/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
#include <openssl/rand.h>
#include "internal/cryptlib.h"
+#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
};
+/* The list of available TLSv1.3 ciphers */
+static SSL_CIPHER tls13_ciphers[] = {
+ {
+ 1,
+ TLS1_3_RFC_AES_128_GCM_SHA256,
+ TLS1_3_RFC_AES_128_GCM_SHA256,
+ TLS1_3_CK_AES_128_GCM_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 128,
+ 128,
+ }, {
+ 1,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
+ TLS1_3_RFC_AES_256_GCM_SHA384,
+ TLS1_3_CK_AES_256_GCM_SHA384,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384,
+ 256,
+ 256,
+ },
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ {
+ 1,
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+ TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+ TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 256,
+ 256,
+ },
+#endif
+ {
+ 1,
+ TLS1_3_RFC_AES_128_CCM_SHA256,
+ TLS1_3_RFC_AES_128_CCM_SHA256,
+ TLS1_3_CK_AES_128_CCM_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 128,
+ 128,
+ }, {
+ 1,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
+ TLS1_3_RFC_AES_128_CCM_8_SHA256,
+ TLS1_3_CK_AES_128_CCM_8_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 128,
+ 128,
+ }
+};
+
/*
* The list of available ciphers, mostly organized into the following
* groups:
256,
256,
},
- {
- 1,
- TLS1_3_TXT_AES_128_GCM_SHA256,
- TLS1_3_RFC_AES_128_GCM_SHA256,
- TLS1_3_CK_AES_128_GCM_SHA256,
- 0, 0,
- SSL_AES128GCM,
- SSL_AEAD,
- TLS1_3_VERSION, TLS1_3_VERSION,
- SSL_kANY,
- SSL_aANY,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256,
- 128,
- 128,
- },
- {
- 1,
- TLS1_3_TXT_AES_256_GCM_SHA384,
- TLS1_3_RFC_AES_256_GCM_SHA384,
- TLS1_3_CK_AES_256_GCM_SHA384,
- SSL_kANY,
- SSL_aANY,
- SSL_AES256GCM,
- SSL_AEAD,
- TLS1_3_VERSION, TLS1_3_VERSION,
- 0, 0,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA384,
- 256,
- 256,
- },
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
- {
- 1,
- TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
- TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
- TLS1_3_CK_CHACHA20_POLY1305_SHA256,
- SSL_kANY,
- SSL_aANY,
- SSL_CHACHA20POLY1305,
- SSL_AEAD,
- TLS1_3_VERSION, TLS1_3_VERSION,
- 0, 0,
- SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256,
- 256,
- 256,
- },
-#endif
- {
- 1,
- TLS1_3_TXT_AES_128_CCM_SHA256,
- TLS1_3_RFC_AES_128_CCM_SHA256,
- TLS1_3_CK_AES_128_CCM_SHA256,
- SSL_kANY,
- SSL_aANY,
- SSL_AES128CCM,
- SSL_AEAD,
- TLS1_3_VERSION, TLS1_3_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256,
- 128,
- 128,
- },
- {
- 1,
- TLS1_3_TXT_AES_128_CCM_8_SHA256,
- TLS1_3_RFC_AES_128_CCM_8_SHA256,
- TLS1_3_CK_AES_128_CCM_8_SHA256,
- SSL_kANY,
- SSL_aANY,
- SSL_AES128CCM8,
- SSL_AEAD,
- TLS1_3_VERSION, TLS1_3_VERSION,
- 0, 0,
- SSL_NOT_DEFAULT | SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256,
- 128,
- 128,
- },
-
-#ifndef OPENSSL_NO_EC
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
256,
256,
},
-#endif /* OPENSSL_NO_EC */
-
-#ifndef OPENSSL_NO_PSK
{
1,
TLS1_TXT_PSK_WITH_NULL_SHA,
0,
0,
},
-# ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
0,
0,
},
-# endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
256,
256,
},
-#endif /* OPENSSL_NO_SRP */
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
-# ifndef OPENSSL_NO_RSA
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
256,
256,
},
-# endif /* OPENSSL_NO_RSA */
-
-# ifndef OPENSSL_NO_EC
{
1,
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
256,
256,
},
-# endif /* OPENSSL_NO_EC */
-
-# ifndef OPENSSL_NO_PSK
{
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
256,
256,
},
-# endif /* OPENSSL_NO_PSK */
#endif /* !defined(OPENSSL_NO_CHACHA) &&
* !defined(OPENSSL_NO_POLY1305) */
128,
128,
},
-
-# ifndef OPENSSL_NO_EC
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
256,
256,
},
-# endif /* OPENSSL_NO_EC */
-
-# ifndef OPENSSL_NO_PSK
{
1,
TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
256,
256,
},
-# endif /* OPENSSL_NO_PSK */
-
#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_GOST
128,
128,
},
-
-# ifndef OPENSSL_NO_EC
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
128,
128,
},
-# endif /* OPENSSL_NO_EC */
-
-# ifndef OPENSSL_NO_PSK
{
1,
TLS1_TXT_PSK_WITH_RC4_128_SHA,
128,
128,
},
-# endif /* OPENSSL_NO_PSK */
-
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
#ifndef OPENSSL_NO_ARIA
256,
256,
},
-
{
1,
TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
256,
256,
},
-
{
1,
TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
void ssl_sort_cipher_list(void)
{
+ qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
+ cipher_compare);
qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
cipher_compare);
qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
}
+static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
+ const char * t, size_t u,
+ const unsigned char * v, size_t w, int x)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ (void)u;
+ (void)v;
+ (void)w;
+ (void)x;
+ return ssl_undefined_function(ssl);
+}
+
const SSL3_ENC_METHOD SSLv3_enc_data = {
ssl3_enc,
n_ssl3_mac,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
- (int (*)(SSL *, unsigned char *, size_t, const char *,
- size_t, const unsigned char *, size_t,
- int use_context))ssl_undefined_function,
+ ssl_undefined_function_1,
0,
ssl3_set_handshake_header,
tls_close_construct_packet,
OPENSSL_free(s->s3->tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
OPENSSL_free(s->s3->tmp.peer_sigalgs);
+ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected);
OPENSSL_free(s->s3->alpn_proposed);
OPENSSL_free(s->s3->tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
OPENSSL_free(s->s3->tmp.peer_sigalgs);
+ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3->tmp.pkey);
{
unsigned char *keys = parg;
long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
- sizeof(ctx->ext.tick_hmac_key) +
- sizeof(ctx->ext.tick_aes_key));
+ sizeof(ctx->ext.secure->tick_hmac_key) +
+ sizeof(ctx->ext.secure->tick_aes_key));
if (keys == NULL)
return tick_keylen;
if (larg != tick_keylen) {
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
memcpy(ctx->ext.tick_key_name, keys,
sizeof(ctx->ext.tick_key_name));
- memcpy(ctx->ext.tick_hmac_key,
+ memcpy(ctx->ext.secure->tick_hmac_key,
keys + sizeof(ctx->ext.tick_key_name),
- sizeof(ctx->ext.tick_hmac_key));
- memcpy(ctx->ext.tick_aes_key,
+ sizeof(ctx->ext.secure->tick_hmac_key));
+ memcpy(ctx->ext.secure->tick_aes_key,
keys + sizeof(ctx->ext.tick_key_name) +
- sizeof(ctx->ext.tick_hmac_key),
- sizeof(ctx->ext.tick_aes_key));
+ sizeof(ctx->ext.secure->tick_hmac_key),
+ sizeof(ctx->ext.secure->tick_aes_key));
} else {
memcpy(keys, ctx->ext.tick_key_name,
sizeof(ctx->ext.tick_key_name));
memcpy(keys + sizeof(ctx->ext.tick_key_name),
- ctx->ext.tick_hmac_key,
- sizeof(ctx->ext.tick_hmac_key));
+ ctx->ext.secure->tick_hmac_key,
+ sizeof(ctx->ext.secure->tick_hmac_key));
memcpy(keys + sizeof(ctx->ext.tick_key_name) +
- sizeof(ctx->ext.tick_hmac_key),
- ctx->ext.tick_aes_key,
- sizeof(ctx->ext.tick_aes_key));
+ sizeof(ctx->ext.secure->tick_hmac_key),
+ ctx->ext.secure->tick_aes_key,
+ sizeof(ctx->ext.secure->tick_aes_key));
}
return 1;
}
const SSL_CIPHER *cp;
c.id = id;
+ cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
+ if (cp != NULL)
+ return cp;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
if (cp != NULL)
return cp;
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{
- SSL_CIPHER *c = NULL;
- SSL_CIPHER *tbl = ssl3_ciphers;
- size_t i;
+ SSL_CIPHER *c = NULL, *tbl;
+ SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
+ size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
/* this is not efficient, necessary to optimize this? */
- for (i = 0; i < SSL3_NUM_CIPHERS; i++, tbl++) {
- if (tbl->stdname == NULL)
- continue;
- if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
+ for (j = 0; j < OSSL_NELEM(alltabs); j++) {
+ for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
+ if (tbl->stdname == NULL)
+ continue;
+ if (strcmp(stdname, tbl->stdname) == 0) {
+ c = tbl;
+ break;
+ }
}
}
if (c == NULL) {
{
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
- int i, ii, ok;
+ int i, ii, ok, prefer_sha256 = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
+ const EVP_MD *mdsha256 = EVP_sha256();
#ifndef OPENSSL_NO_CHACHA
STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
#endif
allow = srvr;
}
- if (!SSL_IS_TLS13(s)) {
+ if (SSL_IS_TLS13(s)) {
+#ifndef OPENSSL_NO_PSK
+ int j;
+
+ /*
+ * If we allow "old" style PSK callbacks, and we have no certificate (so
+ * we're not going to succeed without a PSK anyway), and we're in
+ * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
+ * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
+ * that.
+ */
+ if (s->psk_server_callback != NULL) {
+ for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
+ if (j == SSL_PKEY_NUM) {
+ /* There are no certificates */
+ prefer_sha256 = 1;
+ }
+ }
+#endif
+ } else {
tls1_set_cert_validity(s);
ssl_set_masks(s);
}
continue;
}
#endif
+ if (prefer_sha256) {
+ const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
+
+ if (ssl_md(tmp->algorithm2) == mdsha256) {
+ ret = tmp;
+ break;
+ }
+ if (ret == NULL)
+ ret = tmp;
+ continue;
+ }
ret = sk_SSL_CIPHER_value(allow, ii);
break;
}
unsigned char *p = result;
l2n(Time, p);
- ret = ssl_randbytes(s, p, len - 4);
+ ret = RAND_bytes(p, len - 4);
} else {
- ret = ssl_randbytes(s, result, len);
+ ret = RAND_bytes(result, len);
}
#ifndef OPENSSL_NO_TLS13DOWNGRADE
- if (ret) {
+ if (ret > 0) {
if (!ossl_assert(sizeof(tls11downgrade) < len)
|| !ossl_assert(sizeof(tls12downgrade) < len))
return 0;
projects / openssl.git / blobdiff