Home | History | Annotate | Download | only in ssl
      1 /* ssl/ssl_ciph.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 /* ====================================================================
    112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    113  * ECC cipher suite support in OpenSSL originally developed by
    114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    115  */
    116 /* ====================================================================
    117  * Copyright 2005 Nokia. All rights reserved.
    118  *
    119  * The portions of the attached software ("Contribution") is developed by
    120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    121  * license.
    122  *
    123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    125  * support (see RFC 4279) to OpenSSL.
    126  *
    127  * No patent licenses or other rights except those expressly stated in
    128  * the OpenSSL open source license shall be deemed granted or received
    129  * expressly, by implication, estoppel, or otherwise.
    130  *
    131  * No assurances are provided by Nokia that the Contribution does not
    132  * infringe the patent or other intellectual property rights of any third
    133  * party or that the license provides you with all the necessary rights
    134  * to make use of the Contribution.
    135  *
    136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    140  * OTHERWISE.
    141  */
    142 
    143 #include <stdio.h>
    144 #include <openssl/objects.h>
    145 #ifndef OPENSSL_NO_COMP
    146 #include <openssl/comp.h>
    147 #endif
    148 #ifndef OPENSSL_NO_ENGINE
    149 #include <openssl/engine.h>
    150 #endif
    151 #include "ssl_locl.h"
    152 
    153 #define SSL_ENC_DES_IDX		0
    154 #define SSL_ENC_3DES_IDX	1
    155 #define SSL_ENC_RC4_IDX		2
    156 #define SSL_ENC_RC2_IDX		3
    157 #define SSL_ENC_IDEA_IDX	4
    158 #define SSL_ENC_NULL_IDX	5
    159 #define SSL_ENC_AES128_IDX	6
    160 #define SSL_ENC_AES256_IDX	7
    161 #define SSL_ENC_CAMELLIA128_IDX	8
    162 #define SSL_ENC_CAMELLIA256_IDX	9
    163 #define SSL_ENC_GOST89_IDX	10
    164 #define SSL_ENC_SEED_IDX    	11
    165 #define SSL_ENC_NUM_IDX		12
    166 
    167 
    168 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
    169 	NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
    170 	};
    171 
    172 #define SSL_COMP_NULL_IDX	0
    173 #define SSL_COMP_ZLIB_IDX	1
    174 #define SSL_COMP_NUM_IDX	2
    175 
    176 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
    177 
    178 #define SSL_MD_MD5_IDX	0
    179 #define SSL_MD_SHA1_IDX	1
    180 #define SSL_MD_GOST94_IDX 2
    181 #define SSL_MD_GOST89MAC_IDX 3
    182 /*Constant SSL_MAX_DIGEST equal to size of digests array should be
    183  * defined in the
    184  * ssl_locl.h */
    185 #define SSL_MD_NUM_IDX	SSL_MAX_DIGEST
    186 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
    187 	NULL,NULL,NULL,NULL
    188 	};
    189 /* PKEY_TYPE for GOST89MAC is known in advance, but, because
    190  * implementation is engine-provided, we'll fill it only if
    191  * corresponding EVP_PKEY_METHOD is found
    192  */
    193 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
    194 	EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
    195 	};
    196 
    197 static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
    198 	0,0,0,0
    199 	};
    200 
    201 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
    202 	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
    203 	SSL_HANDSHAKE_MAC_GOST94,0
    204 	};
    205 
    206 #define CIPHER_ADD	1
    207 #define CIPHER_KILL	2
    208 #define CIPHER_DEL	3
    209 #define CIPHER_ORD	4
    210 #define CIPHER_SPECIAL	5
    211 
    212 typedef struct cipher_order_st
    213 	{
    214 	const SSL_CIPHER *cipher;
    215 	int active;
    216 	int dead;
    217 	struct cipher_order_st *next,*prev;
    218 	} CIPHER_ORDER;
    219 
    220 static const SSL_CIPHER cipher_aliases[]={
    221 	/* "ALL" doesn't include eNULL (must be specifically enabled) */
    222 	{0,SSL_TXT_ALL,0,     0,0,~SSL_eNULL,0,0,0,0,0,0},
    223 	/* "COMPLEMENTOFALL" */
    224 	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
    225 
    226 	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
    227 	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
    228 
    229 	/* key exchange aliases
    230 	 * (some of those using only a single bit here combine
    231 	 * multiple key exchange algs according to the RFCs,
    232 	 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
    233 	{0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
    234 
    235 	{0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    236 	{0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    237 	{0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    238 	{0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
    239 	{0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
    240 
    241 	{0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
    242 
    243 	{0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
    244 	{0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
    245 	{0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
    246 	{0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
    247 	{0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
    248 
    249         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
    250 	{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
    251 
    252 	/* server authentication aliases */
    253 	{0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
    254 	{0,SSL_TXT_aDSS,0,    0,SSL_aDSS,  0,0,0,0,0,0,0},
    255 	{0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
    256 	{0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
    257 	{0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
    258 	{0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    259 	{0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
    260 	{0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
    261 	{0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
    262         {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
    263 	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
    264 	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
    265 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
    266 
    267 	/* aliases combining key exchange and server authentication */
    268 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
    269 	{0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
    270 	{0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
    271 	{0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
    272 	{0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
    273 	{0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
    274 	{0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
    275         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
    276 
    277 
    278 	/* symmetric encryption aliases */
    279 	{0,SSL_TXT_DES,0,     0,0,SSL_DES,   0,0,0,0,0,0},
    280 	{0,SSL_TXT_3DES,0,    0,0,SSL_3DES,  0,0,0,0,0,0},
    281 	{0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
    282 	{0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
