Home | History | Annotate | Download | only in ssl
      1 /* ssl/ssl_ciph.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 /* ====================================================================
    112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    113  * ECC cipher suite support in OpenSSL originally developed by
    114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    115  */
    116 /* ====================================================================
    117  * Copyright 2005 Nokia. All rights reserved.
    118  *
    119  * The portions of the attached software ("Contribution") is developed by
    120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    121  * license.
    122  *
    123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    125  * support (see RFC 4279) to OpenSSL.
    126  *
    127  * No patent licenses or other rights except those expressly stated in
    128  * the OpenSSL open source license shall be deemed granted or received
    129  * expressly, by implication, estoppel, or otherwise.
    130  *
    131  * No assurances are provided by Nokia that the Contribution does not
    132  * infringe the patent or other intellectual property rights of any third
    133  * party or that the license provides you with all the necessary rights
    134  * to make use of the Contribution.
    135  *
    136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    140  * OTHERWISE.
    141  */
    142 
    143 #include <stdio.h>
    144 #include <openssl/objects.h>
    145 #ifndef OPENSSL_NO_COMP
    146 #include <openssl/comp.h>
    147 #endif
    148 #ifndef OPENSSL_NO_ENGINE
    149 #include <openssl/engine.h>
    150 #endif
    151 #include "ssl_locl.h"
    152 
    153 #define SSL_ENC_DES_IDX		0
    154 #define SSL_ENC_3DES_IDX	1
    155 #define SSL_ENC_RC4_IDX		2
    156 #define SSL_ENC_RC2_IDX		3
    157 #define SSL_ENC_IDEA_IDX	4
    158 #define SSL_ENC_NULL_IDX	5
    159 #define SSL_ENC_AES128_IDX	6
    160 #define SSL_ENC_AES256_IDX	7
    161 #define SSL_ENC_CAMELLIA128_IDX	8
    162 #define SSL_ENC_CAMELLIA256_IDX	9
    163 #define SSL_ENC_GOST89_IDX	10
    164 #define SSL_ENC_SEED_IDX    	11
    165 #define SSL_ENC_AES128GCM_IDX	12
    166 #define SSL_ENC_AES256GCM_IDX	13
    167 #define SSL_ENC_NUM_IDX		14
    168 
    169 
    170 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
    171 	NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
    172 	};
    173 
    174 #define SSL_COMP_NULL_IDX	0
    175 #define SSL_COMP_ZLIB_IDX	1
    176 #define SSL_COMP_NUM_IDX	2
    177 
    178 static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
    179 
    180 #define SSL_MD_MD5_IDX	0
    181 #define SSL_MD_SHA1_IDX	1
    182 #define SSL_MD_GOST94_IDX 2
    183 #define SSL_MD_GOST89MAC_IDX 3
    184 #define SSL_MD_SHA256_IDX 4
    185 #define SSL_MD_SHA384_IDX 5
    186 /*Constant SSL_MAX_DIGEST equal to size of digests array should be
    187  * defined in the
    188  * ssl_locl.h */
    189 #define SSL_MD_NUM_IDX	SSL_MAX_DIGEST
    190 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
    191 	NULL,NULL,NULL,NULL,NULL,NULL
    192 	};
    193 /* PKEY_TYPE for GOST89MAC is known in advance, but, because
    194  * implementation is engine-provided, we'll fill it only if
    195  * corresponding EVP_PKEY_METHOD is found
    196  */
    197 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
    198 	EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
    199 	EVP_PKEY_HMAC,EVP_PKEY_HMAC
    200 	};
    201 
    202 static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
    203 	0,0,0,0,0,0
    204 	};
    205 
    206 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
    207 	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
    208 	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
    209 	SSL_HANDSHAKE_MAC_SHA384
    210 	};
    211 
    212 #define CIPHER_ADD	1
    213 #define CIPHER_KILL	2
    214 #define CIPHER_DEL	3
    215 #define CIPHER_ORD	4
    216 #define CIPHER_SPECIAL	5
    217 
    218 typedef struct cipher_order_st
    219 	{
    220 	const SSL_CIPHER *cipher;
    221 	int active;
    222 	int dead;
    223 	struct cipher_order_st *next,*prev;
    224 	} CIPHER_ORDER;
    225 
    226 static const SSL_CIPHER cipher_aliases[]={
    227 	/* "ALL" doesn't include eNULL (must be specifically enabled) */
    228 	{0,SSL_TXT_ALL,0,     0,0,~SSL_eNULL,0,0,0,0,0,0},
    229 	/* "COMPLEMENTOFALL" */
    230 	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
    231 
    232 	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
    233 	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
    234 
    235 	/* key exchange aliases
    236 	 * (some of those using only a single bit here combine
    237 	 * multiple key exchange algs according to the RFCs,
    238 	 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
    239 	{0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
    240 
    241 	{0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    242 	{0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    243 	{0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    244 	{0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
    245 	{0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
    246 
    247 	{0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
    248 
    249 	{0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
    250 	{0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
    251 	{0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
    252 	{0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
    253 	{0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
    254 
    255         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
    256 	{0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
    257 	{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
    258 
    259 	/* server authentication aliases */
    260 	{0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
    261 	{0,SSL_TXT_aDSS,0,    0,SSL_aDSS,  0,0,0,0,0,0,0},
    262 	{0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
    263 	{0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
    264 	{0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
    265 	{0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
    266 	{0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
    267 	{0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
    268 	{0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
    269         {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
    270 	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
    271 	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
    272 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
    273 	{0,SSL_TXT_aSRP,0,    0,SSL_aSRP,  0,0,0,0,0,0,0},
    274 
    275 	/* aliases combining key exchange and server authentication */
    276 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
    277 	{0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
    278 	{0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
    279 	{0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
    280 	{0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
    281 	{0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
    282 	{0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
    283         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
    284 	{0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
    285 
    286 
    287 	/* symmetric encryption aliases */
    288 	{0,SSL_TXT_DES,0,     0,0,SSL_DES,   0,0,0,0,0,0},
    289 	{0,SSL_TXT_3DES,0,    0,0,SSL_3DES,  0,0,0,0,0,0},
    290 	{0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
    291 	{0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
    292 	{0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
    293 	{0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
    294 	{0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
    295 	{0,SSL_TXT_AES128,0,  0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
    296 	{0,SSL_TXT_AES256,0,  0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
    297 	{0,SSL_TXT_AES,0,     0,0,SSL_AES,0,0,0,0,0,0},
    298 	{0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
    299 	{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
    300 	{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
    301 	{0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
    302 
    303 	/* MAC aliases */
    304 	{0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
    305 	{0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
    306 	{0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
    307 	{0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
    308 	{0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
    309 	{0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
    310 	{0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
    311 
    312 	/* protocol version aliases */
    313 	{0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
    314 	{0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
    315 	{0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
    316 	{0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
    317 
    318 	/* export flag */
    319 	{0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
    320 	{0,SSL_TXT_EXPORT,0,  0,0,0,0,0,SSL_EXPORT,0,0,0},
    321 
    322 	/* strength classes */
    323 	{0,SSL_TXT_EXP40,0,   0,0,0,0,0,SSL_EXP40, 0,0,0},
    324 	{0,SSL_TXT_EXP56,0,   0,0,0,0,0,SSL_EXP56, 0,0,0},
    325 	{0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
    326 	{0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
    327 	{0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
    328 	/* FIPS 140-2 approved ciphersuite */
    329 	{0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
    330 	};
    331 /* Search for public key algorithm with given name and
    332  * return its pkey_id if it is available. Otherwise return 0
    333  */
    334 #ifdef OPENSSL_NO_ENGINE
    335 
    336 static int get_optional_pkey_id(const char *pkey_name)
    337 	{
    338 	const EVP_PKEY_ASN1_METHOD *ameth;
    339 	int pkey_id=0;
    340 	ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
    341 	if (ameth)
    342 		{
    343 		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
    344 		}
    345 	return pkey_id;
    346 	}
    347 
    348 #else
    349 
    350 static int get_optional_pkey_id(const char *pkey_name)
    351 	{
    352 	const EVP_PKEY_ASN1_METHOD *ameth;
    353 	ENGINE *tmpeng = NULL;
    354 	int pkey_id=0;
    355 	ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
    356 	if (ameth)
    357 		{
    358 		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
    359 		}
    360 	if (tmpeng) ENGINE_finish(tmpeng);
    361 	return pkey_id;
    362 	}
    363 
    364 #endif
    365 
    366 void ssl_load_ciphers(void)
    367 	{
    368 	ssl_cipher_methods[SSL_ENC_DES_IDX]=
    369 		EVP_get_cipherbyname(SN_des_cbc);
    370 	ssl_cipher_methods[SSL_ENC_3DES_IDX]=
    371 		EVP_get_cipherbyname(SN_des_ede3_cbc);
    372 	ssl_cipher_methods[SSL_ENC_RC4_IDX]=
    373 		EVP_get_cipherbyname(SN_rc4);
    374 	ssl_cipher_methods[SSL_ENC_RC2_IDX]=
    375 		EVP_get_cipherbyname(SN_rc2_cbc);
    376 #ifndef OPENSSL_NO_IDEA
    377 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
    378 		EVP_get_cipherbyname(SN_idea_cbc);
    379 #else
    380 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
    381 #endif
    382 	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
    383 	  EVP_get_cipherbyname(SN_aes_128_cbc);
    384 	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
    385 	  EVP_get_cipherbyname(SN_aes_256_cbc);
    386 	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
    387 	  EVP_get_cipherbyname(SN_camellia_128_cbc);
    388 	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
    389 	  EVP_get_cipherbyname(SN_camellia_256_cbc);
    390 	ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
    391 	  EVP_get_cipherbyname(SN_gost89_cnt);
    392 	ssl_cipher_methods[SSL_ENC_SEED_IDX]=
    393 	  EVP_get_cipherbyname(SN_seed_cbc);
    394 
    395 	ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
    396 	  EVP_get_cipherbyname(SN_aes_128_gcm);
    397 	ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
    398 	  EVP_get_cipherbyname(SN_aes_256_gcm);
    399 
    400 	ssl_digest_methods[SSL_MD_MD5_IDX]=
    401 		EVP_get_digestbyname(SN_md5);
    402 	ssl_mac_secret_size[SSL_MD_MD5_IDX]=
    403 		EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
    404 	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
    405 	ssl_digest_methods[SSL_MD_SHA1_IDX]=
    406 		EVP_get_digestbyname(SN_sha1);
    407 	ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
    408 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
    409 	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
    410 	ssl_digest_methods[SSL_MD_GOST94_IDX]=
    411 		EVP_get_digestbyname(SN_id_GostR3411_94);
    412 	if (ssl_digest_methods[SSL_MD_GOST94_IDX])
    413 		{
    414 		ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
    415 			EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
    416 		OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
    417 		}
    418 	ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
    419 		EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
    420 		ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
    421 		if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
    422 			ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
    423 		}
    424 
    425 	ssl_digest_methods[SSL_MD_SHA256_IDX]=
    426 		EVP_get_digestbyname(SN_sha256);
    427 	ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
    428 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
    429 	ssl_digest_methods[SSL_MD_SHA384_IDX]=
    430 		EVP_get_digestbyname(SN_sha384);
    431 	ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
    432 		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
    433 	}
    434 #ifndef OPENSSL_NO_COMP
    435 
    436 static int sk_comp_cmp(const SSL_COMP * const *a,
    437 			const SSL_COMP * const *b)
    438 	{
    439 	return((*a)->id-(*b)->id);
    440 	}
    441 
    442 static void load_builtin_compressions(void)
    443 	{
    444 	int got_write_lock = 0;
    445 
    446 	CRYPTO_r_lock(CRYPTO_LOCK_SSL);
    447 	if (ssl_comp_methods == NULL)
    448 		{
    449 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
    450 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
    451 		got_write_lock = 1;
    452 
    453 		if (ssl_comp_methods == NULL)
    454 			{
    455 			SSL_COMP *comp = NULL;
    456 
    457 			MemCheck_off();
    458 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
    459 			if (ssl_comp_methods != NULL)
    460 				{
    461 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
    462 				if (comp != NULL)
    463 					{
    464 					comp->method=COMP_zlib();
    465 					if (comp->method
    466 						&& comp->method->type == NID_undef)
    467 						OPENSSL_free(comp);
    468 					else
    469 						{
    470 						comp->id=SSL_COMP_ZLIB_IDX;
    471 						comp->name=comp->method->name;
    472 						sk_SSL_COMP_push(ssl_comp_methods,comp);
    473 						}
    474 					}
    475 					sk_SSL_COMP_sort(ssl_comp_methods);
    476 				}
    477 			MemCheck_on();
    478 			}
    479 		}
    480 
    481 	if (got_write_lock)
    482 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
    483 	else
    484 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
    485 	}
    486 #endif
    487 
    488 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
    489 	     const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
    490 	{
    491 	int i;
    492 	const SSL_CIPHER *c;
    493 
    494 	c=s->cipher;
    495 	if (c == NULL) return(0);
    496 	if (comp != NULL)
    497 		{
    498 		SSL_COMP ctmp;
    499 #ifndef OPENSSL_NO_COMP
    500 		load_builtin_compressions();
    501 #endif
    502 
    503 		*comp=NULL;
    504 		ctmp.id=s->compress_meth;
    505 		if (ssl_comp_methods != NULL)
    506 			{
    507 			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
    508 			if (i >= 0)
    509 				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
    510 			else
    511 				*comp=NULL;
    512 			}
    513 		}
    514 
    515 	if ((enc == NULL) || (md == NULL)) return(0);
    516 
    517 	switch (c->algorithm_enc)
    518 		{
    519 	case SSL_DES:
    520 		i=SSL_ENC_DES_IDX;
    521 		break;
    522 	case SSL_3DES:
    523 		i=SSL_ENC_3DES_IDX;
    524 		break;
    525 	case SSL_RC4:
    526 		i=SSL_ENC_RC4_IDX;
    527 		break;
