-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
+#include <ctype.h>
#include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
+#include <openssl/comp.h>
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
#include "ssl_locl.h"
+#include "internal/thread_once.h"
+#include "internal/cryptlib.h"
#define SSL_ENC_DES_IDX 0
#define SSL_ENC_3DES_IDX 1
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305},
};
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
- NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL
-};
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
#define SSL_COMP_NULL_IDX 0
#define SSL_COMP_ZLIB_IDX 1
static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+#endif
+
/*
* Constant SSL_MAX_DIGEST equal to size of digests array should be defined
* in the ssl_locl.h
{SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
{SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */
{SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */
- {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
- {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
- {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
+ {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
+ {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
+ {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
{0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */
{0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */
{0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
+/* *INDENT-OFF* */
static const ssl_cipher_table ssl_cipher_table_kx[] = {
- { SSL_kRSA, NID_kx_rsa },
- { SSL_kECDHE, NID_kx_ecdhe },
- { SSL_kDHE, NID_kx_dhe },
- { SSL_kECDHEPSK, NID_kx_ecdhe_psk },
- { SSL_kDHEPSK, NID_kx_dhe_psk },
- { SSL_kRSAPSK, NID_kx_rsa_psk },
- { SSL_kPSK, NID_kx_psk },
- { SSL_kSRP, NID_kx_srp },
- { SSL_kGOST, NID_kx_gost }
+ {SSL_kRSA, NID_kx_rsa},
+ {SSL_kECDHE, NID_kx_ecdhe},
+ {SSL_kDHE, NID_kx_dhe},
+ {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
+ {SSL_kDHEPSK, NID_kx_dhe_psk},
+ {SSL_kRSAPSK, NID_kx_rsa_psk},
+ {SSL_kPSK, NID_kx_psk},
+ {SSL_kSRP, NID_kx_srp},
+ {SSL_kGOST, NID_kx_gost},
+ {SSL_kANY, NID_kx_any}
};
static const ssl_cipher_table ssl_cipher_table_auth[] = {
- { SSL_aRSA, NID_auth_rsa },
- { SSL_aECDSA, NID_auth_ecdsa },
- { SSL_aPSK, NID_auth_psk },
- { SSL_aDSS, NID_auth_dss },
- { SSL_aGOST01, NID_auth_gost01 },
- { SSL_aGOST12, NID_auth_gost12 },
- { SSL_aSRP, NID_auth_srp },
- { SSL_aNULL, NID_auth_null }
+ {SSL_aRSA, NID_auth_rsa},
+ {SSL_aECDSA, NID_auth_ecdsa},
+ {SSL_aPSK, NID_auth_psk},
+ {SSL_aDSS, NID_auth_dss},
+ {SSL_aGOST01, NID_auth_gost01},
+ {SSL_aGOST12, NID_auth_gost12},
+ {SSL_aSRP, NID_auth_srp},
+ {SSL_aNULL, NID_auth_null},
+ {SSL_aANY, NID_auth_any}
};
+/* *INDENT-ON* */
/* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table,
size_t i;
for (i = 0; i < table_cnt; i++, table++) {
if (table->mask == mask)
- return i;
+ return (int)i;
}
return -1;
}
EVP_PKEY_HMAC,
};
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
+static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
#define CIPHER_ADD 1
#define CIPHER_KILL 2
static const SSL_CIPHER cipher_aliases[] = {
/* "ALL" doesn't include eNULL (must be specifically enabled) */
- {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
/* "COMPLEMENTOFALL" */
- {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
/*
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!)