    283 	{0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
    284 	{0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
    285 	{0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
    286 	{0,SSL_TXT_AES128,0,  0,0,SSL_AES128,0,0,0,0,0,0},
    287 	{0,SSL_TXT_AES256,0,  0,0,SSL_AES256,0,0,0,0,0,0},
    288 	{0,SSL_TXT_AES,0,     0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
    289 	{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
    290 	{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
    291 	{0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
    292 
    293 	/* MAC aliases */
    294 	{0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
    295 	{0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
    296 	{0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
    297 	{0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
    298 	{0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
    299 
    300 	/* protocol version aliases */
    301 	{0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
    302 	{0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
    303 	{0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
    304 
    305 	/* export flag */
    306 	{0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
    307 	{0,SSL_TXT_EXPORT,0,  0,0,0,0,0,SSL_EXPORT,0,0,0},
    308 
    309 	/* strength classes */
    310 	{0,SSL_TXT_EXP40,0,   0,0,0,0,0,SSL_EXP40, 0,0,0},
    311 	{0,SSL_TXT_EXP56,0,   0,0,0,0,0,SSL_EXP56, 0,0,0},
    312 	{0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
    313 	{0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
    314 	{0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
    315 	/* FIPS 140-2 approved ciphersuite */
    316 	{0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
    317 	};
    318 /* Search for public key algorithm with given name and
    319  * return its pkey_id if it is available. Otherwise return 0
    320  */
    321 #ifdef OPENSSL_NO_ENGINE
    322 
    323 static int get_optional_pkey_id(const char *pkey_name)
    324 	{
    325 	const EVP_PKEY_ASN1_METHOD *ameth;
    326 	int pkey_id=0;
    327 	ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
    328 	if (ameth)
    329 		{
    330 		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
    331 		}
    332 	return pkey_id;
    333 	}
    334 
    335 #else
    336 
    337 static int get_optional_pkey_id(const char *pkey_name)
    338 	{
    339 	const EVP_PKEY_ASN1_METHOD *ameth;
    340 	ENGINE *tmpeng = NULL;
    341 	int pkey_id=0;
    342 	ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
    343 	if (ameth)
    344 		{
    345 		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
    346 		}
    347 	if (tmpeng) ENGINE_finish(tmpeng);
    348 	return pkey_id;
    349 	}
    350 
    351 #endif
    352 
    353 void ssl_load_ciphers(void)
    354 	{
    355 	ssl_cipher_methods[SSL_ENC_DES_IDX]=
    356 		EVP_get_cipherbyname(SN_des_cbc);
    357 	ssl_cipher_methods[SSL_ENC_3DES_IDX]=
    358 		EVP_get_cipherbyname(SN_des_ede3_cbc);
    359 	ssl_cipher_methods[SSL_ENC_RC4_IDX]=
    360 		EVP_get_cipherbyname(SN_rc4);
    361 	ssl_cipher_methods[SSL_ENC_RC2_IDX]=
    362 		EVP_get_cipherbyname(SN_rc2_cbc);
    363 #ifndef OPENSSL_NO_IDEA
    364 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
    365 		EVP_get_cipherbyname(SN_idea_cbc);
    366 #else
    367 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
    368 #endif
    369 	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
    370 	  EVP_get_cipherbyname(SN_aes_128_cbc);
    371 	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
    372 	  EVP_get_cipherbyname(SN_aes_256_cbc);
    373 	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
    374 	  EVP_get_cipherbyname(SN_camellia_128_cbc);
    375 	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
    376 	  EVP_get_cipherbyname(SN_camellia_256_cbc);
    377 	ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
    378 	  EVP_get_cipherbyname(SN_gost89_cnt);
    379 	ssl_cipher_methods[SSL_ENC_SEED_IDX]=
    380 	  EVP_get_cipherbyname(SN_seed_cbc);
    381 
    382 	ssl_digest_methods[SSL_MD_MD5_IDX]=
    383 		EVP_get_digestbyname(SN_md5);
    384 	ssl_mac_secret_size[SSL_MD_MD5_IDX]=
    385 		EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
    386 	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
    387 	ssl_digest_methods[SSL_MD_SHA1_IDX]=
    388 		EVP_get_digestbyname(SN_sha1);
    389 	ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
    390 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
    391 	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
    392 	ssl_digest_methods[SSL_MD_GOST94_IDX]=
    393 		EVP_get_digestbyname(SN_id_GostR3411_94);
    394 	if (ssl_digest_methods[SSL_MD_GOST94_IDX])
    395 		{
    396 		ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
    397 			EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
    398 		OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
    399 		}
    400 	ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
    401 		EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
    402 		ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
    403 		if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
    404 			ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
    405 		}
    406 
    407 	}
    408 #ifndef OPENSSL_NO_COMP
    409 
    410 static int sk_comp_cmp(const SSL_COMP * const *a,
    411 			const SSL_COMP * const *b)
    412 	{
    413 	return((*a)->id-(*b)->id);
    414 	}
    415 
    416 static void load_builtin_compressions(void)
    417 	{
    418 	int got_write_lock = 0;
    419 
    420 	CRYPTO_r_lock(CRYPTO_LOCK_SSL);
    421 	if (ssl_comp_methods == NULL)
    422 		{
    423 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
    424 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
    425 		got_write_lock = 1;
    426 
    427 		if (ssl_comp_methods == NULL)
    428 			{
    429 			SSL_COMP *comp = NULL;
    430 
    431 			MemCheck_off();
    432 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
    433 			if (ssl_comp_methods != NULL)
    434 				{
    435 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
    436 				if (comp != NULL)
    437 					{
    438 					comp->method=COMP_zlib();
    439 					if (comp->method
    440 						&& comp->method->type == NID_undef)
    441 						OPENSSL_free(comp);
    442 					else
    443 						{
    444 						comp->id=SSL_COMP_ZLIB_IDX;
    445 						comp->name=comp->method->name;
    446 						sk_SSL_COMP_push(ssl_comp_methods,comp);
    447 						}
    448 					}
    449 				}
    450 			MemCheck_on();
    451 			}
    452 		}
    453 
    454 	if (got_write_lock)
    455 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
    456 	else
    457 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
    458 	}
    459 #endif
    460 
    461 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    462 	     const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
    463 	{
    464 	int i;
    465 	const SSL_CIPHER *c;
    466 
    467 	c=s->cipher;
    468 	if (c == NULL) return(0);
    469 	if (comp != NULL)
    470 		{
    471 		SSL_COMP ctmp;
    472 #ifndef OPENSSL_NO_COMP
    473 		load_builtin_compressions();
    474 #endif
    475 
    476 		*comp=NULL;
