mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-05-09 05:31:05 +08:00
Move tls_get_cipher_name_pair and get_num_elements to ssl_utils.c
This allow these functions to be defined without having to include ssl.c/misc.c which pulls in a lot of more dependencies. Change-Id: I605394d4f3872a168d05bbbe52d90f6d48935865 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20231208173346.94820-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27726.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe
Gert Doering
parent
9b4ed6d801
commit
3094d8fb06
@ -773,26 +773,6 @@ output_peer_info_env(struct env_set *es, const char *peer_info)
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
get_num_elements(const char *string, char delimiter)
|
||||
{
|
||||
int string_len = strlen(string);
|
||||
|
||||
ASSERT(0 != string_len);
|
||||
|
||||
int element_count = 1;
|
||||
/* Get number of ciphers */
|
||||
for (int i = 0; i < string_len; i++)
|
||||
{
|
||||
if (string[i] == delimiter)
|
||||
{
|
||||
element_count++;
|
||||
}
|
||||
}
|
||||
|
||||
return element_count;
|
||||
}
|
||||
|
||||
struct buffer
|
||||
prepend_dir(const char *dir, const char *path, struct gc_arena *gc)
|
||||
{
|
||||
|
||||
@ -192,20 +192,6 @@ bool validate_peer_info_line(char *line);
|
||||
|
||||
void output_peer_info_env(struct env_set *es, const char *peer_info);
|
||||
|
||||
/**
|
||||
* Returns the occurrences of 'delimiter' in a string +1
|
||||
* This is typically used to find out the number elements in a
|
||||
* cipher string or similar that is separated by : like
|
||||
*
|
||||
* X25519:secp256r1:X448:secp512r1:secp384r1:brainpoolP384r1
|
||||
*
|
||||
* @param string the string to work on
|
||||
* @param delimiter the delimiter to count, typically ':'
|
||||
* @return occrrences of delimiter + 1
|
||||
*/
|
||||
int
|
||||
get_num_elements(const char *string, char delimiter);
|
||||
|
||||
/**
|
||||
* Prepend a directory to a path.
|
||||
*/
|
||||
|
||||
@ -94,152 +94,6 @@ show_tls_performance_stats(void)
|
||||
|
||||
#endif /* ifdef MEASURE_TLS_HANDSHAKE_STATS */
|
||||
|
||||
/**
|
||||
* SSL/TLS Cipher suite name translation table
|
||||
*/
|
||||
static const tls_cipher_name_pair tls_cipher_name_translation_table[] = {
|
||||
{"ADH-SEED-SHA", "TLS-DH-anon-WITH-SEED-CBC-SHA"},
|
||||
{"AES128-GCM-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"AES128-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"AES128-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"AES256-GCM-SHA384", "TLS-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"AES256-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"AES256-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"CAMELLIA128-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"CAMELLIA128-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"CAMELLIA256-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"CAMELLIA256-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"DES-CBC3-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"DES-CBC-SHA", "TLS-RSA-WITH-DES-CBC-SHA"},
|
||||
{"DH-DSS-SEED-SHA", "TLS-DH-DSS-WITH-SEED-CBC-SHA"},
|
||||
{"DHE-DSS-AES128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256"},
|
||||
{"DHE-DSS-AES128-SHA256", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256"},
|
||||
{"DHE-DSS-AES128-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA"},
|
||||
{"DHE-DSS-AES256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384"},
|
||||
{"DHE-DSS-AES256-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256"},
|
||||
{"DHE-DSS-AES256-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA"},
|
||||
{"DHE-DSS-CAMELLIA128-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"DHE-DSS-CAMELLIA128-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"DHE-DSS-CAMELLIA256-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"DHE-DSS-CAMELLIA256-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"DHE-DSS-SEED-SHA", "TLS-DHE-DSS-WITH-SEED-CBC-SHA"},
|
||||
