#include <stdio.h>
#include <openssl/objects.h>
#include "internal/nelem.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/rand.h>
+#include <openssl/trace.h>
#include "internal/cryptlib.h"
#define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers)
int ssl3_new(SSL *s)
{
- SSL3_STATE *s3;
-
- if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
- goto err;
- s->s3 = s3;
-
#ifndef OPENSSL_NO_SRP
if (!SSL_SRP_CTX_init(s))
- goto err;
+ return 0;
#endif
if (!s->method->ssl_clear(s))
return 0;
return 1;
- err:
- return 0;
}
void ssl3_free(SSL *s)
{
- if (s == NULL || s->s3 == NULL)
+ if (s == NULL)
return;
ssl3_cleanup_key_block(s);
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY_free(s->s3->peer_tmp);
- s->s3->peer_tmp = NULL;
- EVP_PKEY_free(s->s3->tmp.pkey);
- s->s3->tmp.pkey = NULL;
+ EVP_PKEY_free(s->s3.peer_tmp);
+ s->s3.peer_tmp = NULL;
+ EVP_PKEY_free(s->s3.tmp.pkey);
+ s->s3.tmp.pkey = NULL;
#endif
- OPENSSL_free(s->s3->tmp.ctype);
- sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
- OPENSSL_free(s->s3->tmp.ciphers_raw);
- OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
- OPENSSL_free(s->s3->tmp.peer_sigalgs);
- OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+ ssl_evp_cipher_free(s->s3.tmp.new_sym_enc);
+ ssl_evp_md_free(s->s3.tmp.new_hash);
+
+ OPENSSL_free(s->s3.tmp.ctype);
+ sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
+ OPENSSL_free(s->s3.tmp.ciphers_raw);
+ OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
+ OPENSSL_free(s->s3.tmp.peer_sigalgs);
+ OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
ssl3_free_digest_list(s);
- OPENSSL_free(s->s3->alpn_selected);
- OPENSSL_free(s->s3->alpn_proposed);
+ OPENSSL_free(s->s3.alpn_selected);
+ OPENSSL_free(s->s3.alpn_proposed);
#ifndef OPENSSL_NO_SRP
SSL_SRP_CTX_free(s);
#endif
- OPENSSL_clear_free(s->s3, sizeof(*s->s3));
- s->s3 = NULL;
+ memset(&s->s3, 0, sizeof(s->s3));
}
int ssl3_clear(SSL *s)
{
ssl3_cleanup_key_block(s);
- OPENSSL_free(s->s3->tmp.ctype);
- sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
- OPENSSL_free(s->s3->tmp.ciphers_raw);
- OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
- OPENSSL_free(s->s3->tmp.peer_sigalgs);
- OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+ OPENSSL_free(s->s3.tmp.ctype);
+ sk_X509_NAME_pop_free(s->s3.tmp.peer_ca_names, X509_NAME_free);
+ OPENSSL_free(s->s3.tmp.ciphers_raw);
+ OPENSSL_clear_free(s->s3.tmp.pms, s->s3.tmp.pmslen);
+ OPENSSL_free(s->s3.tmp.peer_sigalgs);
+ OPENSSL_free(s->s3.tmp.peer_cert_sigalgs);
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY_free(s->s3->tmp.pkey);
- EVP_PKEY_free(s->s3->peer_tmp);
+ EVP_PKEY_free(s->s3.tmp.pkey);
+ EVP_PKEY_free(s->s3.peer_tmp);
#endif /* !OPENSSL_NO_EC */
ssl3_free_digest_list(s);
- OPENSSL_free(s->s3->alpn_selected);
- OPENSSL_free(s->s3->alpn_proposed);
+ OPENSSL_free(s->s3.alpn_selected);
+ OPENSSL_free(s->s3.alpn_proposed);
/* NULL/zero-out everything in the s3 struct */
- memset(s->s3, 0, sizeof(*s->s3));
+ memset(&s->s3, 0, sizeof(s->s3));
if (!ssl_free_wbio_buffer(s))
return 0;
case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
break;
case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
- ret = s->s3->num_renegotiations;
+ ret = s->s3.num_renegotiations;
break;
case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
- ret = s->s3->num_renegotiations;
- s->s3->num_renegotiations = 0;
+ ret = s->s3.num_renegotiations;
+ s->s3.num_renegotiations = 0;
break;
case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
- ret = s->s3->total_renegotiations;
+ ret = s->s3.total_renegotiations;
break;
case SSL_CTRL_GET_FLAGS:
- ret = (int)(s->s3->flags);
+ ret = (int)(s->s3.flags);
break;
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
ret = 1;
break;
-#ifndef OPENSSL_NO_HEARTBEATS
- case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
- case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