    477 		ctmp.id=s->compress_meth;
    478 		if (ssl_comp_methods != NULL)
    479 			{
    480 			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
    481 			if (i >= 0)
    482 				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
    483 			else
    484 				*comp=NULL;
    485 			}
    486 		}
    487 
    488 	if ((enc == NULL) || (md == NULL)) return(0);
    489 
    490 	switch (c->algorithm_enc)
    491 		{
    492 	case SSL_DES:
    493 		i=SSL_ENC_DES_IDX;
    494 		break;
    495 	case SSL_3DES:
    496 		i=SSL_ENC_3DES_IDX;
    497 		break;
    498 	case SSL_RC4:
    499 		i=SSL_ENC_RC4_IDX;
    500 		break;
    501 	case SSL_RC2:
    502 		i=SSL_ENC_RC2_IDX;
    503 		break;
    504 	case SSL_IDEA:
    505 		i=SSL_ENC_IDEA_IDX;
    506 		break;
    507 	case SSL_eNULL:
    508 		i=SSL_ENC_NULL_IDX;
    509 		break;
    510 	case SSL_AES128:
    511 		i=SSL_ENC_AES128_IDX;
    512 		break;
    513 	case SSL_AES256:
    514 		i=SSL_ENC_AES256_IDX;
    515 		break;
    516 	case SSL_CAMELLIA128:
    517 		i=SSL_ENC_CAMELLIA128_IDX;
    518 		break;
    519 	case SSL_CAMELLIA256:
    520 		i=SSL_ENC_CAMELLIA256_IDX;
    521 		break;
    522 	case SSL_eGOST2814789CNT:
    523 		i=SSL_ENC_GOST89_IDX;
    524 		break;
    525 	case SSL_SEED:
    526 		i=SSL_ENC_SEED_IDX;
    527 		break;
    528 	default:
    529 		i= -1;
    530 		break;
    531 		}
    532 
    533 	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
    534 		*enc=NULL;
    535 	else
    536 		{
    537 		if (i == SSL_ENC_NULL_IDX)
    538 			*enc=EVP_enc_null();
    539 		else
    540 			*enc=ssl_cipher_methods[i];
    541 		}
    542 
    543 	switch (c->algorithm_mac)
    544 		{
    545 	case SSL_MD5:
    546 		i=SSL_MD_MD5_IDX;
    547 		break;
    548 	case SSL_SHA1:
    549 		i=SSL_MD_SHA1_IDX;
    550 		break;
    551 	case SSL_GOST94:
    552 		i = SSL_MD_GOST94_IDX;
    553 		break;
    554 	case SSL_GOST89MAC:
    555 		i = SSL_MD_GOST89MAC_IDX;
    556 		break;
    557 	default:
    558 		i= -1;
    559 		break;
    560 		}
    561 	if ((i < 0) || (i > SSL_MD_NUM_IDX))
    562 	{
    563 		*md=NULL;
    564 		if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
    565 		if (mac_secret_size!=NULL) *mac_secret_size = 0;
    566 
    567 	}
    568 	else
    569 	{
    570 		*md=ssl_digest_methods[i];
    571 		if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
    572 		if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
    573 	}
    574 
    575 	if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
    576 		return(1);
    577 	else
    578 		return(0);
    579 	}
    580 
    581 int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
    582 {
    583 	if (idx <0||idx>=SSL_MD_NUM_IDX)
    584 		{
    585 		return 0;
    586 		}
    587 	if (ssl_handshake_digest_flag[idx]==0) return 0;
    588 	*mask = ssl_handshake_digest_flag[idx];
    589 	*md = ssl_digest_methods[idx];
    590 	return 1;
    591 }
    592 
    593 #define ITEM_SEP(a) \
    594 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
    595 
    596 static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
    597 	     CIPHER_ORDER **tail)
    598 	{
    599 	if (curr == *tail) return;
    600 	if (curr == *head)
    601 		*head=curr->next;
    602 	if (curr->prev != NULL)
    603 		curr->prev->next=curr->next;
    604 	if (curr->next != NULL)
    605 		curr->next->prev=curr->prev;
    606 	(*tail)->next=curr;
    607 	curr->prev= *tail;
    608 	curr->next=NULL;
    609 	*tail=curr;
    610 	}
    611 
    612 static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
    613 	     CIPHER_ORDER **tail)
    614 	{
    615 	if (curr == *head) return;
    616 	if (curr == *tail)
    617 		*tail=curr->prev;
    618 	if (curr->next != NULL)
    619 		curr->next->prev=curr->prev;
    620 	if (curr->prev != NULL)
    621 		curr->prev->next=curr->next;
    622 	(*head)->prev=curr;
    623 	curr->next= *head;
    624 	curr->prev=NULL;
    625 	*head=curr;
    626 	}
    627 
    628 static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
    629 	{
    630 	*mkey = 0;
    631 	*auth = 0;
    632 	*enc = 0;
    633 	*mac = 0;
    634 	*ssl = 0;
    635 
    636 #ifdef OPENSSL_NO_RSA
    637 	*mkey |= SSL_kRSA;
    638 	*auth |= SSL_aRSA;
    639 #endif
    640 #ifdef OPENSSL_NO_DSA
    641 	*auth |= SSL_aDSS;
    642 #endif
    643 	*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
    644 	*auth |= SSL_aDH;
    645 #ifdef OPENSSL_NO_DH
    646 	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
    647 	*auth |= SSL_aDH;
    648 #endif
    649 #ifdef OPENSSL_NO_KRB5
    650 	*mkey |= SSL_kKRB5;
    651 	*auth |= SSL_aKRB5;
    652 #endif
    653 #ifdef OPENSSL_NO_ECDSA
    654 	*auth |= SSL_aECDSA;
    655 #endif
    656 #ifdef OPENSSL_NO_ECDH
    657 	*mkey |= SSL_kECDHe|SSL_kECDHr;
    658 	*auth |= SSL_aECDH;
    659 #endif
    660 #ifdef OPENSSL_NO_PSK
    661 	*mkey |= SSL_kPSK;
    662 	*auth |= SSL_aPSK;
    663 #endif
    664 	/* Check for presence of GOST 34.10 algorithms, and if they
    665 	 * do not present, disable  appropriate auth and key exchange */
    666 	if (!get_optional_pkey_id("gost94")) {
    667 		*auth |= SSL_aGOST94;
    668 	}
    669 	if (!get_optional_pkey_id("gost2001")) {
    670 		*auth |= SSL_aGOST01;
    671 	}
    672 	/* Disable GOST key exchange if no GOST signature algs are available * */
    673 	if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
    674 		*mkey |= SSL_kGOST;
    675 	}
    676 #ifdef SSL_FORBID_ENULL
    677 	*enc |= SSL_eNULL;
    678 #endif
    679 
    680 
    681 
    682 	*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
    683 	*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
    684 	*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
    685 	*enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
    686 	*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
    687 	*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
    688 	*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
    689 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
    690 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
    691 	*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
    692 	*enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
    693 
    694 	*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
    695 	*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
    696 	*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
    697 	*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
    698 
    699 	}
    700 
    701 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
    702                 int num_of_ciphers,
    703                 unsigned long disabled_mkey, unsigned long disabled_auth,
    704                 unsigned long disabled_enc, unsigned long disabled_mac,
    705                 unsigned long disabled_ssl,
    706                 CIPHER_ORDER *co_list,
    707                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
    708 	{
    709 	int i, co_list_num;
    710 	const SSL_CIPHER *c;
    711 
    712 	/*
    713 	 * We have num_of_ciphers descriptions compiled in, depending on the
    714 	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
    715 	 * These will later be sorted in a linked list with at most num
    716 	 * entries.
