/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
#include <openssl/rand.h>
#include <openssl/trace.h>
#include <openssl/x509v3.h>
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
256,
256,
},
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
256,
256,
},
-#endif
{
1,
TLS1_3_RFC_AES_128_CCM_SHA256,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
}
};
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
256,
},
-#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
1,
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
256,
256,
},
-#endif /* !defined(OPENSSL_NO_CHACHA) &&
- * !defined(OPENSSL_NO_POLY1305) */
-#ifndef OPENSSL_NO_CAMELLIA
{
1,
TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
256,
256,
},
-#endif /* OPENSSL_NO_CAMELLIA */
#ifndef OPENSSL_NO_GOST
{
0,
0,
},
+ {
+ 1,
+ "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC",
+ NULL,
+ 0x0300C100,
+ SSL_kGOST18,
+ SSL_aGOST12,
+ SSL_KUZNYECHIK,
+ SSL_KUZNYECHIKOMAC,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ "GOST2012-MAGMA-MAGMAOMAC",
+ NULL,
+ 0x0300C101,
+ SSL_kGOST18,
+ SSL_aGOST12,
+ SSL_MAGMA,
+ SSL_MAGMAOMAC,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_TLSTREE,
+ 256,
+ 256,
+ },
#endif /* OPENSSL_NO_GOST */
-#ifndef OPENSSL_NO_IDEA
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,
128,
128,
},
-#endif
-#ifndef OPENSSL_NO_SEED
{
1,
TLS1_TXT_RSA_WITH_SEED_SHA,
128,
128,
},
-#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
-#ifndef OPENSSL_NO_ARIA
{
1,
TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
256,
256,
},
-#endif /* OPENSSL_NO_ARIA */
};
/*
int ssl3_new(SSL *s)
{
#ifndef OPENSSL_NO_SRP
- if (!SSL_SRP_CTX_init(s))
+ if (!ssl_srp_ctx_init_intern(s))
return 0;
#endif
ssl3_cleanup_key_block(s);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3.peer_tmp);
s->s3.peer_tmp = NULL;
EVP_PKEY_free(s->s3.tmp.pkey);
s->s3.tmp.pkey = NULL;
-#endif
ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
ssl_evp_md_free(s->s3.tmp.new_hash);
OPENSSL_free(s->s3.alpn_proposed);
#ifndef OPENSSL_NO_SRP
- SSL_SRP_CTX_free(s);
+ ssl_srp_ctx_free_intern(s);
#endif
memset(&s->s3, 0, sizeof(s->s3));
}
OPENSSL_free(s->s3.tmp.peer_sigalgs);
OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EVP_PKEY_free(s->s3.tmp.pkey);
EVP_PKEY_free(s->s3.peer_tmp);
-#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
case SSL_CTRL_GET_FLAGS:
ret = (int)(s->s3.flags);
break;
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
- DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
- if (dh == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ if (parg == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- pkdh = ssl_dh_to_pkey(dh);
+ pkdh = ssl_dh_to_pkey(parg);
if (pkdh == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (!ssl_security(s, SSL_SECOP_TMP_DH,
- EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+ if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
EVP_PKEY_free(pkdh);
return 0;
}
- EVP_PKEY_free(s->cert->dh_tmp);
- s->cert->dh_tmp = pkdh;
return 1;
}
break;
case SSL_CTRL_SET_TMP_DH_CB:
{
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return ret;
}
+#endif
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
-#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
- const EC_GROUP *group = NULL;
- int nid;
-
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- group = EC_KEY_get0_group((const EC_KEY *)parg);
- if (group == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
- return 0;
- }
- nid = EC_GROUP_get_curve_name(group);
- if (nid == NID_undef)
- return 0;
- return tls1_set_groups(&s->ext.supportedgroups,
- &s->ext.supportedgroups_len,
- &nid, 1);
+ return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
+ &s->ext.supportedgroups_len,
+ parg);
}
- break;
-#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
/*
- * TODO(OpenSSL1.2)
* This API is only used for a client to set what SNI it will request
* from the server, but we currently allow it to be used on servers
* as well, which is a programming error. Currently we just clear
break;
len = strlen((char *)parg);
if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
} else {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
break;
}
return ssl_cert_set_current(s->cert, larg);
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_GET_GROUPS:
{
uint16_t *clist;
int *cptr = parg;
for (i = 0; i < clistlen; i++) {
- const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
+ uint16_t cid = SSL_IS_TLS13(s)