    528 	case SSL_RC2:
    529 		i=SSL_ENC_RC2_IDX;
    530 		break;
    531 	case SSL_IDEA:
    532 		i=SSL_ENC_IDEA_IDX;
    533 		break;
    534 	case SSL_eNULL:
    535 		i=SSL_ENC_NULL_IDX;
    536 		break;
    537 	case SSL_AES128:
    538 		i=SSL_ENC_AES128_IDX;
    539 		break;
    540 	case SSL_AES256:
    541 		i=SSL_ENC_AES256_IDX;
    542 		break;
    543 	case SSL_CAMELLIA128:
    544 		i=SSL_ENC_CAMELLIA128_IDX;
    545 		break;
    546 	case SSL_CAMELLIA256:
    547 		i=SSL_ENC_CAMELLIA256_IDX;
    548 		break;
    549 	case SSL_eGOST2814789CNT:
    550 		i=SSL_ENC_GOST89_IDX;
    551 		break;
    552 	case SSL_SEED:
    553 		i=SSL_ENC_SEED_IDX;
    554 		break;
    555 	case SSL_AES128GCM:
    556 		i=SSL_ENC_AES128GCM_IDX;
    557 		break;
    558 	case SSL_AES256GCM:
    559 		i=SSL_ENC_AES256GCM_IDX;
    560 		break;
    561 	default:
    562 		i= -1;
    563 		break;
    564 		}
    565 
    566 	if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
    567 		*enc=NULL;
    568 	else
    569 		{
    570 		if (i == SSL_ENC_NULL_IDX)
    571 			*enc=EVP_enc_null();
    572 		else
    573 			*enc=ssl_cipher_methods[i];
    574 		}
    575 
    576 	switch (c->algorithm_mac)
    577 		{
    578 	case SSL_MD5:
    579 		i=SSL_MD_MD5_IDX;
    580 		break;
    581 	case SSL_SHA1:
    582 		i=SSL_MD_SHA1_IDX;
    583 		break;
    584 	case SSL_SHA256:
    585 		i=SSL_MD_SHA256_IDX;
    586 		break;
    587 	case SSL_SHA384:
    588 		i=SSL_MD_SHA384_IDX;
    589 		break;
    590 	case SSL_GOST94:
    591 		i = SSL_MD_GOST94_IDX;
    592 		break;
    593 	case SSL_GOST89MAC:
    594 		i = SSL_MD_GOST89MAC_IDX;
    595 		break;
    596 	default:
    597 		i= -1;
    598 		break;
    599 		}
    600 	if ((i < 0) || (i >= SSL_MD_NUM_IDX))
    601 	{
    602 		*md=NULL;
    603 		if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
    604 		if (mac_secret_size!=NULL) *mac_secret_size = 0;
    605 		if (c->algorithm_mac == SSL_AEAD)
    606 			mac_pkey_type = NULL;
    607 	}
    608 	else
    609 	{
    610 		*md=ssl_digest_methods[i];
    611 		if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
    612 		if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
    613 	}
    614 
    615 	if ((*enc != NULL) &&
    616 	    (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
    617 	    (!mac_pkey_type||*mac_pkey_type != NID_undef))
    618 		{
    619 		const EVP_CIPHER *evp;
    620 
    621 		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
    622 		    s->ssl_version < TLS1_VERSION)
    623 			return 1;
    624 
    625 #ifdef OPENSSL_FIPS
    626 		if (FIPS_mode())
    627 			return 1;
    628 #endif
    629 
    630 		if	(c->algorithm_enc == SSL_RC4 &&
    631 			 c->algorithm_mac == SSL_MD5 &&
    632 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
    633 			*enc = evp, *md = NULL;
    634 		else if (c->algorithm_enc == SSL_AES128 &&
    635 			 c->algorithm_mac == SSL_SHA1 &&
    636 			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
    637 			*enc = evp, *md = NULL;
    638 		else if (c->algorithm_enc == SSL_AES256 &&
    639 			 c->algorithm_mac == SSL_SHA1 &&
    640 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
    641 			*enc = evp, *md = NULL;
    642 		return(1);
    643 		}
    644 	else
    645 		return(0);
    646 	}
    647 
    648 int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
    649 {
    650 	if (idx <0||idx>=SSL_MD_NUM_IDX)
    651 		{
    652 		return 0;
    653 		}
    654 	*mask = ssl_handshake_digest_flag[idx];
    655 	if (*mask)
    656 		*md = ssl_digest_methods[idx];
    657 	else
    658 		*md = NULL;
    659 	return 1;
    660 }
    661 
    662 #define ITEM_SEP(a) \
    663 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
    664 
    665 static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
    666 	     CIPHER_ORDER **tail)
    667 	{
    668 	if (curr == *tail) return;
    669 	if (curr == *head)
    670 		*head=curr->next;
    671 	if (curr->prev != NULL)
    672 		curr->prev->next=curr->next;
    673 	if (curr->next != NULL)
    674 		curr->next->prev=curr->prev;
    675 	(*tail)->next=curr;
    676 	curr->prev= *tail;
    677 	curr->next=NULL;
    678 	*tail=curr;
    679 	}
    680 
    681 static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
    682 	     CIPHER_ORDER **tail)
    683 	{
    684 	if (curr == *head) return;
    685 	if (curr == *tail)
    686 		*tail=curr->prev;
    687 	if (curr->next != NULL)
    688 		curr->next->prev=curr->prev;
    689 	if (curr->prev != NULL)
    690 		curr->prev->next=curr->next;
    691 	(*head)->prev=curr;
    692 	curr->next= *head;
    693 	curr->prev=NULL;
    694 	*head=curr;
    695 	}
    696 
    697 static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
    698 	{
    699 	*mkey = 0;
    700 	*auth = 0;
    701 	*enc = 0;
    702 	*mac = 0;
    703 	*ssl = 0;
    704 
    705 #ifdef OPENSSL_NO_RSA
    706 	*mkey |= SSL_kRSA;
    707 	*auth |= SSL_aRSA;
    708 #endif
    709 #ifdef OPENSSL_NO_DSA
    710 	*auth |= SSL_aDSS;
    711 #endif
    712 	*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
    713 	*auth |= SSL_aDH;
    714 #ifdef OPENSSL_NO_DH
    715 	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
    716 	*auth |= SSL_aDH;
    717 #endif
    718 #ifdef OPENSSL_NO_KRB5
    719 	*mkey |= SSL_kKRB5;
    720 	*auth |= SSL_aKRB5;
    721 #endif
    722 #ifdef OPENSSL_NO_ECDSA
    723 	*auth |= SSL_aECDSA;
    724 #endif
    725 #ifdef OPENSSL_NO_ECDH
    726 	*mkey |= SSL_kECDHe|SSL_kECDHr;
    727 	*auth |= SSL_aECDH;
    728 #endif
    729 #ifdef OPENSSL_NO_PSK
    730 	*mkey |= SSL_kPSK;
    731 	*auth |= SSL_aPSK;
    732 #endif
    733 #ifdef OPENSSL_NO_SRP
    734 	*mkey |= SSL_kSRP;
    735 #endif
    736 	/* Check for presence of GOST 34.10 algorithms, and if they
    737 	 * do not present, disable  appropriate auth and key exchange */
    738 	if (!get_optional_pkey_id("gost94")) {
    739 		*auth |= SSL_aGOST94;
    740 	}
    741 	if (!get_optional_pkey_id("gost2001")) {
    742 		*auth |= SSL_aGOST01;
    743 	}
    744 	/* Disable GOST key exchange if no GOST signature algs are available * */
    745 	if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
    746 		*mkey |= SSL_kGOST;
    747 	}
    748 #ifdef SSL_FORBID_ENULL
    749 	*enc |= SSL_eNULL;
    750 #endif
    751 
    752 
    753 
    754 	*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
    755 	*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
    756 	*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
    757 	*enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
    758 	*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
    759 	*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
    760 	*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
    761 	*enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
    762 	*enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
    763 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
    764 	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
    765 	*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
    766 	*enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
    767 
    768 	*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
    769 	*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
    770 	*mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
    771 	*mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
    772 	*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
    773 	*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
    774 
    775 	}
    776 
    777 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
    778                 int num_of_ciphers,
    779                 unsigned long disabled_mkey, unsigned long disabled_auth,
    780                 unsigned long disabled_enc, unsigned long disabled_mac,
    781                 unsigned long disabled_ssl,
    782                 CIPHER_ORDER *co_list,
    783                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
    784 	{
    785 	int i, co_list_num;
    786 	const SSL_CIPHER *c;
    787 
    788 	/*
    789 	 * We have num_of_ciphers descriptions compiled in, depending on the
    790 	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
    791 	 * These will later be sorted in a linked list with at most num
    792 	 * entries.
