X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_ciph.c;h=12dac046a8e8217cc859516211be7429d1f1d1dc;hp=12820b6acba8ec73b57df1886e39038670cbb75b;hb=13e228d6845aff7e454eea7c9ddd392ebfbd2868;hpb=50e735f9e5d220cdad7db690188b82a69ddcb39e diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 12820b6acb..12dac046a8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -164,7 +164,40 @@ #define SSL_ENC_SEED_IDX 11 #define SSL_ENC_AES128GCM_IDX 12 #define SSL_ENC_AES256GCM_IDX 13 -#define SSL_ENC_NUM_IDX 14 +#define SSL_ENC_AES128CCM_IDX 14 +#define SSL_ENC_AES256CCM_IDX 15 +#define SSL_ENC_AES128CCM8_IDX 16 +#define SSL_ENC_AES256CCM8_IDX 17 +#define SSL_ENC_NUM_IDX 18 + +/* NB: make sure indices in these tables match values above */ + +typedef struct { + unsigned long mask; + int nid; +} ssl_cipher_table; + +/* Table of NIDs for each cipher */ +static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { + {SSL_DES, NID_des_cbc}, /* SSL_ENC_DES_IDX 0 */ + {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */ + {SSL_RC4, NID_rc4}, /* SSL_ENC_RC4_IDX 2 */ + {SSL_RC2, NID_rc2_cbc}, /* SSL_ENC_RC2_IDX 3 */ + {SSL_IDEA, NID_idea_cbc}, /* SSL_ENC_IDEA_IDX 4 */ + {SSL_eNULL, NID_undef}, /* SSL_ENC_NULL_IDX 5 */ + {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */ + {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */ + {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */ + {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */ + {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */ + {SSL_SEED, NID_seed_cbc}, /* SSL_ENC_SEED_IDX 11 */ + {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */ + {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */ + {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */ + {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */ + {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */ + {SSL_AES256CCM8, NID_aes_256_ccm} /* SSL_ENC_AES256CCM8_IDX 17 */ +}; static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, @@ -187,11 +220,38 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; * Constant SSL_MAX_DIGEST equal to size of digests array should be defined * in the ssl_locl.h */ + #define SSL_MD_NUM_IDX SSL_MAX_DIGEST + +/* NB: make sure indices in this table matches values above */ +static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { + {SSL_MD5, NID_md5}, /* SSL_MD_MD5_IDX 0 */ + {SSL_SHA1, NID_sha1}, /* SSL_MD_SHA1_IDX 1 */ + {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */ + {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */ + {SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */ + {SSL_SHA384, NID_sha384} /* SSL_MD_SHA384_IDX 5 */ +}; + static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL }; +/* Utility function for table lookup */ +static int ssl_cipher_info_find(const ssl_cipher_table * table, + size_t table_cnt, unsigned long mask) +{ + size_t i; + for (i = 0; i < table_cnt; i++, table++) { + if (table->mask == mask) + return i; + } + return -1; +} + +#define ssl_cipher_info_lookup(table, x) \ + ssl_cipher_info_find(table, OSSL_NELEM(table), x) + /* * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is @@ -253,8 +313,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -264,6 +322,9 @@ static const SSL_CIPHER cipher_aliases[] = { 0, 0, 0}, {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kECDHEPSK, 0, SSL_kECDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_kDHEPSK, 0, SSL_kDHEPSK, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -271,7 +332,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, /* no such ciphersuites supported! */ {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, @@ -279,9 +339,8 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0}, /* aliases combining key exchange and server authentication */ @@ -290,11 +349,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_PSK, 0, SSL_PSK, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, /* symmetric encryption aliases */ @@ -305,13 +363,17 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0, - 0}, - {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0, - 0}, + {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0, + 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0, + 0, 0, 0, 0, 0}, {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_AES_CCM, 0, 0, 0, SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0, + 0, 0}, + {0, SSL_TXT_AES_CCM_8, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8, 0, 0, 0, 0, + 0, 0}, {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0, @@ -401,63 +463,89 @@ static int get_optional_pkey_id(const char *pkey_name) #endif +/* masks of disabled algorithms */ +static unsigned long disabled_enc_mask; +static unsigned long disabled_mac_mask; +static unsigned long disabled_mkey_mask; +static unsigned long disabled_auth_mask; + void ssl_load_ciphers(void) { - ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc); - ssl_cipher_methods[SSL_ENC_3DES_IDX] = - EVP_get_cipherbyname(SN_des_ede3_cbc); - ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4); - ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc); -#ifndef OPENSSL_NO_IDEA - ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc); -#else - ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; + size_t i; + const ssl_cipher_table *t; + disabled_enc_mask = 0; + for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) { + if (t->nid == NID_undef) { + ssl_cipher_methods[i] = NULL; + } else { + const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid); + ssl_cipher_methods[i] = cipher; + if (cipher == NULL) + disabled_enc_mask |= t->mask; + } + } +#ifdef SSL_FORBID_ENULL + disabled_enc_mask |= SSL_eNULL; #endif - ssl_cipher_methods[SSL_ENC_AES128_IDX] = - EVP_get_cipherbyname(SN_aes_128_cbc); - ssl_cipher_methods[SSL_ENC_AES256_IDX] = - EVP_get_cipherbyname(SN_aes_256_cbc); - ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] = - EVP_get_cipherbyname(SN_camellia_128_cbc); - ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] = - EVP_get_cipherbyname(SN_camellia_256_cbc); - ssl_cipher_methods[SSL_ENC_GOST89_IDX] = - EVP_get_cipherbyname(SN_gost89_cnt); - ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc); - - ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = - EVP_get_cipherbyname(SN_aes_128_gcm); - ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = - EVP_get_cipherbyname(SN_aes_256_gcm); - - ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5); - ssl_mac_secret_size[SSL_MD_MD5_IDX] = - EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); - OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); - ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1); - ssl_mac_secret_size[SSL_MD_SHA1_IDX] = - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); - OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); - ssl_digest_methods[SSL_MD_GOST94_IDX] = - EVP_get_digestbyname(SN_id_GostR3411_94); - if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { - ssl_mac_secret_size[SSL_MD_GOST94_IDX] = - EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); - OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); + disabled_mac_mask = 0; + for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) { + const EVP_MD *md = EVP_get_digestbynid(t->nid); + ssl_digest_methods[i] = md; + if (md == NULL) { + disabled_mac_mask |= t->mask; + } else { + ssl_mac_secret_size[i] = EVP_MD_size(md); + OPENSSL_assert(ssl_mac_secret_size[i] >= 0); + } } - ssl_digest_methods[SSL_MD_GOST89MAC_IDX] = - EVP_get_digestbyname(SN_id_Gost28147_89_MAC); + /* Make sure we can access MD5 and SHA1 */ + OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); + OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); + + disabled_mkey_mask = 0; + disabled_auth_mask = 0; + +#ifdef OPENSSL_NO_RSA + disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; + disabled_auth_mask |= SSL_aRSA; +#endif +#ifdef OPENSSL_NO_DSA + disabled_auth_mask |= SSL_aDSS; +#endif +#ifdef OPENSSL_NO_DH + disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK; + disabled_auth_mask |= SSL_aDH; +#endif +#ifdef OPENSSL_NO_EC + disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK; + disabled_auth_mask |= SSL_aECDSA | SSL_aECDH; +#endif +#ifdef OPENSSL_NO_PSK + disabled_mkey_mask |= SSL_PSK; + disabled_auth_mask |= SSL_aPSK; +#endif +#ifdef OPENSSL_NO_SRP + disabled_mkey_mask |= SSL_kSRP; +#endif + + /* + * Check for presence of GOST 34.10 algorithms, and if they are not + * present, disable appropriate auth and key exchange + */ ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; + } else { + disabled_mac_mask |= SSL_GOST89MAC; } - ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256); - ssl_mac_secret_size[SSL_MD_SHA256_IDX] = - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); - ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384); - ssl_mac_secret_size[SSL_MD_SHA384_IDX] = - EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); + if (!get_optional_pkey_id("gost2001")) + disabled_auth_mask |= SSL_aGOST01; + /* + * Disable GOST key exchange if no GOST signature algs are available * + */ + if ((disabled_auth_mask & SSL_aGOST01) == SSL_aGOST01) + disabled_mkey_mask |= SSL_kGOST; } #ifndef