1: /* ssl/ssl_ciph.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: /* ====================================================================
  112:  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113:  * ECC cipher suite support in OpenSSL originally developed by 
  114:  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115:  */
  116: #include <stdio.h>
  117: #include <openssl/objects.h>
  118: #include <openssl/comp.h>
  119: #include "ssl_locl.h"
  120: 
  121: #define SSL_ENC_DES_IDX         0
  122: #define SSL_ENC_3DES_IDX        1
  123: #define SSL_ENC_RC4_IDX         2
  124: #define SSL_ENC_RC2_IDX         3
  125: #define SSL_ENC_IDEA_IDX        4
  126: #define SSL_ENC_eFZA_IDX        5
  127: #define SSL_ENC_NULL_IDX        6
  128: #define SSL_ENC_AES128_IDX      7
  129: #define SSL_ENC_AES256_IDX      8
  130: #define SSL_ENC_CAMELLIA128_IDX 9
  131: #define SSL_ENC_CAMELLIA256_IDX 10
  132: #define SSL_ENC_SEED_IDX        11
  133: #define SSL_ENC_NUM_IDX         12
  134: 
  135: 
  136: static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
  137:         NULL,NULL,NULL,NULL,NULL,NULL,
  138:         };
  139: 
  140: #define SSL_COMP_NULL_IDX       0
  141: #define SSL_COMP_ZLIB_IDX       1
  142: #define SSL_COMP_NUM_IDX        2
  143: 
  144: static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
  145: 
  146: #define SSL_MD_MD5_IDX  0
  147: #define SSL_MD_SHA1_IDX 1
  148: #define SSL_MD_NUM_IDX  2
  149: static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
  150:         NULL,NULL,
  151:         };
  152: 
  153: #define CIPHER_ADD      1
  154: #define CIPHER_KILL     2
  155: #define CIPHER_DEL      3
  156: #define CIPHER_ORD      4
  157: #define CIPHER_SPECIAL  5
  158: 
  159: typedef struct cipher_order_st
  160:         {
  161:         SSL_CIPHER *cipher;
  162:         int active;
  163:         int dead;
  164:         struct cipher_order_st *next,*prev;
  165:         } CIPHER_ORDER;
  166: 
  167: static const SSL_CIPHER cipher_aliases[]={
  168:         /* Don't include eNULL unless specifically enabled. */
  169:         /* Don't include ECC in ALL because these ciphers are not yet official. */
  170:         {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
  171:         /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
  172:         {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
  173:         {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
  174:         {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
  175:         {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
  176:         {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
  177:         {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
  178:         {0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
  179:         {0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
  180:         {0,SSL_TXT_DH, 0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
  181:         {0,SSL_TXT_ECC,        0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
  182:         {0,SSL_TXT_EDH,        0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
  183:         {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
  184:         {0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
  185:         {0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
  186:         {0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
  187:         {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
  188:         {0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
  189:         {0,SSL_TXT_DSS,        0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
  190: 
  191:         {0,SSL_TXT_DES,        0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
  192:         {0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
  193:         {0,SSL_TXT_RC4,        0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
  194:         {0,SSL_TXT_RC2,        0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
  195: #ifndef OPENSSL_NO_IDEA
  196:         {0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
  197: #endif
  198:         {0,SSL_TXT_SEED,0,SSL_SEED,  0,0,0,0,SSL_ENC_MASK,0},
  199:         {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
  200:         {0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
  201:         {0,SSL_TXT_AES,        0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
  202:         {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
  203: 
  204:         {0,SSL_TXT_MD5,        0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
  205:         {0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
  206:         {0,SSL_TXT_SHA,        0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
  207: 
  208:         {0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
  209:         {0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
  210:         {0,SSL_TXT_RSA,        0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
  211:         {0,SSL_TXT_ADH,        0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
  212:         {0,SSL_TXT_FZA,        0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
  213: 
  214:         {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
  215:         {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
  216:         {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
  217: 
  218:         {0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
  219:         {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
  220:         {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
  221:         {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
  222:         {0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
