/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/cryptlib.h"
#include "statem_local.h"
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(OCSP_RESPID)
+
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
#endif
#ifndef OPENSSL_NO_EC
-static int use_ecc(SSL *s, int max_version)
+static int use_ecc(SSL *s, int min_version, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
for (j = 0; j < num_groups; j++) {
uint16_t ctmp = pgroups[j];
- if (tls_valid_group(s, ctmp, max_version)
+ if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
return 1;
}
SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
return EXT_RETURN_FAIL;
}
- if (!use_ecc(s, max_version))
+ if (!use_ecc(s, min_version, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
if (max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#else
- if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
+ if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#endif
for (i = 0; i < num_groups; i++) {
uint16_t ctmp = pgroups[i];
- if (tls_valid_group(s, ctmp, max_version)
+ if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
/* SSLfatal() already called */
return 0;
}
-
- /*
- * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
- * knows how to get a key from an encoded point with the help of
- * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
- * downgrades an EVP_PKEY to contain a legacy key.
- *
- * THIS IS TEMPORARY
- */
- EVP_PKEY_get0(key_share_key);
- if (EVP_PKEY_id(key_share_key) == EVP_PKEY_NONE) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
- ERR_R_EC_LIB);
- goto err;
- }
}
/* Encode the public key. */
skey = EVP_PKEY_new();
if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- /*
- * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
- * knows how to get a key from an encoded point with the help of
- * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
- * downgrades an EVP_PKEY to contain a legacy key.
- *
- * THIS IS TEMPORARY
- */
- EVP_PKEY_get0(skey);
- if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) {
- EVP_PKEY_free(skey);
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
- ERR_R_INTERNAL_ERROR);
+ SSL_R_COPY_PARAMETERS_FAILED);
return 0;
}