OPENSSL_NO_COMP @@ -479,22 +567,20 @@ static void load_builtin_compressions(void) if (ssl_comp_methods == NULL) { SSL_COMP *comp = NULL; + COMP_METHOD *method = COMP_zlib(); MemCheck_off(); ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) { - comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (COMP_get_type(method) != NID_undef + && ssl_comp_methods != NULL) { + comp = OPENSSL_malloc(sizeof(*comp)); if (comp != NULL) { - comp->method = COMP_zlib(); - if (comp->method && comp->method->type == NID_undef) - OPENSSL_free(comp); - else { - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods, comp); - } + comp->method = method; + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = COMP_get_name(method); + sk_SSL_COMP_push(ssl_comp_methods, comp); + sk_SSL_COMP_sort(ssl_comp_methods); } - sk_SSL_COMP_sort(ssl_comp_methods); } MemCheck_on(); } @@ -532,60 +618,17 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, else *comp = NULL; } + /* If were only interested in comp then return success */ + if ((enc == NULL) && (md == NULL)) + return 1; } if ((enc == NULL) || (md == NULL)) - return (0); + return 0; - switch (c->algorithm_enc) { - case SSL_DES: - i = SSL_ENC_DES_IDX; - break; - case SSL_3DES: - i = SSL_ENC_3DES_IDX; - break; - case SSL_RC4: - i = SSL_ENC_RC4_IDX; - break; - case SSL_RC2: - i = SSL_ENC_RC2_IDX; - break; - case SSL_IDEA: - i = SSL_ENC_IDEA_IDX; - break; - case SSL_eNULL: - i = SSL_ENC_NULL_IDX; - break; - case SSL_AES128: - i = SSL_ENC_AES128_IDX; - break; - case SSL_AES256: - i = SSL_ENC_AES256_IDX; - break; - case SSL_CAMELLIA128: - i = SSL_ENC_CAMELLIA128_IDX; - break; - case SSL_CAMELLIA256: - i = SSL_ENC_CAMELLIA256_IDX; - break; - case SSL_eGOST2814789CNT: - i = SSL_ENC_GOST89_IDX; - break; - case SSL_SEED: - i = SSL_ENC_SEED_IDX; - break; - case SSL_AES128GCM: - i = SSL_ENC_AES128GCM_IDX; - break; - case SSL_AES256GCM: - i = SSL_ENC_AES256GCM_IDX; - break; - default: - i = -1; - break; - } + i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc); - if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) + if (i == -1) *enc = NULL; else { if (i == SSL_ENC_NULL_IDX) @@ -594,30 +637,8 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, *enc = ssl_cipher_methods[i]; } - switch (c->algorithm_mac) { - case SSL_MD5: - i = SSL_MD_MD5_IDX; - break; - case SSL_SHA1: - i = SSL_MD_SHA1_IDX; - break; - case SSL_SHA256: - i = SSL_MD_SHA256_IDX; - break; - case SSL_SHA384: - i = SSL_MD_SHA384_IDX; - break; - case SSL_GOST94: - i = SSL_MD_GOST94_IDX; - break; - case SSL_GOST89MAC: - i = SSL_MD_GOST89MAC_IDX; - break; - default: - i = -1; - break; - } - if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { + i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); + if (i == -1) { *md = NULL; if (mac_pkey_type != NULL) *mac_pkey_type = NID_undef; @@ -723,100 +744,6 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, *head = curr; } -static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, - unsigned long *enc, unsigned long *mac, - unsigned long *ssl) -{ - *mkey = 0; - *auth = 0; - *enc = 0; - *mac = 0; - *ssl = 0; - -#ifdef OPENSSL_NO_RSA - *mkey |= SSL_kRSA; - *auth |= SSL_aRSA; -#endif -#ifdef OPENSSL_NO_DSA - *auth |= SSL_aDSS; -#endif -#ifdef OPENSSL_NO_DH - *mkey |= SSL_kDHr | SSL_kDHd | SSL_kDHE; - *auth |= SSL_aDH; -#endif -#ifdef OPENSSL_NO_KRB5 - *mkey |= SSL_kKRB5; - *auth |= SSL_aKRB5; -#endif -#ifdef OPENSSL_NO_ECDSA - *auth |= SSL_aECDSA; -#endif -#ifdef OPENSSL_NO_ECDH - *mkey |= SSL_kECDHe | SSL_kECDHr; - *auth |= SSL_aECDH; -#endif -#ifdef OPENSSL_NO_PSK - *mkey |= SSL_kPSK; - *auth |= SSL_aPSK; -#endif -#ifdef OPENSSL_NO_SRP - *mkey |= SSL_kSRP; -#endif - /* - * Check for presence of GOST 34.10 algorithms, and if they do not - * present, disable appropriate auth and key exchange - */ - if (!get_optional_pkey_id("gost94")) { - *auth |= SSL_aGOST94; - } - if (!get_optional_pkey_id("gost2001")) { - *auth |= SSL_aGOST01; - } - /* - * Disable GOST key exchange if no GOST signature algs are available * - */ - if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) { - *mkey |= SSL_kGOST; - } -#ifdef SSL_FORBID_ENULL - *enc |= SSL_eNULL; -#endif - - *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == - NULL) ? SSL_AES128GCM : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == - NULL) ? SSL_AES256GCM : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == - NULL) ? SSL_CAMELLIA128 : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == - NULL) ? SSL_CAMELLIA256 : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == - NULL) ? SSL_eGOST2814789CNT : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; - - *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0; - *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; - *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; - *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; - *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; - *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL - || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] == - NID_undef) ? SSL_GOST89MAC : 0; - -} - static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, unsigned long disabled_mkey, @@ -855,10 +782,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; -#ifdef KSSL_DEBUG - fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id, - c->algorithm_mkey, c->algorithm_auth); -#endif /* KSSL_DEBUG */ /* * if (!sk_push(ca_list,(char *)c)) goto err; */ @@ -1115,12 +1038,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, curr = curr->next; } - number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); + number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1)); if (!number_uses) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); return (0); } - memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); /* * Now find the strength_bits values actually used @@ -1247,8 +1169,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, j = found = 0; cipher_id = 0; while (ca_list[j]) { - if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) { + if (strncmp(buf, ca_list[j]->name, buflen) == 0 + && (ca_list[j]->name[buflen] == '\0')) { found = 1; break; } else @@ -1363,9 +1285,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ if (rule == CIPHER_SPECIAL) { /* special command */ ok = 0; - if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) + if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) ok = ssl_cipher_strength_sort(head_p, tail_p); - else if (buflen == 10 && !strncmp(buf, "SECLEVEL=", 9)) { + else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) { int level = buf[9] - '0'; if (level < 0 || level > 5) { SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, @@ -1408,15 +1330,16 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (!strcmp(*prule_str, "SUITEB128")) - suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (!strcmp(*prule_str, "SUITEB128ONLY")) + if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (!strcmp(*prule_str, "SUITEB128C2")) { + } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (!strcmp(*prule_str, "SUITEB192")) + } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { + suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; + } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; + } if (suiteb_flags) { c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS; @@ -1437,7 +1360,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return 0; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC switch (suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: if (suiteb_comb2) @@ -1491,8 +1414,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * To reduce the work to do we only want to process the compiled * in algorithms, so we first get the mask of disabled ciphers. */ - ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, - &disabled_mac, &disabled_ssl); + + disabled_mkey = disabled_mkey_mask; + disabled_auth = disabled_auth_mask; + disabled_enc = disabled_enc_mask; + disabled_mac = disabled_mac_mask; + disabled_ssl = 0; /* * Now we have to collect the available ciphers from the compiled @@ -1500,12 +1427,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * it is used for allocation. */ num_of_ciphers = ssl_method->num_ciphers(); -#ifdef KSSL_DEBUG - fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", - num_of_ciphers); -#endif /* KSSL_DEBUG */ - co_list = - (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); return (NULL); /* Failure */ @@ -1557,8 +1480,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); /* RC4 is sort-of broken -- move the the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, @@ -1584,9 +1505,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * groups of cipher_aliases added together in one list (otherwise * we would be happy with just the cipher_aliases table). */ - num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); + num_of_group_aliases = OSSL_NELEM(cipher_aliases); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { OPENSSL_free(co_list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1613,7 +1534,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK if (ok && (strlen(rule_p) > 0)) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); - OPENSSL_free((void *)ca_list); /* Not needed anymore */ + OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ OPENSSL_free(co_list); @@ -1653,8 +1574,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK sk_SSL_CIPHER_free(cipherstack); return NULL; } - if (*cipher_list != NULL) - sk_SSL_CIPHER_free(*cipher_list); + sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); @@ -1672,13 +1592,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; -#ifdef KSSL_DEBUG - static const char *format = - "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; -#else static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; -#endif /* KSSL_DEBUG */ alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; @@ -1708,9 +1623,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx = "DH/DSS"; break; - case SSL_kKRB5: - kx = "KRB5"; - break; case SSL_kDHE: kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; break; @@ -1726,6 +1638,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kPSK: kx = "PSK"; break; + case SSL_kRSAPSK: + kx = "RSAPSK"; + break; + case SSL_kECDHEPSK: + kx = "ECDHEPSK"; + break; + case SSL_kDHEPSK: + kx = "DHEPSK"; + break; case SSL_kSRP: kx = "SRP"; break; @@ -1746,9 +1667,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au = "DH"; break; - case SSL_aKRB5: - au = "KRB5"; - break; case SSL_aECDH: au = "ECDH"; break; @@ -1764,9 +1682,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aSRP: au = "SRP"; break; - case SSL_aGOST94: - au = "GOST94"; - break; case SSL_aGOST01: au = "GOST01"; break; @@ -1806,6 +1721,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_AES256GCM: enc = "AESGCM(256)"; break; + case SSL_AES128CCM: + enc = "AESCCM(128)"; + break; + case SSL_AES256CCM: + enc = "AESCCM(256)"; + break; + case SSL_AES128CCM8: + enc = "AESCCM8(128)"; + break; + case SSL_AES256CCM8: + enc = "AESCCM8(256)"; + break; case SSL_CAMELLIA128: enc = "Camellia(128)"; break; @@ -1858,13 +1785,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) } else if (len < 128) return ("Buffer too small"); -#ifdef KSSL_DEBUG - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, - exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); -#else BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); -#endif /* KSSL_DEBUG */ + return (buf); } @@ -1924,20 +1847,23 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) } #ifdef OPENSSL_NO_COMP -void *SSL_COMP_get_compression_methods(void) +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { return NULL; } - -int SSL_COMP_add_compression_method(int id, void *cm) +STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths) { - return 1; + return meths; } - -const char *SSL_COMP_get_name(const void *comp) +void SSL_COMP_free_compression_methods(void) { - return NULL; } +int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) +{ + return 1; +} + #else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { @@ -1969,7 +1895,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { SSL_COMP *comp; - if (cm == NULL || cm->type == NID_undef) + if (cm == NULL || COMP_get_type(cm) == NID_undef) return 1; /*- @@ -1987,7 +1913,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) } MemCheck_off(); - comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + comp = OPENSSL_malloc(sizeof(*comp)); if (comp == NULL) { MemCheck_on(); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); @@ -2014,14 +1940,17 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return (0); } } +#endif const char *SSL_COMP_get_name(const COMP_METHOD *comp) { - if (comp) - return comp->name; +#ifndef OPENSSL_NO_COMP + return comp ? COMP_get_name(comp) : NULL; +#else return NULL; -} #endif +} + /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { @@ -2050,11 +1979,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) return SSL_PKEY_RSA_ENC; - else if (alg_a & SSL_aKRB5) - /* VRS something else here? */ - return -1; - else if (alg_a & SSL_aGOST94) - return SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) return SSL_PKEY_GOST01; return -1; @@ -2073,3 +1997,25 @@ const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr) { return ssl->method->get_cipher_by_char(ptr); } + +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) +{ + int i; + if (c == NULL) + return -1; + i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc); + if (i == -1) + return -1; + return ssl_cipher_table_cipher[i].nid; +} + +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) +{ + int i; + if (c == NULL) + return -1; + i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); + if (i == -1) + return -1; + return ssl_cipher_table_mac[i].nid; +}