*/
- {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
+ {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
/*
* key exchange aliases (some of those using only a single bit here
* combine multiple key exchange algs according to the RFCs, e.g. kDHE
* combines DHE_DSS and DHE_RSA)
*/
- {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
- {0, SSL_TXT_kEDH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kDHE, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
- 0},
+ {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+ {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+ {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
- {0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0,
- 0, 0, 0},
+ {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+ {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+ {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
- {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+ {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+ {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+ {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+ {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+ {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
/* server authentication aliases */
- {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST12, 0, 0, SSL_aGOST12, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01 | SSL_aGOST12, 0, 0, 0,
- 0, 0, 0, 0},
- {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+ {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+ {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+ {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+ {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+ {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+ {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+ {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+ {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+ {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+ {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
/* aliases combining key exchange and server authentication */
- {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_PSK, 0, SSL_PSK, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+ {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+ {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+ {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+ {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+ {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+ {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+ {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+ {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
/* symmetric encryption aliases */
- {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12, 0,
- 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
- 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
- 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
- 0, 0},
- {0, SSL_TXT_AES_CCM, 0, 0, 0, SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0,
- 0, 0},
- {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0,
- 0, 0},
- {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0 },
+ {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+ {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+ {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+ {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+ {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+ {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+ {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+ {0, SSL_TXT_AES128, NULL, 0, 0, 0,
+ SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
+ {0, SSL_TXT_AES256, NULL, 0, 0, 0,
+ SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
+ {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+ {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+ {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
+ SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
+ {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+ {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+ {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+ {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+ {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
/* MAC aliases */
- {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0},
- {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
- {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
- {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0},
- {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12, 0, 0,
- 0, 0, 0},
- {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0},
- {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0},
- {0, SSL_TXT_GOST12, 0, 0, 0, 0, SSL_GOST12_256, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+ {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+ {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+ {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+ {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+ {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+ {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+ {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
/* protocol version aliases */
- {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
- {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
- {0, "TLSv1.0", 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
- {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
+ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+ {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+ {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+ {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
/* strength classes */
- {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
- {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
- {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
+ {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+ {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+ {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
/* FIPS 140-2 approved ciphersuite */
- {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
+ {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
- {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
- SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, SSL_SSLV3,
- SSL_HIGH | SSL_FIPS, 0, 0, 0,},
- {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
- SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3,
- SSL_HIGH | SSL_FIPS, 0, 0, 0,},
+ {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
+ SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+ {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
+ SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
};
int pkey_id = 0;
ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
- ameth) > 0) {
+ ameth) > 0)
return pkey_id;
- }
return 0;
}
static uint32_t disabled_mkey_mask;
static uint32_t disabled_auth_mask;
-void ssl_load_ciphers(void)
+int ssl_load_ciphers(void)
{
size_t i;
const ssl_cipher_table *t;
+
disabled_enc_mask = 0;
+ ssl_sort_cipher_list();
for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
if (t->nid == NID_undef) {
ssl_cipher_methods[i] = NULL;
disabled_enc_mask |= t->mask;
}
}
-#ifdef SSL_FORBID_ENULL
- disabled_enc_mask |= SSL_eNULL;
-#endif
disabled_mac_mask = 0;
for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
const EVP_MD *md = EVP_get_digestbynid(t->nid);
if (md == NULL) {
disabled_mac_mask |= t->mask;
} else {
- ssl_mac_secret_size[i] = EVP_MD_size(md);
- OPENSSL_assert(ssl_mac_secret_size[i] >= 0);
+ int tmpsize = EVP_MD_size(md);
+ if (!ossl_assert(tmpsize >= 0))
+ return 0;
+ ssl_mac_secret_size[i] = tmpsize;
}
}
/* Make sure we can access MD5 and SHA1 */
- OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
- OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
+ if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
+ return 0;
+ if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL))
+ return 0;
disabled_mkey_mask = 0;
disabled_auth_mask = 0;
* present, disable appropriate auth and key exchange
*/
ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
- if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+ if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
- } else {
+ else
disabled_mac_mask |= SSL_GOST89MAC;
- }
- ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id("gost-mac-12");
- if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
+ ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
+ get_optional_pkey_id("gost-mac-12");
+ if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
- } else {
+ else
disabled_mac_mask |= SSL_GOST89MAC12;
- }
if (!get_optional_pkey_id("gost2001"))
disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
/*
* Disable GOST key exchange if no GOST signature algs are available *
*/
- if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12))
+ if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
+ (SSL_aGOST01 | SSL_aGOST12))
disabled_mkey_mask |= SSL_kGOST;
+
+ return 1;
}
#ifndef OPENSSL_NO_COMP
return ((*a)->id - (*b)->id);
}
-static void load_builtin_compressions(void)
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
{
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL);
- if (ssl_comp_methods == NULL) {
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- got_write_lock = 1;
-
- if (ssl_comp_methods == NULL) {
- SSL_COMP *comp = NULL;
- COMP_METHOD *method = COMP_zlib();
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
- ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
- if (COMP_get_type(method) != NID_undef
- && ssl_comp_methods != NULL) {
- comp = OPENSSL_malloc(sizeof(*comp));
- if (comp != NULL) {
- comp->method = method;
- comp->id = SSL_COMP_ZLIB_IDX;
- comp->name = COMP_get_name(method);
- sk_SSL_COMP_push(ssl_comp_methods, comp);
- sk_SSL_COMP_sort(ssl_comp_methods);
- }
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+ SSL_COMP *comp = NULL;
+ COMP_METHOD *method = COMP_zlib();
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+ ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+ if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
+ comp = OPENSSL_malloc(sizeof(*comp));
+ if (comp != NULL) {
+ comp->method = method;
+ comp->id = SSL_COMP_ZLIB_IDX;
+ comp->name = COMP_get_name(method);
+ sk_SSL_COMP_push(ssl_comp_methods, comp);
+ sk_SSL_COMP_sort(ssl_comp_methods);
}
}
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+ return 1;
+}
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+static int load_builtin_compressions(void)
+{
+ return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
}
#endif
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
- int *mac_secret_size, SSL_COMP **comp, int use_etm)
+ size_t *mac_secret_size, SSL_COMP **comp, int use_etm)
{
