SSL3_ENC_METHOD const TLSv1_3_enc_data = {
tls1_enc,
tls1_mac,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
+ tls13_setup_key_block,
+ tls13_generate_master_secret,
+ tls13_change_cipher_state,
+ tls13_final_finish_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
static int tls_use_ticket(SSL *s)
{
- if (s->options & SSL_OP_NO_TICKET)
+ if ((s->options & SSL_OP_NO_TICKET) || SSL_IS_TLS13(s))
return 0;
return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
}
const unsigned char *pcurves = NULL;
size_t num_curves = 0;
int using_ecc = 0;
+ int min_version, max_version, reason;
/* See if we support any ECC ciphersuites */
- if ((s->version >= TLS1_VERSION && s->version <= TLS1_2_VERSION)
+ if ((s->version >= TLS1_VERSION && s->version <= TLS1_3_VERSION)
|| SSL_IS_DTLS(s)) {
int i;
unsigned long alg_k, alg_a;
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
- || (alg_a & SSL_aECDSA)) {
+ || (alg_a & SSL_aECDSA)
+ || c->min_tls >= TLS1_3_VERSION) {
using_ecc = 1;
break;
}
}
- } else if (SSL_IS_TLS13(s)) {
- /*
- * TODO(TLS1.3): We always use ECC for TLSv1.3 at the moment. This will
- * change if we implement DH key shares
- */
- using_ecc = 1;
}
#else
if (SSL_IS_TLS13(s)) {
return 0;
}
+ reason = ssl_get_client_min_max_version(s, &min_version, &max_version);
+ if (reason != 0) {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, reason);
+ return 0;
+ }
+
/* TLS1.3 specific extensions */
- if (SSL_IS_TLS13(s)) {
- int min_version, max_version, reason, currv;
+ if (!SSL_IS_DTLS(s) && max_version >= TLS1_3_VERSION) {
+ int currv;
size_t i, sharessent = 0;
/* TODO(TLS1.3): Should we add this extension for versions < TLS1.3? */
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
- reason = ssl_get_client_min_max_version(s, &min_version, &max_version);
- if (reason != 0) {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, reason);
- return 0;
- }
+
/*
* TODO(TLS1.3): There is some discussion on the TLS list as to wheter
* we should include versions <TLS1.2. For the moment we do. To be
}
skey = ssl_generate_pkey(ckey);
+ if (skey == NULL) {
+ SSLerr(SSL_F_ADD_CLIENT_KEY_SHARE_EXT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
/* Generate encoding of server key */
encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
{
unsigned int group_id;
PACKET key_share_list, encoded_pt;
- const unsigned char *curves;
- size_t num_curves;
+ const unsigned char *clntcurves, *srvrcurves;
+ size_t clnt_num_curves, srvr_num_curves;
int group_nid, found = 0;
unsigned int curve_flags;
return 0;
}
+ /* Get our list of supported curves */
+ if (!tls1_get_curvelist(s, 0, &srvrcurves, &srvr_num_curves)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /* Get the clients list of supported curves */
+ if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
while (PACKET_remaining(&key_share_list) > 0) {
if (!PACKET_get_net_2(&key_share_list, &group_id)
|| !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
continue;
/* Check if this share is in supported_groups sent from client */
- if (!tls1_get_curvelist(s, 1, &curves, &num_curves)) {
- *al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
- ERR_R_INTERNAL_ERROR);
- return 0;
- }
- if (!check_in_list(s, group_id, curves, num_curves, 0)) {
+ if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {
*al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
SSL_R_BAD_KEY_SHARE);
}
/* Check if this share is for a group we can use */
- if (!tls1_get_curvelist(s, 0, &curves, &num_curves)) {
- *al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
- ERR_R_INTERNAL_ERROR);
- return 0;
- }
- if (!check_in_list(s, group_id, curves, num_curves, 1)) {
+ if (!check_in_list(s, group_id, srvrcurves, srvr_num_curves, 1)) {
/* Share not suitable */
continue;
}
}
}
#endif /* OPENSSL_NO_EC */
- else if (currext->type == TLSEXT_TYPE_session_ticket) {
+ else if (currext->type == TLSEXT_TYPE_session_ticket
+ && !SSL_IS_TLS13(s)) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s,
PACKET_data(&currext->data),
}
skey = ssl_generate_pkey(ckey);
+ if (skey == NULL) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
*al = SSL_AD_DECODE_ERROR;
s->tlsext_ticket_expected = 0;
/*
- * If tickets disabled behave as if no ticket present to permit stateful
+ * If tickets disabled or not supported by the protocol version
+ * (e.g. TLSv1.3) behave as if no ticket present to permit stateful
* resumption.
*/
if (s->version <= SSL3_VERSION || !tls_use_ticket(s))