]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/ssl_ciph.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
675f605d BM |
58 | /* ==================================================================== |
59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | |
60 | * | |
61 | * Redistribution and use in source and binary forms, with or without | |
62 | * modification, are permitted provided that the following conditions | |
63 | * are met: | |
64 | * | |
65 | * 1. Redistributions of source code must retain the above copyright | |
66 | * notice, this list of conditions and the following disclaimer. | |
67 | * | |
68 | * 2. Redistributions in binary form must reproduce the above copyright | |
69 | * notice, this list of conditions and the following disclaimer in | |
70 | * the documentation and/or other materials provided with the | |
71 | * distribution. | |
72 | * | |
73 | * 3. All advertising materials mentioning features or use of this | |
74 | * software must display the following acknowledgment: | |
75 | * "This product includes software developed by the OpenSSL Project | |
76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
77 | * | |
78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
79 | * endorse or promote products derived from this software without | |
80 | * prior written permission. For written permission, please contact | |
81 | * openssl-core@openssl.org. | |
82 | * | |
83 | * 5. Products derived from this software may not be called "OpenSSL" | |
84 | * nor may "OpenSSL" appear in their names without prior written | |
85 | * permission of the OpenSSL Project. | |
86 | * | |
87 | * 6. Redistributions of any form whatsoever must retain the following | |
88 | * acknowledgment: | |
89 | * "This product includes software developed by the OpenSSL Project | |
90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
91 | * | |
92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
104 | * ==================================================================== | |
105 | * | |
106 | * This product includes cryptographic software written by Eric Young | |
107 | * (eay@cryptsoft.com). This product includes software written by Tim | |
108 | * Hudson (tjh@cryptsoft.com). | |
109 | * | |
110 | */ | |
ea262260 BM |
111 | /* ==================================================================== |
112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | |
113 | * ECC cipher suite support in OpenSSL originally developed by | |
114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | |
115 | */ | |
ddac1974 NL |
116 | /* ==================================================================== |
117 | * Copyright 2005 Nokia. All rights reserved. | |
118 | * | |
119 | * The portions of the attached software ("Contribution") is developed by | |
120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | |
121 | * license. | |
122 | * | |
123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | |
124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | |
125 | * support (see RFC 4279) to OpenSSL. | |
126 | * | |
127 | * No patent licenses or other rights except those expressly stated in | |
128 | * the OpenSSL open source license shall be deemed granted or received | |
129 | * expressly, by implication, estoppel, or otherwise. | |
130 | * | |
131 | * No assurances are provided by Nokia that the Contribution does not | |
132 | * infringe the patent or other intellectual property rights of any third | |
133 | * party or that the license provides you with all the necessary rights | |
134 | * to make use of the Contribution. | |
135 | * | |
136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | |
137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | |
138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | |
139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | |
140 | * OTHERWISE. | |
141 | */ | |
142 | ||
d02b48c6 | 143 | #include <stdio.h> |
ec577822 BM |
144 | #include <openssl/objects.h> |
145 | #include <openssl/comp.h> | |
d02b48c6 RE |
146 | #include "ssl_locl.h" |
147 | ||
148 | #define SSL_ENC_DES_IDX 0 | |
149 | #define SSL_ENC_3DES_IDX 1 | |
150 | #define SSL_ENC_RC4_IDX 2 | |
151 | #define SSL_ENC_RC2_IDX 3 | |
152 | #define SSL_ENC_IDEA_IDX 4 | |
153 | #define SSL_ENC_eFZA_IDX 5 | |
154 | #define SSL_ENC_NULL_IDX 6 | |
deb2c1a1 DSH |
155 | #define SSL_ENC_AES128_IDX 7 |
156 | #define SSL_ENC_AES256_IDX 8 | |
157 | #define SSL_ENC_NUM_IDX 9 | |
f3dea9a5 BM |
158 | #define SSL_ENC_CAMELLIA128_IDX 9 |
159 | #define SSL_ENC_CAMELLIA256_IDX 10 | |
160 | #undef SSL_ENC_NUM_IDX | |
161 | #define SSL_ENC_NUM_IDX 11 | |
162 | ||
d02b48c6 | 163 | |
e778802f | 164 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ |
d02b48c6 RE |
165 | NULL,NULL,NULL,NULL,NULL,NULL, |
166 | }; | |
167 | ||
7ba666fa RL |
168 | #define SSL_COMP_NULL_IDX 0 |
169 | #define SSL_COMP_ZLIB_IDX 1 | |
170 | #define SSL_COMP_NUM_IDX 2 | |
171 | ||
f73e07cf | 172 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; |
413c4f45 | 173 | |
d02b48c6 | 174 | #define SSL_MD_MD5_IDX 0 |
58964a49 RE |
175 | #define SSL_MD_SHA1_IDX 1 |
176 | #define SSL_MD_NUM_IDX 2 | |
e778802f | 177 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ |
58964a49 | 178 | NULL,NULL, |
d02b48c6 RE |
179 | }; |
180 | ||
d02b48c6 RE |
181 | #define CIPHER_ADD 1 |
182 | #define CIPHER_KILL 2 | |
183 | #define CIPHER_DEL 3 | |
58964a49 | 184 | #define CIPHER_ORD 4 |
018e57c7 | 185 | #define CIPHER_SPECIAL 5 |
d02b48c6 | 186 | |
58964a49 RE |
187 | typedef struct cipher_order_st |
188 | { | |
189 | SSL_CIPHER *cipher; | |
190 | int active; | |
191 | int dead; | |
192 | struct cipher_order_st *next,*prev; | |
193 | } CIPHER_ORDER; | |
194 | ||
018e57c7 | 195 | static const SSL_CIPHER cipher_aliases[]={ |
ea4f109c | 196 | /* Don't include eNULL unless specifically enabled. */ |
ea262260 BM |
197 | /* Don't include ECC in ALL because these ciphers are not yet official. */ |
