tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_change_cipher_state,
tls1_final_finish_mac,
TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
};
-/* The client's default curves / the server's 'auto' curves. */
-static const unsigned char eccurves_auto[] = {
+/* The default curves */
+static const unsigned char eccurves_default[] = {
/* Prefer P-256 which has the fastest and most secure implementations. */
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
pcurveslen = s->tlsext_ellipticcurvelist_length;
}
if (!*pcurves) {
- if (!s->server || s->cert->ecdh_tmp_auto) {
- *pcurves = eccurves_auto;
- pcurveslen = sizeof(eccurves_auto);
- } else {
- *pcurves = eccurves_all;
- pcurveslen = sizeof(eccurves_all);
- }
+ *pcurves = eccurves_default;
+ pcurveslen = sizeof(eccurves_default);
}
}
}
/*-
- * Return |nmatch|th shared curve or NID_undef if there is no match.
- * For nmatch == -1, return number of matches
+ * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef
+ * if there is no match.
+ * For nmatch == -1, return number of matches
* For nmatch == -2, return the NID of the curve to use for
* an EC tmp key, or NID_undef if there is no match.
*/
}
# ifndef OPENSSL_NO_EC
-/* Check EC temporary key is compatible with client extensions */
+/*
+ * tls1_check_ec_tmp_key - Check EC temporary key compatiblity
+ * @s: SSL connection
+ * @cid: Cipher ID we're considering using
+ *
+ * Checks that the kECDHE cipher suite we're considering using
+ * is compatible with the client extensions.
+ *
+ * Returns 0 when the cipher can't be used or 1 when it can.
+ */
int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
{
- unsigned char curve_id[2];
- EC_KEY *ec = s->cert->ecdh_tmp;
# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
/* Allow any curve: not just those peer supports */
if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL)
* curves permitted.
*/
if (tls1_suiteb(s)) {
+ unsigned char curve_id[2];
/* Curve to check determined by ciphersuite */
if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
curve_id[1] = TLSEXT_curve_P_256;
/* Check this curve is acceptable */
if (!tls1_check_ec_key(s, curve_id, NULL))
return 0;
- /* If auto or setting curve from callback assume OK */
- if (s->cert->ecdh_tmp_auto || s->cert->ecdh_tmp_cb)
- return 1;
- /* Otherwise check curve is acceptable */
- else {
- unsigned char curve_tmp[2];
- if (!ec)
- return 0;
- if (!tls1_set_ec_id(curve_tmp, NULL, ec))
- return 0;
- if (!curve_tmp[0] || curve_tmp[1] == curve_id[1])
- return 1;
- return 0;
- }
-
- }
- if (s->cert->ecdh_tmp_auto) {
- /* Need a shared curve */
- if (tls1_shared_curve(s, 0))
- return 1;
- else
- return 0;
- }
- if (!ec) {
- if (s->cert->ecdh_tmp_cb)
- return 1;
- else
- return 0;
+ return 1;
}
- if (!tls1_set_ec_id(curve_id, NULL, ec))
- return 0;
-/* Set this to allow use of invalid curves for testing */
-# if 0
- return 1;
-# else
- return tls1_check_ec_key(s, curve_id, NULL);
-# endif
+ /* Need a shared curve */
+ if (tls1_shared_curve(s, 0))
+ return 1;
+ return 0;
}
# endif /* OPENSSL_NO_EC */
return s->cert->conf_sigalgslen;
} else {
*psigs = tls12_sigalgs;
-#ifndef OPENSSL_NO_GOST
- /*
- * We expect that GOST 2001 signature and GOST 34.11-94 hash are present in all engines
- * and GOST 2012 algorithms are not always present.
- * It may change when the old algorithms are deprecated.
