| GCC Code Coverage Report | |||||||||||||||||||||
|
|||||||||||||||||||||
| Line | Branch | Exec | Source |
1 |
/* $OpenBSD: ssl_ciph.c,v 1.97 2017/08/28 16:37:04 jsing Exp $ */ |
||
2 |
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
||
3 |
* All rights reserved. |
||
4 |
* |
||
5 |
* This package is an SSL implementation written |
||
6 |
* by Eric Young (eay@cryptsoft.com). |
||
7 |
* The implementation was written so as to conform with Netscapes SSL. |
||
8 |
* |
||
9 |
* This library is free for commercial and non-commercial use as long as |
||
10 |
* the following conditions are aheared to. The following conditions |
||
11 |
* apply to all code found in this distribution, be it the RC4, RSA, |
||
12 |
* lhash, DES, etc., code; not just the SSL code. The SSL documentation |
||
13 |
* included with this distribution is covered by the same copyright terms |
||
14 |
* except that the holder is Tim Hudson (tjh@cryptsoft.com). |
||
15 |
* |
||
16 |
* Copyright remains Eric Young's, and as such any Copyright notices in |
||
17 |
* the code are not to be removed. |
||
18 |
* If this package is used in a product, Eric Young should be given attribution |
||
19 |
* as the author of the parts of the library used. |
||
20 |
* This can be in the form of a textual message at program startup or |
||
21 |
* in documentation (online or textual) provided with the package. |
||
22 |
* |
||
23 |
* Redistribution and use in source and binary forms, with or without |
||
24 |
* modification, are permitted provided that the following conditions |
||
25 |
* are met: |
||
26 |
* 1. Redistributions of source code must retain the copyright |
||
27 |
* notice, this list of conditions and the following disclaimer. |
||
28 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
29 |
* notice, this list of conditions and the following disclaimer in the |
||
30 |
* documentation and/or other materials provided with the distribution. |
||
31 |
* 3. All advertising materials mentioning features or use of this software |
||
32 |
* must display the following acknowledgement: |
||
33 |
* "This product includes cryptographic software written by |
||
34 |
* Eric Young (eay@cryptsoft.com)" |
||
35 |
* The word 'cryptographic' can be left out if the rouines from the library |
||
36 |
* being used are not cryptographic related :-). |
||
37 |
* 4. If you include any Windows specific code (or a derivative thereof) from |
||
38 |
* the apps directory (application code) you must include an acknowledgement: |
||
39 |
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
||
40 |
* |
||
41 |
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
||
42 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
43 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||
44 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
||
45 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
||
46 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
||
47 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
48 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
||
49 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
||
50 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
||
51 |
* SUCH DAMAGE. |
||
52 |
* |
||
53 |
* The licence and distribution terms for any publically available version or |
||
54 |
* derivative of this code cannot be changed. i.e. this code cannot simply be |
||
55 |
* copied and put under another distribution licence |
||
56 |
* [including the GNU Public Licence.] |
||
57 |
*/ |
||
58 |
/* ==================================================================== |
||
59 |
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
||
60 |
* |
||
61 |
* Redistribution and use in source and binary forms, with or without |
||
62 |
* modification, are permitted provided that the following conditions |
||
63 |
* are met: |
||
64 |
* |
||
65 |
* 1. Redistributions of source code must retain the above copyright |
||
66 |
* notice, this list of conditions and the following disclaimer. |
||
67 |
* |
||
68 |
* 2. Redistributions in binary form must reproduce the above copyright |
||
69 |
* notice, this list of conditions and the following disclaimer in |
||
70 |
* the documentation and/or other materials provided with the |
||
71 |
* distribution. |
||
72 |
* |
||
73 |
* 3. All advertising materials mentioning features or use of this |
||
74 |
* software must display the following acknowledgment: |
||
75 |
* "This product includes software developed by the OpenSSL Project |
||
76 |
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
||
77 |
* |
||
78 |
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
||
79 |
* endorse or promote products derived from this software without |
||
80 |
* prior written permission. For written permission, please contact |
||
81 |
* openssl-core@openssl.org. |
||
82 |
* |
||
83 |
* 5. Products derived from this software may not be called "OpenSSL" |
||
84 |
* nor may "OpenSSL" appear in their names without prior written |
||
85 |
* permission of the OpenSSL Project. |
||
86 |
* |
||
87 |
* 6. Redistributions of any form whatsoever must retain the following |
||
88 |
* acknowledgment: |
||
89 |
* "This product includes software developed by the OpenSSL Project |
||
90 |
* for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
||
91 |
* |
||
92 |
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
||
93 |
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
||
94 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
||
95 |
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
||
96 |
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||
97 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||
98 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
99 |
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||
100 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||
101 |
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||
102 |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
||
103 |
* OF THE POSSIBILITY OF SUCH DAMAGE. |
||
104 |
* ==================================================================== |
||
105 |
* |
||
106 |
* This product includes cryptographic software written by Eric Young |
||
107 |
* (eay@cryptsoft.com). This product includes software written by Tim |
||
108 |
* Hudson (tjh@cryptsoft.com). |
||
109 |
* |
||
110 |
*/ |
||
111 |
/* ==================================================================== |
||
112 |
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
||
113 |
* ECC cipher suite support in OpenSSL originally developed by |
||
114 |
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
||
115 |
*/ |
||
116 |
/* ==================================================================== |
||
117 |
* Copyright 2005 Nokia. All rights reserved. |
||
118 |
* |
||
119 |
* The portions of the attached software ("Contribution") is developed by |
||
120 |
* Nokia Corporation and is licensed pursuant to the OpenSSL open source |
||
121 |
* license. |
||
122 |
* |
||
123 |
* The Contribution, originally written by Mika Kousa and Pasi Eronen of |
||
124 |
* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
||
125 |
* support (see RFC 4279) to OpenSSL. |
||
126 |
* |
||
127 |
* No patent licenses or other rights except those expressly stated in |
||
128 |
* the OpenSSL open source license shall be deemed granted or received |
||
129 |
* expressly, by implication, estoppel, or otherwise. |
||
130 |
* |
||
131 |
* No assurances are provided by Nokia that the Contribution does not |
||
132 |
* infringe the patent or other intellectual property rights of any third |
||
133 |
* party or that the license provides you with all the necessary rights |
||
134 |
* to make use of the Contribution. |
||
135 |
* |
||
136 |
* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
||
137 |
* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