    717 	 */
    718 
    719 	/* Get the initial list of ciphers */
    720 	co_list_num = 0;	/* actual count of ciphers */
    721 	for (i = 0; i < num_of_ciphers; i++)
    722 		{
    723 		c = ssl_method->get_cipher(i);
    724 		/* drop those that use any of that is not available */
    725 		if ((c != NULL) && c->valid &&
    726 		    !(c->algorithm_mkey & disabled_mkey) &&
    727 		    !(c->algorithm_auth & disabled_auth) &&
    728 		    !(c->algorithm_enc & disabled_enc) &&
    729 		    !(c->algorithm_mac & disabled_mac) &&
    730 		    !(c->algorithm_ssl & disabled_ssl))
    731 			{
    732 			co_list[co_list_num].cipher = c;
    733 			co_list[co_list_num].next = NULL;
    734 			co_list[co_list_num].prev = NULL;
    735 			co_list[co_list_num].active = 0;
    736 			co_list_num++;
    737 #ifdef KSSL_DEBUG
    738 			printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
    739 #endif	/* KSSL_DEBUG */
    740 			/*
    741 			if (!sk_push(ca_list,(char *)c)) goto err;
    742 			*/
    743 			}
    744 		}
    745 
    746 	/*
    747 	 * Prepare linked list from list entries
    748 	 */
    749 	if (co_list_num > 0)
    750 		{
    751 		co_list[0].prev = NULL;
    752 
    753 		if (co_list_num > 1)
    754 			{
    755 			co_list[0].next = &co_list[1];
    756 
    757 			for (i = 1; i < co_list_num - 1; i++)
    758 				{
    759 				co_list[i].prev = &co_list[i - 1];
    760 				co_list[i].next = &co_list[i + 1];
    761 				}
    762 
    763 			co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
    764 			}
    765 
    766 		co_list[co_list_num - 1].next = NULL;
    767 
    768 		*head_p = &co_list[0];
    769 		*tail_p = &co_list[co_list_num - 1];
    770 		}
    771 	}
    772 
    773 static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
    774                         int num_of_group_aliases,
    775                         unsigned long disabled_mkey, unsigned long disabled_auth,
    776                         unsigned long disabled_enc, unsigned long disabled_mac,
    777                         unsigned long disabled_ssl,
    778 			CIPHER_ORDER *head)
    779 	{
    780 	CIPHER_ORDER *ciph_curr;
    781 	const SSL_CIPHER **ca_curr;
    782 	int i;
    783 	unsigned long mask_mkey = ~disabled_mkey;
    784 	unsigned long mask_auth = ~disabled_auth;
    785 	unsigned long mask_enc = ~disabled_enc;
    786 	unsigned long mask_mac = ~disabled_mac;
    787 	unsigned long mask_ssl = ~disabled_ssl;
    788 
    789 	/*
    790 	 * First, add the real ciphers as already collected
    791 	 */
    792 	ciph_curr = head;
    793 	ca_curr = ca_list;
    794 	while (ciph_curr != NULL)
    795 		{
    796 		*ca_curr = ciph_curr->cipher;
    797 		ca_curr++;
    798 		ciph_curr = ciph_curr->next;
    799 		}
    800 
    801 	/*
    802 	 * Now we add the available ones from the cipher_aliases[] table.
    803 	 * They represent either one or more algorithms, some of which
    804 	 * in any affected category must be supported (set in enabled_mask),
    805 	 * or represent a cipher strength value (will be added in any case because algorithms=0).
    806 	 */
    807 	for (i = 0; i < num_of_group_aliases; i++)
    808 		{
    809 		unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
    810 		unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
    811 		unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
    812 		unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
    813 		unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
    814 
    815 		if (algorithm_mkey)
    816 			if ((algorithm_mkey & mask_mkey) == 0)
    817 				continue;
    818 
    819 		if (algorithm_auth)
    820 			if ((algorithm_auth & mask_auth) == 0)
    821 				continue;
    822 
    823 		if (algorithm_enc)
    824 			if ((algorithm_enc & mask_enc) == 0)
    825 				continue;
    826 
    827 		if (algorithm_mac)
    828 			if ((algorithm_mac & mask_mac) == 0)
    829 				continue;
    830 
    831 		if (algorithm_ssl)
    832 			if ((algorithm_ssl & mask_ssl) == 0)
    833 				continue;
    834 
    835 		*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
    836 		ca_curr++;
    837 		}
    838 
    839 	*ca_curr = NULL;	/* end of list */
    840 	}
    841 
    842 static void ssl_cipher_apply_rule(unsigned long cipher_id,
    843                 unsigned long alg_mkey, unsigned long alg_auth,
    844                 unsigned long alg_enc, unsigned long alg_mac,
    845                 unsigned long alg_ssl,
    846 		unsigned long algo_strength,
    847 		int rule, int strength_bits,
    848 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
    849 	{
    850 	CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
    851 	const SSL_CIPHER *cp;
    852 	int reverse = 0;
    853 
    854 #ifdef CIPHER_DEBUG
    855 	printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
    856 		rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
    857 #endif
    858 
    859 	if (rule == CIPHER_DEL)
    860 		reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
    861 
    862 	head = *head_p;
    863 	tail = *tail_p;
    864 
    865 	if (reverse)
    866 		{
    867 		curr = tail;
    868 		last = head;
    869 		}
    870 	else
    871 		{
    872 		curr = head;
    873 		last = tail;
    874 		}
    875 
    876 	curr2 = curr;
    877 	for (;;)
    878 		{
    879 		if ((curr == NULL) || (curr == last)) break;
    880 		curr = curr2;
    881 		curr2 = reverse ? curr->prev : curr->next;
    882 
    883 		cp = curr->cipher;
    884 
    885 		/*
    886 		 * Selection criteria is either the value of strength_bits
    887 		 * or the algorithms used.
    888 		 */
    889 		if (strength_bits >= 0)
    890 			{
    891 			if (strength_bits != cp->strength_bits)
    892 				continue;
    893 			}
    894 		else
    895 			{
    896 #ifdef CIPHER_DEBUG
    897 			printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
    898 #endif
    899 
    900 			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
    901 				continue;
    902 			if (alg_auth && !(alg_auth & cp->algorithm_auth))
    903 				continue;
    904 			if (alg_enc && !(alg_enc & cp->algorithm_enc))
    905 				continue;
    906 			if (alg_mac && !(alg_mac & cp->algorithm_mac))
    907 				continue;
    908 			if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
    909 				continue;
    910 			if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
    911 				continue;
    912 			if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
    913 				continue;
    914 			}
    915 
    916 #ifdef CIPHER_DEBUG
    917 		printf("Action = %d\n", rule);
    918 #endif
    919 
    920 		/* add the cipher if it has not been added yet. */
    921 		if (rule == CIPHER_ADD)
    922 			{
    923 			/* reverse == 0 */
    924 			if (!curr->active)
    925 				{
    926 				ll_append_tail(&head, curr, &tail);
    927 				curr->active = 1;
    928 				}
    929 			}
    930 		/* Move the added cipher to this location */
    931 		else if (rule == CIPHER_ORD)
    932 			{
    933 			/* reverse == 0 */
    934 			if (curr->active)
    935 				{
    936 				ll_append_tail(&head, curr, &tail);
    937 				}
    938 			}
    939 		else if	(rule == CIPHER_DEL)
    940 			{
    941 			/* reverse == 1 */
    942 			if (curr->active)
    943 				{
    944 				/* most recently deleted ciphersuites get best positions
    945 				 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
    946 				 * works in reverse to maintain the order) */
    947 				ll_append_head(&head, curr, &tail);
    948 				curr->active = 0;
    949 				}
    950 			}
    951 		else if (rule == CIPHER_KILL)
    952 			{
    953 			/* reverse == 0 */
    954 			if (head == curr)
    955 				head = curr->next;
    956 			else
    957 				curr->prev->next = curr->next;
    958 			if (tail == curr)
    959 				tail = curr->prev;
    960 			curr->active = 0;
    961 			if (curr->next != NULL)
    962 				curr->next->prev = curr->prev;
    963 			if (curr->prev != NULL)
    964 				curr->prev->next = curr->next;
    965 			curr->next = NULL;
    966 			curr->prev = NULL;
    967 			}
    968 		}
    969 
    970 	*head_p = head;
    971 	*tail_p = tail;
    972 	}
    973 
    974 static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
    975 				    CIPHER_ORDER **tail_p)
    976 	{
    977 	int max_strength_bits, i, *number_uses;
    978 	CIPHER_ORDER *curr;
    979 
    980 	/*
    981 	 * This routine sorts the ciphers with descending strength. The sorting
    982 	 * must keep the pre-sorted sequence, so we apply the normal sorting
    983 	 * routine as '+' movement to the end of the list.