+ ? ssl_group_id_tls13_to_internal(clist[i])
+ : clist[i];
+ const TLS_GROUP_INFO *cinf
+ = tls1_group_id_lookup(s->ctx, cid);
if (cinf != NULL)
- cptr[i] = cinf->nid;
+ cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
else
cptr[i] = TLSEXT_nid_unknown | clist[i];
}
&s->ext.supportedgroups_len, parg, larg);
case SSL_CTRL_SET_GROUPS_LIST:
- return tls1_set_groups_list(&s->ext.supportedgroups,
+ return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups,
&s->ext.supportedgroups_len, parg);
case SSL_CTRL_GET_SHARED_GROUP:
uint16_t id = tls1_shared_group(s, larg);
if (larg != -1)
- return tls1_group_id2nid(id);
+ return tls1_group_id2nid(id, 1);
return id;
}
case SSL_CTRL_GET_NEGOTIATED_GROUP:
- ret = tls1_group_id2nid(s->s3.group_id);
- break;
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+ {
+ unsigned int id;
+ if (SSL_IS_TLS13(s) && s->s3.did_kex)
+ id = s->s3.group_id;
+ else
+ id = s->session->kex_group;
+ ret = tls1_group_id2nid(id, 1);
+ break;
+ }
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
return 1;
case SSL_CTRL_GET_PEER_TMP_KEY:
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3.peer_tmp == NULL) {
return 0;
} else {
*(EVP_PKEY **)parg = s->s3.peer_tmp;
return 1;
}
-#else
- return 0;
-#endif
case SSL_CTRL_GET_TMP_KEY:
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3.tmp.pkey == NULL) {
return 0;
} else {
*(EVP_PKEY **)parg = s->s3.tmp.pkey;
return 1;
}
-#else
- return 0;
-#endif
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
const unsigned char **pformat = parg;
*pformat = s->ext.peer_ecpointformats;
return (int)s->ext.peer_ecpointformats_len;
}
-#endif
default:
break;
int ret = 0;
switch (cmd) {
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
- {
- s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
+ s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+ ret = 1;
break;
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->ext.debug_cb = (void (*)(SSL *, int, int,
const unsigned char *, int, void *))fp;
+ ret = 1;
break;
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
- {
- s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
- }
+ s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+ ret = 1;
break;
default:
break;
long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
switch (cmd) {
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH:
{
- DH *dh = (DH *)parg;
EVP_PKEY *pkdh = NULL;
- if (dh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ if (parg == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- pkdh = ssl_dh_to_pkey(dh);
+ pkdh = ssl_dh_to_pkey(parg);
if (pkdh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
- EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+ if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
EVP_PKEY_free(pkdh);
return 0;
}
- EVP_PKEY_free(ctx->cert->dh_tmp);
- ctx->cert->dh_tmp = pkdh;
return 1;
}
case SSL_CTRL_SET_TMP_DH_CB:
{
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
+#endif
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
-#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_ECDH:
{
- const EC_GROUP *group = NULL;
- int nid;
-
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- group = EC_KEY_get0_group((const EC_KEY *)parg);
- if (group == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
- return 0;
- }
- nid = EC_GROUP_get_curve_name(group);
- if (nid == NID_undef)
- return 0;
- return tls1_set_groups(&ctx->ext.supportedgroups,
- &ctx->ext.supportedgroups_len,
- &nid, 1);
+ return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
+ &ctx->ext.supportedgroups_len,
+ parg);
}
-#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->ext.servername_arg = parg;
break;
if (keys == NULL)
return tick_keylen;
if (larg != tick_keylen) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+ ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
return 0;
}
if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
if (parg == NULL)
break;
if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+ ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SRP_USERNAME);
return 0;
}
if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
if (ctx->srp_ctx.info != NULL)
OPENSSL_free(ctx->srp_ctx.info);
if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
break;
#endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_SET_GROUPS:
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg, larg);
case SSL_CTRL_SET_GROUPS_LIST:
- return tls1_set_groups_list(&ctx->ext.supportedgroups,
