generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reorganize the data used for SSL ciphersuite pattern matching.

Browse Source 
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
This commit is contained in:
Bodo Möller 2007-02-17 06:45:38 +00:00
parent cc684e330b
commit 52b8dad8ec
18 changed files with 1824 additions and 1354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CHANGES
View File

@ -4,6 +4,28 @@
Changes between 0.9.8e and 0.9.9 [xx XXX xxxx]
*) Split the SSL/TLS algorithm mask (as used for ciphersuite string
processing) into multiple integers instead of setting
"SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
"SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
(These masks as well as the individual bit definitions are hidden
away into the non-exported interface ssl/ssl_locl.h, so this
change to the definition of the SSL_CIPHER structure shouldn't
affect applications.) This give us more bits for each of these
categories, so there is no longer a need to coagulate AES128 and
AES256 into a single algorithm bit, and to coagulate Camellia128
and Camellia256 into a single algorithm bit, which has led to all
kinds of kludges.
Thus, among other things, the kludge introduced in 0.9.7m and
0.9.8e for masking out AES256 independently of AES128 or masking
out Camellia256 independently of AES256 is not needed here in 0.9.9.
With the change, we also introduce new ciphersuite aliases that
so far were missing: "AES128", "AES256", "CAMELLIA128", and
"CAMELLIA256".
[Bodo Moeller]
*) Add support for dsa-with-SHA224 and dsa-with-SHA256.
Use the leftmost N bytes of the signature input if the input is
larger than the prime q (with N being the size in bytes of q).
@ -430,6 +452,13 @@
Changes between 0.9.8d and 0.9.8e [XX xxx XXXX]
*) Since AES128 and AES256 (and similarly Camellia128 and
Camellia256) share a single mask bit in the logic of
ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
kludge to work properly if AES128 is available and AES256 isn't
(or if Camellia128 is available and Camellia256 isn't).
[Victor Duchovni]
*) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
(within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
When a point or a seed is encoded in a BIT STRING, we need to
@ -1459,6 +1488,11 @@
Changes between 0.9.7l and 0.9.7m [xx XXX xxxx]
*) Since AES128 and AES256 share a single mask bit in the logic of
ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
kludge to work properly if AES128 is available and AES256 isn't.
[Victor Duchovni]
*) Have SSL/TLS server implementation tolerate "mismatched" record
protocol version while receiving ClientHello even if the
ClientHello is fragmented. (The server can't insist on the

2
LICENSE
View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

2
README
View File

@ -1,7 +1,7 @@
OpenSSL 0.9.9-dev XX xxx XXXX
Copyright (c) 1998-2005 The OpenSSL Project
Copyright (c) 1998-2007 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

2
crypto/opensslv.h
View File

@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
#define SHLIB_VERSION_NUMBER "0.9.8"
#define SHLIB_VERSION_NUMBER "0.9.9"
#endif /* HEADER_OPENSSLV_H */

17
ssl/d1_clnt.c
View File

@ -4,7 +4,7 @@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -274,7 +274,7 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
/* Check if it is anon DH */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
@ -335,7 +335,6 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CW_KEY_EXCH_B:
ret=dtls1_send_client_key_exchange(s);
if (ret <= 0) goto end;
l=s->s3->tmp.new_cipher->algorithms;
/* EAY EAY EAY need to check for DH fix cert
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
@ -684,7 +683,7 @@ int dtls1_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
int n;
unsigned long l;
unsigned long alg_k;
#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey=NULL;
@ -698,12 +697,12 @@ int dtls1_send_client_key_exchange(SSL *s)
d=(unsigned char *)s->init_buf->data;
p= &(d[DTLS1_HM_HEADER_LENGTH]);
l=s->s3->tmp.new_cipher->algorithms;
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
/* Fool emacs indentation */
if (0) {}
#ifndef OPENSSL_NO_RSA
else if (l & SSL_kRSA)
else if (alg_k & SSL_kRSA)
{
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@ -762,7 +761,7 @@ int dtls1_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_KRB5
else if (l & SSL_kKRB5)
else if (alg_k & SSL_kKRB5)
{
krb5_error_code krb5rc;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
@ -781,7 +780,7 @@ int dtls1_send_client_key_exchange(SSL *s)
#ifdef KSSL_DEBUG
printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
l, SSL_kKRB5);
alg_k, SSL_kKRB5);
#endif /* KSSL_DEBUG */
authp = NULL;
@ -894,7 +893,7 @@ int dtls1_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;

34
ssl/d1_srvr.c
View File

@ -4,7 +4,7 @@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -148,6 +148,7 @@ int dtls1_accept(SSL *s)
unsigned long l,Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
unsigned long alg_k;
int ret= -1;
int new_state,state,skip=0;
@ -270,7 +271,7 @@ int dtls1_accept(SSL *s)
if (ret <= 0) goto end;
s->new_session = 2;
if ( s->d1->send_cookie)
if (s->d1->send_cookie)
s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
else
s->state = SSL3_ST_SW_SRVR_HELLO_A;
@ -303,7 +304,7 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_CERT_A:
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
{
ret=dtls1_send_server_certificate(s);
if (ret <= 0) goto end;
@ -316,13 +317,13 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
l=s->s3->tmp.new_cipher->algorithms;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
/* clear this, it may get reset by
* send_server_key_exchange */
if ((s->options & SSL_OP_EPHEMERAL_RSA)
#ifndef OPENSSL_NO_KRB5
&& !(l & SSL_KRB5)
&& !(alg_k & SSL_kKRB5)
#endif /* OPENSSL_NO_KRB5 */
)
/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
@ -336,8 +337,8 @@ int dtls1_accept(SSL *s)
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
if (s->s3->tmp.use_rsa_tmp
|| (l & SSL_DH)
|| ((l & SSL_kRSA)
|| (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
@ -367,12 +368,12 @@ int dtls1_accept(SSL *s)
/* never request cert in anonymous ciphersuites
* (see section "Certificate request" in SSL 3 drafts
* and in RFC 2246): */
((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
/* ... except when the application insists on verification
* (against the specs, but s3_clnt.c accepts this for SSL 3) */
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
/* never request cert in Kerberos ciphersuites */
(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
{
/* no cert request */
skip=1;
@ -625,7 +626,7 @@ int dtls1_send_hello_verify_request(SSL *s)
*(p++) = s->version & 0xFF;
*(p++) = (unsigned char) s->d1->cookie_len;
if ( s->ctx->app_gen_cookie_cb != NULL &&
if (s->ctx->app_gen_cookie_cb != NULL &&
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
&(s->d1->cookie_len)) == 0)
{
@ -784,7 +785,7 @@ int dtls1_send_server_key_exchange(SSL *s)
EVP_MD_CTX_init(&md_ctx);
if (s->state == SSL3_ST_SW_KEY_EXCH_A)
{
type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
type=s->s3->tmp.new_cipher->algorithm_mkey;
cert=s->cert;
buf=s->init_buf;
@ -889,7 +890,7 @@ int dtls1_send_server_key_exchange(SSL *s)
n+=2+nr[i];
}
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
{
if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
== NULL)
@ -1107,15 +1108,16 @@ int dtls1_send_server_certificate(SSL *s)
if (s->state == SSL3_ST_SW_CERT_A)
{
x=ssl_get_server_send_cert(s);
if (x == NULL &&
if (x == NULL)
{
/* VRS: allow null cert if auth == KRB5 */
(s->s3->tmp.new_cipher->algorithms
& (SSL_MKEY_MASK|SSL_AUTH_MASK))
!= (SSL_aKRB5|SSL_kKRB5))
if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
(s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
{
SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
return(0);
}
}
l=dtls1_output_cert_chain(s,x);
s->state=SSL3_ST_SW_CERT_B;

144
ssl/s2_lib.c
View File

@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
@ -69,131 +122,158 @@ const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
/* list of available SSLv2 ciphers (sorted by id) */
OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
/* NULL_WITH_MD5 v3 */
#if 0
/* NULL_WITH_MD5 v3 */
{
1,
SSL2_TXT_NULL_WITH_MD5,
SSL2_CK_NULL_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_eNULL,
SSL_MD5,
SSL_SSLV2,
SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
0,
0,
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* RC4_128_WITH_MD5 */
{
1,
SSL2_TXT_RC4_128_WITH_MD5,
SSL2_CK_RC4_128_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_RC4,
SSL_MD5,
SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC4_128_EXPORT40_WITH_MD5 */
{
1,
SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_RC4,
SSL_MD5,
SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC2_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_WITH_MD5,
SSL2_CK_RC2_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_RC2,
SSL_MD5,
SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
{
1,
SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_RC2,
SSL_MD5,
SSL_SSLV2,
SSL_EXPORT|SSL_EXP40,
SSL2_CF_5_BYTE_ENC,
40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* IDEA_128_CBC_WITH_MD5 */
#ifndef OPENSSL_NO_IDEA
/* IDEA_128_CBC_WITH_MD5 */
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,
SSL2_CK_IDEA_128_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_IDEA,
SSL_MD5,
SSL_SSLV2,
SSL_NOT_EXP|SSL_MEDIUM,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* DES_64_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_64_CBC_WITH_MD5,
SSL2_CK_DES_64_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_DES,
SSL_MD5,
SSL_SSLV2,
SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* DES_192_EDE3_CBC_WITH_MD5 */
{
1,
SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_3DES,
SSL_MD5,
SSL_SSLV2,
SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* RC4_64_WITH_MD5 */
#if 0
/* RC4_64_WITH_MD5 */
{
1,
SSL2_TXT_RC4_64_WITH_MD5,
SSL2_CK_RC4_64_WITH_MD5,
SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
SSL_kRSA,
SSL_aRSA,
SSL_RC4,
SSL_MD5,
SSL_SSLV2,
SSL_NOT_EXP|SSL_LOW,
SSL2_CF_8_BYTE_ENC,
64,
64,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif
/* NULL SSLeay (testing) */
#if 0
/* NULL SSLeay (testing) */
{
0,
SSL2_TXT_NULL,
@ -203,8 +283,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
0,
0,
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif

96
ssl/s3_clnt.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -180,7 +180,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
int ssl3_connect(SSL *s)
{
BUF_MEM *buf=NULL;
unsigned long Time=(unsigned long)time(NULL),l;
unsigned long Time=(unsigned long)time(NULL);
long num1;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
@ -288,8 +288,8 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_CERT_B:
/* Check if it is anon DH/ECDH */
/* or PSK */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithms & SSL_kPSK))
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
ret=ssl3_get_server_certificate(s);
if (ret <= 0) goto end;
@ -350,7 +350,6 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CW_KEY_EXCH_B:
ret=ssl3_send_client_key_exchange(s);
if (ret <= 0) goto end;
l=s->s3->tmp.new_cipher->algorithms;
/* EAY EAY EAY need to check for DH fix cert
* sent back */
/* For TLS, cert_req is set to 2, so a cert chain
@ -940,8 +939,8 @@ int ssl3_get_server_certificate(SSL *s)
i=ssl_verify_cert_chain(s,sk);
if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
#ifndef OPENSSL_NO_KRB5
&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
!= (SSL_aKRB5|SSL_kKRB5)
&& !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
#endif /* OPENSSL_NO_KRB5 */
)
{
@ -967,15 +966,15 @@ int ssl3_get_server_certificate(SSL *s)
pkey=X509_get_pubkey(x);
/* VRS: allow null cert if auth == KRB5 */
need_cert = ((s->s3->tmp.new_cipher->algorithms
& (SSL_MKEY_MASK|SSL_AUTH_MASK))
== (SSL_aKRB5|SSL_kKRB5))? 0: 1;
need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
? 0 : 1;
#ifdef KSSL_DEBUG
printf("pkey,x = %p, %p\n", pkey,x);
printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
s->s3->tmp.new_cipher->algorithms, need_cert);
printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
#endif /* KSSL_DEBUG */
if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@ -1047,7 +1046,7 @@ int ssl3_get_key_exchange(SSL *s)
EVP_MD_CTX md_ctx;
unsigned char *param,*p;
int al,i,j,param_len,ok;
long n,alg;
long n,alg_k,alg_a;
EVP_PKEY *pkey=NULL;
#ifndef OPENSSL_NO_RSA
RSA *rsa=NULL;
@ -1080,7 +1079,7 @@ int ssl3_get_key_exchange(SSL *s)
omitted if no identity hint is sent. Set
session->sess_cert anyway to avoid problems
later.*/
if (s->s3->tmp.new_cipher->algorithms & SSL_kPSK)
if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
{
s->session->sess_cert=ssl_sess_cert_new();
if (s->ctx->psk_identity_hint)
@ -1123,11 +1122,12 @@ int ssl3_get_key_exchange(SSL *s)
}
param_len=0;
alg=s->s3->tmp.new_cipher->algorithms;
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
EVP_MD_CTX_init(&md_ctx);
#ifndef OPENSSL_NO_PSK
if (alg & SSL_kPSK)
if (alg_k & SSL_kPSK)
{
char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
@ -1172,7 +1172,7 @@ int ssl3_get_key_exchange(SSL *s)
else
#endif /* !OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_RSA
if (alg & SSL_kRSA)
if (alg_k & SSL_kRSA)
{
if ((rsa=RSA_new()) == NULL)
{
@ -1211,7 +1211,7 @@ int ssl3_get_key_exchange(SSL *s)
n-=param_len;
/* this should be because we are using an export cipher */
if (alg & SSL_aRSA)
if (alg_a & SSL_aRSA)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
else
{
@ -1226,7 +1226,7 @@ int ssl3_get_key_exchange(SSL *s)
;
#endif
#ifndef OPENSSL_NO_DH
else if (alg & SSL_kEDH)
else if (alg_k & SSL_kEDH)
{
if ((dh=DH_new()) == NULL)
{
@ -1280,14 +1280,14 @@ int ssl3_get_key_exchange(SSL *s)
n-=param_len;
#ifndef OPENSSL_NO_RSA
if (alg & SSL_aRSA)
if (alg_a & SSL_aRSA)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
#else
if (0)
;
#endif
#ifndef OPENSSL_NO_DSA
else if (alg & SSL_aDSS)
else if (alg_a & SSL_aDSS)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
#endif
/* else anonymous DH, so no certificate or pkey. */
@ -1295,7 +1295,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_dh_tmp=dh;
dh=NULL;
}
else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
@ -1304,7 +1304,7 @@ int ssl3_get_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
else if (alg & SSL_kEECDH)
else if (alg_k & SSL_kEECDH)
{
EC_GROUP *ngroup;
const EC_GROUP *group;
@ -1388,11 +1388,11 @@ int ssl3_get_key_exchange(SSL *s)
*/
if (0) ;
#ifndef OPENSSL_NO_RSA
else if (alg & SSL_aRSA)
else if (alg_a & SSL_aRSA)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
#endif
#ifndef OPENSSL_NO_ECDSA
else if (alg & SSL_aECDSA)
else if (alg_a & SSL_aECDSA)
pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
#endif
/* else anonymous ECDH, so no certificate or pkey. */
@ -1403,7 +1403,7 @@ int ssl3_get_key_exchange(SSL *s)
EC_POINT_free(srvr_ecpoint);
srvr_ecpoint = NULL;
}
else if (alg)
else if (alg_k)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
@ -1508,7 +1508,7 @@ int ssl3_get_key_exchange(SSL *s)
}
else
{
if (!(alg & SSL_aNULL) && !(alg & SSL_kPSK))
if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
/* aNULL or kPSK do not need public keys */
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
@ -1584,8 +1584,7 @@ int ssl3_get_certificate_request(SSL *s)
/* TLS does not like anon-DH with client cert */
if (s->version > SSL3_VERSION)
{
l=s->s3->tmp.new_cipher->algorithms;
if (l & SSL_aNULL)
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
{
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@ -1724,7 +1723,7 @@ int ssl3_send_client_key_exchange(SSL *s)
{
unsigned char *p,*d;
int n;
unsigned long l;
unsigned long alg_k;
#ifndef OPENSSL_NO_RSA
unsigned char *q;
EVP_PKEY *pkey=NULL;
@ -1746,12 +1745,12 @@ int ssl3_send_client_key_exchange(SSL *s)
d=(unsigned char *)s->init_buf->data;
p= &(d[4]);
l=s->s3->tmp.new_cipher->algorithms;
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
/* Fool emacs indentation */
if (0) {}
#ifndef OPENSSL_NO_RSA
else if (l & SSL_kRSA)
else if (alg_k & SSL_kRSA)
{
RSA *rsa;
unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@ -1810,7 +1809,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_KRB5
else if (l & SSL_kKRB5)
else if (alg_k & SSL_kKRB5)
{
krb5_error_code krb5rc;
KSSL_CTX *kssl_ctx = s->kssl_ctx;
@ -1944,7 +1943,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;
@ -2001,7 +2000,7 @@ int ssl3_send_client_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_ECDH
else if ((l & SSL_kECDH) || (l & SSL_kEECDH))
else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
{
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
@ -2013,7 +2012,7 @@ int ssl3_send_client_key_exchange(SSL *s)
* computation as part of client certificate?
* If so, set ecdh_clnt_cert to 1.
*/
if ((l & SSL_kECDH) && (s->cert != NULL))
if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
{
/* XXX: For now, we do not support client
* authentication using ECDH certificates.
@ -2186,7 +2185,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
else if (l & SSL_kPSK)
else if (alg_k & SSL_kPSK)
{
char identity[PSK_MAX_IDENTITY_LEN];
unsigned char *t = NULL;
@ -2468,7 +2467,7 @@ int ssl3_send_client_certificate(SSL *s)
int ssl3_check_cert_and_algorithm(SSL *s)
{
int i,idx;
long algs;
long alg_k,alg_a;
EVP_PKEY *pkey=NULL;
SESS_CERT *sc;
#ifndef OPENSSL_NO_RSA
@ -2485,10 +2484,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
goto err;
}
algs=s->s3->tmp.new_cipher->algorithms;
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
/* we don't have a certificate */
if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5|SSL_kPSK))
if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
return(1);
#ifndef OPENSSL_NO_RSA
@ -2522,20 +2522,20 @@ int ssl3_check_cert_and_algorithm(SSL *s)
/* Check that we have a certificate if we require one */
if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
goto f_err;
}
#ifndef OPENSSL_NO_DSA
else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
goto f_err;
}
#endif
#ifndef OPENSSL_NO_RSA
if ((algs & SSL_kRSA) &&
if ((alg_k & SSL_kRSA) &&
!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
@ -2543,19 +2543,19 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
if ((algs & SSL_kEDH) &&
if ((alg_k & SSL_kEDH) &&
!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
goto f_err;
}
else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
goto f_err;
}
#ifndef OPENSSL_NO_DSA
else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
goto f_err;
@ -2566,7 +2566,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
{
#ifndef OPENSSL_NO_RSA
if (algs & SSL_kRSA)
if (alg_k & SSL_kRSA)
{
if (rsa == NULL
|| RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@ -2578,7 +2578,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
else
#endif
#ifndef OPENSSL_NO_DH
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))

