#include <openssl/objects.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-#include "../crypto/ec/ec_lcl.h"
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
#include <openssl/md5.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
SSL_aRSA,
SSL_eNULL,
SSL_SHA256,
- SSL_SSLV3,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
0,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
SSL_aRSA,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
SSL_aDH,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
SSL_aDH,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
SSL_aDSS,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
SSL_aDH,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
SSL_aDH,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
SSL_aDSS,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
SSL_aRSA,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
SSL_aNULL,
SSL_AES128,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
128,
SSL_aNULL,
SSL_AES256,
SSL_SHA256,
- SSL_TLSV1,
+ SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256,
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
-
+
+ case SSL_CTRL_SET_ECDH_AUTO:
+ s->cert->ecdh_tmp_auto = larg;
+ break;
default:
break;
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
+ case SSL_CTRL_SET_ECDH_AUTO:
+ ctx->cert->ecdh_tmp_auto = larg;
+ break;
#endif /* !OPENSSL_NO_TLSEXT */
/* A Thawte special :-) */
SSL_CIPHER *c,*ret=NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i,ii,ok;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
- unsigned int j;
- int ec_ok, ec_nid;
- unsigned char ec_search1 = 0, ec_search2 = 0;
-#endif
CERT *cert;
unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
#ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC
- if (
- /* if we are considering an ECC cipher suite that uses our certificate */
- (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
- /* and we have an ECC certificate */
- && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
- /* and the client specified a Supported Point Formats extension */
- && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
- /* and our certificate's point is compressed */
- && (
- (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
- && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
- && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
- && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
- && (
- (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
- || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
- )
- )
- )
- {
- ec_ok = 0;
- /* if our certificate's curve is over a field type that the client does not support
- * then do not allow this cipher suite to be negotiated */
- if (
- (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
- && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
- && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
- && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
- )
- {
- for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
- {
- if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
- {
- ec_ok = 1;
- break;
- }
- }
- }
- else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
- {
- for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
- {
- if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
- {
- ec_ok = 1;
- break;
- }
- }
- }
- ok = ok && ec_ok;
- }
- if (
- /* if we are considering an ECC cipher suite that uses our certificate */
- (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
- /* and we have an ECC certificate */
- && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
- /* and the client specified an EllipticCurves extension */
- && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
- )
- {
- ec_ok = 0;
- if (
- (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
- && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
- )
- {
- ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
- if ((ec_nid == 0)
- && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
- )
- {
- if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
- {
- ec_search1 = 0xFF;
- ec_search2 = 0x01;
- }
- else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
- {
- ec_search1 = 0xFF;
- ec_search2 = 0x02;
- }
- }
- else
- {
- ec_search1 = 0x00;
- ec_search2 = tls1_ec_nid2curve_id(ec_nid);
- }
- if ((ec_search1 != 0) || (ec_search2 != 0))
- {
- for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
- {
- if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
- {
- ec_ok = 1;
- break;
- }
- }
- }
- }
- ok = ok && ec_ok;
- }
- if (
- /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
- (alg_k & SSL_kEECDH)
- /* and we have an ephemeral EC key */
- && (s->cert->ecdh_tmp != NULL)
- /* and the client specified an EllipticCurves extension */
- && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
- )
- {
- ec_ok = 0;
- if (s->cert->ecdh_tmp->group != NULL)
- {
- ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
- if ((ec_nid == 0)
- && (s->cert->ecdh_tmp->group->meth != NULL)
- )
- {
- if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
- {
- ec_search1 = 0xFF;
- ec_search2 = 0x01;
- }
- else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
- {
- ec_search1 = 0xFF;
- ec_search2 = 0x02;
- }
- }
- else
- {
- ec_search1 = 0x00;
- ec_search2 = tls1_ec_nid2curve_id(ec_nid);
- }
- if ((ec_search1 != 0) || (ec_search2 != 0))
- {
- for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
- {
- if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
- {
- ec_ok = 1;
- break;
- }
- }
- }
- }
- ok = ok && ec_ok;
- }
+ /* if we are considering an ECC cipher suite that uses our
+ * certificate check it */
+ if (alg_a & (SSL_aECDSA|SSL_aECDH))
+ ok = ok && tls1_check_ec_server_key(s);
+ /* if we are considering an ECC cipher suite that uses
+ * an ephemeral EC key check it */
+ if (alg_k & SSL_kEECDH)
+ ok = ok && tls1_check_ec_tmp_key(s);
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */