unsigned int flags; /* Flags: currently just field type */
} tls_curve_info;
+# define TLS_CURVE_TYPE 0x1
# define TLS_CURVE_CHAR2 0x1
# define TLS_CURVE_PRIME 0x0
+/*
+ * Table of curve information.
+ * NB: do not delete entries or reorder this array. It is used as a lookup
+ * table: the index of each entry is one less than the TLS curve id.
+ */
+
static const tls_curve_info nid_list[] = {
{NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
{NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
int tls1_ec_nid2curve_id(int nid)
{
- /* ECC curves from RFC 4492 and RFC 7027 */
- switch (nid) {
- case NID_sect163k1: /* sect163k1 (1) */
- return 1;
- case NID_sect163r1: /* sect163r1 (2) */
- return 2;
- case NID_sect163r2: /* sect163r2 (3) */
- return 3;
- case NID_sect193r1: /* sect193r1 (4) */
- return 4;
- case NID_sect193r2: /* sect193r2 (5) */
- return 5;
- case NID_sect233k1: /* sect233k1 (6) */
- return 6;
- case NID_sect233r1: /* sect233r1 (7) */
- return 7;
- case NID_sect239k1: /* sect239k1 (8) */
- return 8;
- case NID_sect283k1: /* sect283k1 (9) */
- return 9;
- case NID_sect283r1: /* sect283r1 (10) */
- return 10;
- case NID_sect409k1: /* sect409k1 (11) */
- return 11;
- case NID_sect409r1: /* sect409r1 (12) */
- return 12;
- case NID_sect571k1: /* sect571k1 (13) */
- return 13;
- case NID_sect571r1: /* sect571r1 (14) */
- return 14;
- case NID_secp160k1: /* secp160k1 (15) */
- return 15;
- case NID_secp160r1: /* secp160r1 (16) */
- return 16;
- case NID_secp160r2: /* secp160r2 (17) */
- return 17;
- case NID_secp192k1: /* secp192k1 (18) */
- return 18;
- case NID_X9_62_prime192v1: /* secp192r1 (19) */
- return 19;
- case NID_secp224k1: /* secp224k1 (20) */
- return 20;
- case NID_secp224r1: /* secp224r1 (21) */
- return 21;
- case NID_secp256k1: /* secp256k1 (22) */
- return 22;
- case NID_X9_62_prime256v1: /* secp256r1 (23) */
- return 23;
- case NID_secp384r1: /* secp384r1 (24) */
- return 24;
- case NID_secp521r1: /* secp521r1 (25) */
- return 25;
- case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
- return 26;
- case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
- return 27;
- case NID_brainpoolP512r1: /* brainpool512r1 (28) */
- return 28;
- default:
- return 0;
+ size_t i;
+ for (i = 0; i < OSSL_NELEM(nid_list); i++) {
+ if (nid_list[i].nid == nid)
+ return i + 1;
}
+ return 0;
}
/*
static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
EC_KEY *ec)
{
- int is_prime, id;
+ int id;
const EC_GROUP *grp;
- const EC_METHOD *meth;
if (!ec)
return 0;
/* Determine if it is a prime field */
grp = EC_KEY_get0_group(ec);
if (!grp)
return 0;
- meth = EC_GROUP_method_of(grp);
- if (!meth)
- return 0;
- if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
- is_prime = 1;
- else
- is_prime = 0;
/* Determine curve ID */
id = EC_GROUP_get_curve_name(grp);
id = tls1_ec_nid2curve_id(id);
- /* If we have an ID set it, otherwise set arbitrary explicit curve */
- if (id) {
- curve_id[0] = 0;
- curve_id[1] = (unsigned char)id;
- } else {
- curve_id[0] = 0xff;
- if (is_prime)
- curve_id[1] = 0x01;
- else
- curve_id[1] = 0x02;
- }
+ /* If no id return error: we don't support arbitrary explicit curves */
+ if (id == 0)
+ return 0;
+ curve_id[0] = 0;
+ curve_id[1] = (unsigned char)id;
if (comp_id) {
if (EC_KEY_get0_public_key(ec) == NULL)
return 0;
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
- if (is_prime)
+ if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+ *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ } else {
+ if ((nid_list[id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME)
*comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
else
*comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- } else
- *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ }
}
return 1;
}
if (s->client_version == SSL3_VERSION)
s->s3->tmp.mask_ssl |= SSL_TLSV1;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
- /*
- * Disable static DH if we don't include any appropriate signature
- * algorithms.
- */
- if (s->s3->tmp.mask_a & SSL_aRSA)
- s->s3->tmp.mask_k |= SSL_kECDHr;
- if (s->s3->tmp.mask_a & SSL_aECDSA)
- s->s3->tmp.mask_k |= SSL_kECDHe;
# ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if (!s->psk_client_callback) {
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)
- || (alg_a & SSL_aECDSA))) {
+ if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
+ || (alg_a & SSL_aECDSA)) {
using_ecc = 1;
break;
}
#ifndef OPENSSL_NO_EC
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- int using_ecc = (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe))
- || (alg_a & SSL_aECDSA);
+ int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif
&& (s->tlsext_ecpointformatlist_length > 0)
&& (s->session->tlsext_ecpointformatlist != NULL)
&& (s->session->tlsext_ecpointformatlist_length > 0)
- && ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe))
- || (alg_a & SSL_aECDSA))) {
+ && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
- int slen, mlen, renew_ticket = 0;
+ int slen, mlen, renew_ticket = 0, ret = -1;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX *hctx = NULL;
EVP_CIPHER_CTX *ctx;
if (hctx == NULL)
return -2;
ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ ret = -2;
+ goto err;
+ }
if (tctx->tlsext_ticket_key_cb) {
unsigned char *nctick = (unsigned char *)etick;
int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
ctx, hctx, 0);
if (rv < 0)
- return -1;
- if (rv == 0)
- return 2;
+ goto err;
+ if (rv == 0) {
+ ret = 2;
+ goto err;
+ }
if (rv == 2)
renew_ticket = 1;
} else {
/* Check key name matches */
- if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
- return 2;
+ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) {
+ ret = 2;
+ goto err;
+ }
if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16,
EVP_sha256(), NULL) <= 0
|| EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
err:
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);
- return -1;
+ return ret;
}
/* Tables to translate from NIDs to TLS v1.2 ids */