{"DHE-RSA-AES128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"DHE-RSA-AES128-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"DHE-RSA-AES128-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"DHE-RSA-AES256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"DHE-RSA-AES256-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"DHE-RSA-AES256-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"DHE-RSA-CAMELLIA128-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"DHE-RSA-CAMELLIA128-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"DHE-RSA-CAMELLIA256-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"DHE-RSA-CAMELLIA256-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"DHE-RSA-CHACHA20-POLY1305", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
|
||||
{"DHE-RSA-SEED-SHA", "TLS-DHE-RSA-WITH-SEED-CBC-SHA"},
|
||||
{"DH-RSA-SEED-SHA", "TLS-DH-RSA-WITH-SEED-CBC-SHA"},
|
||||
{"ECDH-ECDSA-AES128-GCM-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDH-ECDSA-AES128-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-AES128-SHA", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDH-ECDSA-AES256-GCM-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDH-ECDSA-AES256-SHA256", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-AES256-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDH-ECDSA-AES256-SHA", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDH-ECDSA-CAMELLIA128-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-CAMELLIA128-SHA", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDH-ECDSA-CAMELLIA256-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-CAMELLIA256-SHA", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDH-ECDSA-DES-CBC3-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDH-ECDSA-DES-CBC-SHA", "TLS-ECDH-ECDSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDH-ECDSA-RC4-SHA", "TLS-ECDH-ECDSA-WITH-RC4-128-SHA"},
|
||||
{"ECDHE-ECDSA-AES128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDHE-ECDSA-AES128-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-AES128-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384"},
|
||||
{"ECDHE-ECDSA-AES128-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-AES256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDHE-ECDSA-AES256-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-AES256-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDHE-ECDSA-AES256-SHA", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-CAMELLIA128-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-CAMELLIA128-SHA", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-CAMELLIA256-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-CAMELLIA256-SHA", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-CHACHA20-POLY1305", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"},
|
||||
{"ECDHE-ECDSA-DES-CBC3-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-DES-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-RC4-SHA", "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA"},
|
||||
{"ECDHE-RSA-AES128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDHE-RSA-AES128-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDHE-RSA-AES128-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384"},
|
||||
{"ECDHE-RSA-AES128-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDHE-RSA-AES256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDHE-RSA-AES256-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDHE-RSA-AES256-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDHE-RSA-AES256-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDHE-RSA-CAMELLIA128-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDHE-RSA-CAMELLIA128-SHA", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDHE-RSA-CAMELLIA256-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDHE-RSA-CAMELLIA256-SHA", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDHE-RSA-CHACHA20-POLY1305", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
|
||||
{"ECDHE-RSA-DES-CBC3-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDHE-RSA-DES-CBC-SHA", "TLS-ECDHE-RSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDHE-RSA-RC4-SHA", "TLS-ECDHE-RSA-WITH-RC4-128-SHA"},
|
||||