198 | {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ | |
199 | /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ | |
200 | {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ | |
c6ccf055 | 201 | {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, |
ea262260 | 202 | {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ |
018e57c7 DSH |
203 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, |
204 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, | |
205 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, | |
206 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, | |
207 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, | |
ddac1974 | 208 | {0,SSL_TXT_kPSK,0,SSL_kPSK, 0,0,0,0,SSL_MKEY_MASK,0}, |
018e57c7 | 209 | {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, |
ea262260 | 210 | {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, |
018e57c7 | 211 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, |
f9b3bff6 | 212 | {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ |
018e57c7 DSH |
213 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, |
214 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, | |
215 | {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, | |
ddac1974 | 216 | {0,SSL_TXT_aPSK,0,SSL_aPSK, 0,0,0,0,SSL_AUTH_MASK,0}, |
018e57c7 DSH |
217 | {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, |
218 | {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, | |
219 | {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, | |
220 | ||
221 | {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, | |
222 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, | |
223 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, | |
224 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | |
5fdf0666 | 225 | #ifndef OPENSSL_NO_IDEA |
018e57c7 | 226 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
5fdf0666 | 227 | #endif |
018e57c7 DSH |
228 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
229 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, | |
deb2c1a1 | 230 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, |
f3dea9a5 | 231 | {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, |
018e57c7 DSH |
232 | |
233 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, | |
234 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, | |
235 | {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, | |
236 | ||
237 | {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, | |
f9b3bff6 | 238 | {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, |
018e57c7 DSH |
239 | {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, |
240 | {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, | |
241 | {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, | |
ddac1974 | 242 | {0,SSL_TXT_PSK, 0,SSL_PSK, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, |
018e57c7 DSH |
243 | |
244 | {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, | |
245 | {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, | |
246 | {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, | |
247 | ||
248 | {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, | |
249 | {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, | |
250 | {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, | |
251 | {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, | |
252 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | |
253 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | |
254 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | |
d02b48c6 RE |
255 | }; |
256 | ||
7f3c9036 | 257 | void ssl_load_ciphers(void) |
d02b48c6 | 258 | { |
d02b48c6 RE |
259 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
260 | EVP_get_cipherbyname(SN_des_cbc); | |
261 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | |
262 | EVP_get_cipherbyname(SN_des_ede3_cbc); | |
263 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= | |
264 | EVP_get_cipherbyname(SN_rc4); | |
265 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | |
266 | EVP_get_cipherbyname(SN_rc2_cbc); | |
5fdf0666 | 267 | #ifndef OPENSSL_NO_IDEA |
d02b48c6 RE |
268 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
269 | EVP_get_cipherbyname(SN_idea_cbc); | |
5fdf0666 RL |
270 | #else |
271 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | |
272 | #endif | |
deb2c1a1 DSH |
273 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
274 | EVP_get_cipherbyname(SN_aes_128_cbc); | |
275 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | |
276 | EVP_get_cipherbyname(SN_aes_256_cbc); | |
f3dea9a5 BM |
277 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= |
278 | EVP_get_cipherbyname(SN_camellia_128_cbc); | |
279 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | |
280 | EVP_get_cipherbyname(SN_camellia_256_cbc); | |
d02b48c6 RE |
281 | |
282 | ssl_digest_methods[SSL_MD_MD5_IDX]= | |
283 | EVP_get_digestbyname(SN_md5); | |
d02b48c6 RE |
284 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
285 | EVP_get_digestbyname(SN_sha1); | |
286 | } | |
287 | ||
09b6c2ef DSH |
288 | |
289 | #ifndef OPENSSL_NO_COMP | |
290 | ||
7ba666fa RL |
291 | static int sk_comp_cmp(const SSL_COMP * const *a, |
292 | const SSL_COMP * const *b) | |
293 | { | |
294 | return((*a)->id-(*b)->id); | |
295 | } | |
296 | ||
297 | static void load_builtin_compressions(void) | |
298 | { | |
675f605d | 299 | int got_write_lock = 0; |
f70ddce7 | 300 | |
675f605d | 301 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); |
7ba666fa RL |
302 | if (ssl_comp_methods == NULL) |
303 | { | |
675f605d BM |
304 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
305 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | |
306 | got_write_lock = 1; | |
307 | ||
308 | if (ssl_comp_methods == NULL) | |
7ba666fa | 309 | { |
675f605d BM |
310 | SSL_COMP *comp = NULL; |
311 | ||
312 | MemCheck_off(); | |
313 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | |
314 | if (ssl_comp_methods != NULL) | |
7ba666fa | 315 | { |
675f605d BM |
316 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
317 | if (comp != NULL) | |
7ba666fa | 318 | { |
675f605d BM |
319 | comp->method=COMP_zlib(); |
320 | if (comp->method | |
321 | && comp->method->type == NID_undef) | |
322 | OPENSSL_free(comp); | |
323 | else | |
324 | { | |
325 | comp->id=SSL_COMP_ZLIB_IDX; | |
326 | comp->name=comp->method->name; | |
327 | sk_SSL_COMP_push(ssl_comp_methods,comp); | |
328 | } | |
7ba666fa RL |
329 | } |
330 | } | |
675f605d | 331 | MemCheck_on(); |
7ba666fa | 332 | } |
7ba666fa | 333 | } |
675f605d BM |
334 | |
335 | if (got_write_lock) | |
336 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | |
337 | else | |
338 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | |
7ba666fa | 339 | } |
09b6c2ef | 340 | #endif |
7ba666fa | 341 | |
0821bcd4 | 342 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
6b691a5c | 343 | const EVP_MD **md, SSL_COMP **comp) |
d02b48c6 RE |
344 | { |
345 | int i; | |
413c4f45 | 346 | SSL_CIPHER *c; |
d02b48c6 | 347 | |
413c4f45 | 348 | c=s->cipher; |
d02b48c6 | 349 | if (c == NULL) return(0); |
413c4f45 MC |
350 | if (comp != NULL) |
351 | { | |
352 | SSL_COMP ctmp; | |
09b6c2ef | 353 | #ifndef OPENSSL_NO_COMP |
7ba666fa | 354 | load_builtin_compressions(); |
09b6c2ef | 355 | #endif |
413c4f45 | 356 | |
7ba666fa RL |
357 | *comp=NULL; |
358 | ctmp.id=s->compress_meth; | |
359 | if (ssl_comp_methods != NULL) | |
360 | { | |
f73e07cf | 361 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); |
413c4f45 | 362 | if (i >= 0) |
f73e07cf | 363 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); |
413c4f45 MC |
364 | else |
365 | *comp=NULL; | |
366 | } | |
367 | } | |
368 | ||
369 | if ((enc == NULL) || (md == NULL)) return(0); | |
d02b48c6 RE |
370 | |
371 | switch (c->algorithms & SSL_ENC_MASK) | |
372 | { | |
373 | case SSL_DES: | |
374 | i=SSL_ENC_DES_IDX; | |
375 | break; | |
376 | case SSL_3DES: | |
377 | i=SSL_ENC_3DES_IDX; | |
378 | break; | |
379 | case SSL_RC4: | |
380 | i=SSL_ENC_RC4_IDX; | |
381 | break; | |
382 | case SSL_RC2: | |
383 | i=SSL_ENC_RC2_IDX; | |
384 | break; | |
385 | case SSL_IDEA: | |
386 | i=SSL_ENC_IDEA_IDX; | |
387 | break; | |
388 | case SSL_eNULL: | |
389 | i=SSL_ENC_NULL_IDX; | |
390 | break; | |
deb2c1a1 | 391 | case SSL_AES: |
259810e0 BL |
392 | switch(c->alg_bits) |
393 | { | |
deb2c1a1 DSH |
394 | case 128: i=SSL_ENC_AES128_IDX; break; |
395 | case 256: i=SSL_ENC_AES256_IDX; break; | |
259810e0 BL |
396 | default: i=-1; break; |
397 | } | |
398 | break; | |
f3dea9a5 BM |
399 | case SSL_CAMELLIA: |
400 | switch(c->alg_bits) | |
401 | { | |
402 | case 128: i=SSL_ENC_CAMELLIA128_IDX; break; | |
403 | case 256: i=SSL_ENC_CAMELLIA256_IDX; break; | |
404 | default: i=-1; break; | |
405 | } | |
406 | break; | |
407 | ||
d02b48c6 RE |
408 | default: |
409 | i= -1; | |
410 | break; | |
411 | } | |
412 | ||
413 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | |
414 | *enc=NULL; | |
415 | else | |
416 | { | |
417 | if (i == SSL_ENC_NULL_IDX) | |
418 | *enc=EVP_enc_null(); | |
419 | else | |
420 | *enc=ssl_cipher_methods[i]; | |
421 | } | |
422 | ||
423 | switch (c->algorithms & SSL_MAC_MASK) | |
424 | { | |
425 | case SSL_MD5: | |
426 | i=SSL_MD_MD5_IDX; | |
427 | break; | |
d02b48c6 RE |
428 | case SSL_SHA1: |
429 | i=SSL_MD_SHA1_IDX; | |
430 | break; | |
431 | default: | |
432 | i= -1; | |
433 | break; | |
434 | } | |
435 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) | |
436 | *md=NULL; | |
437 | else | |
438 | *md=ssl_digest_methods[i]; | |
439 | ||
440 | if ((*enc != NULL) && (*md != NULL)) | |
441 | return(1); | |
442 | else | |
443 | return(0); | |
444 | } | |
445 | ||
58964a49 RE |
446 | #define ITEM_SEP(a) \ |
447 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | |
448 | ||
6b691a5c UM |
449 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
450 | CIPHER_ORDER **tail) | |
58964a49 RE |
451 | { |
452 | if (curr == *tail) return; | |
453 | if (curr == *head) | |
454 | *head=curr->next; | |
455 | if (curr->prev != NULL) | |
456 | curr->prev->next=curr->next; | |
457 | if (curr->next != NULL) /* should always be true */ | |
458 | curr->next->prev=curr->prev; | |
459 | (*tail)->next=curr; | |
460 | curr->prev= *tail; | |
461 | curr->next=NULL; | |
462 | *tail=curr; | |
463 | } | |
464 | ||
018e57c7 | 465 | static unsigned long ssl_cipher_get_disabled(void) |
d02b48c6 | 466 | { |
018e57c7 | 467 | unsigned long mask; |
d02b48c6 | 468 | |
018e57c7 | 469 | mask = SSL_kFZA; |
bc36ee62 | 470 | #ifdef OPENSSL_NO_RSA |
018e57c7 | 471 | mask |= SSL_aRSA|SSL_kRSA; |
d02b48c6 | 472 | #endif |
bc36ee62 | 473 | #ifdef OPENSSL_NO_DSA |
018e57c7 | 474 | mask |= SSL_aDSS; |
d02b48c6 | 475 | #endif |
bc36ee62 | 476 | #ifdef OPENSSL_NO_DH |
018e57c7 | 477 | mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; |
d02b48c6 | 478 | #endif |
bc36ee62 | 479 | #ifdef OPENSSL_NO_KRB5 |
f9b3bff6 RL |
480 | mask |= SSL_kKRB5|SSL_aKRB5; |
481 | #endif | |
ea262260 BM |
482 | #ifdef OPENSSL_NO_ECDH |
483 | mask |= SSL_kECDH|SSL_kECDHE; | |
484 | #endif | |
ddac1974 NL |
485 | #ifdef OPENSSL_NO_PSK |
486 | mask |= SSL_kPSK; | |
487 | #endif | |
988788f6 | 488 | #ifdef SSL_FORBID_ENULL |
018e57c7 | 489 | mask |= SSL_eNULL; |
d02b48c6 RE |
490 | #endif |
491 | ||
018e57c7 DSH |
492 | mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; |
493 | mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; | |
494 | mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; | |
495 | mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | |
496 | mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | |
497 | mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; | |
deb2c1a1 | 498 | mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; |
f3dea9a5 | 499 | mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; |
d02b48c6 | 500 | |
018e57c7 DSH |