    984 	 */
    985 	max_strength_bits = 0;
    986 	curr = *head_p;
    987 	while (curr != NULL)
    988 		{
    989 		if (curr->active &&
    990 		    (curr->cipher->strength_bits > max_strength_bits))
    991 		    max_strength_bits = curr->cipher->strength_bits;
    992 		curr = curr->next;
    993 		}
    994 
    995 	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
    996 	if (!number_uses)
    997 		{
    998 		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
    999 		return(0);
   1000 		}
   1001 	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
   1002 
   1003 	/*
   1004 	 * Now find the strength_bits values actually used
   1005 	 */
   1006 	curr = *head_p;
   1007 	while (curr != NULL)
   1008 		{
   1009 		if (curr->active)
   1010 			number_uses[curr->cipher->strength_bits]++;
   1011 		curr = curr->next;
   1012 		}
   1013 	/*
   1014 	 * Go through the list of used strength_bits values in descending
   1015 	 * order.
   1016 	 */
   1017 	for (i = max_strength_bits; i >= 0; i--)
   1018 		if (number_uses[i] > 0)
   1019 			ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
   1020 
   1021 	OPENSSL_free(number_uses);
   1022 	return(1);
   1023 	}
   1024 
   1025 static int ssl_cipher_process_rulestr(const char *rule_str,
   1026                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
   1027                 const SSL_CIPHER **ca_list)
   1028 	{
   1029 	unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
   1030 	const char *l, *buf;
   1031 	int j, multi, found, rule, retval, ok, buflen;
   1032 	unsigned long cipher_id = 0;
   1033 	char ch;
   1034 
   1035 	retval = 1;
   1036 	l = rule_str;
   1037 	for (;;)
   1038 		{
   1039 		ch = *l;
   1040 
   1041 		if (ch == '\0')
   1042 			break;		/* done */
   1043 		if (ch == '-')
   1044 			{ rule = CIPHER_DEL; l++; }
   1045 		else if (ch == '+')
   1046 			{ rule = CIPHER_ORD; l++; }
   1047 		else if (ch == '!')
   1048 			{ rule = CIPHER_KILL; l++; }
   1049 		else if (ch == '@')
   1050 			{ rule = CIPHER_SPECIAL; l++; }
   1051 		else
   1052 			{ rule = CIPHER_ADD; }
   1053 
   1054 		if (ITEM_SEP(ch))
   1055 			{
   1056 			l++;
   1057 			continue;
   1058 			}
   1059 
   1060 		alg_mkey = 0;
   1061 		alg_auth = 0;
   1062 		alg_enc = 0;
   1063 		alg_mac = 0;
   1064 		alg_ssl = 0;
   1065 		algo_strength = 0;
   1066 
   1067 		for (;;)
   1068 			{
   1069 			ch = *l;
   1070 			buf = l;
   1071 			buflen = 0;
   1072 #ifndef CHARSET_EBCDIC
   1073 			while (	((ch >= 'A') && (ch <= 'Z')) ||
   1074 				((ch >= '0') && (ch <= '9')) ||
   1075 				((ch >= 'a') && (ch <= 'z')) ||
   1076 				 (ch == '-'))
   1077 #else
   1078 			while (	isalnum(ch) || (ch == '-'))
   1079 #endif
   1080 				 {
   1081 				 ch = *(++l);
   1082 				 buflen++;
   1083 				 }
   1084 
   1085 			if (buflen == 0)
   1086 				{
   1087 				/*
   1088 				 * We hit something we cannot deal with,
   1089 				 * it is no command or separator nor
   1090 				 * alphanumeric, so we call this an error.
   1091 				 */
   1092 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
   1093 				       SSL_R_INVALID_COMMAND);
   1094 				retval = found = 0;
   1095 				l++;
   1096 				break;
   1097 				}
   1098 
   1099 			if (rule == CIPHER_SPECIAL)
   1100 				{
   1101 				found = 0; /* unused -- avoid compiler warning */
   1102 				break;	/* special treatment */
   1103 				}
   1104 
   1105 			/* check for multi-part specification */
   1106 			if (ch == '+')
   1107 				{
   1108 				multi=1;
   1109 				l++;
   1110 				}
   1111 			else
   1112 				multi=0;
   1113 
   1114 			/*
   1115 			 * Now search for the cipher alias in the ca_list. Be careful
   1116 			 * with the strncmp, because the "buflen" limitation
   1117 			 * will make the rule "ADH:SOME" and the cipher
   1118 			 * "ADH-MY-CIPHER" look like a match for buflen=3.
   1119 			 * So additionally check whether the cipher name found
   1120 			 * has the correct length. We can save a strlen() call:
   1121 			 * just checking for the '\0' at the right place is
   1122 			 * sufficient, we have to strncmp() anyway. (We cannot
   1123 			 * use strcmp(), because buf is not '\0' terminated.)