{"ECDH-RSA-AES128-GCM-SHA256", "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDH-RSA-AES128-SHA256", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDH-RSA-AES128-SHA384", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384"},
|
||||
{"ECDH-RSA-AES128-SHA", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDH-RSA-AES256-GCM-SHA384", "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDH-RSA-AES256-SHA256", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDH-RSA-AES256-SHA384", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDH-RSA-AES256-SHA", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDH-RSA-CAMELLIA128-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDH-RSA-CAMELLIA128-SHA", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDH-RSA-CAMELLIA256-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDH-RSA-CAMELLIA256-SHA", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDH-RSA-DES-CBC3-SHA", "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDH-RSA-DES-CBC-SHA", "TLS-ECDH-RSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDH-RSA-RC4-SHA", "TLS-ECDH-RSA-WITH-RC4-128-SHA"},
|
||||
{"EDH-DSS-DES-CBC3-SHA", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"},
|
||||
{"EDH-RSA-DES-CBC3-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA"},
|
||||
{"EXP-DES-CBC-SHA", "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA"},
|
||||
{"EXP-EDH-DSS-DES-CBC-SHA", "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA"},
|
||||
{"EXP-EDH-RSA-DES-CBC-SHA", "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA"},
|
||||
{"EXP-RC2-CBC-MD5", "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5"},
|
||||
{"EXP-RC4-MD5", "TLS-RSA-EXPORT-WITH-RC4-40-MD5"},
|
||||
{"NULL-MD5", "TLS-RSA-WITH-NULL-MD5"},
|
||||
{"NULL-SHA256", "TLS-RSA-WITH-NULL-SHA256"},
|
||||
{"NULL-SHA", "TLS-RSA-WITH-NULL-SHA"},
|
||||
{"PSK-3DES-EDE-CBC-SHA", "TLS-PSK-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"PSK-AES128-CBC-SHA", "TLS-PSK-WITH-AES-128-CBC-SHA"},
|
||||
{"PSK-AES256-CBC-SHA", "TLS-PSK-WITH-AES-256-CBC-SHA"},
|
||||
{"PSK-RC4-SHA", "TLS-PSK-WITH-RC4-128-SHA"},
|
||||
{"RC4-MD5", "TLS-RSA-WITH-RC4-128-MD5"},
|
||||
{"RC4-SHA", "TLS-RSA-WITH-RC4-128-SHA"},
|
||||
{"SEED-SHA", "TLS-RSA-WITH-SEED-CBC-SHA"},
|
||||
{"SRP-DSS-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"SRP-DSS-AES-128-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA"},
|
||||
{"SRP-DSS-AES-256-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA"},
|
||||
{"SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"},
|
||||
#ifdef ENABLE_CRYPTO_OPENSSL
|
||||
/* OpenSSL-specific group names */
|
||||
{"DEFAULT", "DEFAULT"},
|
||||
{"ALL", "ALL"},
|
||||
{"HIGH", "HIGH"}, {"!HIGH", "!HIGH"},
|
||||
{"MEDIUM", "MEDIUM"}, {"!MEDIUM", "!MEDIUM"},
|
||||
{"LOW", "LOW"}, {"!LOW", "!LOW"},
|
||||
{"ECDH", "ECDH"}, {"!ECDH", "!ECDH"},
|
||||
{"ECDSA", "ECDSA"}, {"!ECDSA", "!ECDSA"},
|
||||
{"EDH", "EDH"}, {"!EDH", "!EDH"},
|
||||
{"EXP", "EXP"}, {"!EXP", "!EXP"},
|
||||
{"RSA", "RSA"}, {"!RSA", "!RSA"},
|
||||
{"kRSA", "kRSA"}, {"!kRSA", "!kRSA"},
|
||||
{"SRP", "SRP"}, {"!SRP", "!SRP"},
|
||||
#endif
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/**
|
||||
* Update the implicit IV for a key_ctx_bi based on TLS session ids and cipher
|
||||
* used.
|
||||
@ -254,24 +108,6 @@ static const tls_cipher_name_pair tls_cipher_name_translation_table[] = {
|
||||
static void
|
||||
key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len);
|
||||
|
||||
const tls_cipher_name_pair *
|
||||
tls_get_cipher_name_pair(const char *cipher_name, size_t len)
|
||||
{
|
||||
const tls_cipher_name_pair *pair = tls_cipher_name_translation_table;
|
||||
|
||||
while (pair->openssl_name != NULL)
|
||||
{
|
||||
if ((strlen(pair->openssl_name) == len && 0 == memcmp(cipher_name, pair->openssl_name, len))
|
||||
|| (strlen(pair->iana_name) == len && 0 == memcmp(cipher_name, pair->iana_name, len)))
|
||||
{
|
||||
return pair;
|
||||
}
|
||||
pair++;
|
||||
}
|
||||
|
||||
/* No entry found, return NULL */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Limit the reneg_bytes value when using a small-block (<128 bytes) cipher.