501 | mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; |
502 | mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | |
d02b48c6 | 503 | |
018e57c7 DSH |
504 | return(mask); |
505 | } | |
506 | ||
507 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |
3822740c | 508 | int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, |
018e57c7 DSH |
509 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
510 | { | |
3822740c | 511 | int i, co_list_num; |
018e57c7 DSH |
512 | SSL_CIPHER *c; |
513 | ||
514 | /* | |
515 | * We have num_of_ciphers descriptions compiled in, depending on the | |
516 | * method selected (SSLv2 and/or SSLv3, TLSv1 etc). | |
517 | * These will later be sorted in a linked list with at most num | |
518 | * entries. | |
519 | */ | |
58964a49 | 520 | |
d02b48c6 | 521 | /* Get the initial list of ciphers */ |
3822740c | 522 | co_list_num = 0; /* actual count of ciphers */ |
018e57c7 | 523 | for (i = 0; i < num_of_ciphers; i++) |
d02b48c6 | 524 | { |
018e57c7 | 525 | c = ssl_method->get_cipher(i); |
d02b48c6 RE |
526 | /* drop those that use any of that is not available */ |
527 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) | |
528 | { | |
3822740c RL |
529 | co_list[co_list_num].cipher = c; |
530 | co_list[co_list_num].next = NULL; | |
531 | co_list[co_list_num].prev = NULL; | |
532 | co_list[co_list_num].active = 0; | |
533 | co_list_num++; | |
f9b3bff6 RL |
534 | #ifdef KSSL_DEBUG |
535 | printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); | |
536 | #endif /* KSSL_DEBUG */ | |
018e57c7 | 537 | /* |
d02b48c6 | 538 | if (!sk_push(ca_list,(char *)c)) goto err; |
018e57c7 | 539 | */ |
d02b48c6 RE |
540 | } |
541 | } | |
018e57c7 DSH |
542 | |
543 | /* | |
544 | * Prepare linked list from list entries | |
545 | */ | |
3822740c | 546 | for (i = 1; i < co_list_num - 1; i++) |
58964a49 | 547 | { |
3822740c RL |
548 | co_list[i].prev = &(co_list[i-1]); |
549 | co_list[i].next = &(co_list[i+1]); | |
58964a49 | 550 | } |
3822740c | 551 | if (co_list_num > 0) |
58964a49 | 552 | { |
3822740c | 553 | (*head_p) = &(co_list[0]); |
018e57c7 | 554 | (*head_p)->prev = NULL; |
3822740c RL |
555 | (*head_p)->next = &(co_list[1]); |
556 | (*tail_p) = &(co_list[co_list_num - 1]); | |
557 | (*tail_p)->prev = &(co_list[co_list_num - 2]); | |
018e57c7 | 558 | (*tail_p)->next = NULL; |
58964a49 | 559 | } |
018e57c7 | 560 | } |
d02b48c6 | 561 | |
018e57c7 DSH |
562 | static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, |
563 | int num_of_group_aliases, unsigned long mask, | |
564 | CIPHER_ORDER *head) | |
565 | { | |
566 | CIPHER_ORDER *ciph_curr; | |
567 | SSL_CIPHER **ca_curr; | |
568 | int i; | |
d02b48c6 | 569 | |
018e57c7 DSH |
570 | /* |
571 | * First, add the real ciphers as already collected | |
572 | */ | |
573 | ciph_curr = head; | |
574 | ca_curr = ca_list; | |
575 | while (ciph_curr != NULL) | |
d02b48c6 | 576 | { |
018e57c7 DSH |
577 | *ca_curr = ciph_curr->cipher; |
578 | ca_curr++; | |
579 | ciph_curr = ciph_curr->next; | |
d02b48c6 RE |
580 | } |
581 | ||
018e57c7 DSH |
582 | /* |
583 | * Now we add the available ones from the cipher_aliases[] table. | |
584 | * They represent either an algorithm, that must be fully | |
585 | * supported (not match any bit in mask) or represent a cipher | |
586 | * strength value (will be added in any case because algorithms=0). | |
587 | */ | |
588 | for (i = 0; i < num_of_group_aliases; i++) | |
589 | { | |
590 | if ((i == 0) || /* always fetch "ALL" */ | |
591 | !(cipher_aliases[i].algorithms & mask)) | |
592 | { | |
593 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | |
594 | ca_curr++; | |
595 | } | |
596 | } | |
d02b48c6 | 597 | |
018e57c7 DSH |
598 | *ca_curr = NULL; /* end of list */ |
599 | } | |
d02b48c6 | 600 | |
ba1ba5f0 DSH |
601 | static void ssl_cipher_apply_rule(unsigned long cipher_id, |
602 | unsigned long algorithms, unsigned long mask, | |
018e57c7 | 603 | unsigned long algo_strength, unsigned long mask_strength, |
3822740c | 604 | int rule, int strength_bits, CIPHER_ORDER *co_list, |
018e57c7 DSH |
605 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
606 | { | |
607 | CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; | |
608 | SSL_CIPHER *cp; | |
609 | unsigned long ma, ma_s; | |
610 | ||
611 | #ifdef CIPHER_DEBUG | |
612 | printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", | |
613 | rule, algorithms, mask, algo_strength, mask_strength, | |
614 | strength_bits); | |
615 | #endif | |
d02b48c6 | 616 | |
018e57c7 DSH |
617 | curr = head = *head_p; |
618 | curr2 = head; | |
619 | tail2 = tail = *tail_p; | |
d02b48c6 RE |
620 | for (;;) |
621 | { | |
018e57c7 DSH |
622 | if ((curr == NULL) || (curr == tail2)) break; |
623 | curr = curr2; | |
624 | curr2 = curr->next; | |
625 | ||
626 | cp = curr->cipher; | |
627 | ||
ba1ba5f0 DSH |
628 | /* If explicit cipher suite match that one only */ |
629 | ||
630 | if (cipher_id) | |
631 | { | |
632 | if (cp->id != cipher_id) | |
633 | continue; | |
634 | } | |
635 | ||
018e57c7 DSH |
636 | /* |
637 | * Selection criteria is either the number of strength_bits | |
638 | * or the algorithm used. | |
639 | */ | |
ba1ba5f0 | 640 | else if (strength_bits == -1) |
018e57c7 DSH |
641 | { |
642 | ma = mask & cp->algorithms; | |
643 | ma_s = mask_strength & cp->algo_strength; | |
644 | ||
645 | #ifdef CIPHER_DEBUG | |
646 | printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); | |
647 | printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength); | |
648 | #endif | |
649 | /* | |
650 | * Select: if none of the mask bit was met from the | |
651 | * cipher or not all of the bits were met, the | |
652 | * selection does not apply. | |
653 | */ | |
654 | if (((ma == 0) && (ma_s == 0)) || | |
655 | ((ma & algorithms) != ma) || | |
656 | ((ma_s & algo_strength) != ma_s)) | |
657 | continue; /* does not apply */ | |
658 | } | |
659 | else if (strength_bits != cp->strength_bits) | |
660 | continue; /* does not apply */ | |