||
138 |
* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
||
139 |
* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
||
140 |
* OTHERWISE. |
||
141 |
*/ |
||
142 |
|||
143 |
#include <stdio.h> |
||
144 |
|||
145 |
#include <openssl/objects.h> |
||
146 |
|||
147 |
#ifndef OPENSSL_NO_ENGINE |
||
148 |
#include <openssl/engine.h> |
||
149 |
#endif |
||
150 |
|||
151 |
#include "ssl_locl.h" |
||
152 |
|||
153 |
#define SSL_ENC_DES_IDX 0 |
||
154 |
#define SSL_ENC_3DES_IDX 1 |
||
155 |
#define SSL_ENC_RC4_IDX 2 |
||
156 |
#define SSL_ENC_IDEA_IDX 3 |
||
157 |
#define SSL_ENC_NULL_IDX 4 |
||
158 |
#define SSL_ENC_AES128_IDX 5 |
||
159 |
#define SSL_ENC_AES256_IDX 6 |
||
160 |
#define SSL_ENC_CAMELLIA128_IDX 7 |
||
161 |
#define SSL_ENC_CAMELLIA256_IDX 8 |
||
162 |
#define SSL_ENC_GOST89_IDX 9 |
||
163 |
#define SSL_ENC_AES128GCM_IDX 10 |
||
164 |
#define SSL_ENC_AES256GCM_IDX 11 |
||
165 |
#define SSL_ENC_NUM_IDX 12 |
||
166 |
|||
167 |
|||
168 |
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
||
169 |
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
||
170 |
}; |
||
171 |
|||
172 |
#define SSL_MD_MD5_IDX 0 |
||
173 |
#define SSL_MD_SHA1_IDX 1 |
||
174 |
#define SSL_MD_GOST94_IDX 2 |
||
175 |
#define SSL_MD_GOST89MAC_IDX 3 |
||
176 |
#define SSL_MD_SHA256_IDX 4 |
||
177 |
#define SSL_MD_SHA384_IDX 5 |
||
178 |
#define SSL_MD_STREEBOG256_IDX 6 |
||
179 |
/*Constant SSL_MAX_DIGEST equal to size of digests array should be |
||
180 |
* defined in the |
||
181 |
* ssl_locl.h */ |
||
182 |
#define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
||
183 |
static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
||
184 |
NULL, NULL, NULL, NULL, NULL, NULL, NULL, |
||
185 |
}; |
||
186 |
|||
187 |
static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
||
188 |
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT, |
||
189 |
EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, |
||
190 |
}; |
||
191 |
|||
192 |
static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
||
193 |
0, 0, 0, 0, 0, 0, 0, |
||
194 |
}; |
||
195 |
|||
196 |
#define CIPHER_ADD 1 |
||
197 |
#define CIPHER_KILL 2 |
||
198 |
#define CIPHER_DEL 3 |
||
199 |
#define CIPHER_ORD 4 |
||
200 |
#define CIPHER_SPECIAL 5 |
||
201 |
|||
202 |
typedef struct cipher_order_st { |
||
203 |
const SSL_CIPHER *cipher; |
||
204 |
int active; |
||
205 |
int dead; |
||
206 |
struct cipher_order_st *next, *prev; |
||
207 |
} CIPHER_ORDER; |
||
208 |
|||
209 |
static const SSL_CIPHER cipher_aliases[] = { |
||
210 |
|||
211 |
/* "ALL" doesn't include eNULL (must be specifically enabled) */ |
||
212 |
{ |
||
213 |
.name = SSL_TXT_ALL, |
||
214 |
.algorithm_enc = ~SSL_eNULL, |
||
215 |
}, |
||
216 |
|||
217 |
/* "COMPLEMENTOFALL" */ |
||
218 |
{ |
||
219 |
.name = SSL_TXT_CMPALL, |
||
220 |
.algorithm_enc = SSL_eNULL, |
||
221 |
}, |
||
222 |
|||
223 |
/* |
||
224 |
* "COMPLEMENTOFDEFAULT" |
||
225 |
* (does *not* include ciphersuites not found in ALL!) |
||
226 |
*/ |
||
227 |
{ |
||
228 |
.name = SSL_TXT_CMPDEF, |
||
229 |
.algorithm_mkey = SSL_kDHE|SSL_kECDHE, |
||
230 |
.algorithm_auth = SSL_aNULL, |
||
231 |
.algorithm_enc = ~SSL_eNULL, |
||
232 |
}, |
||
233 |
|||
234 |
/* |
||
235 |
* key exchange aliases |
||
236 |
* (some of those using only a single bit here combine multiple key |
||
237 |
* exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS |
||
238 |
* and DHE_RSA) |
||
239 |
*/ |
||
240 |
{ |
||
241 |
.name = SSL_TXT_kRSA, |
||
242 |
.algorithm_mkey = SSL_kRSA, |
||
243 |
}, |
||
244 |
{ |
||
245 |
.name = SSL_TXT_kEDH, |
||
246 |
.algorithm_mkey = SSL_kDHE, |
||
247 |
}, |
||
248 |
{ |
||
249 |
.name = SSL_TXT_DH, |
||
250 |
.algorithm_mkey = SSL_kDHE, |
||
251 |
}, |
||
252 |
{ |
||
253 |
.name = SSL_TXT_kEECDH, |
||
254 |
.algorithm_mkey = SSL_kECDHE, |
||
255 |
}, |
||
256 |
{ |
||
257 |
.name = SSL_TXT_ECDH, |
||
258 |
.algorithm_mkey = SSL_kECDHE, |
||
259 |
}, |
||
260 |
{ |
||
261 |
.name = SSL_TXT_kGOST, |
||
262 |
.algorithm_mkey = SSL_kGOST, |
||
263 |
}, |
||
264 |
|||
265 |
/* server authentication aliases */ |
||
266 |
{ |
||
267 |
.name = SSL_TXT_aRSA, |
||
268 |
.algorithm_auth = SSL_aRSA, |
||
269 |
}, |
||
270 |
{ |
||
271 |
.name = SSL_TXT_aDSS, |
||
272 |
.algorithm_auth = SSL_aDSS, |
||
273 |
}, |
||
274 |
{ |
||
275 |
.name = SSL_TXT_DSS, |
||
276 |
.algorithm_auth = SSL_aDSS, |
||
277 |
}, |
||
278 |
{ |
||
279 |
.name = SSL_TXT_aNULL, |
||
280 |
.algorithm_auth = SSL_aNULL, |
||
281 |
}, |
||
282 |
{ |
||
283 |
.name = SSL_TXT_aECDSA, |
||
284 |
.algorithm_auth = SSL_aECDSA, |
||
285 |
}, |
||
286 |
{ |
||
287 |
.name = SSL_TXT_ECDSA, |
||
288 |
.algorithm_auth = SSL_aECDSA, |
||
289 |
}, |
||
290 |
{ |
||
291 |
.name = SSL_TXT_aGOST01, |
||
292 |
.algorithm_auth = SSL_aGOST01, |
||
293 |
}, |
||
294 |
{ |
||
295 |
.name = SSL_TXT_aGOST, |
||
296 |
.algorithm_auth = SSL_aGOST01, |
||
297 |
}, |
||
298 |
|||
299 |
/* aliases combining key exchange and server authentication */ |
||
300 |
{ |
||
301 |
.name = SSL_TXT_DHE, |
||
302 |
.algorithm_mkey = SSL_kDHE, |
||
303 |
.algorithm_auth = ~SSL_aNULL, |
||
304 |
}, |
||
305 |
{ |
||
306 |
.name = SSL_TXT_EDH, |
||
307 |
.algorithm_mkey = SSL_kDHE, |
||
308 |
.algorithm_auth = ~SSL_aNULL, |
||
309 |
}, |
||
310 |
{ |
||
311 |
.name = SSL_TXT_ECDHE, |
||
312 |
.algorithm_mkey = SSL_kECDHE, |
||
313 |
.algorithm_auth = ~SSL_aNULL, |
||
314 |
}, |
||
315 |
{ |
||
316 |
.name = SSL_TXT_EECDH, |
||
317 |
.algorithm_mkey = SSL_kECDHE, |
||
318 |
.algorithm_auth = ~SSL_aNULL, |
||
319 |
}, |
||
320 |
{ |
||
321 |
.name = SSL_TXT_NULL, |
||
322 |
.algorithm_enc = SSL_eNULL, |
||
323 |
}, |
||
324 |
{ |
||
325 |
.name = SSL_TXT_RSA, |
||
326 |
.algorithm_mkey = SSL_kRSA, |
||
327 |
.algorithm_auth = SSL_aRSA, |
||
328 |
}, |
||
329 |
{ |
||
330 |
.name = SSL_TXT_ADH, |
||
331 |
.algorithm_mkey = SSL_kDHE, |
||
332 |
.algorithm_auth = SSL_aNULL, |
||
333 |
}, |
||
334 |
{ |
||
335 |
.name = SSL_TXT_AECDH, |
||
336 |
.algorithm_mkey = SSL_kECDHE, |
||
337 |
.algorithm_auth = SSL_aNULL, |
||
338 |
}, |
||
339 |
|||
340 |
/* symmetric encryption aliases */ |
||
341 |
{ |
||
342 |
.name = SSL_TXT_DES, |
||
343 |
.algorithm_enc = SSL_DES, |
||
344 |
}, |
||
345 |
{ |
||
346 |
.name = SSL_TXT_3DES, |
||
347 |
.algorithm_enc = SSL_3DES, |
||
348 |
}, |
||
349 |
{ |
||
350 |
.name = SSL_TXT_RC4, |
||
351 |
.algorithm_enc = SSL_RC4, |
||
352 |
}, |
||
353 |
{ |
||
354 |
.name = SSL_TXT_IDEA, |
||
355 |
.algorithm_enc = SSL_IDEA, |
||
356 |
}, |
||
357 |
{ |
||
358 |
.name = SSL_TXT_eNULL, |
||
359 |
.algorithm_enc = SSL_eNULL, |
||
360 |
}, |
||
361 |
{ |
||
362 |
.name = SSL_TXT_AES128, |
||
363 |
.algorithm_enc = SSL_AES128|SSL_AES128GCM, |
||
364 |
}, |
||
365 |
{ |
||
366 |
.name = SSL_TXT_AES256, |
||
367 |
.algorithm_enc = SSL_AES256|SSL_AES256GCM, |
||
368 |
}, |
||
369 |
{ |
||
370 |
.name = SSL_TXT_AES, |
||
371 |
.algorithm_enc = SSL_AES, |
||
372 |
}, |
||
373 |
{ |
||
374 |
.name = SSL_TXT_AES_GCM, |
||
375 |
.algorithm_enc = SSL_AES128GCM|SSL_AES256GCM, |
||
376 |
}, |
||
377 |
{ |
||
378 |
.name = SSL_TXT_CAMELLIA128, |
||
379 |
.algorithm_enc = SSL_CAMELLIA128, |
||
380 |
}, |
||
381 |
{ |
||
382 |
.name = SSL_TXT_CAMELLIA256, |
||
383 |
.algorithm_enc = SSL_CAMELLIA256, |
||
384 |
}, |
||
385 |
{ |
||
386 |
.name = SSL_TXT_CAMELLIA, |
||
387 |
.algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256, |
||
388 |
}, |
||
389 |
{ |
||
390 |
.name = SSL_TXT_CHACHA20, |
||
391 |
.algorithm_enc = SSL_CHACHA20POLY1305, |
||
392 |
}, |
||
393 |
|||
394 |
/* MAC aliases */ |
||
395 |
{ |
||
396 |
.name = SSL_TXT_AEAD, |
||
397 |
.algorithm_mac = SSL_AEAD, |
||
398 |
}, |
||
399 |
{ |
||
400 |
.name = SSL_TXT_MD5, |
||
401 |
.algorithm_mac = SSL_MD5, |
||
402 |
}, |
||
403 |
{ |
||
404 |
.name = SSL_TXT_SHA1, |
||
405 |
.algorithm_mac = SSL_SHA1, |
||
406 |
}, |
