X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_ciph.c;h=16ff0b23b52e8e4cefc217c59e933b498e0491e3;hp=39390105152adf5bae4d0dc6c1397ae6ae7c0d53;hb=b11836a63a8973c2b61f8ccd10a085361bced2ea;hpb=0d3587c7fcb45dbf111721ade1ccc2abf9dc3934 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 3939010515..16ff0b23b5 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1,4 +1,3 @@ -/* ssl/ssl_ciph.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -148,6 +147,7 @@ #ifndef OPENSSL_NO_ENGINE # include #endif +#include "internal/threads.h" #include "ssl_locl.h" #define SSL_ENC_DES_IDX 0 @@ -214,6 +214,8 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; +static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT; + /* * Constant SSL_MAX_DIGEST equal to size of digests array should be defined * in the ssl_locl.h @@ -241,6 +243,29 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +static const ssl_cipher_table ssl_cipher_table_kx[] = { + { SSL_kRSA, NID_kx_rsa }, + { SSL_kECDHE, NID_kx_ecdhe }, + { SSL_kDHE, NID_kx_dhe }, + { SSL_kECDHEPSK, NID_kx_ecdhe_psk }, + { SSL_kDHEPSK, NID_kx_dhe_psk }, + { SSL_kRSAPSK, NID_kx_rsa_psk }, + { SSL_kPSK, NID_kx_psk }, + { SSL_kSRP, NID_kx_srp }, + { SSL_kGOST, NID_kx_gost } +}; + +static const ssl_cipher_table ssl_cipher_table_auth[] = { + { SSL_aRSA, NID_auth_rsa }, + { SSL_aECDSA, NID_auth_ecdsa }, + { SSL_aPSK, NID_auth_psk }, + { SSL_aDSS, NID_auth_dss }, + { SSL_aGOST01, NID_auth_gost01 }, + { SSL_aGOST12, NID_auth_gost12 }, + { SSL_aSRP, NID_auth_srp }, + { SSL_aNULL, NID_auth_null } +}; + /* Utility function for table lookup */ static int ssl_cipher_info_find(const ssl_cipher_table * table, size_t table_cnt, uint32_t mask) @@ -279,6 +304,11 @@ static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { #define CIPHER_DEL 3 #define CIPHER_ORD 4 #define CIPHER_SPECIAL 5 +/* + * Bump the ciphers to the top of the list. + * This rule isn't currently supported by the public cipherstring API. + */ +#define CIPHER_BUMP 6 typedef struct cipher_order_st { const SSL_CIPHER *cipher; @@ -297,7 +327,7 @@ static const SSL_CIPHER cipher_aliases[] = { * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0}, + {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0}, /* * key exchange aliases (some of those using only a single bit here @@ -306,20 +336,14 @@ static const SSL_CIPHER cipher_aliases[] = { */ {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kEDH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kDHE, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, + {0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kECDHE, 0, 0, 0, 0, 0, + {0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -334,9 +358,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - /* no such ciphersuites supported! */ - {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, @@ -381,8 +402,8 @@ static const SSL_CIPHER cipher_aliases[] = { 0, 0}, {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0, - 0, 0, 0}, + {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0 }, /* MAC aliases */ {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, @@ -449,8 +470,7 @@ static int get_optional_pkey_id(const char *pkey_name) ameth) <= 0) pkey_id = 0; } - if (tmpeng) - ENGINE_finish(tmpeng); + ENGINE_finish(tmpeng); return pkey_id; } @@ -506,12 +526,11 @@ void ssl_load_ciphers(void) disabled_auth_mask |= SSL_aDSS; #endif #ifdef OPENSSL_NO_DH - disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK; - disabled_auth_mask |= SSL_aDH; + disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK; #endif #ifdef OPENSSL_NO_EC - disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK; - disabled_auth_mask |= SSL_aECDSA | SSL_aECDH; + disabled_mkey_mask |= SSL_kECDHEPSK; + disabled_auth_mask |= SSL_aECDSA; #endif #ifdef OPENSSL_NO_PSK disabled_mkey_mask |= SSL_PSK; @@ -559,41 +578,31 @@ static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) return ((*a)->id - (*b)->id); } -static void load_builtin_compressions(void) +static void do_load_builtin_compressions(void) { - int got_write_lock = 0; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL); - if (ssl_comp_methods == NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - got_write_lock = 1; - - if (ssl_comp_methods == NULL) { - SSL_COMP *comp = NULL; - COMP_METHOD *method = COMP_zlib(); - - MemCheck_off(); - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (COMP_get_type(method) != NID_undef - && ssl_comp_methods != NULL) { - comp = OPENSSL_malloc(sizeof(*comp)); - if (comp != NULL) { - comp->method = method; - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = COMP_get_name(method); - sk_SSL_COMP_push(ssl_comp_methods, comp); - sk_SSL_COMP_sort(ssl_comp_methods); - } - } - MemCheck_on(); + SSL_COMP *comp = NULL; + COMP_METHOD *method = COMP_zlib(); + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); + ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); + + if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) { + comp = OPENSSL_malloc(sizeof(*comp)); + if (comp != NULL) { + comp->method = method; + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = COMP_get_name(method); + sk_SSL_COMP_push(ssl_comp_methods, comp); + sk_SSL_COMP_sort(ssl_comp_methods); } } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); +} - if (got_write_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - else - CRYPTO_r_unlock(CRYPTO_LOCK_SSL); +static void load_builtin_compressions(void) +{ + CRYPTO_THREAD_run_once(&ssl_load_builtin_comp_once, + do_load_builtin_compressions); } #endif @@ -759,7 +768,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, uint32_t disabled_auth, uint32_t disabled_enc, uint32_t disabled_mac, - uint32_t disabled_ssl, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) @@ -784,8 +792,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, !(c->algorithm_mkey & disabled_mkey) && !(c->algorithm_auth & disabled_auth) && !(c->algorithm_enc & disabled_enc) && - !(c->algorithm_mac & disabled_mac) && - !(c->algorithm_ssl & disabled_ssl)) { + !(c->algorithm_mac & disabled_mac)) { co_list[co_list_num].cipher = c; co_list[co_list_num].next = NULL; co_list[co_list_num].prev = NULL; @@ -827,7 +834,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, uint32_t disabled_auth, uint32_t disabled_enc, uint32_t disabled_mac, - uint32_t disabled_ssl, CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; @@ -837,7 +843,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, uint32_t mask_auth = ~disabled_auth; uint32_t mask_enc = ~disabled_enc; uint32_t mask_mac = ~disabled_mac; - uint32_t mask_ssl = ~disabled_ssl; /* * First, add the real ciphers as already collected @@ -861,7 +866,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth; uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc; uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac; - uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl; if (algorithm_mkey) if ((algorithm_mkey & mask_mkey) == 0) @@ -879,10 +883,6 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, if ((algorithm_mac & mask_mac) == 0) continue; - if (algorithm_ssl) - if ((algorithm_ssl & mask_ssl) == 0) - continue; - *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); ca_curr++; } @@ -903,12 +903,12 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, #ifdef CIPHER_DEBUG fprintf(stderr, - "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", + "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); #endif - if (rule == CIPHER_DEL) + if (rule == CIPHER_DEL || rule == CIPHER_BUMP) reverse = 1; /* needed to maintain sorting between * currently deleted ciphers */ @@ -947,14 +947,10 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, } else { #ifdef CIPHER_DEBUG fprintf(stderr, - "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", + "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); -#endif -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL - if (cipher_id && cipher_id != cp->id) - continue; #endif if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; @@ -1002,6 +998,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, ll_append_head(&head, curr, &tail); curr->active = 0; } + } else if (rule == CIPHER_BUMP) { + if (curr->active) + ll_append_head(&head, curr, &tail); } else if (rule == CIPHER_KILL) { /* reverse == 0 */ if (head == curr) @@ -1355,12 +1354,8 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) { - if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) - SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, - SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); - else - SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, - SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, + SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE); return 