6
ssl/s3_enc.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -430,11 +430,11 @@ int ssl3_setup_key_block(SSL *s)
if (s->session->cipher != NULL)
{
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3->need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_empty_fragments = 0;
#endif
}

927
ssl/s3_lib.c
View File

File diff suppressed because it is too large Load Diff

63
ssl/s3_srvr.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -186,7 +186,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
unsigned long l,Time=(unsigned long)time(NULL);
unsigned long alg_k,Time=(unsigned long)time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
long num1;
int ret= -1;
@ -325,9 +325,9 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_CERT_B:
/* Check if it is anon DH or anon ECDH, */
/* normal PSK or KRB5 */
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithms & SSL_kPSK)
&& !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
{
ret=ssl3_send_server_certificate(s);
if (ret <= 0) goto end;
@ -340,13 +340,13 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_A:
case SSL3_ST_SW_KEY_EXCH_B:
l=s->s3->tmp.new_cipher->algorithms;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
/* clear this, it may get reset by
* send_server_key_exchange */
if ((s->options & SSL_OP_EPHEMERAL_RSA)
#ifndef OPENSSL_NO_KRB5
&& !(l & SSL_KRB5)
&& !(alg_k & SSL_kKRB5)
#endif /* OPENSSL_NO_KRB5 */
)
/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
@ -373,11 +373,11 @@ int ssl3_accept(SSL *s)
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
|| ((l & SSL_kPSK) && s->ctx->psk_identity_hint)
|| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
|| (l & SSL_DH)
|| (l & SSL_kEECDH)
|| ((l & SSL_kRSA)
|| (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
|| (alg_k & SSL_kEECDH)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
@ -407,15 +407,15 @@ int ssl3_accept(SSL *s)
/* never request cert in anonymous ciphersuites
* (see section "Certificate request" in SSL 3 drafts
* and in RFC 2246): */
((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
/* ... except when the application insists on verification
* (against the specs, but s3_clnt.c accepts this for SSL 3) */
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
/* never request cert in Kerberos ciphersuites */
(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
/* With normal PSK Certificates and
* Certificate Requests are omitted */
|| (s->s3->tmp.new_cipher->algorithms & SSL_kPSK))
|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
/* no cert request */
skip=1;
@ -1025,7 +1025,7 @@ int ssl3_get_client_hello(SSL *s)
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
c=sk_SSL_CIPHER_value(sk,i);
if (c->algorithms & SSL_eNULL)
if (c->algorithm_enc & SSL_eNULL)
nc=c;
if (SSL_C_IS_EXPORT(c))
ec=c;
@ -1209,7 +1209,7 @@ int ssl3_send_server_key_exchange(SSL *s)
EVP_MD_CTX_init(&md_ctx);
if (s->state == SSL3_ST_SW_KEY_EXCH_A)
{
type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
type=s->s3->tmp.new_cipher->algorithm_mkey;
cert=s->cert;
buf=s->init_buf;
@ -1450,8 +1450,8 @@ int ssl3_send_server_key_exchange(SSL *s)
n+=2+nr[i];
}
if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithms & SSL_kPSK))
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
{
if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
== NULL)
@ -1712,7 +1712,7 @@ int ssl3_get_client_key_exchange(SSL *s)
{
int i,al,ok;
long n;
unsigned long l;
unsigned long alg_k;
unsigned char *p;
#ifndef OPENSSL_NO_RSA
RSA *rsa=NULL;
@ -1743,10 +1743,10 @@ int ssl3_get_client_key_exchange(SSL *s)
if (!ok) return((int)n);
p=(unsigned char *)s->init_msg;
l=s->s3->tmp.new_cipher->algorithms;
alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_RSA
if (l & SSL_kRSA)
if (alg_k & SSL_kRSA)
{
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp)
@ -1852,7 +1852,7 @@ int ssl3_get_client_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_DH
if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
n2s(p,i);
if (n != i+2)
@ -1915,7 +1915,7 @@ int ssl3_get_client_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_KRB5
if (l & SSL_kKRB5)
if (alg_k & SSL_kKRB5)
{
krb5_error_code krb5rc;
krb5_data enc_ticket;
@ -2109,7 +2109,7 @@ int ssl3_get_client_key_exchange(SSL *s)
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_ECDH
if ((l & SSL_kECDH) || (l & SSL_kEECDH))
if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
{
int ret = 1;
int field_size = 0;
@ -2126,7 +2126,7 @@ int ssl3_get_client_key_exchange(SSL *s)
}
/* Let's get server private key and group information */
if (l & SSL_kECDH)
if (alg_k & (SSL_kECDHr|SSL_kECDHe))
{
/* use the certificate */
tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
@ -2162,7 +2162,7 @@ int ssl3_get_client_key_exchange(SSL *s)
{
/* Client Publickey was in Client Certificate */
if (l & SSL_kEECDH)
if (alg_k & SSL_kEECDH)
{
al=SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
@ -2258,7 +2258,7 @@ int ssl3_get_client_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_PSK
if (l & SSL_kPSK)
if (alg_k & SSL_kPSK)
{
unsigned char *t = NULL;
unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
@ -2694,15 +2694,16 @@ int ssl3_send_server_certificate(SSL *s)
if (s->state == SSL3_ST_SW_CERT_A)
{
x=ssl_get_server_send_cert(s);
if (x == NULL &&
if (x == NULL)
{
/* VRS: allow null cert if auth == KRB5 */
(s->s3->tmp.new_cipher->algorithms
& (SSL_MKEY_MASK|SSL_AUTH_MASK))
!= (SSL_aKRB5|SSL_kKRB5))
if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
return(0);
}
}
l=ssl3_output_cert_chain(s,x);
s->state=SSL3_ST_SW_CERT_B;