661 | ||
662 | #ifdef CIPHER_DEBUG | |
663 | printf("Action = %d\n", rule); | |
664 | #endif | |
665 | ||
666 | /* add the cipher if it has not been added yet. */ | |
667 | if (rule == CIPHER_ADD) | |
668 | { | |
669 | if (!curr->active) | |
670 | { | |
671 | ll_append_tail(&head, curr, &tail); | |
672 | curr->active = 1; | |
673 | } | |
674 | } | |
675 | /* Move the added cipher to this location */ | |
676 | else if (rule == CIPHER_ORD) | |
677 | { | |
678 | if (curr->active) | |
679 | { | |
680 | ll_append_tail(&head, curr, &tail); | |
681 | } | |
682 | } | |
683 | else if (rule == CIPHER_DEL) | |
684 | curr->active = 0; | |
685 | else if (rule == CIPHER_KILL) | |
686 | { | |
687 | if (head == curr) | |
688 | head = curr->next; | |
689 | else | |
690 | curr->prev->next = curr->next; | |
691 | if (tail == curr) | |
692 | tail = curr->prev; | |
693 | curr->active = 0; | |
694 | if (curr->next != NULL) | |
695 | curr->next->prev = curr->prev; | |
696 | if (curr->prev != NULL) | |
697 | curr->prev->next = curr->next; | |
698 | curr->next = NULL; | |
699 | curr->prev = NULL; | |
700 | } | |
701 | } | |
702 | ||
703 | *head_p = head; | |
704 | *tail_p = tail; | |
705 | } | |
706 | ||
3822740c RL |
707 | static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, |
708 | CIPHER_ORDER **head_p, | |
709 | CIPHER_ORDER **tail_p) | |
018e57c7 DSH |
710 | { |
711 | int max_strength_bits, i, *number_uses; | |
712 | CIPHER_ORDER *curr; | |
713 | ||
714 | /* | |
715 | * This routine sorts the ciphers with descending strength. The sorting | |
716 | * must keep the pre-sorted sequence, so we apply the normal sorting | |
717 | * routine as '+' movement to the end of the list. | |
718 | */ | |
719 | max_strength_bits = 0; | |
720 | curr = *head_p; | |
721 | while (curr != NULL) | |
722 | { | |
723 | if (curr->active && | |
724 | (curr->cipher->strength_bits > max_strength_bits)) | |
725 | max_strength_bits = curr->cipher->strength_bits; | |
726 | curr = curr->next; | |
727 | } | |
728 | ||
26a3a48d | 729 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); |
018e57c7 DSH |
730 | if (!number_uses) |
731 | { | |
732 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | |
733 | return(0); | |
734 | } | |
735 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | |
736 | ||
737 | /* | |
738 | * Now find the strength_bits values actually used | |
739 | */ | |
740 | curr = *head_p; | |
741 | while (curr != NULL) | |
742 | { | |
743 | if (curr->active) | |
744 | number_uses[curr->cipher->strength_bits]++; | |
745 | curr = curr->next; | |
746 | } | |
018e57c7 DSH |
747 | /* |
748 | * Go through the list of used strength_bits values in descending | |
64287002 | 749 | * order. |
018e57c7 | 750 | */ |
018e57c7 | 751 | for (i = max_strength_bits; i >= 0; i--) |
018e57c7 | 752 | if (number_uses[i] > 0) |
ba1ba5f0 | 753 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i, |
3822740c | 754 | co_list, head_p, tail_p); |
018e57c7 | 755 | |
26a3a48d | 756 | OPENSSL_free(number_uses); |
018e57c7 DSH |
757 | return(1); |
758 | } | |
759 | ||
760 | static int ssl_cipher_process_rulestr(const char *rule_str, | |
3822740c | 761 | CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, |
018e57c7 DSH |
762 | CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) |
763 | { | |
764 | unsigned long algorithms, mask, algo_strength, mask_strength; | |
765 | const char *l, *start, *buf; | |
766 | int j, multi, found, rule, retval, ok, buflen; | |
ba1ba5f0 | 767 | unsigned long cipher_id; |
018e57c7 | 768 | char ch; |
58964a49 | 769 | |
018e57c7 DSH |
770 | retval = 1; |
771 | l = rule_str; | |
772 | for (;;) | |
773 | { | |
774 | ch = *l; | |
58964a49 | 775 | |
018e57c7 DSH |
776 | if (ch == '\0') |
777 | break; /* done */ | |
d02b48c6 | 778 | if (ch == '-') |
018e57c7 | 779 | { rule = CIPHER_DEL; l++; } |
d02b48c6 | 780 | else if (ch == '+') |
018e57c7 | 781 | { rule = CIPHER_ORD; l++; } |
d02b48c6 | 782 | else if (ch == '!') |
018e57c7 DSH |
783 | { rule = CIPHER_KILL; l++; } |
784 | else if (ch == '@') | |
785 | { rule = CIPHER_SPECIAL; l++; } | |
786 | else | |
787 | { rule = CIPHER_ADD; } | |
d02b48c6 | 788 | |
58964a49 | 789 | if (ITEM_SEP(ch)) |
d02b48c6 RE |
790 | { |
791 | l++; | |
792 | continue; | |
793 | } | |
018e57c7 DSH |
794 | |
795 | algorithms = mask = algo_strength = mask_strength = 0; | |
d02b48c6 RE |
796 | |
797 | start=l; | |
798 | for (;;) | |
799 | { | |
018e57c7 DSH |
800 | ch = *l; |
801 | buf = l; | |
802 | buflen = 0; | |
ca570cfd | 803 | #ifndef CHARSET_EBCDIC |
d02b48c6 RE |
804 | while ( ((ch >= 'A') && (ch <= 'Z')) || |
805 | ((ch >= '0') && (ch <= '9')) || | |
806 | ((ch >= 'a') && (ch <= 'z')) || | |
807 | (ch == '-')) | |
ca570cfd UM |
808 | #else |
809 | while ( isalnum(ch) || (ch == '-')) | |
810 | #endif | |
d02b48c6 | 811 | { |
018e57c7 DSH |
812 | ch = *(++l); |
813 | buflen++; | |
d02b48c6 | 814 | } |
018e57c7 DSH |
815 | |
816 | if (buflen == 0) | |
817 | { | |
818 | /* | |
4013f3bf | 819 | * We hit something we cannot deal with, |
657e60fa | 820 | * it is no command or separator nor |
018e57c7 DSH |
821 | * alphanumeric, so we call this an error. |
822 | */ | |
823 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | |
824 | SSL_R_INVALID_COMMAND); | |
825 | retval = found = 0; | |
826 | l++; | |
827 | break; | |
828 | } | |
829 | ||
830 | if (rule == CIPHER_SPECIAL) | |
831 | { | |
4013f3bf | 832 | found = 0; /* unused -- avoid compiler warning */ |
018e57c7 DSH |
833 | break; /* special treatment */ |
834 | } | |
d02b48c6 RE |
835 | |
836 | /* check for multi-part specification */ | |
58964a49 RE |
837 | if (ch == '+') |
838 | { | |
839 | multi=1; | |
840 | l++; | |
841 | } | |
842 | else | |
843 | multi=0; | |
d02b48c6 | 844 | |
018e57c7 | 845 | /* |
4013f3bf | 846 | * Now search for the cipher alias in the ca_list. Be careful |
018e57c7 DSH |
847 | * with the strncmp, because the "buflen" limitation |
