/* The DH ciphers */
/* Cipher 0B */
{
- 1,
+ 0,
SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
SSL3_CK_DH_DSS_DES_40_CBC_SHA,
SSL_kDHd,
/* Cipher 0E */
{
- 1,
+ 0,
SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
SSL3_CK_DH_RSA_DES_40_CBC_SHA,
SSL_kDHr,
256,
256,
},
+#ifndef OPENSSL_NO_PSK
+ /* Cipher A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+#endif
#ifndef OPENSSL_NO_CAMELLIA
/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
return;
ssl3_cleanup_key_block(s);
+
+#ifndef OPENSSL_NO_RSA
+ RSA_free(s->s3->peer_rsa_tmp);
+#endif
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
+ DH_free(s->s3->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free(s->s3->tmp.ecdh);
+ EC_KEY_free(s->s3->peer_ecdh_tmp);
#endif
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
OPENSSL_free(s->s3->tmp.peer_sigalgs);
- BIO_free(s->s3->handshake_buffer);
- if (s->s3->handshake_dgst)
- ssl3_free_digest_list(s);
+ ssl3_free_digest_list(s);
OPENSSL_free(s->s3->alpn_selected);
#ifndef OPENSSL_NO_SRP
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
+#ifndef OPENSSL_NO_RSA
+ RSA_free(s->s3->peer_rsa_tmp);
+ s->s3->peer_rsa_tmp = NULL;
+#endif
+
#ifndef OPENSSL_NO_DH
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
+ DH_free(s->s3->peer_dh_tmp);
+ s->s3->peer_dh_tmp = NULL;
#endif
#ifndef OPENSSL_NO_EC
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;
+ EC_KEY_free(s->s3->peer_ecdh_tmp);
+ s->s3->peer_ecdh_tmp = NULL;
s->s3->is_probably_safari = 0;
#endif /* !OPENSSL_NO_EC */
init_extra = s->s3->init_extra;
- BIO_free(s->s3->handshake_buffer);
- s->s3->handshake_buffer = NULL;
- if (s->s3->handshake_dgst) {
- ssl3_free_digest_list(s);
- }
+ ssl3_free_digest_list(s);
if (s->s3->alpn_selected) {
- free(s->s3->alpn_selected);
+ OPENSSL_free(s->s3->alpn_selected);
s->s3->alpn_selected = NULL;
}
case SSL_CTRL_GET_PEER_SIGNATURE_NID:
if (SSL_USE_SIGALGS(s)) {
- if (s->session && s->session->sess_cert) {
+ if (s->session) {
const EVP_MD *sig;
sig = s->s3->tmp.peer_md;
if (sig) {
return 0;
case SSL_CTRL_GET_SERVER_TMP_KEY:
- if (s->server || !s->session || !s->session->sess_cert)
+ if (s->server || !s->session)
return 0;
else {
- SESS_CERT *sc;
EVP_PKEY *ptmp;
int rv = 0;
- sc = s->session->sess_cert;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
- if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp)
+ if (!s->s3->peer_rsa_tmp && !s->s3->peer_dh_tmp && !s->s3->peer_ecdh_tmp)
return 0;
#endif
ptmp = EVP_PKEY_new();
if (!ptmp)
return 0;
#ifndef OPENSSL_NO_RSA
- else if (sc->peer_rsa_tmp)
- rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
+ else if (s->s3->peer_rsa_tmp)
+ rv = EVP_PKEY_set1_RSA(ptmp, s->s3->peer_rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- else if (sc->peer_dh_tmp)
- rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
+ else if (s->s3->peer_dh_tmp)
+ rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp);
#endif
#ifndef OPENSSL_NO_EC
- else if (sc->peer_ecdh_tmp)
- rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
+ else if (s->s3->peer_ecdh_tmp)
+ rv = EVP_PKEY_set1_EC_KEY(ptmp, s->s3->peer_ecdh_tmp);
#endif
if (rv) {
*(EVP_PKEY **)parg = ptmp;