X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=1bdac2201fb694793d2330b3ae17489a9d5709d2;hb=45473632c54947859a731dfe2db087c002ef7aa7;hp=a471995a19e63f6a808b9c2e193af6ffa6422224;hpb=5e3ff62c345c976cd1ffbcc5e6042f55264977f5;p=openssl.git diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a471995a19..1bdac2201f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -244,7 +244,10 @@ static int nid_list[] = NID_secp256k1, /* secp256k1 (22) */ NID_X9_62_prime256v1, /* secp256r1 (23) */ NID_secp384r1, /* secp384r1 (24) */ - NID_secp521r1 /* secp521r1 (25) */ + NID_secp521r1, /* secp521r1 (25) */ + NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ + NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ + NID_brainpoolP512r1 /* brainpool512r1 (28) */ }; @@ -260,11 +263,14 @@ static const unsigned char eccurves_default[] = 0,14, /* sect571r1 (14) */ 0,13, /* sect571k1 (13) */ 0,25, /* secp521r1 (25) */ + 0,28, /* brainpool512r1 (28) */ 0,11, /* sect409k1 (11) */ 0,12, /* sect409r1 (12) */ + 0,27, /* brainpoolP384r1 (27) */ 0,24, /* secp384r1 (24) */ 0,9, /* sect283k1 (9) */ 0,10, /* sect283r1 (10) */ + 0,26, /* brainpoolP256r1 (26) */ 0,22, /* secp256k1 (22) */ 0,23, /* secp256r1 (23) */ 0,8, /* sect239k1 (8) */ @@ -354,6 +360,12 @@ int tls1_ec_nid2curve_id(int nid) return 24; case NID_secp521r1: /* secp521r1 (25) */ return 25; + case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */ + return 26; + case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */ + return 27; + case NID_brainpoolP512r1: /* brainpool512r1 (28) */ + return 28; default: return 0; } @@ -864,9 +876,6 @@ static unsigned char tls12_sigalgs[] = { #ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) #endif -#ifndef OPENSSL_NO_MD5 - tlsext_sigalg_rsa(TLSEXT_hash_md5) -#endif }; #ifndef OPENSSL_NO_ECDSA static unsigned char suiteb_sigalgs[] = { @@ -909,13 +918,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) else { *psigs = tls12_sigalgs; -#ifdef OPENSSL_FIPS - /* If FIPS mode don't include MD5 which is last */ - if (FIPS_mode()) - return sizeof(tls12_sigalgs) - 2; - else -#endif - return sizeof(tls12_sigalgs); + return sizeof(tls12_sigalgs); } } /* Check signature algorithm is consistent with sent supported signature @@ -1869,7 +1872,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign return; data += size; - if (TLS1_get_version(s) >= TLS1_2_VERSION) + if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); @@ -1893,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign s->s3->is_probably_safari = 1; } -#endif /* OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_EC */ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) { @@ -1932,7 +1935,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char #ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) ssl_check_for_safari(s, data, d, n); -#endif /* OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ if (s->cert->peer_sigalgs)