848 | * will make the rule "ADH:SOME" and the cipher | |
849 | * "ADH-MY-CIPHER" look like a match for buflen=3. | |
4013f3bf BM |
850 | * So additionally check whether the cipher name found |
851 | * has the correct length. We can save a strlen() call: | |
018e57c7 | 852 | * just checking for the '\0' at the right place is |
f65a7578 LJ |
853 | * sufficient, we have to strncmp() anyway. (We cannot |
854 | * use strcmp(), because buf is not '\0' terminated.) | |
018e57c7 DSH |
855 | */ |
856 | j = found = 0; | |
ba1ba5f0 | 857 | cipher_id = 0; |
018e57c7 DSH |
858 | while (ca_list[j]) |
859 | { | |
f65a7578 LJ |
860 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
861 | (ca_list[j]->name[buflen] == '\0')) | |
018e57c7 DSH |
862 | { |
863 | found = 1; | |
864 | break; | |
865 | } | |
866 | else | |
867 | j++; | |
868 | } | |
869 | if (!found) | |
870 | break; /* ignore this entry */ | |
871 | ||
ba1ba5f0 DSH |
872 | if (ca_list[j]->valid) |
873 | { | |
874 | cipher_id = ca_list[j]->id; | |
875 | break; | |
876 | } | |
877 | ||
f0747cd9 NL |
878 | /* New algorithms: |
879 | * 1 - any old restrictions apply outside new mask | |
880 | * 2 - any new restrictions apply outside old mask | |
881 | * 3 - enforce old & new where masks intersect | |
882 | */ | |
883 | algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */ | |
884 | (ca_list[j]->algorithms & ~mask) | /* 2 */ | |
885 | (algorithms & ca_list[j]->algorithms); /* 3 */ | |
018e57c7 | 886 | mask |= ca_list[j]->mask; |
f0747cd9 NL |
887 | algo_strength = (algo_strength & ~ca_list[j]->mask_strength) | |
888 | (ca_list[j]->algo_strength & ~mask_strength) | | |
889 | (algo_strength & ca_list[j]->algo_strength); | |
018e57c7 | 890 | mask_strength |= ca_list[j]->mask_strength; |
d02b48c6 | 891 | |
d02b48c6 RE |
892 | if (!multi) break; |
893 | } | |
018e57c7 | 894 | |
4013f3bf BM |
895 | /* |
896 | * Ok, we have the rule, now apply it | |
897 | */ | |
898 | if (rule == CIPHER_SPECIAL) | |
899 | { /* special command */ | |
900 | ok = 0; | |
901 | if ((buflen == 8) && | |
902 | !strncmp(buf, "STRENGTH", 8)) | |
3822740c | 903 | ok = ssl_cipher_strength_sort(co_list, |
4013f3bf BM |
904 | head_p, tail_p); |
905 | else | |
906 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | |
907 | SSL_R_INVALID_COMMAND); | |
908 | if (ok == 0) | |
909 | retval = 0; | |
018e57c7 | 910 | /* |
4013f3bf BM |
911 | * We do not support any "multi" options |
912 | * together with "@", so throw away the | |
913 | * rest of the command, if any left, until | |
914 | * end or ':' is found. | |
018e57c7 | 915 | */ |
4013f3bf BM |
916 | while ((*l != '\0') && ITEM_SEP(*l)) |
917 | l++; | |
918 | } | |
919 | else if (found) | |
920 | { | |
ba1ba5f0 | 921 | ssl_cipher_apply_rule(cipher_id, algorithms, mask, |
4013f3bf | 922 | algo_strength, mask_strength, rule, -1, |
3822740c | 923 | co_list, head_p, tail_p); |
4013f3bf BM |
924 | } |
925 | else | |
926 | { | |
927 | while ((*l != '\0') && ITEM_SEP(*l)) | |
928 | l++; | |
929 | } | |
930 | if (*l == '\0') break; /* done */ | |
d02b48c6 RE |
931 | } |
932 | ||
018e57c7 DSH |
933 | return(retval); |
934 | } | |
935 | ||
936 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |
937 | STACK_OF(SSL_CIPHER) **cipher_list, | |
938 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | |
939 | const char *rule_str) | |
940 | { | |
941 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | |
942 | unsigned long disabled_mask; | |
f0747cd9 | 943 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
018e57c7 | 944 | const char *rule_p; |
3822740c | 945 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
018e57c7 DSH |
946 | SSL_CIPHER **ca_list = NULL; |
947 | ||
948 | /* | |
949 | * Return with error if nothing to do. | |
950 | */ | |
f0747cd9 NL |
951 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
952 | return NULL; | |
018e57c7 | 953 | |
018e57c7 DSH |
954 | /* |
955 | * To reduce the work to do we only want to process the compiled | |
956 | * in algorithms, so we first get the mask of disabled ciphers. | |
957 | */ | |
958 | disabled_mask = ssl_cipher_get_disabled(); | |
959 | ||
960 | /* | |
961 | * Now we have to collect the available ciphers from the compiled | |
962 | * in ciphers. We cannot get more than the number compiled in, so | |
963 | * it is used for allocation. | |
964 | */ | |
965 | num_of_ciphers = ssl_method->num_ciphers(); | |
f9b3bff6 RL |
966 | #ifdef KSSL_DEBUG |
967 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | |
968 | #endif /* KSSL_DEBUG */ | |
3822740c RL |
969 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); |
970 | if (co_list == NULL) | |
d02b48c6 | 971 | { |
018e57c7 DSH |
972 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
973 | return(NULL); /* Failure */ | |
974 | } | |
58964a49 | 975 | |
018e57c7 | 976 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, |
3822740c | 977 | co_list, &head, &tail); |
018e57c7 DSH |
978 | |
979 | /* | |
980 | * We also need cipher aliases for selecting based on the rule_str. | |
981 | * There might be two types of entries in the rule_str: 1) names | |
982 | * of ciphers themselves 2) aliases for groups of ciphers. | |
983 | * For 1) we need the available ciphers and for 2) the cipher | |
657e60fa | 984 | * groups of cipher_aliases added together in one list (otherwise |
018e57c7 DSH |
985 | * we would be happy with just the cipher_aliases table). |
986 | */ | |
987 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | |
988 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | |
989 | ca_list = | |
26a3a48d | 990 | (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); |
018e57c7 DSH |
991 | if (ca_list == NULL) |
992 | { | |
3822740c | 993 | OPENSSL_free(co_list); |
018e57c7 DSH |
994 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
995 | return(NULL); /* Failure */ | |
996 | } | |
997 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, | |
998 | head); | |
999 | ||
1000 | /* | |