0; } # ifndef OPENSSL_NO_EC @@ -1394,8 +1389,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK const char *rule_str, CERT *c) { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac, - disabled_ssl; + uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; @@ -1420,7 +1414,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK disabled_auth = disabled_auth_mask; disabled_enc = disabled_enc_mask; disabled_mac = disabled_mac_mask; - disabled_ssl = 0; /* * Now we have to collect the available ciphers from the compiled @@ -1437,23 +1430,39 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, disabled_ssl, co_list, &head, + disabled_mac, co_list, &head, &tail); - /* Now arrange all ciphers by preference: */ + /* Now arrange all ciphers by preference. */ /* * Everything else being equal, prefer ephemeral ECDH over other key - * exchange mechanisms + * exchange mechanisms. + * For consistency, prefer ECDSA over RSA (though this only matters if the + * server has both certificates, and is using the DEFAULT, or a client + * preference). */ + ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, + -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - /* AES is our preferred symmetric cipher */ - ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, - &tail); + + /* Within each strength group, we prefer GCM over CHACHA... */ + ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, + &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, + &head, &tail); + + /* + * ...and generally, our preferred cipher is AES. + * Note that AEADs will be bumped to take preference after sorting by + * strength. + */ + ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD, + -1, &head, &tail); /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); @@ -1470,9 +1479,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - /* Move ciphers without forward secrecy to the end */ - ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); /* * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, * &head, &tail); @@ -1495,6 +1501,33 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK return NULL; } + /* + * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs. + * TODO(openssl-team): is there an easier way to accomplish all this? + */ + ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_2, 0, CIPHER_BUMP, -1, + &head, &tail); + + /* + * Irrespective of strength, enforce the following order: + * (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest. + * Within each group, ciphers remain sorted by strength and previous + * preference, i.e., + * 1) ECDHE > DHE + * 2) GCM > CHACHA + * 3) AES > rest + * 4) TLS 1.2 > legacy + * + * Because we now bump ciphers to the top of the list, we proceed in + * reverse order of preference. + */ + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1, + &head, &tail); + ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0, + CIPHER_BUMP, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0, + CIPHER_BUMP, -1, &head, &tail); + /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); @@ -1516,7 +1549,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, - disabled_mac, disabled_ssl, head); + disabled_mac, head); /* * If the rule_string begins with DEFAULT, apply the default rule @@ -1591,44 +1624,32 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { const char *ver; const char *kx, *au, *enc, *mac; - uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac; static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n"; + if (buf == NULL) { + len = 128; + buf = OPENSSL_malloc(len); + if (buf == NULL) + return NULL; + } else if (len < 128) + return NULL; + alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; alg_enc = cipher->algorithm_enc; alg_mac = cipher->algorithm_mac; - alg_ssl = cipher->algorithm_ssl; - if (alg_ssl & SSL_SSLV3) - ver = "SSLv3"; - else if (alg_ssl & SSL_TLSV1) - ver = "TLSv1.0"; - else if (alg_ssl & SSL_TLSV1_2) - ver = "TLSv1.2"; - else - ver = "unknown"; + ver = SSL_CIPHER_get_version(cipher); switch (alg_mkey) { case SSL_kRSA: kx = "RSA"; break; - case SSL_kDHr: - kx = "DH/RSA"; - break; - case SSL_kDHd: - kx = "DH/DSS"; - break; case SSL_kDHE: kx = "DH"; break; - case SSL_kECDHr: - kx = "ECDH/RSA"; - break; - case SSL_kECDHe: - kx = "ECDH/ECDSA"; - break; case SSL_kECDHE: kx = "ECDH"; break; @@ -1661,12 +1682,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDSS: au = "DSS"; break; - case SSL_aDH: - au = "DH"; - break; - case SSL_aECDH: - au = "ECDH"; - break; case SSL_aNULL: au = "None"; break; @@ -1787,30 +1802,26 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) break; } - if (buf == NULL) { - len = 128; - buf = OPENSSL_malloc(len); - if (buf == NULL) - return ("OPENSSL_malloc Error"); - } else if (len < 128) - return ("Buffer too small"); - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac); return (buf); } -char *SSL_CIPHER_get_version(const SSL_CIPHER *c) +const char *SSL_CIPHER_get_version(const SSL_CIPHER *c) { - int i; + uint32_t alg_ssl; if (c == NULL) - return ("(NONE)"); - i = (int)(c->id >> 24L); - if (i == 3) - return ("TLSv1/SSLv3"); - else - return ("unknown"); + return "(NONE)"; + alg_ssl = c->algorithm_ssl; + + if (alg_ssl & SSL_SSLV3) + return "SSLv3"; + if (alg_ssl & SSL_TLSV1) + return "TLSv1.0"; + if (alg_ssl & SSL_TLSV1_2) + return "TLSv1.2"; + return "unknown"; } /* return the actual cipher being used */ @@ -1921,10 +1932,10 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return 0; } - MemCheck_off(); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); comp = OPENSSL_malloc(sizeof(*comp)); if (comp == NULL) { - MemCheck_on(); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); return (1); } @@ -1934,20 +1945,20 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) load_builtin_compressions(); if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { OPENSSL_free(comp); - MemCheck_on(); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); return (1); - } else if ((ssl_comp_methods == NULL) + } + if ((ssl_comp_methods == NULL) || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { OPENSSL_free(comp); - MemCheck_on(); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); return (1); - } else { - MemCheck_on(); - return (0); } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); + return (0); } #endif @@ -1963,27 +1974,12 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp) /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { - uint32_t alg_k, alg_a; + uint32_t alg_a; - alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if (alg_k & (SSL_kECDHr | SSL_kECDHe)) { - /* - * we don't need to look at SSL_kECDHE since no certificate is needed - * for anon ECDH and for authenticated ECDHE, the check for the auth - * algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC - * not an RSA cert but for ECDHE-RSA we need an RSA cert. Placing the - * checks for SSL_kECDH before RSA checks ensures the correct cert is - * chosen. - */ - return SSL_PKEY_ECC; - } else if (alg_a & SSL_aECDSA) + if (alg_a & SSL_aECDSA) return SSL_PKEY_ECC; - else if (alg_k & SSL_kDHr) - return SSL_PKEY_DH_RSA; - else if (alg_k & SSL_kDHd) - return SSL_PKEY_DH_DSA; else if (alg_a & SSL_aDSS) return SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) @@ -1998,8 +1994,8 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr) { - const SSL_CIPHER *c; - c = ssl->method->get_cipher_by_char(ptr); + const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr); + if (c == NULL || c->valid == 0) return NULL; return c; @@ -2014,20 +2010,41 @@ int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) { int i; if (c == NULL) - return -1; + return NID_undef; i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc); if (i == -1) - return -1; + return NID_undef; return ssl_cipher_table_cipher[i].nid; } int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) { - int i; - if (c == NULL) - return -1; - i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); + int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac); + if (i == -1) - return -1; + return NID_undef; return ssl_cipher_table_mac[i].nid; } + +int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) +{ + int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey); + + if (i == -1) + return NID_undef; + return ssl_cipher_table_kx[i].nid; +} + +int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) +{ + int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth); + + if (i == -1) + return NID_undef; + return ssl_cipher_table_auth[i].nid; +} + +int SSL_CIPHER_is_aead(const SSL_CIPHER *c) +{ + return (c->algorithm_mac & SSL_AEAD) ? 1 : 0; +}