int i;
const SSL_CIPHER *c;
c = s->cipher;
if (c == NULL)
- return (0);
+ return 0;
if (comp != NULL) {
SSL_COMP ctmp;
#ifndef OPENSSL_NO_COMP
- load_builtin_compressions();
+ if (!load_builtin_compressions()) {
+ /*
+ * Currently don't care, since a failure only means that
+ * ssl_comp_methods is NULL, which is perfectly OK
+ */
+ }
#endif
-
*comp = NULL;
ctmp.id = s->compress_meth;
if (ssl_comp_methods != NULL) {
i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
- if (i == -1)
+ if (i == -1) {
*enc = NULL;
- else {
+ } else {
if (i == SSL_ENC_NULL_IDX)
*enc = EVP_enc_null();
else
s->ssl_version < TLS1_VERSION)
return 1;
- if (FIPS_mode())
- return 1;
-
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
(evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
c->algorithm_mac == SSL_SHA256 &&
(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
*enc = evp, *md = NULL;
- return (1);
- } else
- return (0);
+ return 1;
+ } else {
+ return 0;
+ }
}
const EVP_MD *ssl_md(int idx)
uint32_t disabled_auth,
uint32_t disabled_enc,
uint32_t disabled_mac,
- uint32_t disabled_ssl,
CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
for (i = 0; i < num_of_ciphers; i++) {
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
- if ((c != NULL) && c->valid &&
- (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
- !(c->algorithm_mkey & disabled_mkey) &&
- !(c->algorithm_auth & disabled_auth) &&
- !(c->algorithm_enc & disabled_enc) &&
- !(c->algorithm_mac & disabled_mac) &&
- !(c->algorithm_ssl & disabled_ssl)) {
- co_list[co_list_num].cipher = c;
- co_list[co_list_num].next = NULL;
- co_list[co_list_num].prev = NULL;
- co_list[co_list_num].active = 0;
- co_list_num++;
- /*
- * if (!sk_push(ca_list,(char *)c)) goto err;
- */
- }
+ if (c == NULL || !c->valid)
+ continue;
+ if ((c->algorithm_mkey & disabled_mkey) ||
+ (c->algorithm_auth & disabled_auth) ||
+ (c->algorithm_enc & disabled_enc) ||
+ (c->algorithm_mac & disabled_mac))
+ continue;
+ if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) &&
+ c->min_tls == 0)
+ continue;
+ if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) &&
+ c->min_dtls == 0)
+ continue;
+
+ co_list[co_list_num].cipher = c;
+ co_list[co_list_num].next = NULL;
+ co_list[co_list_num].prev = NULL;
+ co_list[co_list_num].active = 0;
+ co_list_num++;
}
/*
uint32_t disabled_auth,
uint32_t disabled_enc,
uint32_t disabled_mac,
- uint32_t disabled_ssl,
CIPHER_ORDER *head)
{
CIPHER_ORDER *ciph_curr;
uint32_t mask_auth = ~disabled_auth;
uint32_t mask_enc = ~disabled_enc;
uint32_t mask_mac = ~disabled_mac;
- uint32_t mask_ssl = ~disabled_ssl;
/*
* First, add the real ciphers as already collected
uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
- uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl;
if (algorithm_mkey)
if ((algorithm_mkey & mask_mkey) == 0)
if ((algorithm_mac & mask_mac) == 0)
continue;
- if (algorithm_ssl)
- if ((algorithm_ssl & mask_ssl) == 0)
- continue;
-
*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
ca_curr++;
}
static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
uint32_t alg_auth, uint32_t alg_enc,
- uint32_t alg_mac, uint32_t alg_ssl,
+ uint32_t alg_mac, int min_tls,
uint32_t algo_strength, int rule,
int32_t strength_bits, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
#ifdef CIPHER_DEBUG
fprintf(stderr,
"Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
- rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
+ rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
algo_strength, strength_bits);
#endif
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
- reverse = 1; /* needed to maintain sorting between
- * currently deleted ciphers */
+ reverse = 1; /* needed to maintain sorting between currently
+ * deleted ciphers */
head = *head_p;
tail = *tail_p;
fprintf(stderr,
"\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
cp->name, cp->algorithm_mkey, cp->algorithm_auth,
- cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
+ cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
cp->algo_strength);
#endif
+ if (cipher_id != 0 && (cipher_id != cp->id))
+ continue;
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
if (alg_auth && !(alg_auth & cp->algorithm_auth))
continue;
if (alg_mac && !(alg_mac & cp->algorithm_mac))
continue;
- if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
+ if (min_tls && (min_tls != cp->min_tls))
continue;
- if (algo_strength && !(algo_strength & cp->algo_strength))
+ if ((algo_strength & SSL_STRONG_MASK)
+ && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
continue;
if ((algo_strength & SSL_DEFAULT_MASK)
&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
if (number_uses == NULL) {
SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
- return (0);
+ return 0;
}
/*
tail_p);
OPENSSL_free(number_uses);
- return (1);
+ return 1;
}
static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **tail_p,
const SSL_CIPHER **ca_list, CERT *c)
{
- uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
+ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
+ int min_tls;
const char *l, *buf;
int j, multi, found, rule, retval, ok, buflen;
uint32_t cipher_id = 0;
retval = 1;
l = rule_str;
- for (;;) {
+ for ( ; ; ) {
ch = *l;
if (ch == '\0')
alg_auth = 0;
alg_enc = 0;
alg_mac = 0;
- alg_ssl = 0;
+ min_tls = 0;
algo_strength = 0;
for (;;) {
* it is no command or separator nor
* alphanumeric, so we call this an error.