+ return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {
if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
}
- if (!X509v3_cache_extensions((X509 *)parg, ctx->libctx, ctx->propq)) {
- SSLerr(0, ERR_LIB_X509);
- return 0;
- }
if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
break;
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
- sk_X509_pop_free(ctx->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->extra_certs);
ctx->extra_certs = NULL;
break;
long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
switch (cmd) {
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
{
ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
{
- SSL_CIPHER *c = NULL, *tbl;
- SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers};
- size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS};
+ SSL_CIPHER *tbl;
+ SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
+ size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
+ SSL3_NUM_SCSVS};
/* this is not efficient, necessary to optimize this? */
for (j = 0; j < OSSL_NELEM(alltabs); j++) {
if (tbl->stdname == NULL)
continue;
if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
- }
- }
- }
- if (c == NULL) {
- tbl = ssl3_scsvs;
- for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) {
- if (strcmp(stdname, tbl->stdname) == 0) {
- c = tbl;
- break;
+ return tbl;
}
}
}
- return c;
+ return NULL;
}
/*
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok, prefer_sha256 = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
-#ifndef OPENSSL_NO_CHACHA
STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
-#endif
/* Let's see which ciphers we can support */
} else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
prio = srvr;
allow = clnt;
-#ifndef OPENSSL_NO_CHACHA
+
/* If ChaCha20 is at the top of the client preference list,
and there are ChaCha20 ciphers in the server list, then
temporarily prioritize all ChaCha20 ciphers in the servers list. */
}
}
}
-# endif
} else {
prio = clnt;
allow = srvr;
"%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
-#ifndef OPENSSL_NO_EC
/*
* if we are considering an ECC cipher suite that uses an ephemeral
* EC key check it
*/
if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
-#endif /* OPENSSL_NO_EC */
if (!ok)
continue;
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
c->strength_bits, 0, (void *)c))
continue;
-#if !defined(OPENSSL_NO_EC)
+
if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
&& s->s3.is_probably_safari) {
if (!ret)
ret = sk_SSL_CIPHER_value(allow, ii);
continue;
}
-#endif
+
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
- /*
- * TODO: When there are no more legacy digests we can just use
- * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
- */
if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
- OBJ_nid2sn(NID_sha256))) {
+ OSSL_DIGEST_NAME_SHA2_256)) {
ret = tmp;
break;
}
break;
}
}
-#ifndef OPENSSL_NO_CHACHA
+
sk_SSL_CIPHER_free(prio_chacha);
-#endif
+
return ret;
}
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
- return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
- && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN);
+ if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_LEGACY_512_SIGN))
+ return 0;
+
+ if (s->version >= TLS1_2_VERSION && (alg_k & SSL_kGOST18))
+ if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN)
+ || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN))
+ return 0;
#endif
if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
-#ifndef OPENSSL_NO_DH
-# ifndef OPENSSL_NO_RSA
if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
return 0;
-# endif
-# ifndef OPENSSL_NO_DSA
- if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+ if (!(alg_a & SSL_aDSS)
+ && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
return 0;
-# endif
-#endif /* !OPENSSL_NO_DH */
}
-#ifndef OPENSSL_NO_RSA
if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
return 0;
-#endif
-#ifndef OPENSSL_NO_DSA
if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
return 0;
-#endif
-#ifndef OPENSSL_NO_EC
+
/*
* ECDSA certs can be used with RSA cipher suites too so we don't
* need to check for SSL_kECDH or SSL_kECDHE
&& !(alg_a & SSL_aECDSA)
&& !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
return 0;
-#endif
+
return 1;
}
unsigned char *p = result;
l2n(Time, p);
- ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
+ ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0);
} else {
- ret = RAND_bytes_ex(s->ctx->libctx, result, len);
+ ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0);
}
if (ret > 0) {
OPENSSL_clear_free(s->s3.tmp.psk, psklen);
s->s3.tmp.psk = NULL;
+ s->s3.tmp.psklen = 0;
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key, pskpms, pskpmslen,
&s->session->master_key_length)) {
else
OPENSSL_cleanse(pms, pmslen);
}
- if (s->server == 0)
+ if (s->server == 0) {
s->s3.tmp.pms = NULL;
+ s->s3.tmp.pmslen = 0;
+ }
return ret;
}
}
/* Generate a private key from a group ID */
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
{
- const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
- uint16_t gtype;
-# ifndef OPENSSL_NO_DH
- DH *dh = NULL;
-# endif
if (ginf == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
- gtype = ginf->flags & TLS_GROUP_TYPE;
- pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->keytype,
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
s->ctx->propq);
if (pctx == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_keygen_init(pctx) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
goto err;
}
-# ifndef OPENSSL_NO_DH
- if (gtype == TLS_GROUP_FFDHE) {
- if ((pkey = EVP_PKEY_new()) == NULL
- || (dh = DH_new_by_nid(ginf->nid)) == NULL
- || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- DH_free(dh);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- goto err;
- }
- if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- EVP_PKEY_free(pkey);
- pkey = NULL;
- goto err;
- }
- }
-# ifndef OPENSSL_NO_EC
- else
-# endif
-# endif
-# ifndef OPENSSL_NO_EC
- {
- if (gtype != TLS_GROUP_CURVE_CUSTOM
- && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- goto err;
- }
+ if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ goto err;
}
-# endif
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
}
EVP_PKEY_CTX_free(pctx);
return pkey;
}
-#endif
/*
* Generate parameters from a group ID
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
- const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
- const char *pkey_ctx_name;
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
if (ginf == NULL)
goto err;
- if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) {
- pkey = EVP_PKEY_new();
- if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
- return pkey;
- EVP_PKEY_free(pkey);
- return NULL;
- }
-
- pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
- pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
+ pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
s->ctx->propq);
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)
goto err;
-# ifndef OPENSSL_NO_DH
- if (ginf->flags & TLS_GROUP_FFDHE) {
- if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
- goto err;
- }
-# ifndef OPENSSL_NO_EC
- else
-# endif
-# endif
-# ifndef OPENSSL_NO_EC
- {
- if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
- goto err;
+ if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
+ goto err;
}
-# endif
if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey);
pkey = NULL;
return pkey;
}
+/* Generate secrets from pms */
+int ssl_gensecret(SSL *s, unsigned char *pms, size_t pmslen)
+{
+ int rv = 0;
+
+ /* SSLfatal() called as appropriate in the below functions */
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * If we are resuming then we already generated the early secret
+ * when we created the ClientHello, so don't recreate it.
+ */
+ if (!s->hit)
+ rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
+ 0,
+ (unsigned char *)&s->early_secret);
+ else
+ rv = 1;
+
+ rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
+ } else {
+ rv = ssl_generate_master_secret(s, pms, pmslen, 0);
+ }
+
+ return rv;
+}
+
/* Derive secrets for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
{
EVP_PKEY_CTX *pctx;
if (privkey == NULL || pubkey == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
if (EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
|| EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
-#ifndef OPENSSL_NO_DH
- if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
+ if (SSL_IS_TLS13(s) && EVP_PKEY_is_a(privkey, "DH"))
EVP_PKEY_CTX_set_dh_pad(pctx, 1);
-#endif
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_MALLOC_FAILURE);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
- ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
if (gensecret) {
/* SSLfatal() called as appropriate in the below functions */
- if (SSL_IS_TLS13(s)) {
- /*
- * If we are resuming then we already generated the early secret
- * when we created the ClientHello, so don't recreate it.