|
||||
|
||||
@ -53,15 +53,6 @@
|
||||
*/
|
||||
struct tls_session;
|
||||
|
||||
/**
|
||||
* Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name
|
||||
*
|
||||
* @param cipher_name Can be either OpenSSL or IANA cipher name
|
||||
* @return tls_cipher_name_pair* if found, NULL otherwise
|
||||
*/
|
||||
typedef struct { const char *openssl_name; const char *iana_name; } tls_cipher_name_pair;
|
||||
const tls_cipher_name_pair *tls_get_cipher_name_pair(const char *cipher_name, size_t len);
|
||||
|
||||
/*
|
||||
*
|
||||
* Functions implemented in ssl.c for use by the backend SSL library
|
||||
|
||||
@ -44,6 +44,7 @@
|
||||
#include "mbedtls_compat.h"
|
||||
#include "pkcs11_backend.h"
|
||||
#include "ssl_common.h"
|
||||
#include "ssl_util.h"
|
||||
|
||||
#include "ssl_verify_mbedtls.h"
|
||||
#include <mbedtls/debug.h>
|
||||
|
||||
@ -50,6 +50,7 @@
|
||||
#endif
|
||||
|
||||
#include "ssl_verify_openssl.h"
|
||||
#include "ssl_util.h"
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
@ -114,3 +114,188 @@ options_string_compat_lzo(const char *options, struct gc_arena *gc)
|
||||
|
||||
return BSTR(&buf);
|
||||
}
|
||||
|
||||
/**
|
||||
* SSL/TLS Cipher suite name translation table
|
||||
*/
|
||||
static const tls_cipher_name_pair tls_cipher_name_translation_table[] = {
|
||||
{"ADH-SEED-SHA", "TLS-DH-anon-WITH-SEED-CBC-SHA"},
|
||||
{"AES128-GCM-SHA256", "TLS-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"AES128-SHA256", "TLS-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"AES128-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"AES256-GCM-SHA384", "TLS-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"AES256-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"AES256-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"CAMELLIA128-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"CAMELLIA128-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"CAMELLIA256-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"CAMELLIA256-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"DES-CBC3-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"DES-CBC-SHA", "TLS-RSA-WITH-DES-CBC-SHA"},
|
||||
{"DH-DSS-SEED-SHA", "TLS-DH-DSS-WITH-SEED-CBC-SHA"},
|
||||
{"DHE-DSS-AES128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256"},
|
||||
{"DHE-DSS-AES128-SHA256", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256"},
|
||||
{"DHE-DSS-AES128-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA"},
|
||||
{"DHE-DSS-AES256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384"},
|
||||
{"DHE-DSS-AES256-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256"},
|
||||
{"DHE-DSS-AES256-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA"},
|
||||
{"DHE-DSS-CAMELLIA128-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"DHE-DSS-CAMELLIA128-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"DHE-DSS-CAMELLIA256-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"DHE-DSS-CAMELLIA256-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"DHE-DSS-SEED-SHA", "TLS-DHE-DSS-WITH-SEED-CBC-SHA"},
|
||||
{"DHE-RSA-AES128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"DHE-RSA-AES128-SHA256", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"DHE-RSA-AES128-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"DHE-RSA-AES256-GCM-SHA384", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"DHE-RSA-AES256-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"DHE-RSA-AES256-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"DHE-RSA-CAMELLIA128-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"DHE-RSA-CAMELLIA128-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"DHE-RSA-CAMELLIA256-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"DHE-RSA-CAMELLIA256-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"DHE-RSA-CHACHA20-POLY1305", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
|
||||
{"DHE-RSA-SEED-SHA", "TLS-DHE-RSA-WITH-SEED-CBC-SHA"},
|
||||
{"DH-RSA-SEED-SHA", "TLS-DH-RSA-WITH-SEED-CBC-SHA"},
|
||||
