/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/rand.h>
#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers)
+#define SSL3_NUM_SCSVS OSSL_NELEM(ssl3_scsvs)
/*
* The list of available ciphers, mostly organized into the following
* EC
* PSK
* SRP (within that: RSA EC PSK)
- * Cipher families: Chacha/poly, Camellila, Gost, IDEA, SEED
+ * Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
* Weak ciphers
*/
static SSL_CIPHER ssl3_ciphers[] = {
SSL_AES128GCM,
SSL_AEAD,
TLS1_3_VERSION, TLS1_3_VERSION,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_3_TXT_AES_256_GCM_SHA384,
+ TLS1_3_CK_AES_256_GCM_SHA384,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
0, 0,
SSL_HIGH,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_HANDSHAKE_MAC_SHA384,
+ 256,
+ 256,
+ },
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ {
+ 1,
+ TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+ TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_CHACHA20POLY1305,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 256,
+ 256,
+ },
+#endif
+ {
+ 1,
+ TLS1_3_TXT_AES_128_CCM_SHA256,
+ TLS1_3_CK_AES_128_CCM_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES128CCM,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
+ 128,
+ 128,
+ },
+ {
+ 1,
+ TLS1_3_TXT_AES_128_CCM_8_SHA256,
+ TLS1_3_CK_AES_128_CCM_8_SHA256,
+ SSL_kANY,
+ SSL_aANY,
+ SSL_AES128CCM8,
+ SSL_AEAD,
+ TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, 0,
+ SSL_NOT_DEFAULT | SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256,
128,
128,
},
};
+/*
+ * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
+ * values stuffed into the ciphers field of the wire protocol for signalling
+ * purposes.
+ */
+static SSL_CIPHER ssl3_scsvs[] = {
+ {
+ 0,
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+ SSL3_CK_SCSV,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ },
+ {
+ 0,
+ "TLS_FALLBACK_SCSV",
+ SSL3_CK_FALLBACK_SCSV,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ },
+};
+
static int cipher_compare(const void *a, const void *b)
{
const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
void ssl_sort_cipher_list(void)
{
- qsort(ssl3_ciphers, OSSL_NELEM(ssl3_ciphers), sizeof ssl3_ciphers[0],
+ qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof ssl3_ciphers[0],
cipher_compare);
+ qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof ssl3_scsvs[0], cipher_compare);
}
const SSL3_ENC_METHOD SSLv3_enc_data = {
s->s3->tmp.pkey = NULL;
#endif
+ OPENSSL_free(s->s3->tmp.ctype);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
void ssl3_clear(SSL *s)
{
ssl3_cleanup_key_block(s);
+ OPENSSL_free(s->s3->tmp.ctype);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.ciphers_raw);
OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
case SSL_CTRL_SET_CURRENT_CERT:
if (larg == SSL_CERT_SET_SERVER) {
- CERT_PKEY *cpk;
const SSL_CIPHER *cipher;
if (!s->server)
return 0;
cipher = s->s3->tmp.new_cipher;
- if (!cipher)
+ if (cipher == NULL)
return 0;
/*
* No certificate for unauthenticated ciphersuites or using SRP
*/
if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
return 2;
- cpk = ssl_get_server_send_pkey(s);
- if (!cpk)
+ if (s->s3->tmp.cert == NULL)
return 0;
- s->cert->key = cpk;
+ s->cert->key = s->s3->tmp.cert;
return 1;
}
return ssl_cert_set_current(s->cert, larg);
const unsigned char **pctype = parg;
if (s->server || !s->s3->tmp.cert_req)
return 0;
- if (s->cert->ctypes) {
- if (pctype)
- *pctype = s->cert->ctypes;
- return (int)s->cert->ctype_num;
- }
if (pctype)
- *pctype = (unsigned char *)s->s3->tmp.ctype;
- return s->s3->tmp.ctype_num;
+ *pctype = s->s3->tmp.ctype;
+ return s->s3->tmp.ctype_len;
}
case SSL_CTRL_SET_CLIENT_CERT_TYPES:
ctx->cert->dh_tmp = pkdh;
return 1;
}
- /*
- * break;
- */
case SSL_CTRL_SET_TMP_DH_CB:
{
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
&ctx->ext.supportedgroups_len,
&nid, 1);
}
- /* break; */
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->ext.servername_arg = parg;
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
{
SSL_CIPHER c;
+ const SSL_CIPHER *cp;
c.id = id;
- return OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+ cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+ if (cp != NULL)
+ return cp;
+ return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
}
/*
const SSL_CIPHER *c, *ret = NULL;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok;
- unsigned long alg_k, alg_a, mask_k, mask_a;
+ unsigned long alg_k = 0, alg_a = 0, mask_k, mask_a;
/* Let's see which ciphers we can support */
-#if 0
/*
* Do not set the compare functions, because this may lead to a
* reordering by "id". We want to keep the original ordering. We may pay
* a price in performance during sk_SSL_CIPHER_find(), but would have to
* pay with the price of sk_SSL_CIPHER_dup().
*/
- sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
- sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
#ifdef CIPHER_DEBUG
fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */
- if (s->cert->ctypes) {
- return WPACKET_memcpy(pkt, s->cert->ctypes, s->cert->ctype_num);
- }
+ if (s->cert->ctype)
+ return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
/* Get mask of algorithms disabled by signature list */
ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
{
- OPENSSL_free(c->ctypes);
- c->ctypes = NULL;
- if (!p || !len)
+ OPENSSL_free(c->ctype);
+ c->ctype = NULL;
+ c->ctype_len = 0;
+ if (p == NULL || len == 0)
return 1;
if (len > 0xff)
return 0;
- c->ctypes = OPENSSL_malloc(len);
- if (c->ctypes == NULL)
+ c->ctype = OPENSSL_memdup(p, len);
+ if (c->ctype == NULL)
return 0;
- memcpy(c->ctypes, p, len);
- c->ctype_num = len;
+ c->ctype_len = len;
return 1;
}