   1124 			 */
   1125 			j = found = 0;
   1126 			cipher_id = 0;
   1127 			while (ca_list[j])
   1128 				{
   1129 				if (!strncmp(buf, ca_list[j]->name, buflen) &&
   1130 				    (ca_list[j]->name[buflen] == '\0'))
   1131 					{
   1132 					found = 1;
   1133 					break;
   1134 					}
   1135 				else
   1136 					j++;
   1137 				}
   1138 
   1139 			if (!found)
   1140 				break;	/* ignore this entry */
   1141 
   1142 			if (ca_list[j]->algorithm_mkey)
   1143 				{
   1144 				if (alg_mkey)
   1145 					{
   1146 					alg_mkey &= ca_list[j]->algorithm_mkey;
   1147 					if (!alg_mkey) { found = 0; break; }
   1148 					}
   1149 				else
   1150 					alg_mkey = ca_list[j]->algorithm_mkey;
   1151 				}
   1152 
   1153 			if (ca_list[j]->algorithm_auth)
   1154 				{
   1155 				if (alg_auth)
   1156 					{
   1157 					alg_auth &= ca_list[j]->algorithm_auth;
   1158 					if (!alg_auth) { found = 0; break; }
   1159 					}
   1160 				else
   1161 					alg_auth = ca_list[j]->algorithm_auth;
   1162 				}
   1163 
   1164 			if (ca_list[j]->algorithm_enc)
   1165 				{
   1166 				if (alg_enc)
   1167 					{
   1168 					alg_enc &= ca_list[j]->algorithm_enc;
   1169 					if (!alg_enc) { found = 0; break; }
   1170 					}
   1171 				else
   1172 					alg_enc = ca_list[j]->algorithm_enc;
   1173 				}
   1174 
   1175 			if (ca_list[j]->algorithm_mac)
   1176 				{
   1177 				if (alg_mac)
   1178 					{
   1179 					alg_mac &= ca_list[j]->algorithm_mac;
   1180 					if (!alg_mac) { found = 0; break; }
   1181 					}
   1182 				else
   1183 					alg_mac = ca_list[j]->algorithm_mac;
   1184 				}
   1185 
   1186 			if (ca_list[j]->algo_strength & SSL_EXP_MASK)
   1187 				{
   1188 				if (algo_strength & SSL_EXP_MASK)
   1189 					{
   1190 					algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
   1191 					if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
   1192 					}
   1193 				else
   1194 					algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
   1195 				}
   1196 
   1197 			if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
   1198 				{
   1199 				if (algo_strength & SSL_STRONG_MASK)
   1200 					{
   1201 					algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
   1202 					if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
   1203 					}
   1204 				else
   1205 					algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
   1206 				}
   1207 
   1208 			if (ca_list[j]->valid)
   1209 				{
   1210 				/* explicit ciphersuite found; its protocol version
   1211 				 * does not become part of the search pattern!*/
   1212 
   1213 				cipher_id = ca_list[j]->id;
   1214 				}
   1215 			else
   1216 				{
   1217 				/* not an explicit ciphersuite; only in this case, the
   1218 				 * protocol version is considered part of the search pattern */
   1219 
   1220 				if (ca_list[j]->algorithm_ssl)
   1221 					{
   1222 					if (alg_ssl)
   1223 						{
   1224 						alg_ssl &= ca_list[j]->algorithm_ssl;
   1225 						if (!alg_ssl) { found = 0; break; }
   1226 						}
   1227 					else
   1228 						alg_ssl = ca_list[j]->algorithm_ssl;
   1229 					}
   1230 				}
   1231 
   1232 			if (!multi) break;
   1233 			}
   1234 
   1235 		/*
   1236 		 * Ok, we have the rule, now apply it
   1237 		 */
   1238 		if (rule == CIPHER_SPECIAL)
   1239 			{	/* special command */
   1240 			ok = 0;
   1241 			if ((buflen == 8) &&
   1242 				!strncmp(buf, "STRENGTH", 8))
   1243 				ok = ssl_cipher_strength_sort(head_p, tail_p);
   1244 			else
   1245 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
   1246 					SSL_R_INVALID_COMMAND);
   1247 			if (ok == 0)
   1248 				retval = 0;
   1249 			/*
   1250 			 * We do not support any "multi" options
   1251 			 * together with "@", so throw away the
   1252 			 * rest of the command, if any left, until
   1253 			 * end or ':' is found.
   1254 			 */
   1255 			while ((*l != '\0') && !ITEM_SEP(*l))
   1256 				l++;
   1257 			}
   1258 		else if (found)
   1259 			{
   1260 			ssl_cipher_apply_rule(cipher_id,
   1261 				alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
   1262 				rule, -1, head_p, tail_p);
   1263 			}
   1264 		else
   1265 			{
   1266 			while ((*l != '\0') && !ITEM_SEP(*l))
   1267 				l++;
   1268 			}
   1269 		if (*l == '\0') break; /* done */
   1270 		}
   1271 
   1272 	return(retval);
   1273 	}
   1274 
   1275 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
   1276 		STACK_OF(SSL_CIPHER) **cipher_list,
   1277 		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
   1278 		const char *rule_str)
   1279 	{
   1280 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
   1281 	unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
   1282 	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
   1283 	const char *rule_p;
   1284 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
   1285 	const SSL_CIPHER **ca_list = NULL;
   1286 
   1287 	/*
   1288 	 * Return with error if nothing to do.
   1289 	 */
   1290 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
   1291 		return NULL;
   1292 
   1293 	/*
   1294 	 * To reduce the work to do we only want to process the compiled
   1295 	 * in algorithms, so we first get the mask of disabled ciphers.
   1296 	 */
   1297 	ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
   1298 
   1299 	/*
   1300 	 * Now we have to collect the available ciphers from the compiled
   1301 	 * in ciphers. We cannot get more than the number compiled in, so
   1302 	 * it is used for allocation.
   1303 	 */
   1304 	num_of_ciphers = ssl_method->num_ciphers();
   1305 #ifdef KSSL_DEBUG
   1306 	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
   1307 #endif    /* KSSL_DEBUG */
   1308 	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
   1309 	if (co_list == NULL)
   1310 		{
   1311 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
   1312 		return(NULL);	/* Failure */
   1313 		}
   1314 
   1315 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
   1316 	                           disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
   1317 	                           co_list, &head, &tail);
   1318 
   1319 
   1320 	/* Now arrange all ciphers by preference: */
   1321 
   1322 	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
   1323 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
   1324 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
   1325 
   1326 	/* AES is our preferred symmetric cipher */
   1327 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
   1328 
   1329 	/* Temporarily enable everything else for sorting */
   1330 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
   1331 
   1332 	/* Low priority for MD5 */
   1333 	ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1334 
   1335 	/* Move anonymous ciphers to the end.  Usually, these will remain disabled.
   1336 	 * (For applications that allow them, they aren't too bad, but we prefer
   1337 	 * authenticated ciphers.) */
   1338 	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1339 
   1340 	/* Move ciphers without forward secrecy to the end */
   1341 	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1342 	/* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
   1343 	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1344 	ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1345 	ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1346 
   1347 	/* RC4 is sort-of broken -- move the the end */
   1348 	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1349 
   1350 	/* Now sort by symmetric encryption strength.  The above ordering remains
   1351 	 * in force within each class */
   1352 	if (!ssl_cipher_strength_sort(&head, &tail))
   1353 		{
   1354 		OPENSSL_free(co_list);
   1355 		return NULL;
   1356 		}
   1357 
   1358 	/* Now disable everything (maintaining the ordering!) */
   1359 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
   1360 
   1361 
   1362 	/*
   1363 	 * We also need cipher aliases for selecting based on the rule_str.
   1364 	 * There might be two types of entries in the rule_str: 1) names
   1365 	 * of ciphers themselves 2) aliases for groups of ciphers.
