  * in the ssl_locl.h
@@ -240,6 +243,29 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
     NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
+static const ssl_cipher_table ssl_cipher_table_kx[] = {
+    { SSL_kRSA,      NID_kx_rsa },
+    { SSL_kECDHE,    NID_kx_ecdhe },
+    { SSL_kDHE,      NID_kx_dhe },
+    { SSL_kECDHEPSK, NID_kx_ecdhe_psk },
+    { SSL_kDHEPSK,   NID_kx_dhe_psk },
+    { SSL_kRSAPSK,   NID_kx_rsa_psk },
+    { SSL_kPSK,      NID_kx_psk },
+    { SSL_kSRP,      NID_kx_srp },
+    { SSL_kGOST,     NID_kx_gost }
+};
+
+static const ssl_cipher_table ssl_cipher_table_auth[] = {
+    { SSL_aRSA,    NID_auth_rsa },
+    { SSL_aECDSA,  NID_auth_ecdsa },
+    { SSL_aPSK,    NID_auth_psk },
+    { SSL_aDSS,    NID_auth_dss },
+    { SSL_aGOST01, NID_auth_gost01 },
+    { SSL_aGOST12, NID_auth_gost12 },
+    { SSL_aSRP,    NID_auth_srp },
+    { SSL_aNULL,   NID_auth_null }
+};
+
 /* Utility function for table lookup */
 static int ssl_cipher_info_find(const ssl_cipher_table * table,
                                 size_t table_cnt, uint32_t mask)
@@ -552,41 +578,31 @@ static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
     return ((*a)->id - (*b)->id);
 }
 
-static void load_builtin_compressions(void)
+static void do_load_builtin_compressions(void)
 {
-    int got_write_lock = 0;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_SSL);
-    if (ssl_comp_methods == NULL) {
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-        got_write_lock = 1;
-
-        if (ssl_comp_methods == NULL) {
-            SSL_COMP *comp = NULL;
-            COMP_METHOD *method = COMP_zlib();
-
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-            ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-            if (COMP_get_type(method) != NID_undef
-                && ssl_comp_methods != NULL) {
-                comp = OPENSSL_malloc(sizeof(*comp));
-                if (comp != NULL) {
-                    comp->method = method;
-                    comp->id = SSL_COMP_ZLIB_IDX;
-                    comp->name = COMP_get_name(method);
-                    sk_SSL_COMP_push(ssl_comp_methods, comp);
-                    sk_SSL_COMP_sort(ssl_comp_methods);
-                }
-            }
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    SSL_COMP *comp = NULL;
+    COMP_METHOD *method = COMP_zlib();
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+    if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
+        comp = OPENSSL_malloc(sizeof(*comp));
+        if (comp != NULL) {
+            comp->method = method;
+            comp->id = SSL_COMP_ZLIB_IDX;
+            comp->name = COMP_get_name(method);
+            sk_SSL_COMP_push(ssl_comp_methods, comp);
+            sk_SSL_COMP_sort(ssl_comp_methods);
         }
     }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+}
 
-    if (got_write_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-    else
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+static void load_builtin_compressions(void)
+{
+    CRYPTO_THREAD_run_once(&ssl_load_builtin_comp_once,
+                           do_load_builtin_compressions);
 }
 #endif
 
@@ -752,7 +768,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                                        uint32_t disabled_auth,
                                        uint32_t disabled_enc,
                                        uint32_t disabled_mac,
-                                       uint32_t disabled_ssl,
                                        CIPHER_ORDER *co_list,
                                        CIPHER_ORDER **head_p,
                                        CIPHER_ORDER **tail_p)
@@ -777,8 +792,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
             !(c->algorithm_mkey & disabled_mkey) &&
             !(c->algorithm_auth & disabled_auth) &&
             !(c->algorithm_enc & disabled_enc) &&
-            !(c->algorithm_mac & disabled_mac) &&
-            !(c->algorithm_ssl & disabled_ssl)) {
+            !(c->algorithm_mac & disabled_mac)) {
             co_list[co_list_num].cipher = c;
             co_list[co_list_num].next = NULL;
             co_list[co_list_num].prev = NULL;
@@ -820,7 +834,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
                                        uint32_t disabled_auth,
                                        uint32_t disabled_enc,
                                        uint32_t disabled_mac,
-                                       uint32_t disabled_ssl,
                                        CIPHER_ORDER *head)
 {
     CIPHER_ORDER *ciph_curr;
@@ -830,7 +843,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
     uint32_t mask_auth = ~disabled_auth;
     uint32_t mask_enc = ~disabled_enc;
     uint32_t mask_mac = ~disabled_mac;
-    uint32_t mask_ssl = ~disabled_ssl;
 
     /*
      * First, add the real ciphers as already collected
@@ -854,7 +866,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
         uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
         uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
         uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
-        uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl;
 
         if (algorithm_mkey)
             if ((algorithm_mkey & mask_mkey) == 0)
@@ -872,10 +883,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
             if ((algorithm_mac & mask_mac) == 0)
                 continue;
 
-        if (algorithm_ssl)
-            if ((algorithm_ssl & mask_ssl) == 0)
-                continue;
-
         *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
         ca_curr++;
     }
@@ -1382,8 +1389,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
                                              const char *rule_str, CERT *c)
 {
     int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
-        disabled_ssl;
+    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
     STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
     const char *rule_p;
     CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@@ -1408,7 +1414,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     disabled_auth = disabled_auth_mask;
     disabled_enc = disabled_enc_mask;
     disabled_mac = disabled_mac_mask;
-    disabled_ssl = 0;
 
     /*
      * Now we have to collect the available ciphers from the compiled
@@ -1425,7 +1430,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
 
     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
                                disabled_mkey, disabled_auth, disabled_enc,
-                               disabled_mac, disabled_ssl, co_list, &head,
+                               disabled_mac, co_list, &head,
                                &tail);
 
     /* Now arrange all ciphers by preference. */
@@ -1544,7 +1549,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
     }
     ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
                                disabled_mkey, disabled_auth, disabled_enc,
-                               disabled_mac, disabled_ssl, head);
+                               disabled_mac, head);
 
     /*
      * If the rule_string begins with DEFAULT, apply the default rule
@@ -1802,7 +1807,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     return (buf);
 }
 
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
 {
     uint32_t alg_ssl;
 
@@ -1989,8 +1994,8 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
 
 const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
 {
-    const SSL_CIPHER *c;
-    c = ssl->method->get_cipher_by_char(ptr);
+    const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
     if (c == NULL || c->valid == 0)
         return NULL;
     return c;
@@ -2005,20 +2010,41 @@ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
 {
     int i;
     if (c == NULL)
-        return -1;
+        return NID_undef;
     i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
     if (i == -1)
-        return -1;
+        return NID_undef;
     return ssl_cipher_table_cipher[i].nid;
 }
 
 int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
 {
-    int i;
-    if (c == NULL)
-        return -1;
-    i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
     if (i == -1)
-        return -1;
+        return NID_undef;
     return ssl_cipher_table_mac[i].nid;
 }
+
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_kx[i].nid;
+}
+
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_auth[i].nid;
+}
+
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
+{
+    return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
+}