- case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
- break;
-#endif
-
case SSL_CTRL_CHAIN:
if (larg)
return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
case SSL_CTRL_GET_CHAIN_CERTS:
*(STACK_OF(X509) **)parg = s->cert->key->chain;
+ ret = 1;
break;
case SSL_CTRL_SELECT_CURRENT_CERT:
const SSL_CIPHER *cipher;
if (!s->server)
return 0;
- cipher = s->s3->tmp.new_cipher;
+ cipher = s->s3.tmp.new_cipher;
if (cipher == NULL)
return 0;
/*
*/
if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
return 2;
- if (s->s3->tmp.cert == NULL)
+ if (s->s3.tmp.cert == NULL)
return 0;
- s->cert->key = s->s3->tmp.cert;
+ s->cert->key = s->s3.tmp.cert;
return 1;
}
return ssl_cert_set_current(s->cert, larg);
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_GET_GROUPS:
{
uint16_t *clist;
if (!s->session)
return 0;
- clist = s->session->ext.supportedgroups;
- clistlen = s->session->ext.supportedgroups_len;
+ clist = s->ext.peer_supportedgroups;
+ clistlen = s->ext.peer_supportedgroups_len;
if (parg) {
size_t i;
int *cptr = parg;
{
uint16_t id = tls1_shared_group(s, larg);
- if (larg != -1) {
- const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
-
- return ginf == NULL ? 0 : ginf->nid;
- }
+ if (larg != -1)
+ return tls1_group_id2nid(id);
return id;
}
-#endif
+ case SSL_CTRL_GET_NEGOTIATED_GROUP:
+ ret = tls1_group_id2nid(s->s3.group_id);
+ break;
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
case SSL_CTRL_GET_CLIENT_CERT_TYPES:
{
const unsigned char **pctype = parg;
- if (s->server || !s->s3->tmp.cert_req)
+ if (s->server || !s->s3.tmp.cert_req)
return 0;
if (pctype)
- *pctype = s->s3->tmp.ctype;
- return s->s3->tmp.ctype_len;
+ *pctype = s->s3.tmp.ctype;
+ return s->s3.tmp.ctype_len;
}
case SSL_CTRL_SET_CLIENT_CERT_TYPES:
return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
case SSL_CTRL_GET_PEER_SIGNATURE_NID:
- if (s->s3->tmp.peer_sigalg == NULL)
+ if (s->s3.tmp.peer_sigalg == NULL)
return 0;
- *(int *)parg = s->s3->tmp.peer_sigalg->hash;
+ *(int *)parg = s->s3.tmp.peer_sigalg->hash;
return 1;
case SSL_CTRL_GET_SIGNATURE_NID:
- if (s->s3->tmp.sigalg == NULL)
+ if (s->s3.tmp.sigalg == NULL)
return 0;
- *(int *)parg = s->s3->tmp.sigalg->hash;
+ *(int *)parg = s->s3.tmp.sigalg->hash;
return 1;
case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
- if (s->session == NULL || s->s3->peer_tmp == NULL) {
+ if (s->session == NULL || s->s3.peer_tmp == NULL) {
return 0;
} else {
- EVP_PKEY_up_ref(s->s3->peer_tmp);
- *(EVP_PKEY **)parg = s->s3->peer_tmp;
+ EVP_PKEY_up_ref(s->s3.peer_tmp);
+ *(EVP_PKEY **)parg = s->s3.peer_tmp;
return 1;
}
#else
case SSL_CTRL_GET_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
- if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+ if (s->session == NULL || s->s3.tmp.pkey == NULL) {
return 0;
} else {
- EVP_PKEY_up_ref(s->s3->tmp.pkey);
- *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+ EVP_PKEY_up_ref(s->s3.tmp.pkey);
+ *(EVP_PKEY **)parg = s->s3.tmp.pkey;
return 1;
}
#else
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
- SSL_SESSION *sess = s->session;
const unsigned char **pformat = parg;
- if (sess == NULL || sess->ext.ecpointformats == NULL)
+ if (s->ext.peer_ecpointformats == NULL)
return 0;
- *pformat = sess->ext.ecpointformats;
- return (int)sess->ext.ecpointformats_len;
+ *pformat = s->ext.peer_ecpointformats;
+ return (int)s->ext.peer_ecpointformats_len;
}
#endif
srp_password_from_info_cb;
if (ctx->srp_ctx.info != NULL)
OPENSSL_free(ctx->srp_ctx.info);
- if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+ if ((ctx->srp_ctx.info = OPENSSL_strdup((char *)parg)) == NULL) {
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
return 0;
}
break;
#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_SET_GROUPS:
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
return tls1_set_groups_list(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
-#endif
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