*/
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
retval = found = 0;
l++;
break;
if (ch == '+') {
multi = 1;
l++;
- } else
+ } else {
multi = 0;
+ }
/*
* Now search for the cipher alias in the ca_list. Be careful
found = 0;
break;
}
- } else
+ } else {
alg_mkey = ca_list[j]->algorithm_mkey;
+ }
}
if (ca_list[j]->algorithm_auth) {
found = 0;
break;
}
- } else
+ } else {
alg_auth = ca_list[j]->algorithm_auth;
+ }
}
if (ca_list[j]->algorithm_enc) {
found = 0;
break;
}
- } else
+ } else {
alg_enc = ca_list[j]->algorithm_enc;
+ }
}
if (ca_list[j]->algorithm_mac) {
found = 0;
break;
}
- } else
+ } else {
alg_mac = ca_list[j]->algorithm_mac;
+ }
}
- if (ca_list[j]->algo_strength) {
- if (algo_strength) {
- algo_strength &= ca_list[j]->algo_strength;
- if (!algo_strength) {
+ if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+ if (algo_strength & SSL_STRONG_MASK) {
+ algo_strength &=
+ (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+ ~SSL_STRONG_MASK;
+ if (!(algo_strength & SSL_STRONG_MASK)) {
found = 0;
break;
}
- } else
- algo_strength = ca_list[j]->algo_strength;
+ } else {
+ algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+ }
}
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
found = 0;
break;
}
- } else
+ } else {
algo_strength |=
ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+ }
}
if (ca_list[j]->valid) {
* protocol version is considered part of the search pattern
*/
- if (ca_list[j]->algorithm_ssl) {
- if (alg_ssl) {
- alg_ssl &= ca_list[j]->algorithm_ssl;
- if (!alg_ssl) {
- found = 0;
- break;
- }
- } else
- alg_ssl = ca_list[j]->algorithm_ssl;
+ if (ca_list[j]->min_tls) {
+ if (min_tls != 0 && min_tls != ca_list[j]->min_tls) {
+ found = 0;
+ break;
+ } else {
+ min_tls = ca_list[j]->min_tls;
+ }
}
}
*/
if (rule == CIPHER_SPECIAL) { /* special command */
ok = 0;
- if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0)
+ if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
ok = ssl_cipher_strength_sort(head_p, tail_p);
- else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+ } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
int level = buf[9] - '0';
if (level < 0 || level > 5) {
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
c->sec_level = level;
ok = 1;
}
- } else
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
+ } else {
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+ }
if (ok == 0)
retval = 0;
/*
} else if (found) {
ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac,
- alg_ssl, algo_strength, rule, -1, head_p,
+ min_tls, algo_strength, rule, -1, head_p,
tail_p);
} else {
while ((*l != '\0') && !ITEM_SEP(*l))
break; /* done */
}
- return (retval);
+ return retval;
}
#ifndef OPENSSL_NO_EC
if (suiteb_flags) {
c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
c->cert_flags |= suiteb_flags;
- } else
+ } else {
suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+ }
if (!suiteb_flags)
return 1;
}
return 1;
# else
- SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
- SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+ SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
return 0;
# endif
}
const char *rule_str, CERT *c)
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
- uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
- disabled_ssl;
+ uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
disabled_auth = disabled_auth_mask;
disabled_enc = disabled_enc_mask;
disabled_mac = disabled_mac_mask;
- disabled_ssl = 0;
/*
* Now we have to collect the available ciphers from the compiled
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return (NULL); /* Failure */
+ return NULL; /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
disabled_mkey, disabled_auth, disabled_enc,
- disabled_mac, disabled_ssl, co_list, &head,
- &tail);
+ disabled_mac, co_list, &head, &tail);
/* Now arrange all ciphers by preference. */
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
&tail);
-
/* Within each strength group, we prefer GCM over CHACHA... */
ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail);
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail);
- /*
- * ...and generally, our preferred cipher is AES.
- * Note that AEADs will be bumped to take preference after sorting by
- * strength.
- */
+ /*
+ * ...and generally, our preferred cipher is AES.
+ * Note that AEADs will be bumped to take preference after sorting by
+ * strength.
+ */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
-1, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
- /* RC4 is sort-of broken -- move the the end */
+ /* RC4 is sort-of broken -- move to the end */
ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
* TODO(openssl-team): is there an easier way to accomplish all this?