92
ssl/ssl.h
View File

@ -56,60 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -273,10 +220,15 @@ extern "C" {
#define SSL_MAX_KEY_ARG_LENGTH 8
#define SSL_MAX_MASTER_KEY_LENGTH 48
/* These are used to specify which ciphers to use and not to use */
#define SSL_TXT_EXP40 "EXPORT40"
#define SSL_TXT_EXP56 "EXPORT56"
#define SSL_TXT_LOW "LOW"
#define SSL_TXT_MEDIUM "MEDIUM"
#define SSL_TXT_HIGH "HIGH"
#define SSL_TXT_kFZA "kFZA" /* unused! */
#define SSL_TXT_aFZA "aFZA" /* unused! */
#define SSL_TXT_eFZA "eFZA" /* unused! */
@ -289,6 +241,7 @@ extern "C" {
#define SSL_TXT_kRSA "kRSA"
#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
#define SSL_TXT_kEDH "kEDH"
#define SSL_TXT_kKRB5 "kKRB5"
#define SSL_TXT_kECDHr "kECDHr"
@ -314,25 +267,31 @@ extern "C" {
#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
#define SSL_TXT_AECDH "AECDH"
#define SSL_TXT_ECDSA "ECDSA"
#define SSL_TXT_KRB5 "KRB5"
#define SSL_TXT_PSK "PSK"
#define SSL_TXT_DES "DES"
#define SSL_TXT_3DES "3DES"
#define SSL_TXT_RC4 "RC4"
#define SSL_TXT_RC2 "RC2"
#define SSL_TXT_IDEA "IDEA"
#define SSL_TXT_AES128 "AES128"
#define SSL_TXT_AES256 "AES256"
#define SSL_TXT_AES "AES"
#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
#define SSL_TXT_CAMELLIA "CAMELLIA"
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXPORT "EXPORT"
#define SSL_TXT_EXP40 "EXPORT40"
#define SSL_TXT_EXP56 "EXPORT56"
#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_KRB5 "KRB5"
#define SSL_TXT_PSK "PSK"
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXPORT "EXPORT"
#define SSL_TXT_ALL "ALL"
@ -389,13 +348,18 @@ typedef struct ssl_cipher_st
int valid;
const char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */
unsigned long algorithms; /* what ciphers are used */
/* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
unsigned long algorithm_mkey; /* key exchange algorithm */
unsigned long algorithm_auth; /* server authentication */
unsigned long algorithm_enc; /* symmetric encryption */
unsigned long algorithm_mac; /* symmetric authentication */
unsigned long algorithm_ssl; /* (major) protocol version */
unsigned long algo_strength; /* strength and export flags */
unsigned long algorithm2; /* Extra flags */
int strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */
unsigned long mask; /* used for matching */
unsigned long mask_strength; /* also used for matching */
} SSL_CIPHER;
DECLARE_STACK_OF(SSL_CIPHER)

8
ssl/ssl_cert.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -197,8 +197,10 @@ CERT *ssl_cert_dup(CERT *cert)
* if you find that more readable */
ret->valid = cert->valid;
ret->mask = cert->mask;
ret->export_mask = cert->export_mask;
ret->mask_k = cert->mask_k;
ret->mask_a = cert->mask_a;
ret->export_mask_k = cert->export_mask_k;
ret->export_mask_a = cert->export_mask_a;
#ifndef OPENSSL_NO_RSA
if (cert->rsa_tmp != NULL)