1001 | * If the rule_string begins with DEFAULT, apply the default rule | |
1002 | * before using the (possibly available) additional rules. | |
1003 | */ | |
1004 | ok = 1; | |
1005 | rule_p = rule_str; | |
1006 | if (strncmp(rule_str,"DEFAULT",7) == 0) | |
1007 | { | |
1008 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | |
3822740c | 1009 | co_list, &head, &tail, ca_list); |
018e57c7 DSH |
1010 | rule_p += 7; |
1011 | if (*rule_p == ':') | |
1012 | rule_p++; | |
1013 | } | |
58964a49 | 1014 | |
018e57c7 | 1015 | if (ok && (strlen(rule_p) > 0)) |
3822740c | 1016 | ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, |
018e57c7 | 1017 | ca_list); |
d02b48c6 | 1018 | |
26a3a48d | 1019 | OPENSSL_free(ca_list); /* Not needed anymore */ |
018e57c7 DSH |
1020 | |
1021 | if (!ok) | |
1022 | { /* Rule processing failure */ | |
3822740c | 1023 | OPENSSL_free(co_list); |
018e57c7 DSH |
1024 | return(NULL); |
1025 | } | |
1026 | /* | |
1027 | * Allocate new "cipherstack" for the result, return with error | |
1028 | * if we cannot get one. | |
1029 | */ | |
62324627 | 1030 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) |
018e57c7 | 1031 | { |
3822740c | 1032 | OPENSSL_free(co_list); |
018e57c7 | 1033 | return(NULL); |
d02b48c6 RE |
1034 | } |
1035 | ||
018e57c7 DSH |
1036 | /* |
1037 | * The cipher selection for the list is done. The ciphers are added | |
1038 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | |
1039 | */ | |
1040 | for (curr = head; curr != NULL; curr = curr->next) | |
d02b48c6 | 1041 | { |
58964a49 | 1042 | if (curr->active) |
d02b48c6 | 1043 | { |
018e57c7 | 1044 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
d02b48c6 | 1045 | #ifdef CIPHER_DEBUG |
58964a49 | 1046 | printf("<%s>\n",curr->cipher->name); |
d02b48c6 | 1047 | #endif |
d02b48c6 RE |
1048 | } |
1049 | } | |
3822740c | 1050 | OPENSSL_free(co_list); /* Not needed any longer */ |
018e57c7 | 1051 | |
f0747cd9 NL |
1052 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
1053 | if (tmp_cipher_list == NULL) | |
018e57c7 DSH |
1054 | { |
1055 | sk_SSL_CIPHER_free(cipherstack); | |
f0747cd9 | 1056 | return NULL; |
018e57c7 | 1057 | } |
f0747cd9 NL |
1058 | if (*cipher_list != NULL) |
1059 | sk_SSL_CIPHER_free(*cipher_list); | |
1060 | *cipher_list = cipherstack; | |
1061 | if (*cipher_list_by_id != NULL) | |
1062 | sk_SSL_CIPHER_free(*cipher_list_by_id); | |
1063 | *cipher_list_by_id = tmp_cipher_list; | |
f73e07cf | 1064 | sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); |
d02b48c6 | 1065 | |
018e57c7 | 1066 | return(cipherstack); |
d02b48c6 RE |
1067 | } |
1068 | ||
6b691a5c | 1069 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) |
d02b48c6 | 1070 | { |
b1c4fe36 | 1071 | int is_export,pkl,kl; |
f4bfd357 NL |
1072 | const char *ver,*exp_str; |
1073 | const char *kx,*au,*enc,*mac; | |
018e57c7 | 1074 | unsigned long alg,alg2,alg_s; |
f9b3bff6 | 1075 | #ifdef KSSL_DEBUG |
f4bfd357 | 1076 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; |
f9b3bff6 | 1077 | #else |
f4bfd357 | 1078 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; |
f9b3bff6 RL |
1079 | #endif /* KSSL_DEBUG */ |
1080 | ||
d02b48c6 | 1081 | alg=cipher->algorithms; |
018e57c7 | 1082 | alg_s=cipher->algo_strength; |
d02b48c6 RE |
1083 | alg2=cipher->algorithm2; |
1084 | ||
018e57c7 DSH |
1085 | is_export=SSL_C_IS_EXPORT(cipher); |
1086 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | |
1087 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | |
d8ec0dcf | 1088 | exp_str=is_export?" export":""; |
ea262260 | 1089 | |
d02b48c6 RE |
1090 | if (alg & SSL_SSLV2) |
1091 | ver="SSLv2"; | |
1092 | else if (alg & SSL_SSLV3) | |
1093 | ver="SSLv3"; | |
1094 | else | |
1095 | ver="unknown"; | |
1096 | ||
1097 | switch (alg&SSL_MKEY_MASK) | |
1098 | { | |
1099 | case SSL_kRSA: | |
b1c4fe36 | 1100 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; |
d02b48c6 RE |
1101 | break; |
1102 | case SSL_kDHr: | |
1103 | kx="DH/RSA"; | |
1104 | break; | |
1105 | case SSL_kDHd: | |
1106 | kx="DH/DSS"; | |
1107 | break; | |
f9b3bff6 RL |
1108 | case SSL_kKRB5: /* VRS */ |
1109 | case SSL_KRB5: /* VRS */ | |
1110 | kx="KRB5"; | |
1111 | break; | |
d02b48c6 RE |
1112 | case SSL_kFZA: |
1113 | kx="Fortezza"; | |
1114 | break; | |
1115 | case SSL_kEDH: | |
b1c4fe36 | 1116 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
d02b48c6 | 1117 | break; |
ea262260 BM |
1118 | case SSL_kECDH: |
1119 | case SSL_kECDHE: | |
1120 | kx=is_export?"ECDH(<=163)":"ECDH"; | |
1121 | break; | |
ddac1974 NL |
1122 | case SSL_kPSK: |
1123 | kx="PSK"; | |
1124 | break; | |
d02b48c6 RE |
1125 | default: |
1126 | kx="unknown"; | |
1127 | } | |
1128 | ||
1129 | switch (alg&SSL_AUTH_MASK) | |
1130 | { | |
1131 | case SSL_aRSA: | |
1132 | au="RSA"; | |
1133 | break; | |
1134 | case SSL_aDSS: | |
1135 | au="DSS"; | |
1136 | break; | |
1137 | case SSL_aDH: | |
1138 | au="DH"; | |
1139 | break; | |
f9b3bff6 RL |
1140 | case SSL_aKRB5: /* VRS */ |
1141 | case SSL_KRB5: /* VRS */ | |
1142 | au="KRB5"; | |
1143 | break; | |
d02b48c6 RE |
1144 | case SSL_aFZA: |
1145 | case SSL_aNULL: | |
1146 | au="None"; | |
1147 | break; | |
ea262260 BM |
1148 | case SSL_aECDSA: |
1149 | au="ECDSA"; | |
1150 | break; | |
ddac1974 NL |
1151 | case SSL_aPSK: |
1152 | au="PSK"; | |
1153 | break; | |
d02b48c6 RE |
1154 | default: |
1155 | au="unknown"; | |
1156 | break; | |
1157 | } | |
1158 | ||
1159 | switch (alg&SSL_ENC_MASK) | |
1160 | { | |
1161 | case SSL_DES: | |
b1c4fe36 | 1162 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; |
d02b48c6 RE |
1163 | break; |
1164 | case SSL_3DES: | |
1165 | enc="3DES(168)"; | |
1166 | break; | |
1167 | case SSL_RC4: | |
b1c4fe36 | 1168 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") |
06ab81f9 | 1169 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); |
d02b48c6 RE |
1170 | break; |
1171 | case SSL_RC2: | |
b1c4fe36 | 1172 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; |
d02b48c6 RE |