||
407 |
{ |
||
408 |
.name = SSL_TXT_SHA, |
||
409 |
.algorithm_mac = SSL_SHA1, |
||
410 |
}, |
||
411 |
{ |
||
412 |
.name = SSL_TXT_GOST94, |
||
413 |
.algorithm_mac = SSL_GOST94, |
||
414 |
}, |
||
415 |
{ |
||
416 |
.name = SSL_TXT_GOST89MAC, |
||
417 |
.algorithm_mac = SSL_GOST89MAC, |
||
418 |
}, |
||
419 |
{ |
||
420 |
.name = SSL_TXT_SHA256, |
||
421 |
.algorithm_mac = SSL_SHA256, |
||
422 |
}, |
||
423 |
{ |
||
424 |
.name = SSL_TXT_SHA384, |
||
425 |
.algorithm_mac = SSL_SHA384, |
||
426 |
}, |
||
427 |
{ |
||
428 |
.name = SSL_TXT_STREEBOG256, |
||
429 |
.algorithm_mac = SSL_STREEBOG256, |
||
430 |
}, |
||
431 |
|||
432 |
/* protocol version aliases */ |
||
433 |
{ |
||
434 |
.name = SSL_TXT_SSLV3, |
||
435 |
.algorithm_ssl = SSL_SSLV3, |
||
436 |
}, |
||
437 |
{ |
||
438 |
.name = SSL_TXT_TLSV1, |
||
439 |
.algorithm_ssl = SSL_TLSV1, |
||
440 |
}, |
||
441 |
{ |
||
442 |
.name = SSL_TXT_TLSV1_2, |
||
443 |
.algorithm_ssl = SSL_TLSV1_2, |
||
444 |
}, |
||
445 |
|||
446 |
/* strength classes */ |
||
447 |
{ |
||
448 |
.name = SSL_TXT_LOW, |
||
449 |
.algo_strength = SSL_LOW, |
||
450 |
}, |
||
451 |
{ |
||
452 |
.name = SSL_TXT_MEDIUM, |
||
453 |
.algo_strength = SSL_MEDIUM, |
||
454 |
}, |
||
455 |
{ |
||
456 |
.name = SSL_TXT_HIGH, |
||
457 |
.algo_strength = SSL_HIGH, |
||
458 |
}, |
||
459 |
}; |
||
460 |
|||
461 |
void |
||
462 |
ssl_load_ciphers(void) |
||
463 |
{ |
||
464 |
2965 |
ssl_cipher_methods[SSL_ENC_DES_IDX] = |
|
465 |
5930 |
EVP_get_cipherbyname(SN_des_cbc); |
|
466 |
2965 |
ssl_cipher_methods[SSL_ENC_3DES_IDX] = |
|
467 |
2965 |
EVP_get_cipherbyname(SN_des_ede3_cbc); |
|
468 |
2965 |
ssl_cipher_methods[SSL_ENC_RC4_IDX] = |
|
469 |
2965 |
EVP_get_cipherbyname(SN_rc4); |
|
470 |
2965 |
ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; |
|
471 |
2965 |
ssl_cipher_methods[SSL_ENC_AES128_IDX] = |
|
472 |
2965 |
EVP_get_cipherbyname(SN_aes_128_cbc); |
|
473 |
2965 |
ssl_cipher_methods[SSL_ENC_AES256_IDX] = |
|
474 |
2965 |
EVP_get_cipherbyname(SN_aes_256_cbc); |
|
475 |
2965 |
ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] = |
|
476 |
2965 |
EVP_get_cipherbyname(SN_camellia_128_cbc); |
|
477 |
2965 |
ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] = |
|
478 |
2965 |
EVP_get_cipherbyname(SN_camellia_256_cbc); |
|
479 |
2965 |
ssl_cipher_methods[SSL_ENC_GOST89_IDX] = |
|
480 |
2965 |
EVP_get_cipherbyname(SN_gost89_cnt); |
|
481 |
|||
482 |
2965 |
ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = |
|
483 |
2965 |
EVP_get_cipherbyname(SN_aes_128_gcm); |
|
484 |
2965 |
ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = |
|
485 |
2965 |
EVP_get_cipherbyname(SN_aes_256_gcm); |
|
486 |
|||
487 |
2965 |
ssl_digest_methods[SSL_MD_MD5_IDX] = |
|
488 |
2965 |
EVP_get_digestbyname(SN_md5); |
|
489 |
2965 |
ssl_mac_secret_size[SSL_MD_MD5_IDX] = |
|
490 |
2965 |
EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); |
|
491 |
✗✓ | 2965 |
OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); |
492 |
2965 |
ssl_digest_methods[SSL_MD_SHA1_IDX] = |
|
493 |
2965 |
EVP_get_digestbyname(SN_sha1); |
|
494 |
2965 |
ssl_mac_secret_size[SSL_MD_SHA1_IDX] = |
|
495 |
2965 |
EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); |
|
496 |
✗✓ | 2965 |
OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); |
497 |
2965 |
ssl_digest_methods[SSL_MD_GOST94_IDX] = |
|
498 |
2965 |
EVP_get_digestbyname(SN_id_GostR3411_94); |
|
499 |
✓✗ | 2965 |
if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { |
500 |
2965 |
ssl_mac_secret_size[SSL_MD_GOST94_IDX] = |
|
501 |
2965 |
EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); |
|
502 |
✗✓ | 2965 |
OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); |
503 |
} |
||
504 |
2965 |
ssl_digest_methods[SSL_MD_GOST89MAC_IDX] = |
|
505 |
2965 |
EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
|
506 |
✓✗ | 2965 |
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
507 |
2965 |
ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
|
508 |
2965 |
} |
|
509 |
|||
510 |
2965 |
ssl_digest_methods[SSL_MD_SHA256_IDX] = |
|
511 |
2965 |
EVP_get_digestbyname(SN_sha256); |
|
512 |
2965 |
ssl_mac_secret_size[SSL_MD_SHA256_IDX] = |
|
513 |
2965 |
EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); |
|
514 |
2965 |
ssl_digest_methods[SSL_MD_SHA384_IDX] = |
|
515 |
2965 |
EVP_get_digestbyname(SN_sha384); |
|
516 |
2965 |
ssl_mac_secret_size[SSL_MD_SHA384_IDX] = |
|
517 |
2965 |
EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
|
518 |
2965 |
ssl_digest_methods[SSL_MD_STREEBOG256_IDX] = |
|
519 |
2965 |
EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256); |
|
520 |
2965 |
ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] = |
|
521 |
2965 |
EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]); |
|
522 |
2965 |
} |
|
523 |
|||
524 |
int |
||
525 |
ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
||
526 |
const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size) |
||
527 |
{ |
||
528 |
const SSL_CIPHER *c; |
||
529 |
int i; |
||
530 |
|||
531 |
656 |
c = s->cipher; |
|
532 |
✗✓ | 328 |
if (c == NULL) |
533 |
return (0); |
||
534 |
|||
535 |
/* |
||
536 |
* This function does not handle EVP_AEAD. |
||
537 |
* See ssl_cipher_get_aead_evp instead. |
||
538 |
*/ |
||
539 |
✗✓ | 328 |
if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) |
540 |
return(0); |
||
541 |
|||
542 |
✗✓ | 328 |
if ((enc == NULL) || (md == NULL)) |
543 |
return (0); |
||
544 |
|||
545 |
✓✓✗✗ ✓✓✓✓ ✓✗✗✗ ✗ |
328 |
switch (c->algorithm_enc) { |
546 |
case SSL_DES: |
||
547 |
i = SSL_ENC_DES_IDX; |
||
548 |
8 |
break; |
|
549 |
case SSL_3DES: |
||
550 |
i = SSL_ENC_3DES_IDX; |
||
551 |
8 |
break; |
|
552 |
case SSL_RC4: |
||
553 |
i = SSL_ENC_RC4_IDX; |
||
554 |
break; |
||
555 |
case SSL_IDEA: |
||
556 |
i = SSL_ENC_IDEA_IDX; |
||
557 |
break; |
||
558 |
case SSL_eNULL: |
||
559 |
i = SSL_ENC_NULL_IDX; |
||
560 |
24 |
break; |
|
561 |
case SSL_AES128: |
||
562 |
i = SSL_ENC_AES128_IDX; |
||
563 |
32 |
break; |
|
564 |
case SSL_AES256: |
||
565 |
i = SSL_ENC_AES256_IDX; |
||
566 |
208 |
break; |
|
567 |
case SSL_CAMELLIA128: |
||
568 |
i = SSL_ENC_CAMELLIA128_IDX; |
||
569 |
24 |
break; |
|
570 |
case SSL_CAMELLIA256: |
||
571 |
i = SSL_ENC_CAMELLIA256_IDX; |
||
572 |
24 |
break; |
|
573 |
case SSL_eGOST2814789CNT: |
||
574 |
i = SSL_ENC_GOST89_IDX; |
||
575 |
break; |
||
576 |
case SSL_AES128GCM: |
||
577 |
i = SSL_ENC_AES128GCM_IDX; |
||
578 |
break; |
||
579 |
case SSL_AES256GCM: |
||
580 |
i = SSL_ENC_AES256GCM_IDX; |
||
581 |
break; |
||
582 |
default: |
||
583 |
i = -1; |
||
584 |
break; |
||
585 |
} |
||
586 |
|||
587 |
✗✓ | 328 |
if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) |
588 |
*enc = NULL; |
||
589 |
else { |
||
590 |
✓✓ | 328 |
if (i == SSL_ENC_NULL_IDX) |
591 |
24 |
*enc = EVP_enc_null(); |
|
592 |
else |
||
593 |
304 |
*enc = ssl_cipher_methods[i]; |
|
594 |
} |
||
595 |
|||
596 |
✓✓✓✓ ✗✗✗✗ |
328 |
switch (c->algorithm_mac) { |
597 |
case SSL_MD5: |
||
598 |
i = SSL_MD_MD5_IDX; |
||
599 |
8 |
break; |
|
600 |
case SSL_SHA1: |
||
601 |
i = SSL_MD_SHA1_IDX; |
||
602 |
232 |
break; |
|
603 |
case SSL_SHA256: |
||
604 |
i = SSL_MD_SHA256_IDX; |
||
605 |
80 |
break; |
|
606 |
case SSL_SHA384: |
||
607 |
i = SSL_MD_SHA384_IDX; |
||
608 |
8 |
break; |
|
609 |
case SSL_GOST94: |
||
610 |
i = SSL_MD_GOST94_IDX; |
||
611 |
break; |
||
612 |
case SSL_GOST89MAC: |
||
613 |
i = SSL_MD_GOST89MAC_IDX; |
||
614 |
break; |
||
615 |
case SSL_STREEBOG256: |
||
616 |
i = SSL_MD_STREEBOG256_IDX; |
||
617 |
break; |
||
618 |
default: |
||
619 |
i = -1; |
||
620 |
break; |
||
621 |
} |
||
622 |
✗✓ | 328 |
if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { |
623 |
*md = NULL; |
||
624 |
|||
625 |
if (mac_pkey_type != NULL) |
||
626 |
*mac_pkey_type = NID_undef; |
||
627 |
if (mac_secret_size != NULL) |
||
628 |
*mac_secret_size = 0; |
||
629 |
