#include <openssl/x509v3.h>
#include "internal/cryptlib.h"
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
0,
0,
},
+ {
+ 1,
+ "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
+ NULL,
+ 0x0300C100,
+ SSL_kGOST18,
+ SSL_aGOST12,
+ SSL_KUZNYECHIK,
+ SSL_KUZNYECHIKOMAC,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ "GOST2012-MAGMA-MAGMAOMAC",
+ NULL,
+ 0x0300C101,
+ SSL_kGOST18,
+ SSL_aGOST12,
+ SSL_MAGMA,
+ SSL_MAGMAOMAC,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
+ 256,
+ 256,
+ },
#endif /* OPENSSL_NO_GOST */
#ifndef OPENSSL_NO_IDEA
case SSL_CTRL_GET_FLAGS:
ret = (int)(s->s3.flags);
break;
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
- DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
- if (dh == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ if (parg == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- pkdh = ssl_dh_to_pkey(dh);
+ pkdh = ssl_dh_to_pkey(parg);
if (pkdh == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!ssl_security(s, SSL_SECOP_TMP_DH,
- EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
- EVP_PKEY_free(pkdh);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
- EVP_PKEY_free(s->cert->dh_tmp);
- s->cert->dh_tmp = pkdh;
- return 1;
+ return SSL_set0_tmp_dh_pkey(s, pkdh);
}
break;
case SSL_CTRL_SET_TMP_DH_CB:
{
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return ret;
}
+# endif
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
-#endif
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
int nid;
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
group = EC_KEY_get0_group((const EC_KEY *)parg);
if (group == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+ ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
return 0;
}
nid = EC_GROUP_get_curve_name(group);
break;
len = strlen((char *)parg);
if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
} else {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
break;
int *cptr = parg;
for (i = 0; i < clistlen; i++) {
- const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
+ const TLS_GROUP_INFO *cinf
+ = tls1_group_id_lookup(s->ctx, clist[i]);
if (cinf != NULL)
- cptr[i] = cinf->nid;
+ cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
else
cptr[i] = TLSEXT_nid_unknown | clist[i];
}
&s->ext.supportedgroups_len, parg, larg);
case SSL_CTRL_SET_GROUPS_LIST:
- return tls1_set_groups_list(&s->ext.supportedgroups,
+ return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
&s->ext.supportedgroups_len, parg);
case SSL_CTRL_GET_SHARED_GROUP:
uint16_t id = tls1_shared_group(s, larg);
if (larg != -1)
- return tls1_group_id2nid(id);
+ return tls1_group_id2nid(id, 1);
return id;
}
case SSL_CTRL_GET_NEGOTIATED_GROUP:
- ret = tls1_group_id2nid(s->s3.group_id);
+ ret = tls1_group_id2nid(s->s3.group_id, 1);
break;
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
int ret = 0;
switch (cmd) {
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
- {
- s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
+ s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+ ret = 1;
break;
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->ext.debug_cb = (void (*)(SSL *, int, int,
const unsigned char *, int, void *))fp;
+ ret = 1;
break;
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
- {
- s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
- }
+ s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+ ret = 1;
break;
default:
break;
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
switch (cmd) {
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
- DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
- if (dh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ if (parg == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- pkdh = ssl_dh_to_pkey(dh);
+ pkdh = ssl_dh_to_pkey(parg);
if (pkdh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
- EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
- EVP_PKEY_free(pkdh);
- return 0;
- }
- EVP_PKEY_free(ctx->cert->dh_tmp);
- ctx->cert->dh_tmp = pkdh;
- return 1;
+ return SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh);
}
case SSL_CTRL_SET_TMP_DH_CB:
{
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
+#endif
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
-#endif
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
int nid;
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
group = EC_KEY_get0_group((const EC_KEY *)parg);
if (group == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
+ ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
return 0;
}
nid = EC_GROUP_get_curve_name(group);
if (keys == NULL)
return tick_keylen;
if (larg != tick_keylen) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+ ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
return 0;
}
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
if (parg == NULL)
break;
if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+ ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
return 0;
}
if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
if (ctx->srp_ctx.info != NULL)
OPENSSL_free(ctx->srp_ctx.info);
if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
parg, larg);
case SSL_CTRL_SET_GROUPS_LIST:
- return tls1_set_groups_list(&ctx->ext.supportedgroups,
+ return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {
if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
}
- if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) {
- SSLerr(0, ERR_LIB_X509);
- return 0;
- }
if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
break;
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
switch (cmd) {
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
{
ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{
- SSL_CIPHER *c = NULL, *tbl;
- SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
- size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
+ SSL_CIPHER *tbl;
+ SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
+ size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
+ SSL3_NUM_SCSVS};
/* this is not efficient, necessary to optimize this? */
for (j = 0; j < OSSL_NELEM(alltabs); j++) {
if (tbl->stdname == NULL)
continue;
if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
- }
- }
- }
- if (c == NULL) {
- tbl = ssl3_scsvs;
- for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
- if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
+ return tbl;
}
}
}
- return c;
+ return NULL;
}
/*
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