{"ECDH-ECDSA-AES128-GCM-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDH-ECDSA-AES128-SHA256", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-AES128-SHA", "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDH-ECDSA-AES256-GCM-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDH-ECDSA-AES256-SHA256", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-AES256-SHA384", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDH-ECDSA-AES256-SHA", "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDH-ECDSA-CAMELLIA128-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-CAMELLIA128-SHA", "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDH-ECDSA-CAMELLIA256-SHA256", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDH-ECDSA-CAMELLIA256-SHA", "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDH-ECDSA-DES-CBC3-SHA", "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDH-ECDSA-DES-CBC-SHA", "TLS-ECDH-ECDSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDH-ECDSA-RC4-SHA", "TLS-ECDH-ECDSA-WITH-RC4-128-SHA"},
|
||||
{"ECDHE-ECDSA-AES128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDHE-ECDSA-AES128-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-AES128-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA384"},
|
||||
{"ECDHE-ECDSA-AES128-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-AES256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDHE-ECDSA-AES256-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-AES256-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDHE-ECDSA-AES256-SHA", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-CAMELLIA128-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-CAMELLIA128-SHA", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-CAMELLIA256-SHA256", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDHE-ECDSA-CAMELLIA256-SHA", "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-CHACHA20-POLY1305", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"},
|
||||
{"ECDHE-ECDSA-DES-CBC3-SHA", "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-DES-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDHE-ECDSA-RC4-SHA", "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA"},
|
||||
{"ECDHE-RSA-AES128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDHE-RSA-AES128-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDHE-RSA-AES128-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA384"},
|
||||
{"ECDHE-RSA-AES128-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDHE-RSA-AES256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDHE-RSA-AES256-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDHE-RSA-AES256-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDHE-RSA-AES256-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDHE-RSA-CAMELLIA128-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDHE-RSA-CAMELLIA128-SHA", "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDHE-RSA-CAMELLIA256-SHA256", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDHE-RSA-CAMELLIA256-SHA", "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDHE-RSA-CHACHA20-POLY1305", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"},
|
||||
{"ECDHE-RSA-DES-CBC3-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDHE-RSA-DES-CBC-SHA", "TLS-ECDHE-RSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDHE-RSA-RC4-SHA", "TLS-ECDHE-RSA-WITH-RC4-128-SHA"},
|
||||
{"ECDH-RSA-AES128-GCM-SHA256", "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256"},
|
||||
{"ECDH-RSA-AES128-SHA256", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256"},
|
||||
{"ECDH-RSA-AES128-SHA384", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA384"},
|
||||
{"ECDH-RSA-AES128-SHA", "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"ECDH-RSA-AES256-GCM-SHA384", "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384"},
|
||||
{"ECDH-RSA-AES256-SHA256", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA256"},
|
||||
{"ECDH-RSA-AES256-SHA384", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384"},
|
||||
{"ECDH-RSA-AES256-SHA", "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA"},
|
||||
{"ECDH-RSA-CAMELLIA128-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256"},
|
||||
{"ECDH-RSA-CAMELLIA128-SHA", "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA"},
|
||||
{"ECDH-RSA-CAMELLIA256-SHA256", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA256"},
|
||||
{"ECDH-RSA-CAMELLIA256-SHA", "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA"},
|
||||
{"ECDH-RSA-DES-CBC3-SHA", "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"ECDH-RSA-DES-CBC-SHA", "TLS-ECDH-RSA-WITH-DES-CBC-SHA"},
|
||||
{"ECDH-RSA-RC4-SHA", "TLS-ECDH-RSA-WITH-RC4-128-SHA"},
|
||||
{"EDH-DSS-DES-CBC3-SHA", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"EDH-DSS-DES-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"},