534
ssl/ssl_ciph.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -191,83 +191,94 @@ typedef struct cipher_order_st
static const SSL_CIPHER cipher_aliases[]={
/* "ALL" doesn't include eNULL (must be specifically enabled) */
{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},
{0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
/* "COMPLEMENTOFALL" */
{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
{0,SSL_TXT_CMPDEF,0,SSL_ADH|SSL_AECDH|(SSL_ENC_MASK & ~SSL_eNULL), 0,0,0,0,SSL_AUTH_MASK|SSL_ENC_MASK,0},
{0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
/* Single key exchange bits
* (some of these are multiple key exchange algs according to the RFCs,
/* key exchange aliases
* (some of those using only a single bit here combine
* multiple key exchange algs according to the RFCs,
* e.g. kEDH combines DHE_DSS and DHE_RSA) */
{0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kECDHr,0,SSL_kECDHr,0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kECDHe,0,SSL_kECDHe,0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kEECDH,0,SSL_kEECDH,0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kPSK,0,SSL_kPSK, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
/* More key exchange aliases (combined bits) */
{0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
{0,SSL_TXT_kECDH,0,SSL_kECDH,0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_ECDH,0,SSL_ECDH, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_EECDH,0,SSL_EECDH,0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
{0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
/* Single authentication bits */
{0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_aECDH, 0,SSL_aECDH,0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aECDSA, 0,SSL_aECDSA,0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aPSK,0,SSL_aPSK, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
/* More authentication aliases */
{0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_ECDSA,0,SSL_ECDSA,0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
{0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
/* Single encryption bits */
{0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
#ifndef OPENSSL_NO_IDEA
{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
#endif
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
/* Single MAC bits */
{0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
{0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
{0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
/* More aliases */
{0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
{0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
{0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
{0,SSL_TXT_AECDH,0,SSL_AECDH,0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
{0,SSL_TXT_PSK, 0,SSL_PSK, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
/* server authentication aliases */
{0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
{0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
{0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
{0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
{0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
{0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
{0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
{0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
{0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
{0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
{0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
{0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
{0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
{0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
/* aliases combining key exchange and server authentication */
{0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
{0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
{0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
{0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
/* symmetric encryption aliases */
{0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
{0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
{0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
{0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
{0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
{0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
{0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
{0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
{0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
/* MAC aliases */
{0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
{0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
{0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
/* protocol version aliases */
{0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
{0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
{0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
/* export flag */
{0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
{0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
/* strength classes */
{0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
{0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
{0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
{0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
};
void ssl_load_ciphers(void)
@ -384,7 +395,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
if ((enc == NULL) || (md == NULL)) return(0);
switch (c->algorithms & SSL_ENC_MASK)
switch (c->algorithm_enc)
{
case SSL_DES:
i=SSL_ENC_DES_IDX;
@ -404,23 +415,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
case SSL_eNULL:
i=SSL_ENC_NULL_IDX;
break;
case SSL_AES:
switch(c->alg_bits)
{
case 128: i=SSL_ENC_AES128_IDX; break;
case 256: i=SSL_ENC_AES256_IDX; break;
default: i=-1; break;
}
case SSL_AES128:
i=SSL_ENC_AES128_IDX;
break;
case SSL_CAMELLIA:
switch(c->alg_bits)
{
case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
default: i=-1; break;
}
case SSL_AES256:
i=SSL_ENC_AES256_IDX;
break;
case SSL_CAMELLIA128:
i=SSL_ENC_CAMELLIA128_IDX;
break;
case SSL_CAMELLIA256:
i=SSL_ENC_CAMELLIA256_IDX;
break;
default:
i= -1;
break;
@ -436,7 +442,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
*enc=ssl_cipher_methods[i];
}
switch (c->algorithms & SSL_MAC_MASK)
switch (c->algorithm_mac)
{
case SSL_MD5:
i=SSL_MD_MD5_IDX;
@ -478,51 +484,66 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
*tail=curr;
}
static unsigned long ssl_cipher_get_disabled(void)
static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
{
unsigned long mask = 0;
*mkey = 0;
*auth = 0;
*enc = 0;
*mac = 0;
*ssl = 0;
#ifdef OPENSSL_NO_RSA
mask |= SSL_aRSA|SSL_kRSA;
*mkey |= SSL_kRSA;
*auth |= SSL_aRSA;
#endif
#ifdef OPENSSL_NO_DSA
mask |= SSL_aDSS;
*auth |= SSL_aDSS;
#endif
*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
*auth |= SSL_aDH;
#ifdef OPENSSL_NO_DH
mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
*auth |= SSL_aDH;
#endif
#ifdef OPENSSL_NO_KRB5
mask |= SSL_kKRB5|SSL_aKRB5;
*mkey |= SSL_kKRB5;
*auth |= SSL_aKRB5;
#endif
#ifdef OPENSSL_NO_ECDSA
mask |= SSL_aECDSA;
*auth |= SSL_aECDSA;
#endif
#ifdef OPENSSL_NO_ECDH
mask |= SSL_kECDHe|SSL_kECDHr|SSL_aECDH;
*mkey |= SSL_kECDHe|SSL_kECDHr;
*auth |= SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
mask |= SSL_kPSK;
*mkey |= SSL_kPSK;
*auth |= SSL_aPSK;
#endif
#ifdef SSL_FORBID_ENULL
mask |= SSL_eNULL;
*enc |= SSL_eNULL;
#endif
mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
*enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
return(mask);
*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
}
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
int num_of_ciphers,
unsigned long disabled_mkey, unsigned long disabled_auth,
unsigned long disabled_enc, unsigned long disabled_mac,
unsigned long disabled_ssl,
CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
int i, co_list_num;
@ -541,7 +562,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
{
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid && !(c->algorithms & mask))
if ((c != NULL) && c->valid &&
!(c->algorithm_mkey & disabled_mkey) &&
!(c->algorithm_auth & disabled_auth) &&
!(c->algorithm_enc & disabled_enc) &&
!(c->algorithm_mac & disabled_mac) &&
!(c->algorithm_ssl & disabled_ssl))
{
co_list[co_list_num].cipher = c;
co_list[co_list_num].next = NULL;
@ -549,7 +575,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].active = 0;
co_list_num++;
#ifdef KSSL_DEBUG
printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
#endif /* KSSL_DEBUG */
/*
if (!sk_push(ca_list,(char *)c)) goto err;
@ -577,13 +603,20 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
}
static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
int num_of_group_aliases, unsigned long mask,
int num_of_group_aliases,
unsigned long disabled_mkey, unsigned long disabled_auth,
unsigned long disabled_enc, unsigned long disabled_mac,
unsigned long disabled_ssl,
CIPHER_ORDER *head)
{
CIPHER_ORDER *ciph_curr;
SSL_CIPHER **ca_curr;
int i;
unsigned long enabled_mask = ~mask;
unsigned long mask_mkey = ~disabled_mkey;
unsigned long mask_auth = ~disabled_auth;
unsigned long mask_enc = ~disabled_enc;
unsigned long mask_mac = ~disabled_mac;
unsigned long mask_ssl = ~disabled_ssl;
/*
* First, add the real ciphers as already collected
@ -605,31 +638,31 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
*/
for (i = 0; i < num_of_group_aliases; i++)
{
int algorithms = cipher_aliases[i].algorithms;
unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
if (SSL_MKEY_MASK & algorithms)
{
if ((SSL_MKEY_MASK & algorithms & enabled_mask) == 0)
if (algorithm_mkey)
if ((algorithm_mkey & mask_mkey) == 0)
continue;
}
if (SSL_AUTH_MASK & algorithms)
{
if ((SSL_AUTH_MASK & algorithms & enabled_mask) == 0)
if (algorithm_auth)
if ((algorithm_auth & mask_auth) == 0)