1173 | break; |
1174 | case SSL_IDEA: | |
1175 | enc="IDEA(128)"; | |
1176 | break; | |
1177 | case SSL_eFZA: | |
1178 | enc="Fortezza"; | |
1179 | break; | |
1180 | case SSL_eNULL: | |
1181 | enc="None"; | |
1182 | break; | |
deb2c1a1 DSH |
1183 | case SSL_AES: |
1184 | switch(cipher->strength_bits) | |
259810e0 | 1185 | { |
ea4f109c BM |
1186 | case 128: enc="AES(128)"; break; |
1187 | case 192: enc="AES(192)"; break; | |
1188 | case 256: enc="AES(256)"; break; | |
1189 | default: enc="AES(?""?""?)"; break; | |
259810e0 BL |
1190 | } |
1191 | break; | |
f3dea9a5 BM |
1192 | case SSL_CAMELLIA: |
1193 | switch(cipher->strength_bits) | |
1194 | { | |
1195 | case 128: enc="Camellia(128)"; break; | |
1196 | case 256: enc="Camellia(256)"; break; | |
1197 | default: enc="Camellia(?""?""?)"; break; | |
1198 | } | |
1199 | break; | |
1200 | ||
d02b48c6 RE |
1201 | default: |
1202 | enc="unknown"; | |
1203 | break; | |
1204 | } | |
1205 | ||
1206 | switch (alg&SSL_MAC_MASK) | |
1207 | { | |
1208 | case SSL_MD5: | |
1209 | mac="MD5"; | |
1210 | break; | |
d02b48c6 RE |
1211 | case SSL_SHA1: |
1212 | mac="SHA1"; | |
1213 | break; | |
1214 | default: | |
1215 | mac="unknown"; | |
1216 | break; | |
1217 | } | |
1218 | ||
1219 | if (buf == NULL) | |
1220 | { | |
063c0502 | 1221 | len=128; |
26a3a48d RL |
1222 | buf=OPENSSL_malloc(len); |
1223 | if (buf == NULL) return("OPENSSL_malloc Error"); | |
d02b48c6 RE |
1224 | } |
1225 | else if (len < 128) | |
1226 | return("Buffer too small"); | |
1227 | ||
f9b3bff6 | 1228 | #ifdef KSSL_DEBUG |
d8ec0dcf | 1229 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); |
f9b3bff6 | 1230 | #else |
d8ec0dcf | 1231 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); |
f9b3bff6 | 1232 | #endif /* KSSL_DEBUG */ |
d02b48c6 RE |
1233 | return(buf); |
1234 | } | |
1235 | ||
0821bcd4 | 1236 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) |
d02b48c6 RE |
1237 | { |
1238 | int i; | |
1239 | ||
58964a49 | 1240 | if (c == NULL) return("(NONE)"); |
d02b48c6 RE |
1241 | i=(int)(c->id>>24L); |
1242 | if (i == 3) | |
58964a49 | 1243 | return("TLSv1/SSLv3"); |
d02b48c6 RE |
1244 | else if (i == 2) |
1245 | return("SSLv2"); | |
1246 | else | |
1247 | return("unknown"); | |
1248 | } | |
1249 | ||
1250 | /* return the actual cipher being used */ | |
0821bcd4 | 1251 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) |
d02b48c6 RE |
1252 | { |
1253 | if (c != NULL) | |
1254 | return(c->name); | |
1255 | return("(NONE)"); | |
1256 | } | |
1257 | ||
657e60fa | 1258 | /* number of bits for symmetric cipher */ |
0821bcd4 | 1259 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
d02b48c6 | 1260 | { |
018e57c7 | 1261 | int ret=0; |
d02b48c6 RE |
1262 | |
1263 | if (c != NULL) | |
1264 | { | |
018e57c7 DSH |
1265 | if (alg_bits != NULL) *alg_bits = c->alg_bits; |
1266 | ret = c->strength_bits; | |
d02b48c6 | 1267 | } |
d02b48c6 RE |
1268 | return(ret); |
1269 | } | |
1270 | ||
6b691a5c | 1271 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
413c4f45 MC |
1272 | { |
1273 | SSL_COMP *ctmp; | |
1274 | int i,nn; | |
1275 | ||
1276 | if ((n == 0) || (sk == NULL)) return(NULL); | |
f73e07cf | 1277 | nn=sk_SSL_COMP_num(sk); |
413c4f45 MC |
1278 | for (i=0; i<nn; i++) |
1279 | { | |
f73e07cf | 1280 | ctmp=sk_SSL_COMP_value(sk,i); |
413c4f45 MC |
1281 | if (ctmp->id == n) |
1282 | return(ctmp); | |
1283 | } | |
1284 | return(NULL); | |
1285 | } | |
1286 | ||
09b6c2ef DSH |
1287 | #ifdef OPENSSL_NO_COMP |
1288 | void *SSL_COMP_get_compression_methods(void) | |
1289 | { | |
1290 | return NULL; | |
1291 | } | |
1292 | int SSL_COMP_add_compression_method(int id, void *cm) | |
1293 | { | |
1294 | return 1; | |
1295 | } | |
1296 | ||
1297 | const char *SSL_COMP_get_name(const void *comp) | |
1298 | { | |
1299 | return NULL; | |
1300 | } | |
1301 | #else | |
6b691a5c | 1302 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) |
413c4f45 | 1303 | { |
7ba666fa | 1304 | load_builtin_compressions(); |
413c4f45 MC |
1305 | return(ssl_comp_methods); |
1306 | } | |
1307 | ||
6b691a5c | 1308 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
413c4f45 MC |
1309 | { |
1310 | SSL_COMP *comp; | |
413c4f45 | 1311 | |
9f495243 RL |
1312 | if (cm == NULL || cm->type == NID_undef) |
1313 | return 1; | |
1314 | ||
7ba666fa RL |
1315 | /* According to draft-ietf-tls-compression-04.txt, the |
1316 | compression number ranges should be the following: | |
1317 | ||
1318 | 0 to 63: methods defined by the IETF | |
1319 | 64 to 192: external party methods assigned by IANA | |
1320 | 193 to 255: reserved for private use */ | |
1321 | if (id < 193 || id > 255) | |
1322 | { | |
1323 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | |
1324 | return 0; | |
1325 | } | |
1326 | ||
058123af | 1327 | MemCheck_off(); |
26a3a48d | 1328 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
413c4f45 MC |
1329 | comp->id=id; |
1330 | comp->method=cm; | |
7ba666fa | 1331 | load_builtin_compressions(); |
82423549 RL |
1332 | if (ssl_comp_methods |
1333 | && !sk_SSL_COMP_find(ssl_comp_methods,comp)) | |
1334 | { | |
1335 | OPENSSL_free(comp); | |
1336 | MemCheck_on(); | |
1337 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | |
1338 | return(1); | |
1339 | } | |
1340 | else if ((ssl_comp_methods == NULL) | |
7ba666fa | 1341 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) |
413c4f45 | 1342 | { |
7ba666fa | 1343 | OPENSSL_free(comp); |
058123af | 1344 | MemCheck_on(); |
413c4f45 | 1345 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); |
f6e8c19e | 1346 | return(1); |
413c4f45 MC |
1347 | } |
1348 | else | |
058123af RL |
1349 | { |
1350 | MemCheck_on(); | |
f6e8c19e | 1351 | return(0); |
058123af | 1352 | } |
413c4f45 | 1353 | } |
377dcdba RL |
1354 | |
1355 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | |
1356 | { | |
1357 | if (comp) | |
1358 | return comp->name; | |
1359 | return NULL; | |
1360 | } | |
1361 | ||
09b6c2ef | 1362 | #endif |