  223:         {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
  224:         {0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
  225:         };
  226: 
  227: void ssl_load_ciphers(void)
  228:         {
  229:         ssl_cipher_methods[SSL_ENC_DES_IDX]= 
  230:                 EVP_get_cipherbyname(SN_des_cbc);
  231:         ssl_cipher_methods[SSL_ENC_3DES_IDX]=
  232:                 EVP_get_cipherbyname(SN_des_ede3_cbc);
  233:         ssl_cipher_methods[SSL_ENC_RC4_IDX]=
  234:                 EVP_get_cipherbyname(SN_rc4);
  235:         ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
  236:                 EVP_get_cipherbyname(SN_rc2_cbc);
  237: #ifndef OPENSSL_NO_IDEA
  238:         ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
  239:                 EVP_get_cipherbyname(SN_idea_cbc);
  240: #else
  241:         ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
  242: #endif
  243:         ssl_cipher_methods[SSL_ENC_AES128_IDX]=
  244:           EVP_get_cipherbyname(SN_aes_128_cbc);
  245:         ssl_cipher_methods[SSL_ENC_AES256_IDX]=
  246:           EVP_get_cipherbyname(SN_aes_256_cbc);
  247:         ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
  248:           EVP_get_cipherbyname(SN_camellia_128_cbc);
  249:         ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
  250:           EVP_get_cipherbyname(SN_camellia_256_cbc);
  251:         ssl_cipher_methods[SSL_ENC_SEED_IDX]=
  252:           EVP_get_cipherbyname(SN_seed_cbc);
  253: 
  254:         ssl_digest_methods[SSL_MD_MD5_IDX]=
  255:                 EVP_get_digestbyname(SN_md5);
  256:         ssl_digest_methods[SSL_MD_SHA1_IDX]=
  257:                 EVP_get_digestbyname(SN_sha1);
  258:         }
  259: 
  260: 
  261: #ifndef OPENSSL_NO_COMP
  262: 
  263: static int sk_comp_cmp(const SSL_COMP * const *a,
  264:                         const SSL_COMP * const *b)
  265:         {
  266:         return((*a)->id-(*b)->id);
  267:         }
  268: 
  269: static void load_builtin_compressions(void)
  270:         {
  271:         int got_write_lock = 0;
  272: 
  273:         CRYPTO_r_lock(CRYPTO_LOCK_SSL);
  274:         if (ssl_comp_methods == NULL)
  275:                 {
  276:                 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
  277:                 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
  278:                 got_write_lock = 1;
  279:                 
  280:                 if (ssl_comp_methods == NULL)
  281:                         {
  282:                         SSL_COMP *comp = NULL;
  283: 
  284:                         MemCheck_off();
  285:                         ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
  286:                         if (ssl_comp_methods != NULL)
  287:                                 {
  288:                                 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
  289:                                 if (comp != NULL)
  290:                                         {
  291:                                         comp->method=COMP_zlib();
  292:                                         if (comp->method
  293:                                                 && comp->method->type == NID_undef)
  294:                                                 OPENSSL_free(comp);
  295:                                         else
  296:                                                 {
  297:                                                 comp->id=SSL_COMP_ZLIB_IDX;
  298:                                                 comp->name=comp->method->name;
  299:                                                 sk_SSL_COMP_push(ssl_comp_methods,comp);
  300:                                                 }
  301:                                         }
  302:                                 }
  303:                         MemCheck_on();
  304:                         }
  305:                 }
  306:         
  307:         if (got_write_lock)
  308:                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
  309:         else
  310:                 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
  311:         }
  312: #endif
  313: 
  314: int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
  315:              const EVP_MD **md, SSL_COMP **comp)
  316:         {
  317:         int i;
  318:         SSL_CIPHER *c;
  319: 
  320:         c=s->cipher;
  321:         if (c == NULL) return(0);
  322:         if (comp != NULL)
  323:                 {
  324:                 SSL_COMP ctmp;
  325: #ifndef OPENSSL_NO_COMP
  326:                 load_builtin_compressions();
  327: #endif
  328: 
  329:                 *comp=NULL;
  330:                 ctmp.id=s->compress_meth;
  331:                 if (ssl_comp_methods != NULL)
  332:                         {
  333:                         i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
  334:                         if (i >= 0)
  335:                                 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
  336:                         else
  337:                                 *comp=NULL;
  338:                         }
  339:                 }
  340: 
  341:         if ((enc == NULL) || (md == NULL)) return(0);
  342: 
  343:         switch (c->algorithms & SSL_ENC_MASK)
  344:                 {
  345:         case SSL_DES:
  346:                 i=SSL_ENC_DES_IDX;
  347:                 break;
  348:         case SSL_3DES:
  349:                 i=SSL_ENC_3DES_IDX;
  350:                 break;
  351:         case SSL_RC4:
  352:                 i=SSL_ENC_RC4_IDX;
  353:                 break;
  354:         case SSL_RC2:
  355:                 i=SSL_ENC_RC2_IDX;
  356:                 break;