if (c->algorithm_mac == SSL_AEAD) |
||
630 |
mac_pkey_type = NULL; |
||
631 |
} else { |
||
632 |
328 |
*md = ssl_digest_methods[i]; |
|
633 |
✓✗ | 328 |
if (mac_pkey_type != NULL) |
634 |
328 |
*mac_pkey_type = ssl_mac_pkey_id[i]; |
|
635 |
✓✗ | 328 |
if (mac_secret_size != NULL) |
636 |
328 |
*mac_secret_size = ssl_mac_secret_size[i]; |
|
637 |
} |
||
638 |
|||
639 |
✓✗✓✗ |
656 |
if ((*enc != NULL) && |
640 |
✗✓✗✗ |
328 |
(*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && |
641 |
✓✗ | 656 |
(!mac_pkey_type || *mac_pkey_type != NID_undef)) { |
642 |
const EVP_CIPHER *evp; |
||
643 |
|||
644 |
✓✓✗✓ |
560 |
if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || |
645 |
232 |
s->ssl_version < TLS1_VERSION) |
|
646 |
96 |
return 1; |
|
647 |
|||
648 |
✗✓✗✗ |
232 |
if (c->algorithm_enc == SSL_RC4 && |
649 |
c->algorithm_mac == SSL_MD5 && |
||
650 |
(evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) |
||
651 |
*enc = evp, *md = NULL; |
||
652 |
✓✓✗✗ |
232 |
else if (c->algorithm_enc == SSL_AES128 && |
653 |
✗✓ | 24 |
c->algorithm_mac == SSL_SHA1 && |
654 |
(evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) |
||
655 |
*enc = evp, *md = NULL; |
||
656 |
✓✓✓✗ |
376 |
else if (c->algorithm_enc == SSL_AES256 && |
657 |
✓✓ | 168 |
c->algorithm_mac == SSL_SHA1 && |
658 |
144 |
(evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) |
|
659 |
144 |
*enc = evp, *md = NULL; |
|
660 |
232 |
return (1); |
|
661 |
} else |
||
662 |
return (0); |
||
663 |
328 |
} |
|
664 |
|||
665 |
/* |
||
666 |
* ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object |
||
667 |
* for s->cipher. It returns 1 on success and 0 on error. |
||
668 |
*/ |
||
669 |
int |
||
670 |
ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) |
||
671 |
{ |
||
672 |
16210 |
const SSL_CIPHER *c = s->cipher; |
|
673 |
|||
674 |
8105 |
*aead = NULL; |
|
675 |
|||
676 |
✗✓ | 8105 |
if (c == NULL) |
677 |
return 0; |
||
678 |
✗✓ | 8105 |
if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0) |
679 |
return 0; |
||
680 |
|||
681 |
✓✓✓✗ |
8105 |
switch (c->algorithm_enc) { |
682 |
#ifndef OPENSSL_NO_AES |
||
683 |
case SSL_AES128GCM: |
||
684 |
24 |
*aead = EVP_aead_aes_128_gcm(); |
|
685 |
24 |
return 1; |
|
686 |
case SSL_AES256GCM: |
||
687 |
8065 |
*aead = EVP_aead_aes_256_gcm(); |
|
688 |
8065 |
return 1; |
|
689 |
#endif |
||
690 |
case SSL_CHACHA20POLY1305: |
||
691 |
16 |
*aead = EVP_aead_chacha20_poly1305(); |
|
692 |
16 |
return 1; |
|
693 |
default: |
||
694 |
break; |
||
695 |
} |
||
696 |
return 0; |
||
697 |
8105 |
} |
|
698 |
|||
699 |
int |
||
700 |
ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) |
||
701 |
{ |
||
702 |
88216 |
*md = NULL; |
|
703 |
|||
704 |
✓✓✓✓ ✓✗ |
44108 |
switch (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_MASK) { |
705 |
case SSL_HANDSHAKE_MAC_DEFAULT: |
||
706 |
1476 |
*md = EVP_md5_sha1(); |
|
707 |
1476 |
return 1; |
|
708 |
case SSL_HANDSHAKE_MAC_GOST94: |
||
709 |
128 |
*md = EVP_gostr341194(); |
|
710 |
128 |
return 1; |
|
711 |
case SSL_HANDSHAKE_MAC_SHA256: |
||
712 |
848 |
*md = EVP_sha256(); |
|
713 |
848 |
return 1; |
|
714 |
case SSL_HANDSHAKE_MAC_SHA384: |
||
715 |
41528 |
*md = EVP_sha384(); |
|
716 |
41528 |
return 1; |
|
717 |
case SSL_HANDSHAKE_MAC_STREEBOG256: |
||
718 |
128 |
*md = EVP_streebog256(); |
|
719 |
128 |
return 1; |
|
720 |
default: |
||
721 |
break; |
||
722 |
} |
||
723 |
|||
724 |
return 0; |
||
725 |
44108 |
} |
|
726 |
|||
727 |
#define ITEM_SEP(a) \ |
||
728 |
(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |
||
729 |
|||
730 |
static void |
||
731 |
ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
||
732 |
CIPHER_ORDER **tail) |
||
733 |
{ |
||
734 |
✓✓ | 646986 |
if (curr == *tail) |
735 |
return; |
||
736 |
✓✓ | 323296 |
if (curr == *head) |
737 |
127652 |
*head = curr->next; |
|
738 |
✓✓ | 323296 |
if (curr->prev != NULL) |
739 |
195644 |
curr->prev->next = curr->next; |
|
740 |
✓✗ | 323296 |
if (curr->next != NULL) |
741 |
323296 |
curr->next->prev = curr->prev; |
|
742 |
323296 |
(*tail)->next = curr; |
|
743 |
323296 |
curr->prev= *tail; |
|
744 |
323296 |
curr->next = NULL; |
|
745 |
323296 |
*tail = curr; |
|
746 |
646789 |
} |
|
747 |
|||
748 |
static void |
||
749 |
ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
||
750 |
CIPHER_ORDER **tail) |
||
751 |
{ |
||
752 |
✓✗ | 241426 |
if (curr == *head) |
753 |
return; |
||
754 |
✓✗ | 120713 |
if (curr == *tail) |
755 |
120713 |
*tail = curr->prev; |
|
756 |
✗✓ | 120713 |
if (curr->next != NULL) |
757 |
curr->next->prev = curr->prev; |
||
758 |
✓✗ | 120713 |
if (curr->prev != NULL) |
759 |
120713 |
curr->prev->next = curr->next; |
|
760 |
120713 |
(*head)->prev = curr; |
|
761 |
120713 |
curr->next= *head; |
|
762 |
120713 |
curr->prev = NULL; |
|
763 |
120713 |
*head = curr; |
|
764 |
241426 |
} |
|
765 |
|||
766 |
static void |
||
767 |
ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, |
||
768 |
unsigned long *enc, unsigned long *mac, unsigned long *ssl) |
||
769 |
{ |
||
770 |
2524 |
*mkey = 0; |
|
771 |
1262 |
*auth = 0; |
|
772 |
1262 |
*enc = 0; |
|
773 |
1262 |
*mac = 0; |
|
774 |
1262 |
*ssl = 0; |
|
775 |
|||
776 |
/* |
||
777 |
* Check for the availability of GOST 34.10 public/private key |
||
778 |
* algorithms. If they are not available disable the associated |
||
779 |
* authentication and key exchange algorithms. |
||
780 |
*/ |
||
781 |
✗✓ | 1262 |
if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { |
782 |
*auth |= SSL_aGOST01; |
||
783 |
*mkey |= SSL_kGOST; |
||
784 |
} |
||
785 |
|||
786 |
#ifdef SSL_FORBID_ENULL |
||
787 |
*enc |= SSL_eNULL; |
||
788 |
#endif |
||
789 |
|||
790 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; |
|
791 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; |
|
792 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
|
793 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; |
|
794 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
|
795 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
|
796 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; |
|
797 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; |
|
798 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; |
|
799 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; |
|
800 |
1262 |
*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; |
|
801 |
|||
802 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; |
|
803 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; |
|
804 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; |
|
805 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; |
|
806 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; |
|
807 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0; |
|
808 |
1262 |
*mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0; |
|
809 |
1262 |
} |
|
810 |
|||
811 |
static void |
||
812 |
ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, |
||
813 |
unsigned long disabled_mkey, unsigned long disabled_auth, |
||
814 |
unsigned long disabled_enc, unsigned long disabled_mac, |
||
815 |
unsigned long disabled_ssl, CIPHER_ORDER *co_list, |
||
816 |
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
||
817 |
{ |
||
818 |
int i, co_list_num; |
||
819 |
const SSL_CIPHER *c; |
||
820 |
|||
821 |
/* |
||
822 |
* We have num_of_ciphers descriptions compiled in, depending on the |
||
823 |
* method selected (SSLv3, TLSv1, etc). These will later be sorted in |
||
824 |
* a linked list with at most num entries. |
||
825 |
*/ |
||
826 |
|||
827 |
/* Get the initial list of ciphers */ |
||
828 |
co_list_num = 0; /* actual count of ciphers */ |
||
829 |
✓✓ | 185514 |
for (i = 0; i < num_of_ciphers; i++) { |
830 |
90864 |
c = ssl_method->get_cipher(i); |
|
831 |
/* drop those that use any of that is not available */ |
||
832 |
✓✓✓✗ ✓✗ |
270324 |
if ((c != NULL) && c->valid && |
833 |
✓✗ | 89730 |