*/
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_2, 0, CIPHER_BUMP, -1,
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
&head, &tail);
/*
ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
&head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
- CIPHER_BUMP, -1, &head, &tail);
+ CIPHER_BUMP, -1, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
- CIPHER_BUMP, -1, &head, &tail);
+ CIPHER_BUMP, -1, &head, &tail);
/* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
if (ca_list == NULL) {
OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return (NULL); /* Failure */
+ return NULL; /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
- disabled_mac, disabled_ssl, head);
+ disabled_mac, head);
/*
* If the rule_string begins with DEFAULT, apply the default rule
if (ok && (strlen(rule_p) > 0))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
- OPENSSL_free(ca_list); /* Not needed anymore */
+ OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list);
- return (NULL);
+ return NULL;
}
/*
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
OPENSSL_free(co_list);
- return (NULL);
+ return NULL;
}
/*
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
*/
for (curr = head; curr != NULL; curr = curr->next) {
- if (curr->active
- && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) {
+ if (curr->active) {
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
if (*cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(*cipher_list_by_id);
*cipher_list_by_id = tmp_cipher_list;
- (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
- ssl_cipher_ptr_id_cmp);
+ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
- return (cipherstack);
+ return cipherstack;
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver;
const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
- static const char *format =
- "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+ static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
if (buf == NULL) {
len = 128;
buf = OPENSSL_malloc(len);
if (buf == NULL)
return NULL;
- } else if (len < 128)
+ } else if (len < 128) {
return NULL;
+ }
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
alg_enc = cipher->algorithm_enc;
alg_mac = cipher->algorithm_mac;
- ver = SSL_CIPHER_get_version(cipher);
+ ver = ssl_protocol_to_string(cipher->min_tls);
switch (alg_mkey) {
case SSL_kRSA:
case SSL_kGOST:
kx = "GOST";
break;
+ case SSL_kANY:
+ kx = "any";
+ break;
default:
kx = "unknown";
}
case SSL_aGOST01:
au = "GOST01";
break;
- /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
+ /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
case (SSL_aGOST12 | SSL_aGOST01):
au = "GOST12";
break;
+ case SSL_aANY:
+ au = "any";
+ break;
default:
au = "unknown";
break;
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
- return (buf);
+ return buf;
}
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
{
- uint32_t alg_ssl;
-
if (c == NULL)
return "(NONE)";
- alg_ssl = c->algorithm_ssl;
- if (alg_ssl & SSL_SSLV3)
- return "SSLv3";
- if (alg_ssl & SSL_TLSV1)
+ /*
+ * Backwards-compatibility crutch. In almost all contexts we report TLS
+ * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+ */
+ if (c->min_tls == TLS1_VERSION)
return "TLSv1.0";
- if (alg_ssl & SSL_TLSV1_2)
- return "TLSv1.2";
- return "unknown";
+ return ssl_protocol_to_string(c->min_tls);
}
/* return the actual cipher being used */
const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
{
if (c != NULL)
- return (c->name);
- return ("(NONE)");
+ return c->name;
+ return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+ if (c != NULL)
+ return c->stdname;
+ return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+ const SSL_CIPHER *c;
+
+ if (stdname == NULL)
+ return "(NONE)";
+ c = ssl3_get_cipher_by_std_name(stdname);
+ return SSL_CIPHER_get_name(c);
}
/* number of bits for symmetric cipher */
if (c != NULL) {
if (alg_bits != NULL)
- *alg_bits = (int) c->alg_bits;
- ret = (int) c->strength_bits;
+ *alg_bits = (int)c->alg_bits;
+ ret = (int)c->strength_bits;
}
return ret;
}
for (i = 0; i < nn; i++) {
ctmp = sk_SSL_COMP_value(sk, i);
if (ctmp->id == n)
- return (ctmp);
+ return ctmp;
}
- return (NULL);
+ return NULL;
}
#ifdef OPENSSL_NO_COMP
{
return NULL;
}
+
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths)
{
return meths;
}
-void SSL_COMP_free_compression_methods(void)
-{
-}
+
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
return 1;
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
load_builtin_compressions();
- return (ssl_comp_methods);
+ return ssl_comp_methods;
}
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
OPENSSL_free(cm);
}
-void SSL_COMP_free_compression_methods(void)