  357:         case SSL_IDEA:
  358:                 i=SSL_ENC_IDEA_IDX;
  359:                 break;
  360:         case SSL_eNULL:
  361:                 i=SSL_ENC_NULL_IDX;
  362:                 break;
  363:         case SSL_AES:
  364:                 switch(c->alg_bits)
  365:                         {
  366:                 case 128: i=SSL_ENC_AES128_IDX; break;
  367:                 case 256: i=SSL_ENC_AES256_IDX; break;
  368:                 default: i=-1; break;
  369:                         }
  370:                 break;
  371:         case SSL_CAMELLIA:
  372:                 switch(c->alg_bits)
  373:                         {
  374:                 case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
  375:                 case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
  376:                 default: i=-1; break;
  377:                         }
  378:                 break;
  379:         case SSL_SEED:
  380:                 i=SSL_ENC_SEED_IDX;
  381:                 break;
  382: 
  383:         default:
  384:                 i= -1;
  385:                 break;
  386:                 }
  387: 
  388:         if ((i < 0) || (i > SSL_ENC_NUM_IDX))
  389:                 *enc=NULL;
  390:         else
  391:                 {
  392:                 if (i == SSL_ENC_NULL_IDX)
  393:                         *enc=EVP_enc_null();
  394:                 else
  395:                         *enc=ssl_cipher_methods[i];
  396:                 }
  397: 
  398:         switch (c->algorithms & SSL_MAC_MASK)
  399:                 {
  400:         case SSL_MD5:
  401:                 i=SSL_MD_MD5_IDX;
  402:                 break;
  403:         case SSL_SHA1:
  404:                 i=SSL_MD_SHA1_IDX;
  405:                 break;
  406:         default:
  407:                 i= -1;
  408:                 break;
  409:                 }
  410:         if ((i < 0) || (i > SSL_MD_NUM_IDX))
  411:                 *md=NULL;
  412:         else
  413:                 *md=ssl_digest_methods[i];
  414: 
  415:         if ((*enc != NULL) && (*md != NULL))
  416:                 return(1);
  417:         else
  418:                 return(0);
  419:         }
  420: 
  421: #define ITEM_SEP(a) \
  422:         (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
  423: 
  424: static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
  425:              CIPHER_ORDER **tail)
  426:         {
  427:         if (curr == *tail) return;
  428:         if (curr == *head)
  429:                 *head=curr->next;
  430:         if (curr->prev != NULL)
  431:                 curr->prev->next=curr->next;
  432:         if (curr->next != NULL) /* should always be true */
  433:                 curr->next->prev=curr->prev;
  434:         (*tail)->next=curr;
  435:         curr->prev= *tail;
  436:         curr->next=NULL;
  437:         *tail=curr;
  438:         }
  439: 
  440: struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
  441:                          * where 128-bit and 256-bit algorithms simply will get
  442:                          * separate bits. */
  443:   unsigned long mask; /* everything except m256 */
  444:   unsigned long m256; /* applies to 256-bit algorithms only */
  445: };
  446: 
  447: static struct disabled_masks ssl_cipher_get_disabled(void)
  448:         {
  449:         unsigned long mask;
  450:         unsigned long m256;
  451:         struct disabled_masks ret;
  452: 
  453:         mask = SSL_kFZA;
  454: #ifdef OPENSSL_NO_RSA
  455:         mask |= SSL_aRSA|SSL_kRSA;
  456: #endif
  457: #ifdef OPENSSL_NO_DSA
  458:         mask |= SSL_aDSS;
  459: #endif
  460: #ifdef OPENSSL_NO_DH
  461:         mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
  462: #endif
  463: #ifdef OPENSSL_NO_KRB5
  464:         mask |= SSL_kKRB5|SSL_aKRB5;
  465: #endif
  466: #ifdef OPENSSL_NO_ECDH
  467:         mask |= SSL_kECDH|SSL_kECDHE;
  468: #endif
  469: #ifdef SSL_FORBID_ENULL
  470:         mask |= SSL_eNULL;
  471: #endif
  472: 
  473:         mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
  474:         mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
  475:         mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
  476:         mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
  477:         mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
  478:         mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
  479:         mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
  480: 
  481:         mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
  482:         mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
  483: 
  484:         /* finally consider algorithms where mask and m256 differ */
  485:         m256 = mask;
  486:         mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
  487:         mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
  488:         m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
  489:         m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
  490: 
  491:         ret.mask = mask;
  492:         ret.m256 = m256;
  493:         return ret;
  494:         }
  495: 
  496: static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
  497:                 int num_of_ciphers, unsigned long mask, unsigned long m256,
  498:                 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
  499:                 CIPHER_ORDER **tail_p)
  500:         {
  501:         int i, co_list_num;
  502:         SSL_CIPHER *c;
  503: 
  504:         /*
  505:          * We have num_of_ciphers descriptions compiled in, depending on the
  506:          * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
  507:          * These will later be sorted in a linked list with at most num