SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
}
};
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 128,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
128,
},
{
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
- SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
- 256,
+ 64, /* CCM8 uses a short tag, so we have a low security strength */
256,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
{
0, 0,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
+ 80,
128,
},
#endif /* OPENSSL_NO_WEAK_SSL_CIPHERS */
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
- return SSL_set0_tmp_dh_pkey(s, pkdh);
+ if (!SSL_set0_tmp_dh_pkey(s, pkdh)) {
+ EVP_PKEY_free(pkdh);
+ return 0;
+ }
+ return 1;
}
break;
case SSL_CTRL_SET_TMP_DH_CB:
int *cptr = parg;
for (i = 0; i < clistlen; i++) {
+ uint16_t cid = SSL_IS_TLS13(s)
+ ? ssl_group_id_tls13_to_internal(clist[i])
+ : clist[i];
const TLS_GROUP_INFO *cinf
- = tls1_group_id_lookup(s->ctx, clist[i]);
+ = tls1_group_id_lookup(s->ctx, cid);
if (cinf != NULL)
cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
return id;
}
case SSL_CTRL_GET_NEGOTIATED_GROUP:
- ret = tls1_group_id2nid(s->s3.group_id, 1);
- break;
+ {
+ unsigned int id;
+ if (SSL_IS_TLS13(s) && s->s3.did_kex)
+ id = s->s3.group_id;
+ else
+ id = s->session->kex_group;
+ ret = tls1_group_id2nid(id, 1);
+ break;
+ }
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
- return SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh);
+ if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) {
+ EVP_PKEY_free(pkdh);
+ return 0;
+ }
+ return 1;
}
case SSL_CTRL_SET_TMP_DH_CB:
{
break;
case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
- sk_X509_pop_free(ctx->extra_certs, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->extra_certs);
ctx->extra_certs = NULL;
break;
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
- /*
- * TODO: When there are no more legacy digests we can just use
- * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
- */
if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
- OBJ_nid2sn(NID_sha256))) {
+ OSSL_DIGEST_NAME_SHA2_256)) {
ret = tmp;
break;
}
unsigned char *p = result;
l2n(Time, p);
- ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
+ ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0);
} else {
- ret = RAND_bytes_ex(s->ctx->libctx, result, len);
+ ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0);
}
if (ret > 0) {