break;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
unsigned char *,
EVP_CIPHER_CTX *,
HMAC_CTX *, int))fp;
break;
+#endif
#ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
return 1;
}
+int SSL_CTX_set_tlsext_ticket_key_evp_cb
+ (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
+ EVP_CIPHER_CTX *, EVP_MAC_CTX *, int))
+{
+ ctx->ext.ticket_key_evp_cb = fp;
+ return 1;
+}
+
const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
{
SSL_CIPHER c;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok, prefer_sha256 = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
- const EVP_MD *mdsha256 = EVP_sha256();
#ifndef OPENSSL_NO_CHACHA
STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
#endif
* pay with the price of sk_SSL_CIPHER_dup().
*/
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
- (void *)srvr);
- for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
- c = sk_SSL_CIPHER_value(srvr, i);
- fprintf(stderr, "%p:%s\n", (void *)c, c->name);
- }
- fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
- (void *)clnt);
- for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
- c = sk_SSL_CIPHER_value(clnt, i);
- fprintf(stderr, "%p:%s\n", (void *)c, c->name);
- }
-#endif
+ OSSL_TRACE_BEGIN(TLS_CIPHER) {
+ BIO_printf(trc_out, "Server has %d from %p:\n",
+ sk_SSL_CIPHER_num(srvr), (void *)srvr);
+ for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+ c = sk_SSL_CIPHER_value(srvr, i);
+ BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
+ }
+ BIO_printf(trc_out, "Client sent %d from %p:\n",
+ sk_SSL_CIPHER_num(clnt), (void *)clnt);
+ for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+ c = sk_SSL_CIPHER_value(clnt, i);
+ BIO_printf(trc_out, "%p:%s\n", (void *)c, c->name);
+ }
+ } OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
if (tls1_suiteb(s)) {
* key exchange scheme skip tests.
*/
if (!SSL_IS_TLS13(s)) {
- mask_k = s->s3->tmp.mask_k;
- mask_a = s->s3->tmp.mask_a;
+ mask_k = s->s3.tmp.mask_k;
+ mask_a = s->s3.tmp.mask_a;
#ifndef OPENSSL_NO_SRP
if (s->srp_ctx.srp_Mask & SSL_kSRP) {
mask_k |= SSL_kSRP;
#endif /* OPENSSL_NO_PSK */
ok = (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
- fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
- alg_a, mask_k, mask_a, (void *)c, c->name);
-#endif
+ OSSL_TRACE7(TLS_CIPHER,
+ "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
+ ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
#ifndef OPENSSL_NO_EC
/*
continue;
#if !defined(OPENSSL_NO_EC)
if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
- && s->s3->is_probably_safari) {
+ && s->s3.is_probably_safari) {
if (!ret)
ret = sk_SSL_CIPHER_value(allow, ii);
continue;
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
- if (ssl_md(tmp->algorithm2) == mdsha256) {
+ /*
+ * TODO: When there are no more legacy digests we can just use
+ * OSSL_DIGEST_NAME_SHA2_256 instead of calling OBJ_nid2sn
+ */
+ if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2),
+ OBJ_nid2sn(NID_sha256))) {
ret = tmp;
break;
}
/* Get mask of algorithms disabled by signature list */
ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
- alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
/*
* our shutdown alert has been sent now, and if it still needs to be
- * written, s->s3->alert_dispatch will be true
+ * written, s->s3.alert_dispatch will be true
*/
- if (s->s3->alert_dispatch)
+ if (s->s3.alert_dispatch)
return -1; /* return WANT_WRITE */
- } else if (s->s3->alert_dispatch) {
+ } else if (s->s3.alert_dispatch) {
/* resend it if not sent */
ret = s->method->ssl_dispatch_alert(s);
if (ret == -1) {
}
if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
- !s->s3->alert_dispatch)
+ !s->s3.alert_dispatch)
return 1;
else
return 0;
int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
{
clear_sys_error();
- if (s->s3->renegotiate)
+ if (s->s3.renegotiate)
ssl3_renegotiate_check(s, 0);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
int ret;
clear_sys_error();
- if (s->s3->renegotiate)
+ if (s->s3.renegotiate)
ssl3_renegotiate_check(s, 0);
- s->s3->in_read_app_data = 1;
+ s->s3.in_read_app_data = 1;
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
peek, readbytes);
- if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
+ if ((ret == -1) && (s->s3.in_read_app_data == 2)) {
/*
* ssl3_read_bytes decided to call s->handshake_func, which called
* ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
len, peek, readbytes);
ossl_statem_set_in_handshake(s, 0);
} else
- s->s3->in_read_app_data = 0;
+ s->s3.in_read_app_data = 0;
return ret;
}
if (s->handshake_func == NULL)
return 1;
- s->s3->renegotiate = 1;
+ s->s3.renegotiate = 1;
return 1;
}
{
int ret = 0;
- if (s->s3->renegotiate) {
+ if (s->s3.renegotiate) {
if (!RECORD_LAYER_read_pending(&s->rlayer)
&& !RECORD_LAYER_write_pending(&s->rlayer)
&& (initok || !SSL_in_init(s))) {
* state.
*/
ossl_statem_set_renegotiate(s);
- s->s3->renegotiate = 0;
- s->s3->num_renegotiations++;
- s->s3->total_renegotiations++;
+ s->s3.renegotiate = 0;
+ s->s3.num_renegotiations++;
+ s->s3.total_renegotiations++;
ret = 1;
}
}
long ssl_get_algorithm2(SSL *s)
{
long alg2;
- if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
+ if (s->s3.tmp.new_cipher == NULL)
return -1;
- alg2 = s->s3->tmp.new_cipher->algorithm2;
+ alg2 = s->s3.tmp.new_cipher->algorithm2;
if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
- } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
+ } else if (s->s3.tmp.new_cipher->algorithm_mkey & SSL_PSK) {
if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
}
unsigned char *p = result;
l2n(Time, p);
- ret = RAND_bytes(p, len - 4);
+ ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
} else {
- ret = RAND_bytes(result, len);
+ ret = RAND_bytes_ex(s->ctx->libctx, result, len);
}
if (ret > 0) {
int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
int free_pms)
{
- unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+ unsigned long alg_k = s->s3.tmp.new_cipher->algorithm_mkey;
int ret = 0;
if (alg_k & SSL_PSK) {
#ifndef OPENSSL_NO_PSK
unsigned char *pskpms, *t;
- size_t psklen = s->s3->tmp.psklen;
+ size_t psklen = s->s3.tmp.psklen;
size_t pskpmslen;
/* create PSK premaster_secret */
memcpy(t, pms, pmslen);
t += pmslen;
s2n(psklen, t);
- memcpy(t, s->s3->tmp.psk, psklen);
+ memcpy(t, s->s3.tmp.psk, psklen);
- OPENSSL_clear_free(s->s3->tmp.psk, psklen);
- s->s3->tmp.psk = NULL;
+ OPENSSL_clear_free(s->s3.tmp.psk, psklen);
+ s->s3.tmp.psk = NULL;
if (!s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,pskpms, pskpmslen,
&s->session->master_key_length)) {
OPENSSL_cleanse(pms, pmslen);
}
if (s->server == 0)
- s->s3->tmp.pms = NULL;
+ s->s3.tmp.pms = NULL;
return ret;
}
/* Generate a private key from parameters */
-EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
+EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
if (pm == NULL)
return NULL;
- pctx = EVP_PKEY_CTX_new(pm, NULL);
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, pm, s->ctx->propq);
if (pctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0)
EVP_PKEY_CTX_free(pctx);
return pkey;
}
-#ifndef OPENSSL_NO_EC
+
/* Generate a private key from a group ID */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
{
+ const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
- const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
uint16_t gtype;
+# ifndef OPENSSL_NO_DH
+ DH *dh = NULL;
+# endif
if (ginf == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_INTERNAL_ERROR);
goto err;
}
- gtype = ginf->flags & TLS_CURVE_TYPE;
- if (gtype == TLS_CURVE_CUSTOM)
- pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
+ gtype = ginf->flags & TLS_GROUP_TYPE;
+ /*
+ * TODO(3.0): Convert these EVP_PKEY_CTX_new_id calls to ones that take
+ * s->ctx->libctx and s->ctx->propq when keygen has been updated to be
+ * provider aware.
+ */
+# ifndef OPENSSL_NO_DH
+ if (gtype == TLS_GROUP_FFDHE)
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
+# ifndef OPENSSL_NO_EC
else
- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+# endif
+# endif
+# ifndef OPENSSL_NO_EC
+ {
+ if (gtype == TLS_GROUP_CURVE_CUSTOM)
+ pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
+ else
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+ }
+# endif
if (pctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_MALLOC_FAILURE);
ERR_R_EVP_LIB);
goto err;
}
- if (gtype != TLS_CURVE_CUSTOM
- && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
- ERR_R_EVP_LIB);
- goto err;
+# ifndef OPENSSL_NO_DH
+ if (gtype == TLS_GROUP_FFDHE) {
+ if ((pkey = EVP_PKEY_new()) == NULL
+ || (dh = DH_new_by_nid(ginf->nid)) == NULL
+ || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+ ERR_R_EVP_LIB);
+ DH_free(dh);
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ goto err;
+ }
+ if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+ ERR_R_EVP_LIB);
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ goto err;
+ }
}
+# ifndef OPENSSL_NO_EC
+ else
+# endif
+# endif
+# ifndef OPENSSL_NO_EC
+ {
+ if (gtype != TLS_GROUP_CURVE_CUSTOM
+ && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+ ERR_R_EVP_LIB);
+ goto err;
+ }
+ }
+# endif
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
EVP_PKEY_CTX_free(pctx);
return pkey;
}
+#endif
/*
* Generate parameters from a group ID
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+ int pkey_ctx_id;
if (ginf == NULL)
goto err;
- if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+ if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) {
pkey = EVP_PKEY_new();
if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
return pkey;
return NULL;
}
- pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+ /*
+ * TODO(3.0): Convert this EVP_PKEY_CTX_new_id call to one that takes
+ * s->ctx->libctx and s->ctx->propq when paramgen has been updated to be
+ * provider aware.
+ */
+ pkey_ctx_id = (ginf->flags & TLS_GROUP_FFDHE)
+ ? EVP_PKEY_DH : EVP_PKEY_EC;
+ pctx = EVP_PKEY_CTX_new_id(pkey_ctx_id, NULL);
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)
goto err;
- if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
- goto err;
+# ifndef OPENSSL_NO_DH
+ if (ginf->flags & TLS_GROUP_FFDHE) {
+ if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
+ goto err;
+ }
+# ifndef OPENSSL_NO_EC
+ else
+# endif
+# endif
+# ifndef OPENSSL_NO_EC
+ {
+ if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
+ goto err;
+ }
+# endif
if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey);
pkey = NULL;
EVP_PKEY_CTX_free(pctx);
return pkey;
}
-#endif
/* Derive secrets for ECDH/DH */
int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
return 0;
}
- pctx = EVP_PKEY_CTX_new(privkey, NULL);
+ pctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, privkey, s->ctx->propq);
if (EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
goto err;
}
+#ifndef OPENSSL_NO_DH
+ if (SSL_IS_TLS13(s) && EVP_PKEY_id(privkey) == EVP_PKEY_DH)
+ EVP_PKEY_CTX_set_dh_pad(pctx, 1);
+#endif
+
pms = OPENSSL_malloc(pmslen);
if (pms == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
}
} else {
/* Save premaster secret */
- s->s3->tmp.pms = pms;
- s->s3->tmp.pmslen = pmslen;
+ s->s3.tmp.pms = pms;
+ s->s3.tmp.pmslen = pmslen;
pms = NULL;
rv = 1;
}
projects / openssl.git / blobdiff