#include <stdio.h>
#include <openssl/objects.h>
+#include "internal/nelem.h"
#include "ssl_locl.h"
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
+#include "internal/cryptlib.h"
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
+#ifndef OPENSSL_NO_ARIA
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+ SSL_kDHE,
+ SSL_aDSS,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+ SSL_kDHE,
+ SSL_aDSS,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+ SSL_kECDHE,
+ SSL_aRSA,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+ SSL_kECDHE,
+ SSL_aRSA,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+ SSL_kDHEPSK,
+ SSL_aPSK,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+ TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+ TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_ARIA128GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+ TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+ TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_ARIA256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_ARIA */
};
/*
int ssl3_num_ciphers(void)
{
- return (SSL3_NUM_CIPHERS);
+ return SSL3_NUM_CIPHERS;
}
const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
{
if (u < SSL3_NUM_CIPHERS)
- return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
+ return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
else
- return (NULL);
+ return NULL;
}
int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
EVP_PKEY *pkdh = NULL;
if (dh == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return (ret);
+ return ret;
}
pkdh = ssl_dh_to_pkey(dh);
if (pkdh == NULL) {
case SSL_CTRL_SET_TMP_DH_CB:
{
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
+ return ret;
}
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_GROUPS:
{
- unsigned char *clist;
+ uint16_t *clist;
size_t clistlen;
if (!s->session)
return 0;
clist = s->session->ext.supportedgroups;
- clistlen = s->session->ext.supportedgroups_len / 2;
+ clistlen = s->session->ext.supportedgroups_len;
if (parg) {
size_t i;
int *cptr = parg;
- unsigned int cid, nid;
+
for (i = 0; i < clistlen; i++) {
- n2s(clist, cid);
- /* TODO(TLS1.3): Handle DH groups here */
- nid = tls1_ec_curve_id2nid(cid, NULL);
- if (nid != 0)
- cptr[i] = nid;
+ const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
+
+ if (cinf != NULL)
+ cptr[i] = cinf->nid;
else
- cptr[i] = TLSEXT_nid_unknown | cid;
+ cptr[i] = TLSEXT_nid_unknown | clist[i];
}
}
return (int)clistlen;
&s->ext.supportedgroups_len, parg);
case SSL_CTRL_GET_SHARED_GROUP:
- return tls1_shared_group(s, larg);
+ {
+ uint16_t id = tls1_shared_group(s, larg);
+
+ if (larg != -1) {
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+ return ginf == NULL ? 0 : ginf->nid;
+ }
+ return id;
+ }
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
default:
break;
}
- return (ret);
+ return ret;
}
long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
default:
break;
}
- return (ret);
+ return ret;
}
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SET_TMP_DH_CB:
{
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
+ return 0;
}
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return ssl_cert_set_current(ctx->cert, larg);
default:
- return (0);
+ return 0;
}
- return (1);
+ return 1;
}
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
}
break;
default:
- return (0);
+ return 0;
}
- return (1);
+ return 1;
}
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
break;
}
}
- return (ret);
+ return ret;
}
int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
*/
if (s->quiet_shutdown || SSL_in_before(s)) {
s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
- return (1);
+ return 1;
}
if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
* written, s->s3->alert_dispatch will be true
*/
if (s->s3->alert_dispatch)
- return (-1); /* return WANT_WRITE */
+ return -1; /* return WANT_WRITE */
} else if (s->s3->alert_dispatch) {
/* resend it if not sent */
ret = s->method->ssl_dispatch_alert(s);
* have already signalled return 0 upon a previous invocation,
* return WANT_WRITE
*/
- return (ret);
+ return ret;
}
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
size_t readbytes;
if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
!s->s3->alert_dispatch)
- return (1);
+ return 1;
else
- return (0);
+ return 0;
}
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
int ssl3_renegotiate(SSL *s)
{
if (s->handshake_func == NULL)
- return (1);
+ return 1;
s->s3->renegotiate = 1;
- return (1);
+ return 1;
}
/*
return pkey;
}
#ifndef OPENSSL_NO_EC
-/* Generate a private key a curve ID */
-EVP_PKEY *ssl_generate_pkey_curve(int id)
+/* Generate a private key from a group ID */
+EVP_PKEY *ssl_generate_pkey_group(uint16_t id)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
- unsigned int curve_flags;
- int nid = tls1_ec_curve_id2nid(id, &curve_flags);
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+ uint16_t gtype;
- if (nid == 0)
+ if (ginf == NULL)
goto err;
- if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
- pctx = EVP_PKEY_CTX_new_id(nid, NULL);
- nid = 0;
- } else {
+ gtype = ginf->flags & TLS_CURVE_TYPE;
+ if (gtype == TLS_CURVE_CUSTOM)
+ pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
+ else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
- }
if (pctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0)
goto err;
- if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
+ if (gtype != TLS_CURVE_CUSTOM
+ && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
goto err;
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return pkey;
}
+
+/*
+ * Generate parameters from a group ID
+ */
+EVP_PKEY *ssl_generate_param_group(uint16_t id)
+{
+ EVP_PKEY_CTX *pctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+ if (ginf == NULL)
+ goto err;
+
+ if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+ pkey = EVP_PKEY_new();
+ if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
+ return pkey;
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+ if (pctx == NULL)
+ goto err;
+ if (EVP_PKEY_paramgen_init(pctx) <= 0)
+ goto err;
+ if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
+ goto err;
+ if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ }
+
+ err:
+ EVP_PKEY_CTX_free(pctx);
+ return pkey;
+}
#endif
/* Derive secrets for ECDH/DH */
projects / openssl.git / blobdiff