/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
*/
#include <openssl/ocsp.h>
-#include "../ssl_locl.h"
+#include "../ssl_local.h"
#include "internal/cryptlib.h"
-#include "statem_locl.h"
+#include "statem_local.h"
+
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(OCSP_RESPID)
EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
#endif
#ifndef OPENSSL_NO_EC
-static int use_ecc(SSL *s)
+static int use_ecc(SSL *s, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+ const uint16_t *pgroups = NULL;
+ size_t num_groups, j;
/* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION)
break;
}
}
-
sk_SSL_CIPHER_free(cipher_stack);
- return ret;
+ if (!ret)
+ return 0;
+
+ /* Check we have at least one EC supported group */
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
+ for (j = 0; j < num_groups; j++) {
+ uint16_t ctmp = pgroups[j];
+
+ if (tls_valid_group(s, ctmp, max_version)
+ && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
+ return 1;
+ }
+
+ return 0;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
{
const unsigned char *pformats;
size_t num_formats;
+ int reason, min_version, max_version;
- if (!use_ecc(s))
+ reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+ if (reason != 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
+ return EXT_RETURN_FAIL;
+ }
+ if (!use_ecc(s, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
return EXT_RETURN_SENT;
}
+#endif
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
size_t num_groups = 0, i;
int min_version, max_version, reason;
- if (!use_ecc(s))
- return EXT_RETURN_NOT_SENT;
-
reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
if (reason != 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
return EXT_RETURN_FAIL;
}
+#if defined(OPENSSL_NO_EC)
+ if (max_version < TLS1_3_VERSION)
+ return EXT_RETURN_NOT_SENT;
+#else
+ if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
+ return EXT_RETURN_NOT_SENT;
+#endif
+
/*
* Add TLS extension supported_groups to the ClientHello message
*/
uint16_t ctmp = pgroups[i];
if (tls_valid_group(s, ctmp, max_version)
- && tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+ && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
} else {
for (i = 0; i < num_groups; i++) {
- if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
+ if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
curve_id = pgroups[i];
if (s->session->ssl_version == TLS1_3_VERSION
&& s->session->ext.ticklen != 0
&& s->session->cipher != NULL) {
- const EVP_MD *md = ssl_md(s->session->cipher->algorithm2);
+ const EVP_MD *md = ssl_md(s->ctx, s->session->cipher->algorithm2);
if (md != NULL) {
/*
ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
- mdres = ssl_md(s->session->cipher->algorithm2);
+ mdres = ssl_md(s->ctx, s->session->cipher->algorithm2);
if (mdres == NULL) {
/*
* Don't recognize this cipher so we can't use the session.
return EXT_RETURN_NOT_SENT;
if (s->psksession != NULL) {
- mdpsk = ssl_md(s->psksession->cipher->algorithm2);
+ mdpsk = ssl_md(s->ctx, s->psksession->cipher->algorithm2);
if (mdpsk == NULL) {
/*
* Don't recognize this cipher so we can't use the session.
return 0;
}
- s->session->ext.ecpointformats_len = 0;
- OPENSSL_free(s->session->ext.ecpointformats);
- s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len);
- if (s->session->ext.ecpointformats == NULL) {
+ s->ext.peer_ecpointformats_len = 0;
+ OPENSSL_free(s->ext.peer_ecpointformats);
+ s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
+ if (s->ext.peer_ecpointformats == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
return 0;
}
- s->session->ext.ecpointformats_len = ecpointformats_len;
+ s->ext.peer_ecpointformats_len = ecpointformats_len;
if (!PACKET_copy_bytes(&ecptformatlist,
- s->session->ext.ecpointformats,
+ s->ext.peer_ecpointformats,
ecpointformats_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
break;
}
if (i >= num_groups
- || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+ || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0;
return 0;
}
- skey = ssl_generate_pkey(ckey);
- if (skey == NULL) {
+ skey = EVP_PKEY_new();
+ if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
ERR_R_MALLOC_FAILURE);
return 0;
}
+
if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,