- */
- if (!s->hit)
- rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
- 0,
- (unsigned char *)&s->early_secret);
- else
- rv = 1;
+ rv = ssl_gensecret(s, pms, pmslen);
+ } else {
+ /* Save premaster secret */
+ s->s3.tmp.pms = pms;
+ s->s3.tmp.pmslen = pmslen;
+ pms = NULL;
+ rv = 1;
+ }
- rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
- } else {
- rv = ssl_generate_master_secret(s, pms, pmslen, 0);
- }
+ err:
+ OPENSSL_clear_free(pms, pmslen);
+ EVP_PKEY_CTX_free(pctx);
+ return rv;
+}
+
+/* Decapsulate secrets for KEM */
+int ssl_decapsulate(SSL *s, EVP_PKEY *privkey,
+ const unsigned char *ct, size_t ctlen,
+ int gensecret)
+{
+ int rv = 0;
+ unsigned char *pms = NULL;
+ size_t pmslen = 0;
+ EVP_PKEY_CTX *pctx;
+
+ if (privkey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
+
+ if (EVP_PKEY_decapsulate_init(pctx, NULL) <= 0
+ || EVP_PKEY_decapsulate(pctx, NULL, &pmslen, ct, ctlen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ pms = OPENSSL_malloc(pmslen);
+ if (pms == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_PKEY_decapsulate(pctx, pms, &pmslen, ct, ctlen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (gensecret) {
+ /* SSLfatal() called as appropriate in the below functions */
+ rv = ssl_gensecret(s, pms, pmslen);
} else {
/* Save premaster secret */
s->s3.tmp.pms = pms;
return rv;
}
-#ifndef OPENSSL_NO_DH
-EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
+ unsigned char **ctp, size_t *ctlenp,
+ int gensecret)
{
- EVP_PKEY *ret;
- if (dh == NULL)
- return NULL;
- ret = EVP_PKEY_new();
- if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
- EVP_PKEY_free(ret);
- return NULL;
+ int rv = 0;
+ unsigned char *pms = NULL, *ct = NULL;
+ size_t pmslen = 0, ctlen = 0;
+ EVP_PKEY_CTX *pctx;
+
+ if (pubkey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return 0;
}
- return ret;
+
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pubkey, s->ctx->propq);
+
+ if (EVP_PKEY_encapsulate_init(pctx, NULL) <= 0
+ || EVP_PKEY_encapsulate(pctx, NULL, &ctlen, NULL, &pmslen) <= 0
+ || pmslen == 0 || ctlen == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ pms = OPENSSL_malloc(pmslen);
+ ct = OPENSSL_malloc(ctlen);
+ if (pms == NULL || ct == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (gensecret) {
+ /* SSLfatal() called as appropriate in the below functions */
+ rv = ssl_gensecret(s, pms, pmslen);
+ } else {
+ /* Save premaster secret */
+ s->s3.tmp.pms = pms;
+ s->s3.tmp.pmslen = pmslen;
+ pms = NULL;
+ rv = 1;
+ }
+
+ if (rv > 0) {
+ /* Pass ownership of ct to caller */
+ *ctp = ct;
+ *ctlenp = ctlen;
+ ct = NULL;
+ }
+
+ err:
+ OPENSSL_clear_free(pms, pmslen);
+ OPENSSL_free(ct);
+ EVP_PKEY_CTX_free(pctx);
+ return rv;
+}
+
+const char *SSL_group_to_name(SSL *s, int nid) {
+ int group_id = 0;
+ const TLS_GROUP_INFO *cinf = NULL;
+
+ /* first convert to real group id for internal and external IDs */
+ if (nid & TLSEXT_nid_unknown)
+ group_id = nid & 0xFFFF;
+ else
+ group_id = tls1_nid2group_id(nid);
+
+ /* then look up */
+ cinf = tls1_group_id_lookup(s->ctx, group_id);
+
+ if (cinf != NULL)
+ return cinf->tlsname;
+ return NULL;
}
-#endif
projects / openssl.git / blobdiff