continue;
}
if (SSL_ENC_MASK & algorithms)
{
if ((SSL_ENC_MASK & algorithms & enabled_mask) == 0)
if (algorithm_enc)
if ((algorithm_enc & mask_enc) == 0)
continue;
}
if (SSL_MAC_MASK & algorithms)
{
if ((SSL_MAC_MASK & algorithms & enabled_mask) == 0)
if (algorithm_mac)
if ((algorithm_mac & mask_mac) == 0)
continue;
if (algorithm_ssl)
if ((algorithm_ssl & mask_ssl) == 0)
continue;
}
*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
ca_curr++;
@ -638,20 +671,20 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
*ca_curr = NULL; /* end of list */
}
static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength,
static void ssl_cipher_apply_rule(unsigned long cipher_id,
unsigned long alg_mkey, unsigned long alg_auth,
unsigned long alg_enc, unsigned long alg_mac,
unsigned long alg_ssl,
unsigned long algo_strength,
int rule, int strength_bits,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
SSL_CIPHER *cp;
unsigned long ma, ma_s;
#ifdef CIPHER_DEBUG
printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
rule, algorithms, mask, algo_strength, mask_strength,
strength_bits);
printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
#endif
curr = head = *head_p;
@ -665,40 +698,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
cp = curr->cipher;
/* If explicit cipher suite, match only that one for its own protocol version.
* Usual selection criteria will be used for similar ciphersuites from other version! */
if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
/*
* Selection criteria is either the value of strength_bits
* or the algorithms used.
*/
if (strength_bits >= 0)
{
if (cp->id != cipher_id)
if (strength_bits != cp->strength_bits)
continue;
}
/*
* Selection criteria is either the number of strength_bits
* or the algorithm used.
*/
else if (strength_bits == -1)
else
{
ma = mask & cp->algorithms;
ma_s = mask_strength & cp->algo_strength;
#ifdef CIPHER_DEBUG
printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
#endif
/*
* Select: if none of the mask bit was met from the
* cipher or not all of the bits were met, the
* selection does not apply.
*/
if (((ma == 0) && (ma_s == 0)) ||
((ma & algorithms) != ma) ||
((ma_s & algo_strength) != ma_s))
continue; /* does not apply */
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
continue;
if (alg_auth && !(alg_auth & cp->algorithm_auth))
continue;
if (alg_enc && !(alg_enc & cp->algorithm_enc))
continue;
if (alg_mac && !(alg_mac & cp->algorithm_mac))
continue;
if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
continue;
if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
continue;
if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
continue;
}
else if (strength_bits != cp->strength_bits)
continue; /* does not apply */
#ifdef CIPHER_DEBUG
printf("Action = %d\n", rule);
@ -790,8 +819,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
head_p, tail_p);
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
OPENSSL_free(number_uses);
return(1);
@ -801,10 +829,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
SSL_CIPHER **ca_list)
{
unsigned long algorithms, mask, algo_strength, mask_strength;
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *start, *buf;
int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id = 0, ssl_version = 0;
unsigned long cipher_id = 0;
char ch;
retval = 1;
@ -832,7 +860,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
continue;
}
algorithms = mask = algo_strength = mask_strength = 0;
alg_mkey = 0;
alg_auth = 0;
alg_enc = 0;
alg_mac = 0;
alg_ssl = 0;
algo_strength = 0;
start=l;
for (;;)
@ -895,7 +928,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
*/
j = found = 0;
cipher_id = 0;
ssl_version = 0;
while (ca_list[j])
{
if (!strncmp(buf, ca_list[j]->name, buflen) &&
@ -907,29 +939,98 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
else
j++;
}
if (!found)
break; /* ignore this entry */
/* New algorithms:
* 1 - any old restrictions apply outside new mask
* 2 - any new restrictions apply outside old mask
* 3 - enforce old & new where masks intersect
*/
algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
(ca_list[j]->algorithms & ~mask) | /* 2 */
(algorithms & ca_list[j]->algorithms); /* 3 */
mask |= ca_list[j]->mask;
algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
(ca_list[j]->algo_strength & ~mask_strength) |
(algo_strength & ca_list[j]->algo_strength);
mask_strength |= ca_list[j]->mask_strength;
if (ca_list[j]->algorithm_mkey)
{
if (alg_mkey)
{
alg_mkey &= ca_list[j]->algorithm_mkey;
if (!alg_mkey) { found = 0; break; }
}
else
alg_mkey = ca_list[j]->algorithm_mkey;
}
if (ca_list[j]->algorithm_auth)
{
if (alg_auth)
{
alg_auth &= ca_list[j]->algorithm_auth;
if (!alg_auth) { found = 0; break; }
}
else
alg_auth = ca_list[j]->algorithm_auth;
}
if (ca_list[j]->algorithm_enc)
{
if (alg_enc)
{
alg_enc &= ca_list[j]->algorithm_enc;
if (!alg_enc) { found = 0; break; }
}
else
alg_enc = ca_list[j]->algorithm_enc;
}
if (ca_list[j]->algorithm_mac)
{
if (alg_mac)
{
alg_mac &= ca_list[j]->algorithm_mac;
if (!alg_mac) { found = 0; break; }
}
else
alg_mac = ca_list[j]->algorithm_mac;
}
if (ca_list[j]->algo_strength & SSL_EXP_MASK)
{
if (algo_strength & SSL_EXP_MASK)
{
algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
}
else
algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
}
if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
{
if (algo_strength & SSL_STRONG_MASK)
{
algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
}
else
algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
}
/* explicit ciphersuite found */
if (ca_list[j]->valid)
{
/* explicit ciphersuite found; its protocol version
* does not become part of the search pattern!*/
cipher_id = ca_list[j]->id;
ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
break;
}
else
{
/* not an explicit ciphersuite; only in this case, the
* protocol version is considered part of the search pattern */
if (ca_list[j]->algorithm_ssl)
{
if (alg_ssl)
{
alg_ssl &= ca_list[j]->algorithm_ssl;
if (!alg_ssl) { found = 0; break; }
}
else
alg_ssl = ca_list[j]->algorithm_ssl;
}
}
if (!multi) break;
@ -955,18 +1056,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* rest of the command, if any left, until
* end or ':' is found.
*/
while ((*l != '\0') && ITEM_SEP(*l))
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
else if (found)
{
ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
algo_strength, mask_strength, rule, -1,
head_p, tail_p);
ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
rule, -1, head_p, tail_p);
}
else
{
while ((*l != '\0') && ITEM_SEP(*l))
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
if (*l == '\0') break; /* done */
@ -981,7 +1082,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
const char *rule_str)
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mask;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@ -997,7 +1098,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* To reduce the work to do we only want to process the compiled
* in algorithms, so we first get the mask of disabled ciphers.
*/
disabled_mask = ssl_cipher_get_disabled();
ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
/*
* Now we have to collect the available ciphers from the compiled
@ -1015,7 +1116,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
return(NULL); /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
co_list, &head, &tail);
/*
@ -1036,7 +1138,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
head);
/*
@ -1112,14 +1215,19 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
int is_export,pkl,kl;
const char *ver,*exp_str;
const char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
#ifdef KSSL_DEBUG
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
#else
static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
#endif /* KSSL_DEBUG */
alg=cipher->algorithms;
alg_mkey = cipher->algorithm_mkey;
alg_auth = cipher->algorithm_auth;
alg_enc = cipher->algorithm_enc;
alg_mac = cipher->algorithm_mac;
alg_ssl = cipher->algorithm_ssl;
alg_s=cipher->algo_strength;
alg2=cipher->algorithm2;
@ -1128,14 +1236,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
exp_str=is_export?" export":"";
if (alg & SSL_SSLV2)
if (alg_ssl & SSL_SSLV2)
ver="SSLv2";
else if (alg & SSL_SSLV3)
else if (alg_ssl & SSL_SSLV3)
ver="SSLv3";
else
ver="unknown";
switch (alg&SSL_MKEY_MASK)
switch (alg_mkey)
{
case SSL_kRSA:
kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
@ -1168,7 +1276,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
kx="unknown";
}
switch (alg&SSL_AUTH_MASK)
switch (alg_auth)
{
case SSL_aRSA:
au="RSA";
@ -1199,7 +1307,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
break;
}
switch (alg&SSL_ENC_MASK)
switch (alg_enc)
{
case SSL_DES:
enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
@ -1220,30 +1328,24 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
case SSL_eNULL:
enc="None";
break;
case SSL_AES:
switch(cipher->strength_bits)
{
case 128: enc="AES(128)"; break;
case 192: enc="AES(192)"; break;
case 256: enc="AES(256)"; break;
default: enc="AES(?""?""?)"; break;
}
case SSL_AES128:
enc="AES(128)";
break;
case SSL_CAMELLIA:
switch(cipher->strength_bits)
{
case 128: enc="Camellia(128)"; break;
case 256: enc="Camellia(256)"; break;
default: enc="Camellia(?""?""?)"; break;
}
case SSL_AES256:
enc="AES(256)";
break;
case SSL_CAMELLIA128:
enc="Camellia(128)";
break;
case SSL_CAMELLIA256:
enc="Camellia(256)";
break;
default:
enc="unknown";
break;
}
switch (alg&SSL_MAC_MASK)
switch (alg_mac)
{
case SSL_MD5:
mac="MD5";
@ -1266,7 +1368,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
return("Buffer too small");
#ifdef KSSL_DEBUG
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
#else
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
#endif /* KSSL_DEBUG */