!(c->algorithm_mkey & disabled_mkey) && |
834 |
✓✗ | 89730 |
!(c->algorithm_auth & disabled_auth) && |
835 |
✓✗ | 89730 |
!(c->algorithm_enc & disabled_enc) && |
836 |
✓✗ | 89730 |
!(c->algorithm_mac & disabled_mac) && |
837 |
89730 |
!(c->algorithm_ssl & disabled_ssl)) { |
|
838 |
89730 |
co_list[co_list_num].cipher = c; |
|
839 |
89730 |
co_list[co_list_num].next = NULL; |
|
840 |
89730 |
co_list[co_list_num].prev = NULL; |
|
841 |
89730 |
co_list[co_list_num].active = 0; |
|
842 |
89730 |
co_list_num++; |
|
843 |
/* |
||
844 |
if (!sk_push(ca_list,(char *)c)) goto err; |
||
845 |
*/ |
||
846 |
89730 |
} |
|
847 |
} |
||
848 |
|||
849 |
/* |
||
850 |
* Prepare linked list from list entries |
||
851 |
*/ |
||
852 |
✓✗ | 1262 |
if (co_list_num > 0) { |
853 |
1262 |
co_list[0].prev = NULL; |
|
854 |
|||
855 |
✓✗ | 1262 |
if (co_list_num > 1) { |
856 |
1262 |
co_list[0].next = &co_list[1]; |
|
857 |
|||
858 |
✓✓ | 176936 |
for (i = 1; i < co_list_num - 1; i++) { |
859 |
87206 |
co_list[i].prev = &co_list[i - 1]; |
|
860 |
87206 |
co_list[i].next = &co_list[i + 1]; |
|
861 |
} |
||
862 |
|||
863 |
1262 |
co_list[co_list_num - 1].prev = |
|
864 |
1262 |
&co_list[co_list_num - 2]; |
|
865 |
1262 |
} |
|
866 |
|||
867 |
1262 |
co_list[co_list_num - 1].next = NULL; |
|
868 |
|||
869 |
1262 |
*head_p = &co_list[0]; |
|
870 |
1262 |
*tail_p = &co_list[co_list_num - 1]; |
|
871 |
1262 |
} |
|
872 |
1262 |
} |
|
873 |
|||
874 |
static void |
||
875 |
ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, |
||
876 |
unsigned long disabled_mkey, unsigned long disabled_auth, |
||
877 |
unsigned long disabled_enc, unsigned long disabled_mac, |
||
878 |
unsigned long disabled_ssl, CIPHER_ORDER *head) |
||
879 |
{ |
||
880 |
CIPHER_ORDER *ciph_curr; |
||
881 |
const SSL_CIPHER **ca_curr; |
||
882 |
int i; |
||
883 |
2524 |
unsigned long mask_mkey = ~disabled_mkey; |
|
884 |
1262 |
unsigned long mask_auth = ~disabled_auth; |
|
885 |
1262 |
unsigned long mask_enc = ~disabled_enc; |
|
886 |
1262 |
unsigned long mask_mac = ~disabled_mac; |
|
887 |
1262 |
unsigned long mask_ssl = ~disabled_ssl; |
|
888 |
|||
889 |
/* |
||
890 |
* First, add the real ciphers as already collected |
||
891 |
*/ |
||
892 |
ciph_curr = head; |
||
893 |
ca_curr = ca_list; |
||
894 |
✓✓ | 181984 |
while (ciph_curr != NULL) { |
895 |
89730 |
*ca_curr = ciph_curr->cipher; |
|
896 |
89730 |
ca_curr++; |
|
897 |
89730 |
ciph_curr = ciph_curr->next; |
|
898 |
} |
||
899 |
|||
900 |
/* |
||
901 |
* Now we add the available ones from the cipher_aliases[] table. |
||
902 |
* They represent either one or more algorithms, some of which |
||
903 |
* in any affected category must be supported (set in enabled_mask), |
||
904 |
* or represent a cipher strength value (will be added in any case because algorithms=0). |
||
905 |
*/ |
||
906 |
✓✓ | 136296 |
for (i = 0; i < num_of_group_aliases; i++) { |
907 |
66886 |
unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; |
|
908 |
66886 |
unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; |
|
909 |
66886 |
unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; |
|
910 |
66886 |
unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; |
|
911 |
66886 |
unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; |
|
912 |
|||
913 |
✓✓ | 66886 |
if (algorithm_mkey) |
914 |
✗✓ | 17668 |
if ((algorithm_mkey & mask_mkey) == 0) |
915 |
continue; |
||
916 |
|||
917 |
✓✓ | 66886 |
if (algorithm_auth) |
918 |
✗✓ | 20192 |
if ((algorithm_auth & mask_auth) == 0) |
919 |
continue; |
||
920 |
|||
921 |
✓✓ | 66886 |
if (algorithm_enc) |
922 |
✓✓ | 21454 |
if ((algorithm_enc & mask_enc) == 0) |
923 |
1262 |
continue; |
|
924 |
|||
925 |
✓✓ | 65624 |
if (algorithm_mac) |
926 |
✗✓ | 11358 |
if ((algorithm_mac & mask_mac) == 0) |
927 |
continue; |
||
928 |
|||
929 |
✓✓ | 65624 |
if (algorithm_ssl) |
930 |
✗✓ | 3786 |
if ((algorithm_ssl & mask_ssl) == 0) |
931 |
continue; |
||
932 |
|||
933 |
65624 |
*ca_curr = (SSL_CIPHER *)(cipher_aliases + i); |
|
934 |
65624 |
ca_curr++; |
|
935 |
65624 |
} |
|
936 |
|||
937 |
1262 |
*ca_curr = NULL; /* end of list */ |
|
938 |
1262 |
} |
|
939 |
|||
940 |
static void |
||
941 |
ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey, |
||
942 |
unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac, |
||
943 |
unsigned long alg_ssl, unsigned long algo_strength, |
||
944 |
int rule, int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
||
945 |
{ |
||
946 |
51392 |
CIPHER_ORDER *head, *tail, *curr, *next, *last; |
|
947 |
const SSL_CIPHER *cp; |
||
948 |
int reverse = 0; |
||
949 |
|||
950 |
|||
951 |
25696 |
if (rule == CIPHER_DEL) |
|
952 |
reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ |
||
953 |
|||
954 |
25696 |
head = *head_p; |
|
955 |
25696 |
tail = *tail_p; |
|
956 |
|||
957 |
✓✓ | 25696 |
if (reverse) { |
958 |
next = tail; |
||
959 |
2524 |
last = head; |
|
960 |
2524 |
} else { |
|
961 |
23172 |
next = head; |
|
962 |
last = tail; |
||
963 |
} |
||
964 |
|||
965 |
curr = NULL; |
||
966 |
25696 |
for (;;) { |
|
967 |
✓✓ | 1830702 |
if (curr == last) |
968 |
break; |
||
969 |
curr = next; |
||
970 |
1805006 |
next = reverse ? curr->prev : curr->next; |
|
971 |
|||
972 |
1805006 |
cp = curr->cipher; |
|
973 |
|||
974 |
/* |
||
975 |
* Selection criteria is either the value of strength_bits |
||
976 |
* or the algorithms used. |
||
977 |
*/ |
||
978 |
✓✓ | 1805006 |
if (strength_bits >= 0) { |
979 |
✓✓ | 448650 |
if (strength_bits != cp->strength_bits) |
980 |
continue; |
||
981 |
} else { |
||
982 |
|||
983 |
✓✓✓✓ |
1877946 |
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) |
984 |
continue; |
||
985 |
✓✓✓✓ |
1235520 |
if (alg_auth && !(alg_auth & cp->algorithm_auth)) |
986 |
continue; |
||
987 |
✓✓✓✓ |
1284832 |
if (alg_enc && !(alg_enc & cp->algorithm_enc)) |
988 |
continue; |
||
989 |
✓✓✓✓ |
627552 |
if (alg_mac && !(alg_mac & cp->algorithm_mac)) |
990 |
continue; |
||
991 |
✓✓✓✓ |
432928 |
if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) |
992 |
continue; |
||
993 |
✓✓✓✓ |
442156 |
if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) |
994 |
continue; |
||
995 |
} |
||
996 |
|||
997 |
|||
998 |
/* add the cipher if it has not been added yet. */ |
||
999 |
✓✓ | 518774 |
if (rule == CIPHER_ADD) { |
1000 |
/* reverse == 0 */ |
||
1001 |
✓✓ | 231017 |
if (!curr->active) { |
1002 |
180503 |
ll_append_tail(&head, curr, &tail); |
|
1003 |
180503 |
curr->active = 1; |
|
1004 |
180503 |
} |
|
1005 |
} |
||
1006 |
/* Move the added cipher to this location */ |
||
1007 |
✓✓ | 287757 |
else if (rule == CIPHER_ORD) { |
1008 |
/* reverse == 0 */ |
||
1009 |
✗✓ | 142990 |
if (curr->active) { |
1010 |
142990 |
ll_append_tail(&head, curr, &tail); |
|
1011 |
142990 |
} |
|
1012 |
✓✓ | 144767 |
} else if (rule == CIPHER_DEL) { |
1013 |
/* reverse == 1 */ |
||
1014 |
✗✓ | 120713 |
if (curr->active) { |
1015 |
/* most recently deleted ciphersuites get best positions |
||
1016 |
* for any future CIPHER_ADD (note that the CIPHER_DEL loop |
||
1017 |
* works in reverse to maintain the order) */ |
||
1018 |
120713 |
ll_append_head(&head, curr, &tail); |
|
1019 |
120713 |
curr->active = 0; |
|
1020 |
120713 |
} |
|
1021 |
✗✓ | 24054 |
} else if (rule == CIPHER_KILL) { |
1022 |
/* reverse == 0 */ |
||
1023 |
✓✓ | 24054 |
if (head == curr) |
1024 |
6284 |
head = curr->next; |
|
1025 |
else |
||
1026 |
17770 |
curr->prev->next = curr->next; |
|
1027 |
✗✓ | 24054 |
if (tail == curr) |
1028 |
tail = curr->prev; |
||
1029 |
24054 |
curr->active = 0; |
|
1030 |
✓✗ | 24054 |
if (curr->next != NULL) |
1031 |
24054 |
curr->next->prev = curr->prev; |
|
1032 |
✓✓ | 24054 |
if (curr->prev != NULL) |
1033 |
17770 |
curr->prev->next = curr->next; |
|
1034 |
24054 |
curr->next = NULL; |
|
1035 |
24054 |
curr->prev = NULL; |
|
1036 |
24054 |
} |
|
1037 |
} |
||
1038 |
|||
1039 |
25696 |
*head_p = head; |
|
1040 |
25696 |
*tail_p = tail; |
|
1041 |
25696 |
} |
|
1042 |
|||
1043 |
static int |
||
1044 |
ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
||
1045 |
{ |
||
1046 |
int max_strength_bits, i, *number_uses; |
||
1047 |
CIPHER_ORDER *curr; |
||
1048 |
|||
1049 |
/* |
||
1050 |
* This routine sorts the ciphers with descending strength. The sorting |
||
1051 |
* must keep the pre-sorted sequence, so we apply the normal sorting |
||
1052 |
* routine as '+' movement to the end of the list. |
||
1053 |
*/ |
||
1054 |
max_strength_bits = 0; |
||
1055 |
2524 |
curr = *head_p; |
|
1056 |
✓✓ | 181984 |
while (curr != NULL) { |
1057 |
✓✗✓✓ |
179460 |
if (curr->active && |
1058 |
89730 |
(curr->cipher->strength_bits > max_strength_bits)) |
|
1059 |
1262 |
max_strength_bits = curr->cipher->strength_bits; |
|
1060 |
89730 |
curr = curr->next; |
|
1061 |
} |
||
1062 |
|||
1063 |
1262 |
number_uses = calloc((max_strength_bits + 1), sizeof(int)); |
|
1064 |
✗✓ | 1262 |
if (!number_uses) { |
1065 |
SSLerrorx(ERR_R_MALLOC_FAILURE); |
||
1066 |
return (0); |
||
1067 |
} |
||
1068 |
|||
1069 |
/* |
||
1070 |
* Now find the strength_bits values actually used |
||
1071 |
*/ |
||
1072 |
1262 |
curr = *head_p; |
|
1073 |
✓✓ | 181984 |
while (curr != NULL) { |
1074 |
✓✗ | 89730 |
if (curr->active) |
1075 |
89730 |
number_uses[curr->cipher->strength_bits]++; |
|
1076 |
89730 |
curr = curr->next; |
|
1077 |
} |
||
1078 |
/* |
||
1079 |
* Go through the list of used strength_bits values in descending |
||
1080 |
* order. |
||
1081 |
*/ |
||
1082 |
✓✓ | 651192 |
for (i = max_strength_bits; i >= 0; i--) |
1083 |
✓✓ | 324334 |
if (number_uses[i] > 0) |
1084 |
6310 |
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); |
|
1085 |
|||
1086 |
1262 |
free(number_uses); |
|
1087 |
1262 |
return (1); |
|
1088 |
1262 |
} |
|
1089 |
|||
1090 |
static int |
||
1091 |
ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, |
||
1092 |
CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list) |
||
1093 |
{ |
||
1094 |
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; |
||
1095 |
unsigned long algo_strength; |
||
1096 |
int j, multi, found, rule, retval, ok, buflen; |
||
1097 |
unsigned long cipher_id = 0; |
||
1098 |
const char *l, *buf; |
||
1099 |
char ch; |
||
1100 |
|||
1101 |
retval = 1; |
||
1102 |
l = rule_str; |
||
1103 |
2524 |
for (;;) { |
|
1104 |
16438 |
ch = *l; |
|
1105 |
|||
1106 |
✓✗ | 16438 |
if (ch == '\0') |
1107 |
break; |
||
1108 |
|||
1109 |
✗✓ | 16438 |
if (ch == '-') { |
1110 |
rule = CIPHER_DEL; |
||
1111 |
l++; |
||
1112 |
✗✓ | 16438 |
} else if (ch == '+') { |
1113 |
rule = CIPHER_ORD; |
||
1114 |
l++; |
||
1115 |
✓✓ | 16438 |
} else if (ch == '!') { |
1116 |
rule = CIPHER_KILL; |
||
1117 |
3876 |
l++; |
|
1118 |
✗✓ | 16438 |
} else if (ch == '@') { |
1119 |
rule = CIPHER_SPECIAL; |
||
1120 |
l++; |
||
1121 |
} else { |
||
1122 |
rule = CIPHER_ADD; |
||
1123 |
} |
||
1124 |
|||
1125 |
✓✓✓✗ ✓✗✗✓ |
42988 |
if (ITEM_SEP(ch)) { |
1126 |
7588 |
l++; |
|
1127 |
7588 |
continue; |
|
1128 |
} |
||
1129 |
|||
1130 |
alg_mkey = 0; |
||
1131 |
alg_auth = 0; |
||
1132 |
alg_enc = 0; |
||
1133 |
alg_mac = 0; |
||
1134 |
alg_ssl = 0; |
||
1135 |
algo_strength = 0; |
||
1136 |
|||
1137 |
8850 |
for (;;) { |
|
1138 |
9266 |
ch = *l; |
|
1139 |
buf = l; |
||
1140 |
buflen = 0; |
||
1141 |
✓✓✓✓ ✓✓ |
305662 |
while (((ch >= 'A') && (ch <= 'Z')) || |
1142 |
✓✓✓✓ |
69902 |
((ch >= '0') && (ch <= '9')) || |
1143 |
✓✓✗✓ |
26794 |
((ch >= 'a') && (ch <= 'z')) || |
1144 |
✓✓ | 29828 |
(ch == '-') || (ch == '.')) { |
1145 |
102200 |
ch = *(++l); |
|
1146 |
102200 |
buflen++; |
|
1147 |
} |
||
1148 |
|||
1149 |
✗✓ | 9266 |
if (buflen == 0) { |
1150 |
/* |
||
1151 |
* We hit something we cannot deal with, |
||
1152 |
* it is no command or separator nor |
||
1153 |
* alphanumeric, so we call this an error. |
||
1154 |
*/ |
||
1155 |
SSLerrorx(SSL_R_INVALID_COMMAND); |
||
1156 |
retval = found = 0; |
||
1157 |
l++; |
||
1158 |
break; |
||
1159 |
} |
||
1160 |
|||
1161 |
✗✓ | 9266 |
if (rule == CIPHER_SPECIAL) { |
1162 |
/* unused -- avoid compiler warning */ |
||
1163 |
found = 0; |
||
1164 |
/* special treatment */ |
||
1165 |
break; |
||
1166 |
} |
||
1167 |
|||
1168 |
/* check for multi-part specification */ |
||
1169 |
✓✓ | 9266 |
if (ch == '+') { |
1170 |
multi = 1; |
||
1171 |
416 |
l++; |
|
1172 |
416 |
} else |
|
1173 |
multi = 0; |
||
1174 |
|||
1175 |
/* |
||
1176 |
* Now search for the cipher alias in the ca_list. |
||
1177 |
* Be careful with the strncmp, because the "buflen" |
||
1178 |
* limitation will make the rule "ADH:SOME" and the |
||
1179 |
* cipher "ADH-MY-CIPHER" look like a match for |
||
1180 |
* buflen=3. So additionally check whether the cipher |
||
1181 |
* name found has the correct length. We can save a |
||
1182 |
* strlen() call: just checking for the '\0' at the |
||
1183 |
* right place is sufficient, we have to strncmp() |
||
1184 |
* anyway (we cannot use strcmp(), because buf is not |
||
1185 |
* '\0' terminated.) |
||
1186 |
*/ |
||
1187 |
j = found = 0; |
||
1188 |
cipher_id = 0; |
||
1189 |
✓✓ | 1422216 |
while (ca_list[j]) { |
1190 |
✓✓✓✓ |
721068 |
if (!strncmp(buf, ca_list[j]->name, buflen) && |
1191 |
12044 |
(ca_list[j]->name[buflen] == '\0')) { |
|
1192 |
found = 1; |
||
1193 |
7182 |
break; |
|
1194 |
} else |
||
1195 |
701842 |
j++; |
|
1196 |
} |
||
1197 |
|||
1198 |
✓✓ | 9266 |
if (!found) |
1199 |
break; /* ignore this entry */ |
||
1200 |
|||
1201 |
✓✓ | 7182 |
if (ca_list[j]->algorithm_mkey) { |
1202 |
✗✓ | 3512 |
if (alg_mkey) { |
1203 |
alg_mkey &= ca_list[j]->algorithm_mkey; |
||
1204 |
if (!alg_mkey) { |
||
1205 |
found = 0; |
||
1206 |
break; |
||
1207 |
} |
||
1208 |
} else |
||
1209 |
alg_mkey = ca_list[j]->algorithm_mkey; |
||
1210 |
} |
||
1211 |
|||
1212 |
✓✓ | 7182 |
if (ca_list[j]->algorithm_auth) { |
1213 |
✗✓ | 4352 |
if (alg_auth) { |
1214 |
alg_auth &= ca_list[j]->algorithm_auth; |
||
1215 |
if (!alg_auth) { |
||
1216 |
found = 0; |
||
1217 |
break; |
||
1218 |
} |
||
1219 |
} else |
||
1220 |
alg_auth = ca_list[j]->algorithm_auth; |
||
1221 |
} |
||
1222 |
|||
1223 |
✓✓ | 7182 |
if (ca_list[j]->algorithm_enc) { |
1224 |
✗✓ | 5430 |
if (alg_enc) { |
1225 |
alg_enc &= ca_list[j]->algorithm_enc; |
||
1226 |
if (!alg_enc) { |
||
1227 |
found = 0; |
||
1228 |
break; |
||
1229 |
} |
||
1230 |
} else |
||
1231 |
alg_enc = ca_list[j]->algorithm_enc; |
||
1232 |
} |
||
1233 |
|||
1234 |
✓✓ | 7182 |
if (ca_list[j]->algorithm_mac) { |
1235 |
✗✓ | 3488 |
if (alg_mac) { |
1236 |
alg_mac &= ca_list[j]->algorithm_mac; |
||
1237 |
if (!alg_mac) { |
||
1238 |
found = 0; |
||
1239 |
break; |
||
1240 |
} |
||
1241 |
} else |
||
1242 |
alg_mac = ca_list[j]->algorithm_mac; |
||
1243 |
} |
||
1244 |
|||
1245 |
✓✓ | 7182 |
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
1246 |
✗✓ | 3336 |
if (algo_strength & SSL_STRONG_MASK) { |
1247 |
algo_strength &= |
||
1248 |
(ca_list[j]->algo_strength & |
||
1249 |
SSL_STRONG_MASK) | ~SSL_STRONG_MASK; |
||
1250 |
if (!(algo_strength & |
||
1251 |
SSL_STRONG_MASK)) { |
||
1252 |
found = 0; |
||
1253 |
break; |
||
1254 |
} |
||
1255 |
} else |
||
1256 |
3336 |
algo_strength |= |
|
1257 |
ca_list[j]->algo_strength & |
||
1258 |
SSL_STRONG_MASK; |
||
1259 |
} |
||
1260 |
|||
1261 |
✓✓ | 7182 |
if (ca_list[j]->valid) { |
1262 |
/* |
||
1263 |
* explicit ciphersuite found; its protocol |
||
1264 |
* version does not become part of the search |
||
1265 |
* pattern! |
||
1266 |
*/ |
||
1267 |
3232 |
cipher_id = ca_list[j]->id; |
|
1268 |
3232 |
} else { |
|
1269 |
/* |
||
1270 |
* not an explicit ciphersuite; only in this |
||
1271 |
* case, the protocol version is considered |
||
1272 |
* part of the search pattern |
||
1273 |
*/ |
||
1274 |
✓✓ | 3950 |
if (ca_list[j]->algorithm_ssl) { |
1275 |
✗✓ | 164 |
if (alg_ssl) { |
1276 |
alg_ssl &= |
||
1277 |
ca_list[j]->algorithm_ssl; |
||