+void ssl_comp_free_compression_methods_int(void)
{
STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
ssl_comp_methods = NULL;
if (id < 193 || id > 255) {
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
- return 0;
+ return 1;
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
if (comp == NULL) {
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
- return (1);
+ return 1;
}
comp->id = id;
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_DUPLICATE_COMPRESSION_ID);
- return (1);
+ return 1;
}
- if ((ssl_comp_methods == NULL)
- || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+ if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
- return (1);
+ return 1;
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
- return (0);
+ return 0;
}
#endif
#endif
}
-/* For a cipher return the index corresponding to the certificate type */
-int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
+const char *SSL_COMP_get0_name(const SSL_COMP *comp)
{
- uint32_t alg_a;
-
- alg_a = c->algorithm_auth;
-
- if (alg_a & SSL_aECDSA)
- return SSL_PKEY_ECC;
- else if (alg_a & SSL_aDSS)
- return SSL_PKEY_DSA_SIGN;
- else if (alg_a & SSL_aRSA)
- return SSL_PKEY_RSA_ENC;
- else if (alg_a & SSL_aGOST12)
- return SSL_PKEY_GOST_EC;
- else if (alg_a & SSL_aGOST01)
- return SSL_PKEY_GOST01;
+#ifndef OPENSSL_NO_COMP
+ return comp->name;
+#else
+ return NULL;
+#endif
+}
+int SSL_COMP_get_id(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+ return comp->id;
+#else
return -1;
+#endif
}
-const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
+ int all)
{
- const SSL_CIPHER *c;
- c = ssl->method->get_cipher_by_char(ptr);
- if (c == NULL || c->valid == 0)
+ const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
+ if (c == NULL || (!all && c->valid == 0))
return NULL;
return c;
}
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
{
- int i;
- if (c == NULL)
- return NID_undef;
- i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+ int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
if (i == -1)
return NID_undef;
return ssl_cipher_table_mac[i].nid;
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
{
int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
+
if (i == -1)
return NID_undef;
return ssl_cipher_table_kx[i].nid;
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
{
- int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_auth);
+ int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
if (i == -1)
return NID_undef;
- return ssl_cipher_table_kx[i].nid;
+ return ssl_cipher_table_auth[i].nid;
+}
+
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
+{
+ int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
+
+ if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+ return NULL;
+ return ssl_digest_methods[idx];
}
int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
{
return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
}
+
+int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+ size_t *int_overhead, size_t *blocksize,
+ size_t *ext_overhead)
+{
+ size_t mac = 0, in = 0, blk = 0, out = 0;
+
+ /* Some hard-coded numbers for the CCM/Poly1305 MAC overhead
+ * because there are no handy #defines for those. */
+ if (c->algorithm_enc & SSL_AESGCM) {
+ out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+ } else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) {
+ out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
+ } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
+ out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
+ } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
+ out = 16;
+ } else if (c->algorithm_mac & SSL_AEAD) {
+ /* We're supposed to have handled all the AEAD modes above */
+ return 0;
+ } else {
+ /* Non-AEAD modes. Calculate MAC/cipher overhead separately */
+ int digest_nid = SSL_CIPHER_get_digest_nid(c);
+ const EVP_MD *e_md = EVP_get_digestbynid(digest_nid);
+
+ if (e_md == NULL)
+ return 0;
+
+ mac = EVP_MD_size(e_md);
+ if (c->algorithm_enc != SSL_eNULL) {
+ int cipher_nid = SSL_CIPHER_get_cipher_nid(c);
+ const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid);
+
+ /* If it wasn't AEAD or SSL_eNULL, we expect it to be a
+ known CBC cipher. */
+ if (e_ciph == NULL ||
+ EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE)
+ return 0;
+
+ in = 1; /* padding length byte */
+ out = EVP_CIPHER_iv_length(e_ciph);
+ blk = EVP_CIPHER_block_size(e_ciph);
+ }
+ }
+
+ *mac_overhead = mac;
+ *int_overhead = in;
+ *blocksize = blk;
+ *ext_overhead = out;
+
+ return 1;
+}
+
+int ssl_cert_is_disabled(size_t idx)
+{
+ const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+ if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+ return 1;
+ return 0;
+}
projects / openssl.git / blobdiff