    793 	 */
    794 
    795 	/* Get the initial list of ciphers */
    796 	co_list_num = 0;	/* actual count of ciphers */
    797 	for (i = 0; i < num_of_ciphers; i++)
    798 		{
    799 		c = ssl_method->get_cipher(i);
    800 		/* drop those that use any of that is not available */
    801 		if ((c != NULL) && c->valid &&
    802 #ifdef OPENSSL_FIPS
    803 		    (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
    804 #endif
    805 		    !(c->algorithm_mkey & disabled_mkey) &&
    806 		    !(c->algorithm_auth & disabled_auth) &&
    807 		    !(c->algorithm_enc & disabled_enc) &&
    808 		    !(c->algorithm_mac & disabled_mac) &&
    809 		    !(c->algorithm_ssl & disabled_ssl))
    810 			{
    811 			co_list[co_list_num].cipher = c;
    812 			co_list[co_list_num].next = NULL;
    813 			co_list[co_list_num].prev = NULL;
    814 			co_list[co_list_num].active = 0;
    815 			co_list_num++;
    816 #ifdef KSSL_DEBUG
    817 			printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
    818 #endif	/* KSSL_DEBUG */
    819 			/*
    820 			if (!sk_push(ca_list,(char *)c)) goto err;
    821 			*/
    822 			}
    823 		}
    824 
    825 	/*
    826 	 * Prepare linked list from list entries
    827 	 */
    828 	if (co_list_num > 0)
    829 		{
    830 		co_list[0].prev = NULL;
    831 
    832 		if (co_list_num > 1)
    833 			{
    834 			co_list[0].next = &co_list[1];
    835 
    836 			for (i = 1; i < co_list_num - 1; i++)
    837 				{
    838 				co_list[i].prev = &co_list[i - 1];
    839 				co_list[i].next = &co_list[i + 1];
    840 				}
    841 
    842 			co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
    843 			}
    844 
    845 		co_list[co_list_num - 1].next = NULL;
    846 
    847 		*head_p = &co_list[0];
    848 		*tail_p = &co_list[co_list_num - 1];
    849 		}
    850 	}
    851 
    852 static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
    853                         int num_of_group_aliases,
    854                         unsigned long disabled_mkey, unsigned long disabled_auth,
    855                         unsigned long disabled_enc, unsigned long disabled_mac,
    856                         unsigned long disabled_ssl,
    857 			CIPHER_ORDER *head)
    858 	{
    859 	CIPHER_ORDER *ciph_curr;
    860 	const SSL_CIPHER **ca_curr;
    861 	int i;
    862 	unsigned long mask_mkey = ~disabled_mkey;
    863 	unsigned long mask_auth = ~disabled_auth;
    864 	unsigned long mask_enc = ~disabled_enc;
    865 	unsigned long mask_mac = ~disabled_mac;
    866 	unsigned long mask_ssl = ~disabled_ssl;
    867 
    868 	/*
    869 	 * First, add the real ciphers as already collected
    870 	 */
    871 	ciph_curr = head;
    872 	ca_curr = ca_list;
    873 	while (ciph_curr != NULL)
    874 		{
    875 		*ca_curr = ciph_curr->cipher;
    876 		ca_curr++;
    877 		ciph_curr = ciph_curr->next;
    878 		}
    879 
    880 	/*
    881 	 * Now we add the available ones from the cipher_aliases[] table.
    882 	 * They represent either one or more algorithms, some of which
    883 	 * in any affected category must be supported (set in enabled_mask),
    884 	 * or represent a cipher strength value (will be added in any case because algorithms=0).
    885 	 */
    886 	for (i = 0; i < num_of_group_aliases; i++)
    887 		{
    888 		unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
    889 		unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
    890 		unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
    891 		unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
    892 		unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
    893 
    894 		if (algorithm_mkey)
    895 			if ((algorithm_mkey & mask_mkey) == 0)
    896 				continue;
    897 
    898 		if (algorithm_auth)
    899 			if ((algorithm_auth & mask_auth) == 0)
    900 				continue;
    901 
    902 		if (algorithm_enc)
    903 			if ((algorithm_enc & mask_enc) == 0)
    904 				continue;
    905 
    906 		if (algorithm_mac)
    907 			if ((algorithm_mac & mask_mac) == 0)
    908 				continue;
    909 
    910 		if (algorithm_ssl)
    911 			if ((algorithm_ssl & mask_ssl) == 0)
    912 				continue;
    913 
    914 		*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
    915 		ca_curr++;
    916 		}
    917 
    918 	*ca_curr = NULL;	/* end of list */
    919 	}
    920 
    921 static void ssl_cipher_apply_rule(unsigned long cipher_id,
    922                 unsigned long alg_mkey, unsigned long alg_auth,
    923                 unsigned long alg_enc, unsigned long alg_mac,
    924                 unsigned long alg_ssl,
    925 		unsigned long algo_strength,
    926 		int rule, int strength_bits,
    927 		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
    928 	{
    929 	CIPHER_ORDER *head, *tail, *curr, *next, *last;
    930 	const SSL_CIPHER *cp;
    931 	int reverse = 0;
    932 
    933 #ifdef CIPHER_DEBUG
    934 	printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
    935 		rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
    936 #endif
    937 
    938 	if (rule == CIPHER_DEL)
    939 		reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
    940 
    941 	head = *head_p;
    942 	tail = *tail_p;
    943 
    944 	if (reverse)
    945 		{
    946 		next = tail;
    947 		last = head;
    948 		}
    949 	else
    950 		{
    951 		next = head;
    952 		last = tail;
    953 		}
    954 
    955 	curr = NULL;
    956 	for (;;)
    957 		{
    958 		if (curr == last) break;
    959 
    960 		curr = next;
    961 
    962 		if (curr == NULL) break;
    963 
    964 		next = reverse ? curr->prev : curr->next;
    965 
    966 		cp = curr->cipher;
    967 
    968 		/*
    969 		 * Selection criteria is either the value of strength_bits
    970 		 * or the algorithms used.
    971 		 */
    972 		if (strength_bits >= 0)
    973 			{
    974 			if (strength_bits != cp->strength_bits)
    975 				continue;
    976 			}
    977 		else
    978 			{
    979 #ifdef CIPHER_DEBUG
    980 			printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
    981 #endif
    982 
    983 			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
    984 				continue;
    985 			if (alg_auth && !(alg_auth & cp->algorithm_auth))
    986 				continue;
    987 			if (alg_enc && !(alg_enc & cp->algorithm_enc))
    988 				continue;
    989 			if (alg_mac && !(alg_mac & cp->algorithm_mac))
    990 				continue;
    991 			if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
    992 				continue;
    993 			if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
    994 				continue;
    995 			if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
    996 				continue;
    997 			}
    998 
    999 #ifdef CIPHER_DEBUG
   1000 		printf("Action = %d\n", rule);
   1001 #endif
   1002 
   1003 		/* add the cipher if it has not been added yet. */
   1004 		if (rule == CIPHER_ADD)
   1005 			{
   1006 			/* reverse == 0 */
   1007 			if (!curr->active)
   1008 				{
   1009 				ll_append_tail(&head, curr, &tail);
   1010 				curr->active = 1;
   1011 				}
   1012 			}
   1013 		/* Move the added cipher to this location */
   1014 		else if (rule == CIPHER_ORD)
   1015 			{
   1016 			/* reverse == 0 */
   1017 			if (curr->active)
   1018 				{
   1019 				ll_append_tail(&head, curr, &tail);
   1020 				}
   1021 			}
   1022 		else if	(rule == CIPHER_DEL)
   1023 			{
   1024 			/* reverse == 1 */
   1025 			if (curr->active)
   1026 				{
   1027 				/* most recently deleted ciphersuites get best positions
   1028 				 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
   1029 				 * works in reverse to maintain the order) */
   1030 				ll_append_head(&head, curr, &tail);
   1031 				curr->active = 0;
   1032 				}
   1033 			}
   1034 		else if (rule == CIPHER_KILL)
   1035 			{
   1036 			/* reverse == 0 */
   1037 			if (head == curr)
   1038 				head = curr->next;
   1039 			else
   1040 				curr->prev->next = curr->next;
   1041 			if (tail == curr)
   1042 				tail = curr->prev;
   1043 			curr->active = 0;
   1044 			if (curr->next != NULL)
   1045 				curr->next->prev = curr->prev;
   1046 			if (curr->prev != NULL)
   1047 				curr->prev->next = curr->next;
   1048 			curr->next = NULL;
   1049 			curr->prev = NULL;
   1050 			}
   1051 		}
   1052 
   1053 	*head_p = head;
   1054 	*tail_p = tail;
   1055 	}
   1056 
   1057 static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
   1058 				    CIPHER_ORDER **tail_p)
   1059 	{
   1060 	int max_strength_bits, i, *number_uses;
   1061 	CIPHER_ORDER *curr;
   1062 
   1063 	/*
   1064 	 * This routine sorts the ciphers with descending strength. The sorting
   1065 	 * must keep the pre-sorted sequence, so we apply the normal sorting
   1066 	 * routine as '+' movement to the end of the list.
   1067 	 */
   1068 	max_strength_bits = 0;
   1069 	curr = *head_p;
   1070 	while (curr != NULL)
   1071 		{
   1072 		if (curr->active &&
   1073 		    (curr->cipher->strength_bits > max_strength_bits))
   1074 		    max_strength_bits = curr->cipher->strength_bits;
   1075 		curr = curr->next;
   1076 		}
   1077 
   1078 	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
   1079 	if (!number_uses)
   1080 		{
   1081 		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
   1082 		return(0);
   1083 		}
   1084 	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
   1085 
   1086 	/*
   1087 	 * Now find the strength_bits values actually used
   1088 	 */
   1089 	curr = *head_p;
   1090 	while (curr != NULL)
   1091 		{
   1092 		if (curr->active)
   1093 			number_uses[curr->cipher->strength_bits]++;
   1094 		curr = curr->next;
   1095 		}
   1096 	/*
   1097 	 * Go through the list of used strength_bits values in descending
   1098 	 * order.
   1099 	 */
   1100 	for (i = max_strength_bits; i >= 0; i--)
   1101 		if (number_uses[i] > 0)
   1102 			ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
   1103 
   1104 	OPENSSL_free(number_uses);
   1105 	return(1);
   1106 	}
   1107 
   1108 static int ssl_cipher_process_rulestr(const char *rule_str,
   1109                 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
   1110                 const SSL_CIPHER **ca_list)
   1111 	{
   1112 	unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
   1113 	const char *l, *buf;
   1114 	int j, multi, found, rule, retval, ok, buflen;
   1115 	unsigned long cipher_id = 0;
   1116 	char ch;
   1117 
   1118 	retval = 1;
   1119 	l = rule_str;
   1120 	for (;;)
   1121 		{
   1122 		ch = *l;
   1123 
   1124 		if (ch == '\0')
   1125 			break;		/* done */
   1126 		if (ch == '-')
   1127 			{ rule = CIPHER_DEL; l++; }
   1128 		else if (ch == '+')
   1129 			{ rule = CIPHER_ORD; l++; }
   1130 		else if (ch == '!')
   1131 			{ rule = CIPHER_KILL; l++; }
   1132 		else if (ch == '@')
   1133 			{ rule = CIPHER_SPECIAL; l++; }
   1134 		else
   1135 			{ rule = CIPHER_ADD; }
   1136 
   1137 		if (ITEM_SEP(ch))
   1138 			{
   1139 			l++;
   1140 			continue;
   1141 			}
   1142 
   1143 		alg_mkey = 0;
   1144 		alg_auth = 0;
   1145 		alg_enc = 0;
   1146 		alg_mac = 0;
   1147 		alg_ssl = 0;
   1148 		algo_strength = 0;
   1149 
   1150 		for (;;)
   1151 			{
   1152 			ch = *l;
   1153 			buf = l;
   1154 			buflen = 0;
   1155 #ifndef CHARSET_EBCDIC
   1156 			while (	((ch >= 'A') && (ch <= 'Z')) ||
   1157 				((ch >= '0') && (ch <= '9')) ||
   1158 				((ch >= 'a') && (ch <= 'z')) ||
   1159 				 (ch == '-') || (ch == '.'))
   1160 #else
   1161 			while (	isalnum(ch) || (ch == '-') || (ch == '.'))
   1162 #endif
   1163 				 {
   1164 				 ch = *(++l);
   1165 				 buflen++;
   1166 				 }
   1167 
   1168 			if (buflen == 0)
   1169 				{
   1170 				/*
   1171 				 * We hit something we cannot deal with,
   1172 				 * it is no command or separator nor
   1173 				 * alphanumeric, so we call this an error.
   1174 				 */
   1175 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
   1176 				       SSL_R_INVALID_COMMAND);
   1177 				retval = found = 0;
   1178 				l++;
   1179 				break;
   1180 				}
   1181 
   1182 			if (rule == CIPHER_SPECIAL)
   1183 				{
   1184 				found = 0; /* unused -- avoid compiler warning */
   1185 				break;	/* special treatment */
   1186 				}
   1187 
   1188 			/* check for multi-part specification */
   1189 			if (ch == '+')
   1190 				{
   1191 				multi=1;
   1192 				l++;
   1193 				}
   1194 			else
   1195 				multi=0;
   1196 
   1197 			/*
   1198 			 * Now search for the cipher alias in the ca_list. Be careful
   1199 			 * with the strncmp, because the "buflen" limitation
   1200 			 * will make the rule "ADH:SOME" and the cipher
   1201 			 * "ADH-MY-CIPHER" look like a match for buflen=3.
   1202 			 * So additionally check whether the cipher name found
   1203 			 * has the correct length. We can save a strlen() call:
   1204 			 * just checking for the '\0' at the right place is
   1205 			 * sufficient, we have to strncmp() anyway. (We cannot
   1206 			 * use strcmp(), because buf is not '\0' terminated.)
   1207 			 */
   1208 			j = found = 0;
   1209 			cipher_id = 0;
   1210 			while (ca_list[j])
   1211 				{
   1212 				if (!strncmp(buf, ca_list[j]->name, buflen) &&
   1213 				    (ca_list[j]->name[buflen] == '\0'))
   1214 					{
   1215 					found = 1;
   1216 					break;
   1217 					}
   1218 				else
   1219 					j++;
   1220 				}
   1221 
   1222 			if (!found)
   1223 				break;	/* ignore this entry */
   1224 
   1225 			if (ca_list[j]->algorithm_mkey)
   1226 				{
   1227 				if (alg_mkey)
   1228 					{
   1229 					alg_mkey &= ca_list[j]->algorithm_mkey;
   1230 					if (!alg_mkey) { found = 0; break; }
   1231 					}
   1232 				else
   1233 					alg_mkey = ca_list[j]->algorithm_mkey;
   1234 				}
   1235 
   1236 			if (ca_list[j]->algorithm_auth)
   1237 				{
   1238 				if (alg_auth)
   1239 					{
   1240 					alg_auth &= ca_list[j]->algorithm_auth;
   1241 					if (!alg_auth) { found = 0; break; }
   1242 					}
   1243 				else
   1244 					alg_auth = ca_list[j]->algorithm_auth;
   1245 				}
   1246 
   1247 			if (ca_list[j]->algorithm_enc)
   1248 				{
   1249 				if (alg_enc)
   1250 					{
   1251 					alg_enc &= ca_list[j]->algorithm_enc;
   1252 					if (!alg_enc) { found = 0; break; }
   1253 					}
   1254 				else
   1255 					alg_enc = ca_list[j]->algorithm_enc;
   1256 				}
   1257 
   1258 			if (ca_list[j]->algorithm_mac)
   1259 				{
   1260 				if (alg_mac)
   1261 					{
   1262 					alg_mac &= ca_list[j]->algorithm_mac;
   1263 					if (!alg_mac) { found = 0; break; }
   1264 					}
   1265 				else
   1266 					alg_mac = ca_list[j]->algorithm_mac;
   1267 				}
   1268 
   1269 			if (ca_list[j]->algo_strength & SSL_EXP_MASK)
   1270 				{
   1271 				if (algo_strength & SSL_EXP_MASK)
   1272 					{
   1273 					algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
   1274 					if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
   1275 					}
   1276 				else
   1277 					algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
   1278 				}
   1279 
   1280 			if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
   1281 				{
   1282 				if (algo_strength & SSL_STRONG_MASK)
   1283 					{
   1284 					algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
   1285 					if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
   1286 					}
   1287 				else
   1288 					algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
   1289 				}
   1290 
   1291 			if (ca_list[j]->valid)
   1292 				{
   1293 				/* explicit ciphersuite found; its protocol version
   1294 				 * does not become part of the search pattern!*/
   1295 
   1296 				cipher_id = ca_list[j]->id;
   1297 				}
   1298 			else
   1299 				{
   1300 				/* not an explicit ciphersuite; only in this case, the
   1301 				 * protocol version is considered part of the search pattern */
   1302 
   1303 				if (ca_list[j]->algorithm_ssl)
   1304 					{
   1305 					if (alg_ssl)
   1306 						{
   1307 						alg_ssl &= ca_list[j]->algorithm_ssl;
   1308 						if (!alg_ssl) { found = 0; break; }
   1309 						}
   1310 					else
   1311 						alg_ssl = ca_list[j]->algorithm_ssl;
   1312 					}
   1313 				}
   1314 
   1315 			if (!multi) break;
   1316 			}
   1317 
   1318 		/*
   1319 		 * Ok, we have the rule, now apply it
   1320 		 */
   1321 		if (rule == CIPHER_SPECIAL)
   1322 			{	/* special command */
   1323 			ok = 0;
   1324 			if ((buflen == 8) &&
   1325 				!strncmp(buf, "STRENGTH", 8))
   1326 				ok = ssl_cipher_strength_sort(head_p, tail_p);
   1327 			else
   1328 				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
   1329 					SSL_R_INVALID_COMMAND);
   1330 			if (ok == 0)
   1331 				retval = 0;
   1332 			/*
   1333 			 * We do not support any "multi" options
   1334 			 * together with "@", so throw away the
   1335 			 * rest of the command, if any left, until
   1336 			 * end or ':' is found.
   1337 			 */
   1338 			while ((*l != '\0') && !ITEM_SEP(*l))
   1339 				l++;
   1340 			}
   1341 		else if (found)
   1342 			{
   1343 			ssl_cipher_apply_rule(cipher_id,
   1344 				alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
   1345 				rule, -1, head_p, tail_p);
   1346 			}
   1347 		else
   1348 			{
   1349 			while ((*l != '\0') && !ITEM_SEP(*l))
   1350 				l++;
   1351 			}
   1352 		if (*l == '\0') break; /* done */
   1353 		}
   1354 
   1355 	return(retval);
   1356 	}
   1357 
   1358 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
   1359 		STACK_OF(SSL_CIPHER) **cipher_list,
   1360 		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
   1361 		const char *rule_str)
   1362 	{
   1363 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
   1364 	unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
   1365 	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
   1366 	const char *rule_p;
   1367 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
   1368 	const SSL_CIPHER **ca_list = NULL;
   1369 
   1370 	/*
   1371 	 * Return with error if nothing to do.
   1372 	 */
   1373 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
   1374 		return NULL;
   1375 
   1376 	/*
   1377 	 * To reduce the work to do we only want to process the compiled
   1378 	 * in algorithms, so we first get the mask of disabled ciphers.
   1379 	 */
   1380 	ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
   1381 
   1382 	/*
   1383 	 * Now we have to collect the available ciphers from the compiled
   1384 	 * in ciphers. We cannot get more than the number compiled in, so
   1385 	 * it is used for allocation.
   1386 	 */
   1387 	num_of_ciphers = ssl_method->num_ciphers();
   1388 #ifdef KSSL_DEBUG
   1389 	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
   1390 #endif    /* KSSL_DEBUG */
   1391 	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
   1392 	if (co_list == NULL)
   1393 		{
   1394 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
   1395 		return(NULL);	/* Failure */
   1396 		}
   1397 
   1398 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
   1399 	                           disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
   1400 	                           co_list, &head, &tail);
   1401 
   1402 
   1403 	/* Now arrange all ciphers by preference: */
   1404 
   1405 	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
   1406 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
   1407 	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
   1408 
   1409 	/* AES is our preferred symmetric cipher */
   1410 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
   1411 
   1412 	/* Temporarily enable everything else for sorting */
   1413 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
   1414 
   1415 	/* Low priority for MD5 */
   1416 	ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1417 
   1418 	/* Move anonymous ciphers to the end.  Usually, these will remain disabled.
   1419 	 * (For applications that allow them, they aren't too bad, but we prefer
   1420 	 * authenticated ciphers.) */
   1421 	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1422 
   1423 	/* Move ciphers without forward secrecy to the end */
   1424 	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1425 	/* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
   1426 	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1427 	ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1428 	ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1429 
   1430 	/* RC4 is sort-of broken -- move the the end */
   1431 	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
   1432 
   1433 	/* Now sort by symmetric encryption strength.  The above ordering remains
   1434 	 * in force within each class */
   1435 	if (!ssl_cipher_strength_sort(&head, &tail))
   1436 		{
   1437 		OPENSSL_free(co_list);
   1438 		return NULL;
   1439 		}
   1440 
   1441 	/* Now disable everything (maintaining the ordering!) */
   1442 	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
   1443 
   1444 
   1445 	/*
   1446 	 * We also need cipher aliases for selecting based on the rule_str.
   1447 	 * There might be two types of entries in the rule_str: 1) names
   1448 	 * of ciphers themselves 2) aliases for groups of ciphers.
   1449 	 * For 1) we need the available ciphers and for 2) the cipher
   1450 	 * groups of cipher_aliases added together in one list (otherwise
   1451 	 * we would be happy with just the cipher_aliases table).