1278 |
if (!alg_ssl) { |
||
1279 |
found = 0; |
||
1280 |
break; |
||
1281 |
} |
||
1282 |
} else |
||
1283 |
alg_ssl = |
||
1284 |
ca_list[j]->algorithm_ssl; |
||
1285 |
} |
||
1286 |
} |
||
1287 |
|||
1288 |
✓✓ | 7182 |
if (!multi) |
1289 |
break; |
||
1290 |
} |
||
1291 |
|||
1292 |
/* |
||
1293 |
* Ok, we have the rule, now apply it |
||
1294 |
*/ |
||
1295 |
✗✓ | 8850 |
if (rule == CIPHER_SPECIAL) { |
1296 |
/* special command */ |
||
1297 |
ok = 0; |
||
1298 |
if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) |
||
1299 |
ok = ssl_cipher_strength_sort(head_p, tail_p); |
||
1300 |
else |
||
1301 |
SSLerrorx(SSL_R_INVALID_COMMAND); |
||
1302 |
if (ok == 0) |
||
1303 |
retval = 0; |
||
1304 |
/* |
||
1305 |
* We do not support any "multi" options |
||
1306 |
* together with "@", so throw away the |
||
1307 |
* rest of the command, if any left, until |
||
1308 |
* end or ':' is found. |
||
1309 |
*/ |
||
1310 |
while ((*l != '\0') && !ITEM_SEP(*l)) |
||
1311 |
l++; |
||
1312 |
✓✓ | 8850 |
} else if (found) { |
1313 |
6766 |
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, |
|
1314 |
alg_enc, alg_mac, alg_ssl, algo_strength, rule, |
||
1315 |
-1, head_p, tail_p); |
||
1316 |
6766 |
} else { |
|
1317 |
✓✓✗✓ ✗✗✗✗ ✗✓ |
4372 |
while ((*l != '\0') && !ITEM_SEP(*l)) |
1318 |
l++; |
||
1319 |
} |
||
1320 |
✓✓ | 8850 |
if (*l == '\0') |
1321 |
break; /* done */ |
||
1322 |
} |
||
1323 |
|||
1324 |
1262 |
return (retval); |
|
1325 |
} |
||
1326 |
|||
1327 |
static inline int |
||
1328 |
ssl_aes_is_accelerated(void) |
||
1329 |
{ |
||
1330 |
#if defined(__i386__) || defined(__x86_64__) |
||
1331 |
2524 |
return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0); |
|
1332 |
#else |
||
1333 |
return (0); |
||
1334 |
#endif |
||
1335 |
} |
||
1336 |
|||
1337 |
STACK_OF(SSL_CIPHER) * |
||
1338 |
ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
||
1339 |
STACK_OF(SSL_CIPHER) **cipher_list, |
||
1340 |
STACK_OF(SSL_CIPHER) **cipher_list_by_id, |
||
1341 |
const char *rule_str) |
||
1342 |
{ |
||
1343 |
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
||
1344 |
2524 |
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; |
|
1345 |
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
||
1346 |
const char *rule_p; |
||
1347 |
1262 |
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
|
1348 |
const SSL_CIPHER **ca_list = NULL; |
||
1349 |
|||
1350 |
/* |
||
1351 |
* Return with error if nothing to do. |
||
1352 |
*/ |
||
1353 |
✗✓ | 1262 |
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
1354 |
return NULL; |
||
1355 |
|||
1356 |
/* |
||
1357 |
* To reduce the work to do we only want to process the compiled |
||
1358 |
* in algorithms, so we first get the mask of disabled ciphers. |
||
1359 |
*/ |
||
1360 |
1262 |
ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); |
|
1361 |
|||
1362 |
/* |
||
1363 |
* Now we have to collect the available ciphers from the compiled |
||
1364 |
* in ciphers. We cannot get more than the number compiled in, so |
||
1365 |
* it is used for allocation. |
||
1366 |
*/ |
||
1367 |
1262 |
num_of_ciphers = ssl_method->num_ciphers(); |
|
1368 |
1262 |
co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); |
|
1369 |
✗✓ | 1262 |
if (co_list == NULL) { |
1370 |
SSLerrorx(ERR_R_MALLOC_FAILURE); |
||
1371 |
return(NULL); /* Failure */ |
||
1372 |
} |
||
1373 |
|||
1374 |
1262 |
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
|
1375 |
1262 |
disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
|
1376 |
co_list, &head, &tail); |
||
1377 |
|||
1378 |
|||
1379 |
/* Now arrange all ciphers by preference: */ |
||
1380 |
|||
1381 |
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ |
||
1382 |
1262 |
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
|
1383 |
1262 |
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
|
1384 |
|||
1385 |
✓✗ | 1262 |
if (ssl_aes_is_accelerated() == 1) { |
1386 |
/* |
||
1387 |
* We have hardware assisted AES - prefer AES as a symmetric |
||
1388 |
* cipher, with CHACHA20 second. |
||
1389 |
*/ |
||
1390 |
1262 |
ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, |
|
1391 |
CIPHER_ADD, -1, &head, &tail); |
||
1392 |
1262 |
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, |
|
1393 |
0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
||
1394 |
1262 |
} else { |
|
1395 |
/* |
||
1396 |
* CHACHA20 is fast and safe on all hardware and is thus our |
||
1397 |
* preferred symmetric cipher, with AES second. |
||
1398 |
*/ |
||
1399 |
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, |
||
1400 |
0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
||
1401 |
ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, |
||
1402 |
CIPHER_ADD, -1, &head, &tail); |
||
1403 |
} |
||
1404 |
|||
1405 |
/* Temporarily enable everything else for sorting */ |
||
1406 |
1262 |
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
|
1407 |
|||
1408 |
/* Low priority for MD5 */ |
||
1409 |
1262 |
ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); |
|
1410 |
|||
1411 |
/* Move anonymous ciphers to the end. Usually, these will remain disabled. |
||
1412 |
* (For applications that allow them, they aren't too bad, but we prefer |
||
1413 |
* authenticated ciphers.) */ |
||
1414 |
1262 |
ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
|
1415 |
|||
1416 |
/* Move ciphers without forward secrecy to the end */ |
||
1417 |
1262 |
ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
|
1418 |
|||
1419 |
/* RC4 is sort of broken - move it to the end */ |
||
1420 |
1262 |
ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
|
1421 |
|||
1422 |
/* Now sort by symmetric encryption strength. The above ordering remains |
||
1423 |
* in force within each class */ |
||
1424 |
✗✓ | 1262 |
if (!ssl_cipher_strength_sort(&head, &tail)) { |
1425 |
free(co_list); |
||
1426 |
return NULL; |
||
1427 |
} |
||
1428 |
|||
1429 |
/* Now disable everything (maintaining the ordering!) */ |
||
1430 |
1262 |
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
|
1431 |
|||
1432 |
|||
1433 |
/* |
||
1434 |
* We also need cipher aliases for selecting based on the rule_str. |
||
1435 |
* There might be two types of entries in the rule_str: 1) names |
||
1436 |
* of ciphers themselves 2) aliases for groups of ciphers. |
||
1437 |
* For 1) we need the available ciphers and for 2) the cipher |
||
1438 |
* groups of cipher_aliases added together in one list (otherwise |
||
1439 |
* we would be happy with just the cipher_aliases table). |
||
1440 |
*/ |
||
1441 |
num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); |
||
1442 |
1262 |
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
|
1443 |
1262 |
ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *)); |
|
1444 |
✗✓ | 1262 |
if (ca_list == NULL) { |
1445 |
free(co_list); |
||
1446 |
SSLerrorx(ERR_R_MALLOC_FAILURE); |
||
1447 |
return(NULL); /* Failure */ |
||
1448 |
} |
||
1449 |
1262 |
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
|
1450 |
1262 |
disabled_mkey, disabled_auth, disabled_enc, |
|
1451 |
1262 |
disabled_mac, disabled_ssl, head); |
|
1452 |
|||
1453 |
/* |
||
1454 |
* If the rule_string begins with DEFAULT, apply the default rule |
||
1455 |
* before using the (possibly available) additional rules. |
||
1456 |
*/ |
||
1457 |
ok = 1; |
||
1458 |
rule_p = rule_str; |
||
1459 |
✗✓ | 1262 |
if (strncmp(rule_str, "DEFAULT", 7) == 0) { |
1460 |
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, |
||
1461 |
&head, &tail, ca_list); |
||
1462 |
rule_p += 7; |
||
1463 |
if (*rule_p == ':') |
||
1464 |
rule_p++; |
||
1465 |
} |
||
1466 |
|||
1467 |
✓✗✓✗ |
2524 |
if (ok && (strlen(rule_p) > 0)) |
1468 |
1262 |
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); |
|
1469 |
|||
1470 |
1262 |
free((void *)ca_list); /* Not needed anymore */ |
|
1471 |
|||
1472 |
✗✓ | 1262 |
if (!ok) { |
1473 |
