* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_CK_AES_128_GCM_SHA256,
- 0, 0,
+ SSL_kANY,
+ SSL_aANY,
SSL_AES128GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
- SSL_kANY,
- SSL_aANY,
+ 0, 0,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256,
128,
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return ret;
+ return 0;
}
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
- return ret;
+ return 0;
}
EVP_PKEY_free(s->cert->dh_tmp);
s->cert->dh_tmp = pkdh;
- ret = 1;
+ return 1;
}
break;
case SSL_CTRL_SET_TMP_DH_CB:
break;
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+ /*
+ * TODO(OpenSSL1.2)
+ * This API is only used for a client to set what SNI it will request
+ * from the server, but we currently allow it to be used on servers
+ * as well, which is a programming error. Currently we just clear
+ * the field in SSL_do_handshake() for server SSLs, but when we can
+ * make ABI-breaking changes, we may want to make use of this API
+ * an error on server SSLs.
+ */
if (larg == TLSEXT_NAMETYPE_host_name) {
size_t len;
*(int *)parg = s->s3->tmp.peer_sigalg->hash;
return 1;
- case SSL_CTRL_GET_SERVER_TMP_KEY:
+ case SSL_CTRL_GET_SIGNATURE_NID:
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *(int *)parg = s->s3->tmp.sigalg->hash;
+ return 1;
+
+ case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
- if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
+ if (s->session == NULL || s->s3->peer_tmp == NULL) {
return 0;
} else {
EVP_PKEY_up_ref(s->s3->peer_tmp);
#else
return 0;
#endif
+
+ case SSL_CTRL_GET_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+ if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+ return 0;
+ } else {
+ EVP_PKEY_up_ref(s->s3->tmp.pkey);
+ *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+ return 1;
+ }
+#else
+ return 0;
+#endif
+
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
EVP_PKEY_free(pkdh);
- return 1;
+ return 0;
}
EVP_PKEY_free(ctx->cert->dh_tmp);
ctx->cert->dh_tmp = pkdh;
{
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
- int i, ii, ok;
+ int i, ii, ok, prefer_sha256 = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
+ const EVP_MD *mdsha256 = EVP_sha256();
#ifndef OPENSSL_NO_CHACHA
STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
#endif
allow = srvr;
}
- if (!SSL_IS_TLS13(s)) {
+ if (SSL_IS_TLS13(s)) {
+#ifndef OPENSSL_NO_PSK
+ int j;
+
+ /*
+ * If we allow "old" style PSK callbacks, and we have no certificate (so
+ * we're not going to succeed without a PSK anyway), and we're in
+ * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
+ * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
+ * that.
+ */
+ if (s->psk_server_callback != NULL) {
+ for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
+ if (j == SSL_PKEY_NUM) {
+ /* There are no certificates */
+ prefer_sha256 = 1;
+ }
+ }
+#endif
+ } else {
tls1_set_cert_validity(s);
ssl_set_masks(s);
}
continue;
}
#endif
+ if (prefer_sha256) {
+ const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
+
+ if (ssl_md(tmp->algorithm2) == mdsha256) {
+ ret = tmp;
+ break;
+ }
+ if (ret == NULL)
+ ret = tmp;
+ continue;
+ }
ret = sk_SSL_CIPHER_value(allow, ii);
break;
}
} else {
ret = RAND_bytes(result, len);
}
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
+
if (ret > 0) {
if (!ossl_assert(sizeof(tls11downgrade) < len)
|| !ossl_assert(sizeof(tls12downgrade) < len))
memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
sizeof(tls11downgrade));
}
-#endif
+
return ret;
}
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,pskpms, pskpmslen,
&s->session->master_key_length)) {
+ OPENSSL_clear_free(pskpms, pskpmslen);
/* SSLfatal() already called */
goto err;
}