|
||||
{"EDH-RSA-DES-CBC3-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"EDH-RSA-DES-CBC-SHA", "TLS-DHE-RSA-WITH-DES-CBC-SHA"},
|
||||
{"EXP-DES-CBC-SHA", "TLS-RSA-EXPORT-WITH-DES40-CBC-SHA"},
|
||||
{"EXP-EDH-DSS-DES-CBC-SHA", "TLS-DH-DSS-EXPORT-WITH-DES40-CBC-SHA"},
|
||||
{"EXP-EDH-RSA-DES-CBC-SHA", "TLS-DH-RSA-EXPORT-WITH-DES40-CBC-SHA"},
|
||||
{"EXP-RC2-CBC-MD5", "TLS-RSA-EXPORT-WITH-RC2-CBC-40-MD5"},
|
||||
{"EXP-RC4-MD5", "TLS-RSA-EXPORT-WITH-RC4-40-MD5"},
|
||||
{"NULL-MD5", "TLS-RSA-WITH-NULL-MD5"},
|
||||
{"NULL-SHA256", "TLS-RSA-WITH-NULL-SHA256"},
|
||||
{"NULL-SHA", "TLS-RSA-WITH-NULL-SHA"},
|
||||
{"PSK-3DES-EDE-CBC-SHA", "TLS-PSK-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"PSK-AES128-CBC-SHA", "TLS-PSK-WITH-AES-128-CBC-SHA"},
|
||||
{"PSK-AES256-CBC-SHA", "TLS-PSK-WITH-AES-256-CBC-SHA"},
|
||||
{"PSK-RC4-SHA", "TLS-PSK-WITH-RC4-128-SHA"},
|
||||
{"RC4-MD5", "TLS-RSA-WITH-RC4-128-MD5"},
|
||||
{"RC4-SHA", "TLS-RSA-WITH-RC4-128-SHA"},
|
||||
{"SEED-SHA", "TLS-RSA-WITH-SEED-CBC-SHA"},
|
||||
{"SRP-DSS-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"SRP-DSS-AES-128-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-128-CBC-SHA"},
|
||||
{"SRP-DSS-AES-256-CBC-SHA", "TLS-SRP-SHA-DSS-WITH-AES-256-CBC-SHA"},
|
||||
{"SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA"},
|
||||
{"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"},
|
||||
{"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"},
|
||||
#ifdef ENABLE_CRYPTO_OPENSSL
|
||||
/* OpenSSL-specific group names */
|
||||
{"DEFAULT", "DEFAULT"},
|
||||
{"ALL", "ALL"},
|
||||
{"HIGH", "HIGH"}, {"!HIGH", "!HIGH"},
|
||||
{"MEDIUM", "MEDIUM"}, {"!MEDIUM", "!MEDIUM"},
|
||||
{"LOW", "LOW"}, {"!LOW", "!LOW"},
|
||||
{"ECDH", "ECDH"}, {"!ECDH", "!ECDH"},
|
||||
{"ECDSA", "ECDSA"}, {"!ECDSA", "!ECDSA"},
|
||||
{"EDH", "EDH"}, {"!EDH", "!EDH"},
|
||||
{"EXP", "EXP"}, {"!EXP", "!EXP"},
|
||||
{"RSA", "RSA"}, {"!RSA", "!RSA"},
|
||||
{"kRSA", "kRSA"}, {"!kRSA", "!kRSA"},
|
||||
{"SRP", "SRP"}, {"!SRP", "!SRP"},
|
||||
#endif
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
const tls_cipher_name_pair *
|
||||
tls_get_cipher_name_pair(const char *cipher_name, size_t len)
|
||||
{
|
||||
const tls_cipher_name_pair *pair = tls_cipher_name_translation_table;
|
||||
|
||||
while (pair->openssl_name != NULL)
|
||||
{
|
||||
if ((strlen(pair->openssl_name) == len && 0 == memcmp(cipher_name, pair->openssl_name, len))
|
||||
|| (strlen(pair->iana_name) == len && 0 == memcmp(cipher_name, pair->iana_name, len)))
|
||||
{
|
||||
return pair;
|
||||
}
|
||||
pair++;
|
||||
}
|
||||
|
||||
/* No entry found, return NULL */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int
|
||||
get_num_elements(const char *string, char delimiter)
|
||||
{
|
||||
int string_len = strlen(string);
|
||||
|
||||
ASSERT(0 != string_len);
|
||||
|
||||
int element_count = 1;
|
||||
/* Get number of ciphers */
|
||||
for (int i = 0; i < string_len; i++)
|
||||
{
|
||||
if (string[i] == delimiter)
|
||||
{
|
||||
element_count++;
|
||||
}
|
||||
}
|
||||
|
||||
return element_count;
|
||||
}
|
||||
|
||||
@ -66,4 +66,27 @@ unsigned int extract_iv_proto(const char *peer_info);
|
||||
*/
|
||||
const char *options_string_compat_lzo(const char *options, struct gc_arena *gc);
|
||||
|
||||
#endif
|
||||
/**
|
||||
* Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name
|
||||
*
|
||||
* @param cipher_name Can be either OpenSSL or IANA cipher name
|
||||
* @return tls_cipher_name_pair* if found, NULL otherwise
|
||||
*/
|
||||
typedef struct { const char *openssl_name; const char *iana_name; } tls_cipher_name_pair;
|
||||
const tls_cipher_name_pair *tls_get_cipher_name_pair(const char *cipher_name, size_t len);
|
||||
|
||||
/**
|
||||
* Returns the occurrences of 'delimiter' in a string +1
|
||||
* This is typically used to find out the number elements in a
|
||||
* cipher string or similar that is separated by : like
|
||||
*
|
||||
* X25519:secp256r1:X448:secp512r1:secp384r1:brainpoolP384r1
|
||||
*
|
||||
* @param string the string to work on
|
||||
* @param delimiter the delimiter to count, typically ':'
|
||||
* @return occrrences of delimiter + 1
|
||||
*/
|
||||
int
|
||||
get_num_elements(const char *string, char delimiter);
|
||||
|
||||
#endif /* ifndef SSL_UTIL_H_ */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user