- */
- if ((EVP_get_digestbynid(NID_id_GostR3411_94) != NULL)
- && (EVP_get_digestbynid(NID_id_GostR3411_2012_256) == NULL)) {
- return sizeof(tls12_sigalgs) - 4;
- } else if (EVP_get_digestbynid(NID_id_GostR3411_94) == NULL) {
- return sizeof(tls12_sigalgs) - 6;
- }
return sizeof(tls12_sigalgs);
-#else
- return sizeof(tls12_sigalgs);
-#endif
}
}
{
const EVP_MD **pmd = s->s3->tmp.md;
#ifndef OPENSSL_NO_DSA
- pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
+ pmd[SSL_PKEY_DSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);
#endif
#ifndef OPENSSL_NO_RSA
if (SSL_USE_SIGALGS(s))
- pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
+ pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_SHA1_IDX);
else
- pmd[SSL_PKEY_RSA_SIGN] = EVP_md5_sha1();
+ pmd[SSL_PKEY_RSA_SIGN] = ssl_md(SSL_MD_MD5_SHA1_IDX);
pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN];
#endif
#ifndef OPENSSL_NO_EC
- pmd[SSL_PKEY_ECC] = EVP_sha1();
+ pmd[SSL_PKEY_ECC] = ssl_md(SSL_MD_SHA1_IDX);
#endif
#ifndef OPENSSL_NO_GOST
- pmd[SSL_PKEY_GOST01] = EVP_get_digestbynid(NID_id_GostR3411_94);
- pmd[SSL_PKEY_GOST12_256] = EVP_get_digestbynid(NID_id_GostR3411_2012_256);
- pmd[SSL_PKEY_GOST12_512] = EVP_get_digestbynid(NID_id_GostR3411_2012_512);
+ pmd[SSL_PKEY_GOST01] = ssl_md(SSL_MD_GOST94_IDX);
+ pmd[SSL_PKEY_GOST12_256] = ssl_md(SSL_MD_GOST12_256_IDX);
+ pmd[SSL_PKEY_GOST12_512] = ssl_md(SSL_MD_GOST12_512_IDX);
#endif
}
const unsigned char *p;
int slen, mlen, renew_ticket = 0;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
- HMAC_CTX hctx;
+ HMAC_CTX hctx = HMAC_CTX_EMPTY;
EVP_CIPHER_CTX ctx;
SSL_CTX *tctx = s->initial_ctx;
/* Need at least keyname + iv + some encrypted data */
typedef struct {
int nid;
int secbits;
- const EVP_MD *(*mfunc) (void);
+ int md_idx;
unsigned char tlsext_hash;
} tls12_hash_info;
-static const EVP_MD* md_gost94()
-{
- return EVP_get_digestbynid(NID_id_GostR3411_94);
-}
-
-static const EVP_MD* md_gost2012_256()
-{
- return EVP_get_digestbynid(NID_id_GostR3411_2012_256);
-}
-
-static const EVP_MD* md_gost2012_512()
-{
- return EVP_get_digestbynid(NID_id_GostR3411_2012_512);
-}
-
static const tls12_hash_info tls12_md_info[] = {
-#ifdef OPENSSL_NO_MD5
- {NID_md5, 64, 0, TLSEXT_hash_md5},
-#else
- {NID_md5, 64, EVP_md5, TLSEXT_hash_md5},
-#endif
- {NID_sha1, 80, EVP_sha1, TLSEXT_hash_sha1},
- {NID_sha224, 112, EVP_sha224, TLSEXT_hash_sha224},
- {NID_sha256, 128, EVP_sha256, TLSEXT_hash_sha256},
- {NID_sha384, 192, EVP_sha384, TLSEXT_hash_sha384},
- {NID_sha512, 256, EVP_sha512, TLSEXT_hash_sha512},
- {NID_id_GostR3411_94, 128, md_gost94, TLSEXT_hash_gostr3411},
- {NID_id_GostR3411_2012_256, 128, md_gost2012_256, TLSEXT_hash_gostr34112012_256},
- {NID_id_GostR3411_2012_512, 256, md_gost2012_512, TLSEXT_hash_gostr34112012_512},
+ {NID_md5, 64, SSL_MD_MD5_IDX, TLSEXT_hash_md5},
+ {NID_sha1, 80, SSL_MD_SHA1_IDX, TLSEXT_hash_sha1},
+ {NID_sha224, 112, SSL_MD_SHA224_IDX, TLSEXT_hash_sha224},
+ {NID_sha256, 128, SSL_MD_SHA256_IDX, TLSEXT_hash_sha256},
+ {NID_sha384, 192, SSL_MD_SHA384_IDX, TLSEXT_hash_sha384},
+ {NID_sha512, 256, SSL_MD_SHA512_IDX, TLSEXT_hash_sha512},
+ {NID_id_GostR3411_94, 128, SSL_MD_GOST94_IDX, TLSEXT_hash_gostr3411},
+ {NID_id_GostR3411_2012_256, 128, SSL_MD_GOST12_256_IDX, TLSEXT_hash_gostr34112012_256},
+ {NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX, TLSEXT_hash_gostr34112012_512},
};
static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
if (hash_alg == TLSEXT_hash_md5 && FIPS_mode())
return NULL;
inf = tls12_get_hash_info(hash_alg);
- if (!inf || !inf->mfunc)
+ if (!inf)
return NULL;
- return inf->mfunc();
+ return ssl_md(inf->md_idx);
}
static int tls12_get_pkey_idx(unsigned char sig_alg)
{
/* See if we have an entry in the hash table and it is enabled */
const tls12_hash_info *hinf = tls12_get_hash_info(ptmp[0]);
- if (!hinf || !hinf->mfunc)
+ if (hinf == NULL || ssl_md(hinf->md_idx) == NULL)
return 0;
/* See if public key algorithm allowed */
if (tls12_get_pkey_idx(ptmp[1]) == -1)