   1366 	 * For 1) we need the available ciphers and for 2) the cipher
   1367 	 * groups of cipher_aliases added together in one list (otherwise
   1368 	 * we would be happy with just the cipher_aliases table).
   1369 	 */
   1370 	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
   1371 	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
   1372 	ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
   1373 	if (ca_list == NULL)
   1374 		{
   1375 		OPENSSL_free(co_list);
   1376 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
   1377 		return(NULL);	/* Failure */
   1378 		}
   1379 	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
   1380 	                           disabled_mkey, disabled_auth, disabled_enc,
   1381 				   disabled_mac, disabled_ssl, head);
   1382 
   1383 	/*
   1384 	 * If the rule_string begins with DEFAULT, apply the default rule
   1385 	 * before using the (possibly available) additional rules.
   1386 	 */
   1387 	ok = 1;
   1388 	rule_p = rule_str;
   1389 	if (strncmp(rule_str,"DEFAULT",7) == 0)
   1390 		{
   1391 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
   1392 			&head, &tail, ca_list);
   1393 		rule_p += 7;
   1394 		if (*rule_p == ':')
   1395 			rule_p++;
   1396 		}
   1397 
   1398 	if (ok && (strlen(rule_p) > 0))
   1399 		ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
   1400 
   1401 	OPENSSL_free((void *)ca_list);	/* Not needed anymore */
   1402 
   1403 	if (!ok)
   1404 		{	/* Rule processing failure */
   1405 		OPENSSL_free(co_list);
   1406 		return(NULL);
   1407 		}
   1408 
   1409 	/*
   1410 	 * Allocate new "cipherstack" for the result, return with error
   1411 	 * if we cannot get one.
   1412 	 */
   1413 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
   1414 		{
   1415 		OPENSSL_free(co_list);
   1416 		return(NULL);
   1417 		}
   1418 
   1419 	/*
   1420 	 * The cipher selection for the list is done. The ciphers are added
   1421 	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
   1422 	 */
   1423 	for (curr = head; curr != NULL; curr = curr->next)
   1424 		{
   1425 		if (curr->active)
   1426 			{
   1427 			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
   1428 #ifdef CIPHER_DEBUG
   1429 			printf("<%s>\n",curr->cipher->name);
   1430 #endif
   1431 			}
   1432 		}
   1433 	OPENSSL_free(co_list);	/* Not needed any longer */
   1434 
   1435 	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
   1436 	if (tmp_cipher_list == NULL)
   1437 		{
   1438 		sk_SSL_CIPHER_free(cipherstack);
   1439 		return NULL;
   1440 		}
   1441 	if (*cipher_list != NULL)
   1442 		sk_SSL_CIPHER_free(*cipher_list);
   1443 	*cipher_list = cipherstack;
   1444 	if (*cipher_list_by_id != NULL)
   1445 		sk_SSL_CIPHER_free(*cipher_list_by_id);
   1446 	*cipher_list_by_id = tmp_cipher_list;
   1447 	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
   1448 
   1449 	sk_SSL_CIPHER_sort(*cipher_list_by_id);
   1450 	return(cipherstack);
   1451 	}
   1452 
   1453 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
   1454 	{
   1455 	int is_export,pkl,kl;
   1456 	const char *ver,*exp_str;
   1457 	const char *kx,*au,*enc,*mac;
   1458 	unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
   1459 #ifdef KSSL_DEBUG
   1460 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
   1461 #else
   1462 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
   1463 #endif /* KSSL_DEBUG */
   1464 
   1465 	alg_mkey = cipher->algorithm_mkey;
   1466 	alg_auth = cipher->algorithm_auth;
   1467 	alg_enc = cipher->algorithm_enc;
   1468 	alg_mac = cipher->algorithm_mac;
   1469 	alg_ssl = cipher->algorithm_ssl;
   1470 
   1471 	alg2=cipher->algorithm2;
   1472 
   1473 	is_export=SSL_C_IS_EXPORT(cipher);
   1474 	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
   1475 	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
   1476 	exp_str=is_export?" export":"";
   1477 
   1478 	if (alg_ssl & SSL_SSLV2)
   1479 		ver="SSLv2";
   1480 	else if (alg_ssl & SSL_SSLV3)
   1481 		ver="SSLv3";
   1482 	else
   1483 		ver="unknown";
   1484 
   1485 	switch (alg_mkey)
   1486 		{
   1487 	case SSL_kRSA:
   1488 		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
   1489 		break;
   1490 	case SSL_kDHr:
   1491 		kx="DH/RSA";
   1492 		break;
   1493 	case SSL_kDHd:
   1494 		kx="DH/DSS";
   1495 		break;
   1496         case SSL_kKRB5:
   1497 		kx="KRB5";
   1498 		break;
   1499 	case SSL_kEDH:
   1500 		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
   1501 		break;
   1502 	case SSL_kECDHr:
   1503 		kx="ECDH/RSA";
   1504 		break;
   1505 	case SSL_kECDHe:
   1506 		kx="ECDH/ECDSA";
   1507 		break;
   1508 	case SSL_kEECDH:
   1509 		kx="ECDH";
   1510 		break;
   1511 	case SSL_kPSK:
   1512 		kx="PSK";
   1513 		break;
   1514 	default:
   1515 		kx="unknown";
   1516 		}
   1517 
   1518 	switch (alg_auth)
   1519 		{
   1520 	case SSL_aRSA:
   1521 		au="RSA";
   1522 		break;
   1523 	case SSL_aDSS:
   1524 		au="DSS";
   1525 		break;
   1526 	case SSL_aDH:
   1527 		au="DH";
   1528 		break;
   1529         case SSL_aKRB5:
   1530 		au="KRB5";
   1531 		break;
   1532         case SSL_aECDH:
   1533 		au="ECDH";
   1534 		break;
   1535 	case SSL_aNULL:
   1536 		au="None";
   1537 		break;
   1538 	case SSL_aECDSA:
   1539 		au="ECDSA";
   1540 		break;
   1541 	case SSL_aPSK:
   1542 		au="PSK";
   1543 		break;
   1544 	default:
   1545 		au="unknown";
   1546 		break;
   1547 		}
   1548 
   1549 	switch (alg_enc)
   1550 		{
   1551 	case SSL_DES:
   1552 		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
   1553 		break;
   1554 	case SSL_3DES:
   1555 		enc="3DES(168)";
   1556 		break;
   1557 	case SSL_RC4:
   1558 		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
   1559 		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
   1560 		break;
   1561 	case SSL_RC2:
   1562 		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
   1563 		break;
   1564 	case SSL_IDEA:
   1565 		enc="IDEA(128)";
   1566 		break;
   1567 	case SSL_eNULL:
   1568 		enc="None";
   1569 		break;
   1570 	case SSL_AES128:
   1571 		enc="AES(128)";
   1572 		break;
   1573 	case SSL_AES256:
   1574 		enc="AES(256)";
   1575 		break;
   1576 	case SSL_CAMELLIA128:
   1577 		enc="Camellia(128)";
   1578 		break;
   1579 	case SSL_CAMELLIA256:
   1580 		enc="Camellia(256)";
   1581 		break;
   1582 	case SSL_SEED:
   1583 		enc="SEED(128)";
   1584 		break;
   1585 	default:
   1586 		enc="unknown";
   1587 		break;
   1588 		}
   1589 
   1590 	switch (alg_mac)
   1591 		{
   1592 	case SSL_MD5:
   1593 		mac="MD5";
   1594 		break;
   1595 	case SSL_SHA1:
   1596 		mac="SHA1";
   1597 		break;
   1598 	default:
   1599 		mac="unknown";
   1600 		break;
   1601 		}
   1602 
   1603 	if (buf == NULL)
   1604 		{
   1605 		len=128;
   1606 		buf=OPENSSL_malloc(len);
   1607 		if (buf == NULL) return("OPENSSL_malloc Error");
   1608 		}
   1609 	else if (len < 128)
   1610 		return("Buffer too small");
   1611 
   1612 #ifdef KSSL_DEBUG
   1613 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
   1614 #else
   1615 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
   1616 #endif /* KSSL_DEBUG */
   1617 	return(buf);
   1618 	}
   1619 
   1620 char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
   1621 	{
   1622 	int i;
   1623 
   1624 	if (c == NULL) return("(NONE)");
   1625 	i=(int)(c->id>>24L);
   1626 	if (i == 3)
   1627 		return("TLSv1/SSLv3");
   1628 	else if (i == 2)
   1629 		return("SSLv2");
   1630 	else
   1631 		return("unknown");
   1632 	}
   1633 
   1634 /* return the actual cipher being used */
   1635 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
   1636 	{
   1637 	if (c != NULL)
   1638 		return(c->name);
   1639 	return("(NONE)");
   1640 	}
   1641 
   1642 /* number of bits for symmetric cipher */
   1643 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
   1644 	{
   1645 	int ret=0;
   1646 
   1647 	if (c != NULL)
   1648 		{
   1649 		if (alg_bits != NULL) *alg_bits = c->alg_bits;
   1650 		ret = c->strength_bits;
   1651 		}
   1652 	return(ret);
   1653 	}
   1654 
   1655 /* return string version of key exchange algorithm */
   1656 const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
   1657 	{
   1658 	switch (cipher->algorithm_mkey)
   1659 		{
   1660 	case SSL_kRSA:
   1661 		return SSL_TXT_RSA;
   1662 	case SSL_kDHr:
   1663 		return SSL_TXT_DH "_" SSL_TXT_RSA;
   1664 	case SSL_kDHd:
   1665 		return SSL_TXT_DH "_" SSL_TXT_DSS;
   1666 	case SSL_kEDH:
   1667 		switch (cipher->algorithm_auth)
   1668 			{
   1669 		case SSL_aDSS:
   1670 			return "DHE_" SSL_TXT_DSS;
   1671 		case SSL_aRSA:
   1672 			return "DHE_" SSL_TXT_RSA;
   1673 		case SSL_aNULL:
   1674 			return SSL_TXT_DH "_anon";
   1675 		default:
   1676 			return "UNKNOWN";
   1677                         }
   1678 	case SSL_kKRB5:
   1679 		return SSL_TXT_KRB5;
   1680 	case SSL_kECDHr:
   1681 		return SSL_TXT_ECDH "_" SSL_TXT_RSA;
   1682 	case SSL_kECDHe:
   1683 		return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
   1684 	case SSL_kEECDH:
   1685 		switch (cipher->algorithm_auth)
   1686 			{
   1687 		case SSL_aECDSA:
   1688 			return "ECDHE_" SSL_TXT_ECDSA;
   1689 		case SSL_aRSA:
   1690 			return "ECDHE_" SSL_TXT_RSA;
   1691 		case SSL_aNULL:
   1692 			return SSL_TXT_ECDH "_anon";
   1693 		default:
   1694 			return "UNKNOWN";
   1695                         }
   1696         default:
   1697 		return "UNKNOWN";
   1698 		}
   1699 	}
   1700 
   1701 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
   1702 	{
   1703 	SSL_COMP *ctmp;
   1704 	int i,nn;
   1705 
   1706 	if ((n == 0) || (sk == NULL)) return(NULL);
   1707 	nn=sk_SSL_COMP_num(sk);
   1708 	for (i=0; i<nn; i++)
   1709 		{
   1710 		ctmp=sk_SSL_COMP_value(sk,i);
   1711 		if (ctmp->id == n)
   1712 			return(ctmp);
   1713 		}
   1714 	return(NULL);
   1715 	}
   1716 
   1717 #ifdef OPENSSL_NO_COMP
   1718 void *SSL_COMP_get_compression_methods(void)
   1719 	{
   1720 	return NULL;
   1721 	}
   1722 int SSL_COMP_add_compression_method(int id, void *cm)
   1723 	{
   1724 	return 1;
   1725 	}
   1726 
   1727 const char *SSL_COMP_get_name(const void *comp)
   1728 	{
   1729 	return NULL;
   1730 	}
   1731 #else
   1732 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
   1733 	{
   1734 	load_builtin_compressions();
   1735 	return(ssl_comp_methods);
   1736 	}
   1737 
   1738 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
   1739 	{
   1740 	SSL_COMP *comp;
   1741 
   1742         if (cm == NULL || cm->type == NID_undef)
   1743                 return 1;
   1744 
   1745 	/* According to draft-ietf-tls-compression-04.txt, the
   1746 	   compression number ranges should be the following:
   1747 
   1748 	   0 to 63:    methods defined by the IETF
   1749 	   64 to 192:  external party methods assigned by IANA
   1750 	   193 to 255: reserved for private use */
   1751 	if (id < 193 || id > 255)
   1752 		{
   1753 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
   1754 		return 0;
   1755 		}
   1756 
   1757 	MemCheck_off();
   1758 	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
   1759 	comp->id=id;
   1760 	comp->method=cm;
   1761 	load_builtin_compressions();
   1762 	if (ssl_comp_methods
   1763 		&& sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
   1764 		{
   1765 		OPENSSL_free(comp);
   1766 		MemCheck_on();
   1767 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
   1768 		return(1);
   1769 		}
   1770 	else if ((ssl_comp_methods == NULL)
   1771 		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
   1772 		{
   1773 		OPENSSL_free(comp);
   1774 		MemCheck_on();
   1775 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
   1776 		return(1);
   1777 		}
   1778 	else
   1779 		{
   1780 		MemCheck_on();
   1781 		return(0);
   1782 		}
   1783 	}
   1784 
   1785 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
   1786 	{
   1787 	if (comp)
   1788 		return comp->name;
   1789 	return NULL;
   1790 	}
   1791 
   1792 #endif
   1793