X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=44e4c4523778f50338d4b10bf80a2b0b9a9785e9;hb=d0b039d4a3a19b106cc2cb938125b86aca4974aa;hp=a471995a19e63f6a808b9c2e193af6ffa6422224;hpb=5e3ff62c345c976cd1ffbcc5e6042f55264977f5;p=openssl.git

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a471995a19..44e4c45237 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -244,7 +244,10 @@ static int nid_list[] =
 		NID_secp256k1, /* secp256k1 (22) */ 
 		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
 		NID_secp384r1, /* secp384r1 (24) */
-		NID_secp521r1  /* secp521r1 (25) */	
+		NID_secp521r1,  /* secp521r1 (25) */	
+		NID_brainpoolP256r1,  /* brainpoolP256r1 (26) */	
+		NID_brainpoolP384r1,  /* brainpoolP384r1 (27) */	
+		NID_brainpoolP512r1  /* brainpool512r1 (28) */	
 	};
 
 
@@ -260,11 +263,14 @@ static const unsigned char eccurves_default[] =
 		0,14, /* sect571r1 (14) */ 
 		0,13, /* sect571k1 (13) */ 
 		0,25, /* secp521r1 (25) */	
+		0,28, /* brainpool512r1 (28) */	
 		0,11, /* sect409k1 (11) */ 
 		0,12, /* sect409r1 (12) */
+		0,27, /* brainpoolP384r1 (27) */	
 		0,24, /* secp384r1 (24) */
 		0,9,  /* sect283k1 (9) */
 		0,10, /* sect283r1 (10) */ 
+		0,26, /* brainpoolP256r1 (26) */	
 		0,22, /* secp256k1 (22) */ 
 		0,23, /* secp256r1 (23) */ 
 		0,8,  /* sect239k1 (8) */ 
@@ -354,6 +360,12 @@ int tls1_ec_nid2curve_id(int nid)
 		return 24;
 	case NID_secp521r1:  /* secp521r1 (25) */	
 		return 25;
+	case NID_brainpoolP256r1:  /* brainpoolP256r1 (26) */
+		return 26;
+	case NID_brainpoolP384r1:  /* brainpoolP384r1 (27) */
+		return 27;
+	case NID_brainpoolP512r1:  /* brainpool512r1 (28) */
+		return 28;
 	default:
 		return 0;
 		}
@@ -527,7 +539,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
 	return 1;
 	}
 
-#define MAX_CURVELIST	25
+#define MAX_CURVELIST	28
 
 typedef struct
 	{
@@ -578,14 +590,12 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
 	{
 	int is_prime, id;
 	const EC_GROUP *grp;
-	const EC_POINT *pt;
 	const EC_METHOD *meth;
 	if (!ec)
 		return 0;
 	/* Determine if it is a prime field */
 	grp = EC_KEY_get0_group(ec);
-        pt = EC_KEY_get0_public_key(ec);
-	if (!grp || !pt)
+	if (!grp)
 		return 0;
         meth = EC_GROUP_method_of(grp);
 	if (!meth)
@@ -613,6 +623,8 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
 		}
 	if (comp_id)
 		{
+        	if (EC_KEY_get0_public_key(ec) == NULL)
+			return 0;
 		if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED)
 			{
 			if (is_prime)
@@ -864,9 +876,6 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
 	tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-	tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 #ifndef OPENSSL_NO_ECDSA
 static unsigned char suiteb_sigalgs[] = {
@@ -909,13 +918,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
 	else
 		{
 		*psigs = tls12_sigalgs;
-#ifdef OPENSSL_FIPS
-		/* If FIPS mode don't include MD5 which is last */
-		if (FIPS_mode())
-			return sizeof(tls12_sigalgs) - 2;
-		else
-#endif
-			return sizeof(tls12_sigalgs);
+		return sizeof(tls12_sigalgs);
 		}
 	}
 /* Check signature algorithm is consistent with sent supported signature
@@ -1105,7 +1108,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
 			alg_k = c->algorithm_mkey;
 			alg_a = c->algorithm_auth;
-			if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)
+			if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)
 				|| (alg_a & SSL_aECDSA)))
 				{
 				using_ecc = 1;
@@ -1469,6 +1472,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	s2n(TLSEXT_TYPE_encrypt_then_mac,ret);
 	s2n(0,ret);
 #endif
+#ifdef TLSEXT_TYPE_padding
+	/* Add padding to workaround bugs in F5 terminators.
+	 * See https://tools.ietf.org/html/draft-agl-tls-padding-02
+	 *
+	 * NB: because this code works out the length of all existing
+	 * extensions it MUST always appear last.
+	 */
+	{
+	int hlen = ret - (unsigned char *)s->init_buf->data;
+	/* The code in s23_clnt.c to build ClientHello messages includes the
+	 * 5-byte record header in the buffer, while the code in s3_clnt.c does
+	 * not. */
+	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+		hlen -= 5;
+	if (hlen > 0xff && hlen < 0x200)
+		{
+		hlen = 0x200 - hlen;
+		if (hlen >= 4)
+			hlen -= 4;
+		else
+			hlen = 0;
+
+		s2n(TLSEXT_TYPE_padding, ret);
+		s2n(hlen, ret);
+		memset(ret, 0, hlen);
+		ret += hlen;
+		}
+	}
+#endif
 
 	if ((extdatalen = ret-p-2) == 0)
 		return p;
@@ -1487,7 +1519,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #ifndef OPENSSL_NO_EC
 	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-	int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+	int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
 	using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
 #endif
 	/* don't add extensions for SSLv3, unless doing secure renegotiation */
@@ -1869,7 +1901,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
 		return;
 	data += size;
 
-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
+	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
 		{
 		const size_t len1 = sizeof(kSafariExtensionsBlock);
 		const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
@@ -1893,7 +1925,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
 
 	s->s3->is_probably_safari = 1;
 }
-#endif	/* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
 static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 
 	{	
@@ -1932,7 +1964,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 #ifndef OPENSSL_NO_EC
 	if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
 		ssl_check_for_safari(s, data, d, n);
-#endif	/* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
 	/* Clear any signature algorithms extension received */
 	if (s->cert->peer_sigalgs)
@@ -2258,8 +2290,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 				return 0;
 				}
 			}
-		else if (type == TLSEXT_TYPE_status_request
-		         && s->ctx->tlsext_status_cb)
+		else if (type == TLSEXT_TYPE_status_request)
 			{
 		
 			if (size < 5) 
@@ -2417,8 +2448,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 			{
 			if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
 				return 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
 			/* ALPN takes precedence over NPN. */
 			s->s3->next_proto_neg_seen = 0;
+#endif
 			}
 
 		/* session ticket processed earlier */
@@ -3103,7 +3136,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
 	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 	if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
 	    (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 
-	    ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
+	    ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
 		{
 		/* we are using an ECC cipher */
 		size_t i;