- return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN);
+ if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
+ return 0;
+
+ if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
+ if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
+ return 0;
#endif
if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
}
/* Generate a private key from a group ID */
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
{
- const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
- uint16_t gtype;
-# ifndef OPENSSL_NO_DH
- DH *dh = NULL;
-# endif
if (ginf == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
- gtype = ginf->flags & TLS_GROUP_TYPE;
- pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->keytype,
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
s->ctx->propq);
if (pctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_keygen_init(pctx) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}
-# ifndef OPENSSL_NO_DH
- if (gtype == TLS_GROUP_FFDHE) {
- if ((pkey = EVP_PKEY_new()) == NULL
- || (dh = DH_new_by_nid(ginf->nid)) == NULL
- || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- DH_free(dh);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- goto err;
- }
- if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- goto err;
- }
- }
-# ifndef OPENSSL_NO_EC
- else
-# endif
-# endif
-# ifndef OPENSSL_NO_EC
- {
- if (gtype != TLS_GROUP_CURVE_CUSTOM
- && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- goto err;
- }
+ if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ goto err;
}
-# endif
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
}
EVP_PKEY_CTX_free(pctx);
return pkey;
}
-#endif
/*
* Generate parameters from a group ID
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
- const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
- const char *pkey_ctx_name;
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
if (ginf == NULL)
goto err;
- if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) {
- pkey = EVP_PKEY_new();
- if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
- return pkey;
- EVP_PKEY_free(pkey);
- return NULL;
- }
-
- pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
- pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
s->ctx->propq);
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)
goto err;
-# ifndef OPENSSL_NO_DH
- if (ginf->flags & TLS_GROUP_FFDHE) {
- if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
- goto err;
- }
-# ifndef OPENSSL_NO_EC
- else
-# endif
-# endif
-# ifndef OPENSSL_NO_EC
- {
- if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
- goto err;
+ if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ goto err;
}
-# endif
if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey);
pkey = NULL;
return pkey;
}
+/* Generate secrets from pms */
+int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
+{
+ int rv = 0;
+
+ /* SSLfatal() called as appropriate in the below functions */
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * If we are resuming then we already generated the early secret
+ * when we created the ClientHello, so don't recreate it.
+ */
+ if (!s->hit)
+ rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
+ 0,
+ (unsigned char *)&s->early_secret);
+ else
+ rv = 1;
+
+ rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
+ } else {
+ rv = ssl_generate_master_secret(s, pms, pmslen, 0);
+ }
+
+ return rv;
+}
+
/* Derive secrets for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
{
EVP_PKEY_CTX *pctx;
if (privkey == NULL || pubkey == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
|| EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if (gensecret) {
/* SSLfatal() called as appropriate in the below functions */
- if (SSL_IS_TLS13(s)) {
- /*
- * If we are resuming then we already generated the early secret
- * when we created the ClientHello, so don't recreate it.
- */
- if (!s->hit)
- rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
- 0,
- (unsigned char *)&s->early_secret);
- else
- rv = 1;
-
- rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
- } else {
- rv = ssl_generate_master_secret(s, pms, pmslen, 0);
- }
+ rv = ssl_gensecret(s, pms, pmslen);
} else {
/* Save premaster secret */
s->s3.tmp.pms = pms;
return rv;
}
-#ifndef OPENSSL_NO_DH
-EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+/* Decapsulate secrets for KEM */
+int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
+ const unsigned char *ct, size_t ctlen,
+ int gensecret)
{
- EVP_PKEY *ret;
- if (dh == NULL)
- return NULL;
- ret = EVP_PKEY_new();
- if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
- EVP_PKEY_free(ret);
- return NULL;
+ int rv = 0;
+ unsigned char *pms = NULL;
+ size_t pmslen = 0;
+ EVP_PKEY_CTX *pctx;
+
+ if (privkey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
}
- return ret;
+
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
+
+ if (EVP_PKEY_decapsulate_init(pctx) <= 0
+ || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ pms = OPENSSL_malloc(pmslen);
+ if (pms == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (gensecret) {
+ /* SSLfatal() called as appropriate in the below functions */
+ rv = ssl_gensecret(s, pms, pmslen);
+ } else {
+ /* Save premaster secret */
+ s->s3.tmp.pms = pms;
+ s->s3.tmp.pmslen = pmslen;
+ pms = NULL;
+ rv = 1;
+ }
+
+ err:
+ OPENSSL_clear_free(pms, pmslen);
+ EVP_PKEY_CTX_free(pctx);
+ return rv;
+}
+
+int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
+ unsigned char **ctp, size_t *ctlenp,
+ int gensecret)
+{
+ int rv = 0;
+ unsigned char *pms = NULL, *ct = NULL;
+ size_t pmslen = 0, ctlen = 0;
+ EVP_PKEY_CTX *pctx;
+
+ if (pubkey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
+
+ if (EVP_PKEY_encapsulate_init(pctx) <= 0
+ || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
+ || pmslen == 0 || ctlen == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ pms = OPENSSL_malloc(pmslen);
+ ct = OPENSSL_malloc(ctlen);
+ if (pms == NULL || ct == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (gensecret) {
+ /* SSLfatal() called as appropriate in the below functions */
+ rv = ssl_gensecret(s, pms, pmslen);
+ } else {
+ /* Save premaster secret */
+ s->s3.tmp.pms = pms;
+ s->s3.tmp.pmslen = pmslen;
+ pms = NULL;
+ rv = 1;
+ }
+
+ if (rv > 0) {
+ /* Pass ownership of ct to caller */
+ *ctp = ct;
+ *ctlenp = ctlen;
+ ct = NULL;
+ }
+
+ err:
+ OPENSSL_clear_free(pms, pmslen);
+ OPENSSL_free(ct);
+ EVP_PKEY_CTX_free(pctx);
+ return rv;
}
-#endif
projects / openssl.git / blobdiff