149
ssl/ssl_lib.c
View File

@ -58,7 +58,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -1303,12 +1303,14 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
{
c=sk_SSL_CIPHER_value(sk,i);
#ifndef OPENSSL_NO_KRB5
if ((c->algorithms & SSL_KRB5) && nokrb5)
if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
nokrb5)
continue;
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if ((c->algorithms & SSL_PSK) && s->psk_client_callback == NULL)
if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
s->psk_client_callback == NULL)
continue;
#endif /* OPENSSL_NO_PSK */
j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
@ -1656,7 +1658,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
int rsa_enc_export,dh_rsa_export,dh_dsa_export;
int rsa_tmp_export,dh_tmp_export,kl;
unsigned long mask,emask;
unsigned long mask_k,mask_a,emask_k,emask_a;
int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
#ifndef OPENSSL_NO_ECDH
int have_ecdh_tmp;
@ -1703,8 +1705,10 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_ECC]);
have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
mask=0;
emask=0;
mask_k=0;
mask_a=0;
emask_k=0;
emask_a=0;
#ifdef CIPHER_DEBUG
printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
@ -1713,50 +1717,52 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
#endif
if (rsa_enc || (rsa_tmp && rsa_sign))
mask|=SSL_kRSA;
mask_k|=SSL_kRSA;
if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
emask|=SSL_kRSA;
emask_k|=SSL_kRSA;
#if 0
/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
if ( (dh_tmp || dh_rsa || dh_dsa) &&
(rsa_enc || rsa_sign || dsa_sign))
mask|=SSL_kEDH;
mask_k|=SSL_kEDH;
if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
(rsa_enc || rsa_sign || dsa_sign))
emask|=SSL_kEDH;
emask_k|=SSL_kEDH;
#endif
if (dh_tmp_export)
emask|=SSL_kEDH;
emask_k|=SSL_kEDH;
if (dh_tmp)
mask|=SSL_kEDH;
mask_k|=SSL_kEDH;
if (dh_rsa) mask|=SSL_kDHr;
if (dh_rsa_export) emask|=SSL_kDHr;
if (dh_rsa) mask_k|=SSL_kDHr;
if (dh_rsa_export) emask_k|=SSL_kDHr;
if (dh_dsa) mask|=SSL_kDHd;
if (dh_dsa_export) emask|=SSL_kDHd;
if (dh_dsa) mask_k|=SSL_kDHd;
if (dh_dsa_export) emask_k|=SSL_kDHd;
if (rsa_enc || rsa_sign)
{
mask|=SSL_aRSA;
emask|=SSL_aRSA;
mask_a|=SSL_aRSA;
emask_a|=SSL_aRSA;
}
if (dsa_sign)
{
mask|=SSL_aDSS;
emask|=SSL_aDSS;
mask_a|=SSL_aDSS;
emask_a|=SSL_aDSS;
}
mask|=SSL_aNULL;
emask|=SSL_aNULL;
mask_a|=SSL_aNULL;
emask_a|=SSL_aNULL;
#ifndef OPENSSL_NO_KRB5
mask|=SSL_kKRB5|SSL_aKRB5;
emask|=SSL_kKRB5|SSL_aKRB5;
mask_k|=SSL_kKRB5;
mask_a|=SSL_aKRB5;
emask_k|=SSL_kKRB5;
emask_a|=SSL_aKRB5;
#endif
/* An ECC certificate may be usable for ECDH and/or
@ -1789,24 +1795,32 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
if (strstr(sig, "WithRSA"))
{
mask|=SSL_kECDHr|SSL_aECDH;
mask_k|=SSL_kECDHr;
mask_a|=SSL_aECDH;
if (ecc_pkey_size <= 163)
emask|=SSL_kECDHr|SSL_aECDH;
{
emask_k|=SSL_kECDHr;
emask_a|=SSL_aECDH;
}
}
if (signature_nid == NID_ecdsa_with_SHA1)
{
mask|=SSL_kECDHe|SSL_aECDH;
mask_k|=SSL_kECDHe;
mask_a|=SSL_aECDH;
if (ecc_pkey_size <= 163)
emask|=SSL_kECDHe|SSL_aECDH;
{
emask_k|=SSL_kECDHe;
emask_a|=SSL_aECDH;
}
}
}
#endif
#ifndef OPENSSL_NO_ECDSA
if (ecdsa_ok)
{
mask|=SSL_aECDSA;
emask|=SSL_aECDSA;
mask_a|=SSL_aECDSA;
emask_a|=SSL_aECDSA;
}
#endif
}
@ -1814,18 +1828,22 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
#ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp)
{
mask|=SSL_kEECDH;
emask|=SSL_kEECDH;
mask_k|=SSL_kEECDH;
emask_k|=SSL_kEECDH;
}
#endif
#ifndef OPENSSL_NO_PSK
mask |= SSL_kPSK | SSL_aPSK;
emask |= SSL_kPSK | SSL_aPSK;
mask_k |= SSL_kPSK;
mask_a |= SSL_aPSK;
emask_k |= SSL_kPSK;
emask_a |= SSL_aPSK;
#endif
c->mask=mask;
c->export_mask=emask;
c->mask_k=mask_k;
c->mask_a=mask_a;
c->export_mask_k=emask_k;
c->export_mask_a=emask_a;
c->valid=1;
}
@ -1835,11 +1853,14 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
{
unsigned long alg = cs->algorithms;
unsigned long alg_k, alg_a;
EVP_PKEY *pkey = NULL;
int keysize = 0;
int signature_nid = 0;
alg_k = cs->algorithm_mkey;
alg_a = cs->algorithm_auth;
if (SSL_C_IS_EXPORT(cs))
{
/* ECDH key length in export ciphers must be <= 163 bits */
@ -1854,7 +1875,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
X509_check_purpose(x, -1, 0);
if ((x->sig_alg) && (x->sig_alg->algorithm))
signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
if (alg & SSL_kECDHe || alg & SSL_kECDHr)
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
{
/* key usage, if present, must allow key agreement */
if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
@ -1862,7 +1883,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
return 0;
}
if (alg & SSL_kECDHe)
if (alg_k & SSL_kECDHe)
{
/* signature alg must be ECDSA */
if (signature_nid != NID_ecdsa_with_SHA1)
@ -1871,7 +1892,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
return 0;
}
}
if (alg & SSL_kECDHr)
if (alg_k & SSL_kECDHr)
{
/* signature alg must be RSA */
@ -1888,7 +1909,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
}
}
}
if (alg & SSL_aECDSA)
if (alg_a & SSL_aECDSA)
{
/* key usage, if present, must allow signing */
if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
@ -1904,18 +1925,28 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
/* THIS NEEDS CLEANING UP */
X509 *ssl_get_server_send_cert(SSL *s)
{
unsigned long alg,mask,kalg;
unsigned long alg_k,alg_a,mask_k,mask_a;
CERT *c;
int i,is_export;
c=s->cert;
ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
alg=s->s3->tmp.new_cipher->algorithms;
is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
mask=is_export?c->export_mask:c->mask;
kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
if (is_export)
{
mask_k = c->export_mask_k;
mask_a = c->export_mask_a;
}
else
{
mask_k = c->mask_k;
mask_a = c->mask_a;
}
if (kalg & SSL_kECDH)
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
{
/* we don't need to look at SSL_kEECDH
* since no certificate is needed for
@ -1930,29 +1961,29 @@ X509 *ssl_get_server_send_cert(SSL *s)
*/
i=SSL_PKEY_ECC;
}
else if (kalg & SSL_aECDSA)
else if (alg_a & SSL_aECDSA)
{
i=SSL_PKEY_ECC;
}
else if (kalg & SSL_kDHr)
else if (alg_k & SSL_kDHr)
i=SSL_PKEY_DH_RSA;
else if (kalg & SSL_kDHd)
else if (alg_k & SSL_kDHd)
i=SSL_PKEY_DH_DSA;
else if (kalg & SSL_aDSS)
else if (alg_a & SSL_aDSS)
i=SSL_PKEY_DSA_SIGN;
else if (kalg & SSL_aRSA)
else if (alg_a & SSL_aRSA)
{
if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
i=SSL_PKEY_RSA_SIGN;
else
i=SSL_PKEY_RSA_ENC;
}
else if (kalg & SSL_aKRB5)
else if (alg_a & SSL_aKRB5)
{
/* VRS something else here? */
return(NULL);
}
else /* if (kalg & SSL_aNULL) */
else /* if (alg_a & SSL_aNULL) */
{
SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
return(NULL);
@ -1964,16 +1995,16 @@ X509 *ssl_get_server_send_cert(SSL *s)
EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
{
unsigned long alg;
unsigned long alg_a;
CERT *c;
alg=cipher->algorithms;
alg_a = cipher->algorithm_auth;
c=s->cert;
if ((alg & SSL_aDSS) &&
if ((alg_a & SSL_aDSS) &&
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
else if (alg & SSL_aRSA)
else if (alg_a & SSL_aRSA)
{
if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
@ -1982,10 +2013,10 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
else
return(NULL);
}
else if ((alg & SSL_aECDSA) &&
else if ((alg_a & SSL_aECDSA) &&
(c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
return(c->pkeys[SSL_PKEY_ECC].privatekey);
else /* if (alg & SSL_aNULL) */
else /* if (alg_a & SSL_aNULL) */
{
SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
return(NULL);

96
ssl/ssl_locl.h
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -275,62 +275,56 @@
* that the different entities within are mutually exclusive:
* ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
*/
#define SSL_MKEY_MASK 0x200000FFL
/* Bits for algorithm_mkey (key exchange algorithm) */
#define SSL_kRSA 0x00000001L /* RSA key exchange */
#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
#define SSL_kECDH (SSL_kECDHr|SSL_kECDHe)
#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
#define SSL_EECDH (SSL_kEECDH|(SSL_AUTH_MASK^SSL_aNULL))
#define SSL_kPSK 0x20000000L /* PSK */
#define SSL_kPSK 0x00000100L /* PSK */
#define SSL_AUTH_MASK 0x10007f00L
#define SSL_aRSA 0x00000100L /* RSA auth */
#define SSL_aDSS 0x00000200L /* DSS auth */
#define SSL_DSS SSL_aDSS
#define SSL_aNULL 0x00000400L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aDH 0x00000800L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
#define SSL_aECDH 0x00001000L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aKRB5 0x00002000L /* KRB5 auth */
#define SSL_aECDSA 0x00004000L /* ECDSA auth*/
#define SSL_ECDSA SSL_aECDSA
#define SSL_aPSK 0x10000000L /* PSK auth */
#define SSL_NULL (SSL_eNULL)
#define SSL_RSA (SSL_kRSA|SSL_aRSA)
#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
#define SSL_ADH (SSL_kEDH|SSL_aNULL)
#define SSL_ECDH (SSL_kECDH|SSL_kEECDH)
#define SSL_AECDH (SSL_kEECDH|SSL_aNULL)
#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
#define SSL_PSK (SSL_kPSK|SSL_aPSK)
/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA 0x00000001L /* RSA auth */
#define SSL_aDSS 0x00000002L /* DSS auth */
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
#define SSL_aKRB5 0x00000020L /* KRB5 auth */
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
#define SSL_aPSK 0x00000080L /* PSK auth */
#define SSL_ENC_MASK 0x0C3F8000L
#define SSL_DES 0x00008000L
#define SSL_3DES 0x00010000L
#define SSL_RC4 0x00020000L
#define SSL_RC2 0x00040000L
#define SSL_IDEA 0x00080000L
#define SSL_eNULL 0x00200000L
#define SSL_AES 0x04000000L
#define SSL_CAMELLIA 0x08000000L
#define SSL_MAC_MASK 0x00c00000L
#define SSL_MD5 0x00400000L
#define SSL_SHA1 0x00800000L
#define SSL_SHA (SSL_SHA1)
/* Bits for algorithm_enc (symmetric encryption) */
#define SSL_DES 0x00000001L
#define SSL_3DES 0x00000002L
#define SSL_RC4 0x00000004L
#define SSL_RC2 0x00000008L
#define SSL_IDEA 0x00000010L
#define SSL_eNULL 0x00000020L
#define SSL_AES128 0x00000040L
#define SSL_AES256 0x00000080L
#define SSL_CAMELLIA128 0x00000100L
#define SSL_CAMELLIA256 0x00000200L
#define SSL_SSL_MASK 0x03000000L
#define SSL_SSLV2 0x01000000L
#define SSL_SSLV3 0x02000000L
#define SSL_AES (SSL_AES128|SSL_AES256)
#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
/* Bits for algorithm_mac (symmetric authentication) */
#define SSL_MD5 0x00000001L
#define SSL_SHA1 0x00000002L
/* Bits for algorithm_ssl (protocol version) */
#define SSL_SSLV2 0x00000001L
#define SSL_SSLV3 0x00000002L
#define SSL_TLSV1 SSL_SSLV3 /* for now */
/* we have used 3fffffff - 2 bits left to go. */
/*
* Export and cipher strength information. For each cipher we have to decide
@ -348,10 +342,11 @@
* be possible.
*/
#define SSL_EXP_MASK 0x00000003L
#define SSL_STRONG_MASK 0x000000fcL
#define SSL_NOT_EXP 0x00000001L
#define SSL_EXPORT 0x00000002L
#define SSL_STRONG_MASK 0x000000fcL
#define SSL_STRONG_NONE 0x00000004L
#define SSL_EXP40 0x00000008L
#define SSL_MICRO (SSL_EXP40)
@ -384,17 +379,14 @@
#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
(a) == SSL_DES ? 8 : 7)
#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
(c)->algo_strength)
#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
#define SSL_ALL 0xffffffffL
#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
SSL_MAC_MASK)
#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
/* Mostly for SSLv3 */
#define SSL_PKEY_RSA_ENC 0
@ -444,8 +436,10 @@ typedef struct cert_st
/* The following masks are for the key and auth
* algorithms that are supported by the certs below */
int valid;
unsigned long mask;
unsigned long export_mask;
unsigned long mask_k;
unsigned long mask_a;
unsigned long export_mask_k;
unsigned long export_mask_a;
#ifndef OPENSSL_NO_RSA
RSA *rsa_tmp;
RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);

10
ssl/t1_enc.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -274,7 +274,9 @@ int tls1_change_cipher_state(SSL *s, int which)
#ifdef KSSL_DEBUG
printf("tls1_change_cipher_state(which= %d) w/\n", which);
printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
printf("\talg= %ld/%ld, comp= %p\n",
s->s3->tmp.new_cipher->algorithm_mkey,
s->s3->tmp.new_cipher->algorithm_auth,
comp);
printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
@ -531,11 +533,11 @@ printf("\nkey block\n");
if (s->session->cipher != NULL)
{
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
if (s->session->cipher->algorithm_enc == SSL_eNULL)
s->s3->need_empty_fragments = 0;
#ifndef OPENSSL_NO_RC4
if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
if (s->session->cipher->algorithm_enc == SSL_RC4)
s->s3->need_empty_fragments = 0;
#endif
}

46
ssl/t1_lib.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -248,7 +248,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
s2n(extdatalen,p);
return ret;
}
}
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
{
@ -294,7 +294,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
s2n(extdatalen,p);
return ret;
}
}
int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
{
@ -477,7 +477,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
*p = data;
return 1;
}
}
int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
{
@ -572,7 +572,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
*p = data;
return 1;
}
}
#ifndef OPENSSL_NO_EC
static int nid_list[] =
@ -681,17 +681,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
int using_ecc = 0;
int i;
unsigned char *j;
int algs;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
{
algs = (sk_SSL_CIPHER_value(cipher_stack, i))->algorithms;
if ((algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA))
SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
{
using_ecc = 1;
break;
}
}
using_ecc = using_ecc && (s->version == TLS1_VERSION);
if (using_ecc)
@ -721,7 +724,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
}
#endif /* OPENSSL_NO_EC */
return 1;
}
}
int ssl_prepare_serverhello_tlsext(SSL *s)
{
@ -730,8 +733,10 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
* if the client sent us an ECPointsFormat extension. Note that the server is not
* supposed to send an EllipticCurves extension.
*/
int algs = s->s3->tmp.new_cipher->algorithms;
int using_ecc = (algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA);
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
if (using_ecc)
@ -749,7 +754,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
}
#endif /* OPENSSL_NO_EC */
return 1;
}
}
int ssl_check_clienthello_tlsext(SSL *s)
{
@ -770,7 +775,8 @@ int ssl_check_clienthello_tlsext(SSL *s)
else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
switch (ret) {
switch (ret)
{
case SSL_TLSEXT_ERR_ALERT_FATAL:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
return -1;
@ -784,7 +790,7 @@ int ssl_check_clienthello_tlsext(SSL *s)
default:
return 1;
}
}
}
int ssl_check_serverhello_tlsext(SSL *s)
{
@ -795,9 +801,10 @@ int ssl_check_serverhello_tlsext(SSL *s)
/* If we are client and using an elliptic curve cryptography cipher suite, then server
* must return a an EC point formats lists containing uncompressed.
*/
int algs = s->s3->tmp.new_cipher->algorithms;
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
((algs & SSL_kECDH) || (algs & SSL_kEECDH) || (algs & SSL_aECDSA)))
((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
@ -831,7 +838,8 @@ int ssl_check_serverhello_tlsext(SSL *s)
else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
switch (ret) {
switch (ret)
{
case SSL_TLSEXT_ERR_ALERT_FATAL:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
return -1;
@ -845,6 +853,6 @@ int ssl_check_serverhello_tlsext(SSL *s)
default:
return 1;
}
}
}
#endif