/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
256,
256,
},
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
256,
256,
},
-#endif
{
1,
TLS1_3_RFC_AES_128_CCM_SHA256,
256,
},
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
256,
256,
},
-#endif /* !defined(OPENSSL_NO_CHACHA) &&
- * !defined(OPENSSL_NO_POLY1305) */
-#ifndef OPENSSL_NO_CAMELLIA
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
256,
256,
},
-#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_GOST
{
},
#endif /* OPENSSL_NO_GOST */
-#ifndef OPENSSL_NO_IDEA
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
128,
128,
},
-#endif
-#ifndef OPENSSL_NO_SEED
{
1,
TLS1_TXT_RSA_WITH_SEED_SHA,
128,
128,
},
-#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
},
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
-#ifndef OPENSSL_NO_ARIA
{
1,
TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
256,
256,
},
-#endif /* OPENSSL_NO_ARIA */
};
/*
int ssl3_new(SSL *s)
{
#ifndef OPENSSL_NO_SRP
- if (!SSL_SRP_CTX_init(s))
+ if (!ssl_srp_ctx_init_intern(s))
return 0;
#endif
ssl3_cleanup_key_block(s);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3.peer_tmp);
s->s3.peer_tmp = NULL;
EVP_PKEY_free(s->s3.tmp.pkey);
s->s3.tmp.pkey = NULL;
-#endif
ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
ssl_evp_md_free(s->s3.tmp.new_hash);
OPENSSL_free(s->s3.alpn_proposed);
#ifndef OPENSSL_NO_SRP
- SSL_SRP_CTX_free(s);
+ ssl_srp_ctx_free_intern(s);
#endif
memset(&s->s3, 0, sizeof(s->s3));
}
OPENSSL_free(s->s3.tmp.peer_sigalgs);
OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3.tmp.pkey);
EVP_PKEY_free(s->s3.peer_tmp);
-#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
case SSL_CTRL_GET_FLAGS:
ret = (int)(s->s3.flags);
break;
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
EVP_PKEY *pkdh = NULL;
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
if (parg == NULL) {
&s->ext.supportedgroups_len,
parg);
}
-#endif
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
/*
- * TODO(OpenSSL1.2)
* This API is only used for a client to set what SNI it will request
* from the server, but we currently allow it to be used on servers
* as well, which is a programming error. Currently we just clear
}
return ssl_cert_set_current(s->cert, larg);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_GET_GROUPS:
{
uint16_t *clist;
return id;
}
case SSL_CTRL_GET_NEGOTIATED_GROUP:
- ret = tls1_group_id2nid(s->s3.group_id, 1);
- break;
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+ {
+ unsigned int id;
+ if (SSL_IS_TLS13(s) && s->s3.did_kex)
+ id = s->s3.group_id;
+ else
+ id = s->session->kex_group;
+ ret = tls1_group_id2nid(id, 1);
+ break;
+ }
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
return 1;
case SSL_CTRL_GET_PEER_TMP_KEY:
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3.peer_tmp == NULL) {
return 0;
} else {
*(EVP_PKEY **)parg = s->s3.peer_tmp;
return 1;
}
-#else
- return 0;
-#endif
case SSL_CTRL_GET_TMP_KEY:
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3.tmp.pkey == NULL) {
return 0;
} else {
*(EVP_PKEY **)parg = s->s3.tmp.pkey;
return 1;
}
-#else
- return 0;
-#endif
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
const unsigned char **pformat = parg;
*pformat = s->ext.peer_ecpointformats;
return (int)s->ext.peer_ecpointformats_len;
}
-#endif
default:
break;
int ret = 0;
switch (cmd) {
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
ret = 1;
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
switch (cmd) {
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
EVP_PKEY *pkdh = NULL;
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
if (parg == NULL) {
&ctx->ext.supportedgroups_len,
parg);
}
-#endif
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->ext.servername_arg = parg;
break;
break;
#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_SET_GROUPS:
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
switch (cmd) {
-#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
{
ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok, prefer_sha256 = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
-#ifndef OPENSSL_NO_CHACHA
STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
-#endif
/* Let's see which ciphers we can support */
} else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
prio = srvr;
allow = clnt;
-#ifndef OPENSSL_NO_CHACHA
+
/* If ChaCha20 is at the top of the client preference list,
and there are ChaCha20 ciphers in the server list, then
temporarily prioritize all ChaCha20 ciphers in the servers list. */
}
}
}
-# endif
} else {
prio = clnt;
allow = srvr;
"%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
-#ifndef OPENSSL_NO_EC
/*
* if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it
*/
if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#endif /* OPENSSL_NO_EC */
if (!ok)
continue;
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
c->strength_bits, 0, (void *)c))
continue;
-#if !defined(OPENSSL_NO_EC)
+
if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
&& s->s3.is_probably_safari) {
if (!ret)
ret = sk_SSL_CIPHER_value(allow, ii);
continue;
}
-#endif
+
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
- /*
- * TODO: When there are no more legacy digests we can just use
- * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
- */
if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
- OBJ_nid2sn(NID_sha256))) {
+ OSSL_DIGEST_NAME_SHA2_256)) {
ret = tmp;
break;
}
break;
}
}
-#ifndef OPENSSL_NO_CHACHA
+
sk_SSL_CIPHER_free(prio_chacha);
-#endif
+
return ret;
}
#endif
if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
-#ifndef OPENSSL_NO_DH
if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
return 0;
-# ifndef OPENSSL_NO_DSA
- if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+ if (!(alg_a & SSL_aDSS)
+ && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
return 0;
-# endif
-#endif /* !OPENSSL_NO_DH */
}
if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
return 0;
-#ifndef OPENSSL_NO_DSA
if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
return 0;
-#endif
-#ifndef OPENSSL_NO_EC
+
/*
* ECDSA certs can be used with RSA cipher suites too so we don't
* need to check for SSL_kECDH or SSL_kECDHE
&& !(alg_a & SSL_aECDSA)
&& !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
return 0;
-#endif
+
return 1;
}
OPENSSL_clear_free(s->s3.tmp.psk, psklen);
s->s3.tmp.psk = NULL;
+ s->s3.tmp.psklen = 0;
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pskpms, pskpmslen,
&s->session->master_key_length)) {
else
OPENSSL_cleanse(pms, pmslen);
}
- if (s->server == 0)
+ if (s->server == 0) {
s->s3.tmp.pms = NULL;
+ s->s3.tmp.pmslen = 0;
+ }
return ret;
}
goto err;
}
-#ifndef OPENSSL_NO_DH
- if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
+ if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
EVP_PKEY_CTX_set_dh_pad(pctx, 1);
-#endif
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
- if (EVP_PKEY_decapsulate_init(pctx) <= 0
+ if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
|| EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
- if (EVP_PKEY_encapsulate_init(pctx) <= 0
+ if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
|| EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
|| pmslen == 0 || ctlen == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);