   1452 	 */
   1453 	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
   1454 	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
   1455 	ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
   1456 	if (ca_list == NULL)
   1457 		{
   1458 		OPENSSL_free(co_list);
   1459 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
   1460 		return(NULL);	/* Failure */
   1461 		}
   1462 	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
   1463 	                           disabled_mkey, disabled_auth, disabled_enc,
   1464 				   disabled_mac, disabled_ssl, head);
   1465 
   1466 	/*
   1467 	 * If the rule_string begins with DEFAULT, apply the default rule
   1468 	 * before using the (possibly available) additional rules.
   1469 	 */
   1470 	ok = 1;
   1471 	rule_p = rule_str;
   1472 	if (strncmp(rule_str,"DEFAULT",7) == 0)
   1473 		{
   1474 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
   1475 			&head, &tail, ca_list);
   1476 		rule_p += 7;
   1477 		if (*rule_p == ':')
   1478 			rule_p++;
   1479 		}
   1480 
   1481 	if (ok && (strlen(rule_p) > 0))
   1482 		ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
   1483 
   1484 	OPENSSL_free((void *)ca_list);	/* Not needed anymore */
   1485 
   1486 	if (!ok)
   1487 		{	/* Rule processing failure */
   1488 		OPENSSL_free(co_list);
   1489 		return(NULL);
   1490 		}
   1491 
   1492 	/*
   1493 	 * Allocate new "cipherstack" for the result, return with error
   1494 	 * if we cannot get one.
   1495 	 */
   1496 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
   1497 		{
   1498 		OPENSSL_free(co_list);
   1499 		return(NULL);
   1500 		}
   1501 
   1502 	/*
   1503 	 * The cipher selection for the list is done. The ciphers are added
   1504 	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
   1505 	 */
   1506 	for (curr = head; curr != NULL; curr = curr->next)
   1507 		{
   1508 #ifdef OPENSSL_FIPS
   1509 		if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
   1510 #else
   1511 		if (curr->active)
   1512 #endif
   1513 			{
   1514 			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
   1515 #ifdef CIPHER_DEBUG
   1516 			printf("<%s>\n",curr->cipher->name);
   1517 #endif
   1518 			}
   1519 		}
   1520 	OPENSSL_free(co_list);	/* Not needed any longer */
   1521 
   1522 	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
   1523 	if (tmp_cipher_list == NULL)
   1524 		{
   1525 		sk_SSL_CIPHER_free(cipherstack);
   1526 		return NULL;
   1527 		}
   1528 	if (*cipher_list != NULL)
   1529 		sk_SSL_CIPHER_free(*cipher_list);
   1530 	*cipher_list = cipherstack;
   1531 	if (*cipher_list_by_id != NULL)
   1532 		sk_SSL_CIPHER_free(*cipher_list_by_id);
   1533 	*cipher_list_by_id = tmp_cipher_list;
   1534 	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
   1535 
   1536 	sk_SSL_CIPHER_sort(*cipher_list_by_id);
   1537 	return(cipherstack);
   1538 	}
   1539 
   1540 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
   1541 	{
   1542 	int is_export,pkl,kl;
   1543 	const char *ver,*exp_str;
   1544 	const char *kx,*au,*enc,*mac;
   1545 	unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
   1546 #ifdef KSSL_DEBUG
   1547 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
   1548 #else
   1549 	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
   1550 #endif /* KSSL_DEBUG */
   1551 
   1552 	alg_mkey = cipher->algorithm_mkey;
   1553 	alg_auth = cipher->algorithm_auth;
   1554 	alg_enc = cipher->algorithm_enc;
   1555 	alg_mac = cipher->algorithm_mac;
   1556 	alg_ssl = cipher->algorithm_ssl;
   1557 
   1558 	alg2=cipher->algorithm2;
   1559 
   1560 	is_export=SSL_C_IS_EXPORT(cipher);
   1561 	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
   1562 	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
   1563 	exp_str=is_export?" export":"";
   1564 
   1565 	if (alg_ssl & SSL_SSLV2)
   1566 		ver="SSLv2";
   1567 	else if (alg_ssl & SSL_SSLV3)
   1568 		ver="SSLv3";
   1569 	else if (alg_ssl & SSL_TLSV1_2)
   1570 		ver="TLSv1.2";
   1571 	else
   1572 		ver="unknown";
   1573 
   1574 	switch (alg_mkey)
   1575 		{
   1576 	case SSL_kRSA:
   1577 		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
   1578 		break;
   1579 	case SSL_kDHr:
   1580 		kx="DH/RSA";
   1581 		break;
   1582 	case SSL_kDHd:
   1583 		kx="DH/DSS";
   1584 		break;
   1585         case SSL_kKRB5:
   1586 		kx="KRB5";
   1587 		break;
   1588 	case SSL_kEDH:
   1589 		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
   1590 		break;
   1591 	case SSL_kECDHr:
   1592 		kx="ECDH/RSA";
   1593 		break;
   1594 	case SSL_kECDHe:
   1595 		kx="ECDH/ECDSA";
   1596 		break;
   1597 	case SSL_kEECDH:
   1598 		kx="ECDH";
   1599 		break;
   1600 	case SSL_kPSK:
   1601 		kx="PSK";
   1602 		break;
   1603 	case SSL_kSRP:
   1604 		kx="SRP";
   1605 		break;
   1606 	case SSL_kGOST:
   1607 		kx="GOST";
   1608 		break;
   1609 	default:
   1610 		kx="unknown";
   1611 		}
   1612 
   1613 	switch (alg_auth)
   1614 		{
   1615 	case SSL_aRSA:
   1616 		au="RSA";
   1617 		break;
   1618 	case SSL_aDSS:
   1619 		au="DSS";
   1620 		break;
   1621 	case SSL_aDH:
   1622 		au="DH";
   1623 		break;
   1624         case SSL_aKRB5:
   1625 		au="KRB5";
   1626 		break;
   1627         case SSL_aECDH:
   1628 		au="ECDH";
   1629 		break;
   1630 	case SSL_aNULL:
   1631 		au="None";
   1632 		break;
   1633 	case SSL_aECDSA:
   1634 		au="ECDSA";
   1635 		break;
   1636 	case SSL_aPSK:
   1637 		au="PSK";
   1638 		break;
   1639 	case SSL_aSRP:
   1640 		au="SRP";
   1641 		break;
   1642 	case SSL_aGOST94:
   1643 		au="GOST94";
   1644 		break;
   1645 	case SSL_aGOST01:
   1646 		au="GOST01";
   1647 		break;
   1648 	default:
   1649 		au="unknown";
   1650 		break;
   1651 		}
   1652 
   1653 	switch (alg_enc)
   1654 		{
   1655 	case SSL_DES:
   1656 		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
   1657 		break;
   1658 	case SSL_3DES:
   1659 		enc="3DES(168)";
   1660 		break;
   1661 	case SSL_RC4:
   1662 		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
   1663 		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
   1664 		break;
   1665 	case SSL_RC2:
   1666 		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
   1667 		break;
   1668 	case SSL_IDEA:
   1669 		enc="IDEA(128)";
   1670 		break;
   1671 	case SSL_eNULL:
   1672 		enc="None";
   1673 		break;
   1674 	case SSL_AES128:
   1675 		enc="AES(128)";
   1676 		break;
   1677 	case SSL_AES256:
   1678 		enc="AES(256)";
   1679 		break;
   1680 	case SSL_AES128GCM:
   1681 		enc="AESGCM(128)";
   1682 		break;
   1683 	case SSL_AES256GCM:
   1684 		enc="AESGCM(256)";
   1685 		break;
   1686 	case SSL_CAMELLIA128:
   1687 		enc="Camellia(128)";
   1688 		break;
   1689 	case SSL_CAMELLIA256:
   1690 		enc="Camellia(256)";
   1691 		break;
   1692 	case SSL_SEED:
   1693 		enc="SEED(128)";
   1694 		break;
   1695 	case SSL_eGOST2814789CNT:
   1696 		enc="GOST89(256)";
   1697 		break;
   1698 	default:
   1699 		enc="unknown";
   1700 		break;
   1701 		}
   1702 
   1703 	switch (alg_mac)
   1704 		{
   1705 	case SSL_MD5:
   1706 		mac="MD5";
   1707 		break;
   1708 	case SSL_SHA1:
   1709 		mac="SHA1";
   1710 		break;
   1711 	case SSL_SHA256:
   1712 		mac="SHA256";
   1713 		break;
   1714 	case SSL_SHA384:
   1715 		mac="SHA384";
   1716 		break;
   1717 	case SSL_AEAD:
   1718 		mac="AEAD";
   1719 		break;
   1720 	case SSL_GOST89MAC:
   1721 		mac="GOST89";
   1722 		break;
   1723 	case SSL_GOST94:
   1724 		mac="GOST94";
   1725 		break;
   1726 	default:
   1727 		mac="unknown";
   1728 		break;
   1729 		}
   1730 
   1731 	if (buf == NULL)
   1732 		{
   1733 		len=128;
   1734 		buf=OPENSSL_malloc(len);
   1735 		if (buf == NULL) return("OPENSSL_malloc Error");
   1736 		}
   1737 	else if (len < 128)
   1738 		return("Buffer too small");
   1739 
   1740 #ifdef KSSL_DEBUG
   1741 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
   1742 #else
   1743 	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
   1744 #endif /* KSSL_DEBUG */
   1745 	return(buf);
   1746 	}
   1747 
   1748 char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
   1749 	{
   1750 	int i;
   1751 
   1752 	if (c == NULL) return("(NONE)");
   1753 	i=(int)(c->id>>24L);
   1754 	if (i == 3)
   1755 		return("TLSv1/SSLv3");
   1756 	else if (i == 2)
   1757 		return("SSLv2");
   1758 	else
   1759 		return("unknown");
   1760 	}
   1761 
   1762 /* return the actual cipher being used */
   1763 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
   1764 	{
   1765 	if (c != NULL)
   1766 		return(c->name);
   1767 	return("(NONE)");
   1768 	}
   1769 
   1770 /* number of bits for symmetric cipher */
   1771 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
   1772 	{
   1773 	int ret=0;
   1774 
   1775 	if (c != NULL)
   1776 		{
   1777 		if (alg_bits != NULL) *alg_bits = c->alg_bits;
   1778 		ret = c->strength_bits;
   1779 		}
   1780 	return(ret);
   1781 	}
   1782 
   1783 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
   1784 	{
   1785 	return c->id;
   1786 	}
   1787 
   1788 /* return string version of key exchange algorithm */
   1789 const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
   1790 	{
   1791 	switch (cipher->algorithm_mkey)
   1792 		{
   1793 	case SSL_kRSA:
   1794 		return SSL_TXT_RSA;
   1795 	case SSL_kDHr:
   1796 		return SSL_TXT_DH "_" SSL_TXT_RSA;
   1797 	case SSL_kDHd:
   1798 		return SSL_TXT_DH "_" SSL_TXT_DSS;
   1799 	case SSL_kEDH:
   1800 		switch (cipher->algorithm_auth)
   1801 			{
   1802 		case SSL_aDSS:
   1803 			return "DHE_" SSL_TXT_DSS;
   1804 		case SSL_aRSA:
   1805 			return "DHE_" SSL_TXT_RSA;
   1806 		case SSL_aNULL:
   1807 			return SSL_TXT_DH "_anon";
   1808 		default:
   1809 			return "UNKNOWN";
   1810                         }
   1811 	case SSL_kKRB5:
   1812 		return SSL_TXT_KRB5;
   1813 	case SSL_kECDHr:
   1814 		return SSL_TXT_ECDH "_" SSL_TXT_RSA;
   1815 	case SSL_kECDHe:
   1816 		return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
   1817 	case SSL_kEECDH:
   1818 		switch (cipher->algorithm_auth)
   1819 			{
   1820 		case SSL_aECDSA:
   1821 			return "ECDHE_" SSL_TXT_ECDSA;
   1822 		case SSL_aRSA:
   1823 			return "ECDHE_" SSL_TXT_RSA;
   1824 		case SSL_aNULL:
   1825 			return SSL_TXT_ECDH "_anon";
   1826 		default:
   1827 			return "UNKNOWN";
   1828                         }
   1829         default:
   1830 		return "UNKNOWN";
   1831 		}
   1832 	}
   1833 
   1834 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
   1835 	{
   1836 	SSL_COMP *ctmp;
   1837 	int i,nn;
   1838 
   1839 	if ((n == 0) || (sk == NULL)) return(NULL);
   1840 	nn=sk_SSL_COMP_num(sk);
   1841 	for (i=0; i<nn; i++)
   1842 		{
   1843 		ctmp=sk_SSL_COMP_value(sk,i);
   1844 		if (ctmp->id == n)
   1845 			return(ctmp);
   1846 		}
   1847 	return(NULL);
   1848 	}
   1849 
   1850 #ifdef OPENSSL_NO_COMP
   1851 void *SSL_COMP_get_compression_methods(void)
   1852 	{
   1853 	return NULL;
   1854 	}
   1855 int SSL_COMP_add_compression_method(int id, void *cm)
   1856 	{
   1857 	return 1;
   1858 	}
   1859 
   1860 const char *SSL_COMP_get_name(const void *comp)
   1861 	{
   1862 	return NULL;
   1863 	}
   1864 #else
   1865 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
   1866 	{
   1867 	load_builtin_compressions();
   1868 	return(ssl_comp_methods);
   1869 	}
   1870 
   1871 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
   1872 	{
   1873 	SSL_COMP *comp;
   1874 
   1875         if (cm == NULL || cm->type == NID_undef)
   1876                 return 1;
   1877 
   1878 	/* According to draft-ietf-tls-compression-04.txt, the
   1879 	   compression number ranges should be the following:
   1880 
   1881 	   0 to 63:    methods defined by the IETF
   1882 	   64 to 192:  external party methods assigned by IANA
   1883 	   193 to 255: reserved for private use */
   1884 	if (id < 193 || id > 255)
   1885 		{
   1886 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
   1887 		return 0;
   1888 		}
   1889 
   1890 	MemCheck_off();
   1891 	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
   1892 	comp->id=id;
   1893 	comp->method=cm;
   1894 	load_builtin_compressions();
   1895 	if (ssl_comp_methods
   1896 		&& sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
   1897 		{
   1898 		OPENSSL_free(comp);
   1899 		MemCheck_on();
   1900 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
   1901 		return(1);
   1902 		}
   1903 	else if ((ssl_comp_methods == NULL)
   1904 		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
   1905 		{
   1906 		OPENSSL_free(comp);
   1907 		MemCheck_on();
   1908 		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
   1909 		return(1);
   1910 		}
   1911 	else
   1912 		{
   1913 		MemCheck_on();
   1914 		return(0);
   1915 		}
   1916 	}
   1917 
   1918 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
   1919 	{
   1920 	if (comp)
   1921 		return comp->name;
   1922 	return NULL;
   1923 	}
   1924 
   1925 #endif
   1926