/* Rule processing failure */ |
||
1474 |
free(co_list); |
||
1475 |
return (NULL); |
||
1476 |
} |
||
1477 |
|||
1478 |
/* |
||
1479 |
* Allocate new "cipherstack" for the result, return with error |
||
1480 |
* if we cannot get one. |
||
1481 |
*/ |
||
1482 |
✗✓ | 1262 |
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
1483 |
free(co_list); |
||
1484 |
return (NULL); |
||
1485 |
} |
||
1486 |
|||
1487 |
/* |
||
1488 |
* The cipher selection for the list is done. The ciphers are added |
||
1489 |
* to the resulting precedence to the STACK_OF(SSL_CIPHER). |
||
1490 |
*/ |
||
1491 |
✓✓ | 133876 |
for (curr = head; curr != NULL; curr = curr->next) { |
1492 |
✓✓ | 65676 |
if (curr->active) { |
1493 |
44452 |
sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
|
1494 |
44452 |
} |
|
1495 |
} |
||
1496 |
1262 |
free(co_list); /* Not needed any longer */ |
|
1497 |
|||
1498 |
1262 |
tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
|
1499 |
✗✓ | 1262 |
if (tmp_cipher_list == NULL) { |
1500 |
sk_SSL_CIPHER_free(cipherstack); |
||
1501 |
return NULL; |
||
1502 |
} |
||
1503 |
1262 |
sk_SSL_CIPHER_free(*cipher_list); |
|
1504 |
1262 |
*cipher_list = cipherstack; |
|
1505 |
1262 |
sk_SSL_CIPHER_free(*cipher_list_by_id); |
|
1506 |
1262 |
*cipher_list_by_id = tmp_cipher_list; |
|
1507 |
1262 |
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, |
|
1508 |
ssl_cipher_ptr_id_cmp); |
||
1509 |
|||
1510 |
1262 |
sk_SSL_CIPHER_sort(*cipher_list_by_id); |
|
1511 |
1262 |
return (cipherstack); |
|
1512 |
1262 |
} |
|
1513 |
|||
1514 |
const SSL_CIPHER * |
||
1515 |
SSL_CIPHER_get_by_id(unsigned int id) |
||
1516 |
{ |
||
1517 |
376 |
return ssl3_get_cipher_by_id(id); |
|
1518 |
} |
||
1519 |
|||
1520 |
const SSL_CIPHER * |
||
1521 |
SSL_CIPHER_get_by_value(uint16_t value) |
||
1522 |
{ |
||
1523 |
376 |
return ssl3_get_cipher_by_value(value); |
|
1524 |
} |
||
1525 |
|||
1526 |
char * |
||
1527 |
SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
||
1528 |
{ |
||
1529 |
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; |
||
1530 |
const char *ver, *kx, *au, *enc, *mac; |
||
1531 |
188 |
char *ret; |
|
1532 |
int l; |
||
1533 |
|||
1534 |
94 |
alg_mkey = cipher->algorithm_mkey; |
|
1535 |
94 |
alg_auth = cipher->algorithm_auth; |
|
1536 |
94 |
alg_enc = cipher->algorithm_enc; |
|
1537 |
94 |
alg_mac = cipher->algorithm_mac; |
|
1538 |
94 |
alg_ssl = cipher->algorithm_ssl; |
|
1539 |
|||
1540 |
94 |
alg2 = cipher->algorithm2; |
|
1541 |
|||
1542 |
✓✓ | 94 |
if (alg_ssl & SSL_SSLV3) |
1543 |
48 |
ver = "SSLv3"; |
|
1544 |
✓✗ | 46 |
else if (alg_ssl & SSL_TLSV1_2) |
1545 |
46 |
ver = "TLSv1.2"; |
|
1546 |
else |
||
1547 |
ver = "unknown"; |
||
1548 |
|||
1549 |
✓✓✓✓ ✗ |
94 |
switch (alg_mkey) { |
1550 |
case SSL_kRSA: |
||
1551 |
kx = "RSA"; |
||
1552 |
28 |
break; |
|
1553 |
case SSL_kDHE: |
||
1554 |
kx = "DH"; |
||
1555 |
26 |
break; |
|
1556 |
case SSL_kECDHE: |
||
1557 |
kx = "ECDH"; |
||
1558 |
36 |
break; |
|
1559 |
case SSL_kGOST: |
||
1560 |
kx = "GOST"; |
||
1561 |
4 |
break; |
|
1562 |
default: |
||
1563 |
kx = "unknown"; |
||
1564 |
} |
||
1565 |
|||
1566 |
✓✗✗✓ ✓✗ |
94 |
switch (alg_auth) { |
1567 |
case SSL_aRSA: |
||
1568 |
au = "RSA"; |
||
1569 |
72 |
break; |
|
1570 |
case SSL_aDSS: |
||
1571 |
au = "DSS"; |
||
1572 |
break; |
||
1573 |
case SSL_aNULL: |
||
1574 |
au = "None"; |
||
1575 |
break; |
||
1576 |
case SSL_aECDSA: |
||
1577 |
au = "ECDSA"; |
||
1578 |
18 |
break; |
|
1579 |
case SSL_aGOST01: |
||
1580 |
au = "GOST01"; |
||
1581 |
4 |
break; |
|
1582 |
default: |
||
1583 |
au = "unknown"; |
||
1584 |
break; |
||
1585 |
} |
||
1586 |
|||
1587 |
✓✓✓✗ ✗✓✓✓ ✓✓✓✓ ✓✗ |
94 |
switch (alg_enc) { |
1588 |
case SSL_DES: |
||
1589 |
enc = "DES(56)"; |
||
1590 |
4 |
break; |
|
1591 |
case SSL_3DES: |
||
1592 |
enc = "3DES(168)"; |
||
1593 |
8 |
break; |
|
1594 |
case SSL_RC4: |
||
1595 |
8 |
enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)"; |
|
1596 |
8 |
break; |
|
1597 |
case SSL_IDEA: |
||
1598 |
enc = "IDEA(128)"; |
||
1599 |
break; |
||
1600 |
case SSL_eNULL: |
||
1601 |
enc = "None"; |
||
1602 |
break; |
||
1603 |
case SSL_AES128: |
||
1604 |
enc = "AES(128)"; |
||
1605 |
16 |
break; |
|
1606 |
case SSL_AES256: |
||
1607 |
enc = "AES(256)"; |
||
1608 |
16 |
break; |
|
1609 |
case SSL_AES128GCM: |
||
1610 |
enc = "AESGCM(128)"; |
||
1611 |
8 |
break; |
|
1612 |
case SSL_AES256GCM: |
||
1613 |
enc = "AESGCM(256)"; |
||
1614 |
8 |
break; |
|
1615 |
case SSL_CAMELLIA128: |
||
1616 |
enc = "Camellia(128)"; |
||
1617 |
8 |
break; |
|
1618 |
case SSL_CAMELLIA256: |
||
1619 |
enc = "Camellia(256)"; |
||
1620 |
8 |
break; |
|
1621 |
case SSL_CHACHA20POLY1305: |
||
1622 |
enc = "ChaCha20-Poly1305"; |
||
1623 |
6 |
break; |
|
1624 |
case SSL_eGOST2814789CNT: |
||
1625 |
enc = "GOST-28178-89-CNT"; |
||
1626 |
4 |
break; |
|
1627 |
default: |
||
1628 |
enc = "unknown"; |
||
1629 |
break; |
||
1630 |
} |
||
1631 |
|||
1632 |
✓✓✓✓ ✓✗✓✗ ✗ |
94 |
switch (alg_mac) { |
1633 |
case SSL_MD5: |
||
1634 |
mac = "MD5"; |
||
1635 |
2 |
break; |
|
1636 |
case SSL_SHA1: |
||
1637 |
mac = "SHA1"; |
||
1638 |
42 |
break; |
|
1639 |
case SSL_SHA256: |
||
1640 |
mac = "SHA256"; |
||
1641 |
20 |
break; |
|
1642 |
case SSL_SHA384: |
||
1643 |
mac = "SHA384"; |
||
1644 |
4 |
break; |
|
1645 |
case SSL_AEAD: |
||
1646 |
mac = "AEAD"; |
||
1647 |
22 |
break; |
|
1648 |
case SSL_GOST94: |
||
1649 |
mac = "GOST94"; |
||
1650 |
break; |
||
1651 |
case SSL_GOST89MAC: |
||
1652 |
mac = "GOST89IMIT"; |
||
1653 |
4 |
break; |
|
1654 |
case SSL_STREEBOG256: |
||
1655 |
mac = "STREEBOG256"; |
||
1656 |
break; |
||
1657 |
default: |
||
1658 |
mac = "unknown"; |
||
1659 |
break; |
||
1660 |
} |
||
1661 |
|||
1662 |
✗✓ | 188 |
if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n", |
1663 |
188 |
cipher->name, ver, kx, au, enc, mac) == -1) |
|
1664 |
return "OPENSSL_malloc Error"; |
||
1665 |
|||
1666 |
✗✓ | 94 |
if (buf != NULL) { |
1667 |
l = strlcpy(buf, ret, len); |
||
1668 |
free(ret); |
||
1669 |
ret = buf; |
||
1670 |
if (l >= len) |
||
1671 |
ret = "Buffer too small"; |
||
1672 |
} |
||
1673 |
|||
1674 |
94 |
return (ret); |
|
1675 |
94 |
} |
|
1676 |
|||
1677 |
char * |
||
1678 |
SSL_CIPHER_get_version(const SSL_CIPHER *c) |
||
1679 |
{ |
||
1680 |
✗✓ | 488 |
if (c == NULL) |
1681 |
return("(NONE)"); |
||
1682 |
✓✗ | 244 |
if ((c->id >> 24) == 3) |
1683 |
244 |
return("TLSv1/SSLv3"); |
|
1684 |
else |
||
1685 |
return("unknown"); |
||
1686 |
244 |
} |
|
1687 |
|||
1688 |
/* return the actual cipher being used */ |
||
1689 |
const char * |
||
1690 |
SSL_CIPHER_get_name(const SSL_CIPHER *c) |
||
1691 |
{ |
||
1692 |
✓✗ | 784 |
if (c != NULL) |
1693 |
392 |
return (c->name); |
|
1694 |
return("(NONE)"); |
||
1695 |
392 |
} |
|
1696 |
|||
1697 |
/* number of bits for symmetric cipher */ |
||
1698 |
int |
||
1699 |
SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
||
1700 |
{ |
||
1701 |
int ret = 0; |
||
1702 |
|||
1703 |
if (c != NULL) { |
||
1704 |
if (alg_bits != NULL) |
||
1705 |
*alg_bits = c->alg_bits; |
||
1706 |
ret = c->strength_bits; |
||
1707 |
} |
||
1708 |
return (ret); |
||
1709 |
} |
||
1710 |
|||
1711 |
unsigned long |
||
1712 |
SSL_CIPHER_get_id(const SSL_CIPHER *c) |
||
1713 |
{ |
||
1714 |
376 |
return c->id; |
|
1715 |
} |
||
1716 |
|||
1717 |
uint16_t |
||
1718 |
SSL_CIPHER_get_value(const SSL_CIPHER *c) |
||
1719 |
{ |
||
1720 |
576 |
return ssl3_cipher_get_value(c); |
|
1721 |
} |
||
1722 |
|||
1723 |
void * |
||
1724 |
SSL_COMP_get_compression_methods(void) |
||
1725 |
{ |
||
1726 |
return NULL; |
||
1727 |
} |
||
1728 |
|||
1729 |
int |
||
1730 |
SSL_COMP_add_compression_method(int id, void *cm) |
||
1731 |
{ |
||
1732 |
return 1; |
||
1733 |
} |
||
1734 |
|||
1735 |
const char * |
||
1736 |
SSL_COMP_get_name(const void *comp) |
||
1737 |
{ |
||
1738 |
return NULL; |
||
1739 |
} |
| Generated by: GCOVR (Version 3.3) |