summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/s3_clnt.c19
-rw-r--r--src/lib/libssl/s3_lib.c306
-rw-r--r--src/lib/libssl/s3_srvr.c22
-rw-r--r--src/lib/libssl/ssl_ciph.c32
-rw-r--r--src/lib/libssl/ssl_lib.c113
-rw-r--r--src/lib/libssl/ssl_locl.h6
-rw-r--r--src/lib/libssl/t1_lib.c10
7 files changed, 42 insertions, 466 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 264cb012d5..d7cd37dec8 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.138 2016/03/27 00:55:38 mmcc Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.139 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1968,13 +1968,12 @@ err:
1968} 1968}
1969 1969
1970static int 1970static int
1971ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p, 1971ssl3_send_client_kex_ecdhe(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1972 int *outlen) 1972 int *outlen)
1973{ 1973{
1974 EC_KEY *tkey, *clnt_ecdh = NULL; 1974 EC_KEY *tkey, *clnt_ecdh = NULL;
1975 const EC_GROUP *srvr_group = NULL; 1975 const EC_GROUP *srvr_group = NULL;
1976 const EC_POINT *srvr_ecpoint = NULL; 1976 const EC_POINT *srvr_ecpoint = NULL;
1977 EVP_PKEY *srvr_pub_pkey = NULL;
1978 BN_CTX *bn_ctx = NULL; 1977 BN_CTX *bn_ctx = NULL;
1979 unsigned char *encodedPoint = NULL; 1978 unsigned char *encodedPoint = NULL;
1980 unsigned char *key = NULL; 1979 unsigned char *key = NULL;
@@ -1994,14 +1993,6 @@ ssl3_send_client_kex_ecdh(SSL *s, SESS_CERT *sess_cert, unsigned char *p,
1994 } 1993 }
1995 tkey = sess_cert->peer_ecdh_tmp; 1994 tkey = sess_cert->peer_ecdh_tmp;
1996 1995
1997 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
1998 /* Get the Server Public Key from certificate. */
1999 srvr_pub_pkey = X509_get_pubkey(
2000 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2001 if (srvr_pub_pkey != NULL && srvr_pub_pkey->type == EVP_PKEY_EC)
2002 tkey = srvr_pub_pkey->pkey.ec;
2003 }
2004
2005 if (tkey == NULL) { 1996 if (tkey == NULL) {
2006 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 1997 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2007 ERR_R_INTERNAL_ERROR); 1998 ERR_R_INTERNAL_ERROR);
@@ -2093,7 +2084,6 @@ err:
2093 BN_CTX_free(bn_ctx); 2084 BN_CTX_free(bn_ctx);
2094 free(encodedPoint); 2085 free(encodedPoint);
2095 EC_KEY_free(clnt_ecdh); 2086 EC_KEY_free(clnt_ecdh);
2096 EVP_PKEY_free(srvr_pub_pkey);
2097 2087
2098 return (ret); 2088 return (ret);
2099} 2089}
@@ -2242,8 +2232,9 @@ ssl3_send_client_key_exchange(SSL *s)
2242 } else if (alg_k & SSL_kDHE) { 2232 } else if (alg_k & SSL_kDHE) {
2243 if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1) 2233 if (ssl3_send_client_kex_dhe(s, sess_cert, p, &n) != 1)
2244 goto err; 2234 goto err;
2245 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { 2235 } else if (alg_k & SSL_kECDHE) {
2246 if (ssl3_send_client_kex_ecdh(s, sess_cert, p, &n) != 1) 2236 if (ssl3_send_client_kex_ecdhe(s, sess_cert, p,
2237 &n) != 1)
2247 goto err; 2238 goto err;
2248 } else if (alg_k & SSL_kGOST) { 2239 } else if (alg_k & SSL_kGOST) {
2249 if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1) 2240 if (ssl3_send_client_kex_gost(s, sess_cert, p, &n) != 1)
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e873c17c87..92beeae3c4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.108 2016/04/28 16:39:45 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.109 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1129,86 +1129,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1129 }, 1129 },
1130#endif /* OPENSSL_NO_CAMELLIA */ 1130#endif /* OPENSSL_NO_CAMELLIA */
1131 1131
1132 /* Cipher C001 */
1133 {
1134 .valid = 1,
1135 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1136 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1137 .algorithm_mkey = SSL_kECDHe,
1138 .algorithm_auth = SSL_aECDH,
1139 .algorithm_enc = SSL_eNULL,
1140 .algorithm_mac = SSL_SHA1,
1141 .algorithm_ssl = SSL_TLSV1,
1142 .algo_strength = SSL_STRONG_NONE,
1143 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1144 .strength_bits = 0,
1145 .alg_bits = 0,
1146 },
1147
1148 /* Cipher C002 */
1149 {
1150 .valid = 1,
1151 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1152 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1153 .algorithm_mkey = SSL_kECDHe,
1154 .algorithm_auth = SSL_aECDH,
1155 .algorithm_enc = SSL_RC4,
1156 .algorithm_mac = SSL_SHA1,
1157 .algorithm_ssl = SSL_TLSV1,
1158 .algo_strength = SSL_MEDIUM,
1159 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1160 .strength_bits = 128,
1161 .alg_bits = 128,
1162 },
1163
1164 /* Cipher C003 */
1165 {
1166 .valid = 1,
1167 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1168 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1169 .algorithm_mkey = SSL_kECDHe,
1170 .algorithm_auth = SSL_aECDH,
1171 .algorithm_enc = SSL_3DES,
1172 .algorithm_mac = SSL_SHA1,
1173 .algorithm_ssl = SSL_TLSV1,
1174 .algo_strength = SSL_HIGH,
1175 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 .strength_bits = 112,
1177 .alg_bits = 168,
1178 },
1179
1180 /* Cipher C004 */
1181 {
1182 .valid = 1,
1183 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1184 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1185 .algorithm_mkey = SSL_kECDHe,
1186 .algorithm_auth = SSL_aECDH,
1187 .algorithm_enc = SSL_AES128,
1188 .algorithm_mac = SSL_SHA1,
1189 .algorithm_ssl = SSL_TLSV1,
1190 .algo_strength = SSL_HIGH,
1191 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1192 .strength_bits = 128,
1193 .alg_bits = 128,
1194 },
1195
1196 /* Cipher C005 */
1197 {
1198 .valid = 1,
1199 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1200 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1201 .algorithm_mkey = SSL_kECDHe,
1202 .algorithm_auth = SSL_aECDH,
1203 .algorithm_enc = SSL_AES256,
1204 .algorithm_mac = SSL_SHA1,
1205 .algorithm_ssl = SSL_TLSV1,
1206 .algo_strength = SSL_HIGH,
1207 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1208 .strength_bits = 256,
1209 .alg_bits = 256,
1210 },
1211
1212 /* Cipher C006 */ 1132 /* Cipher C006 */
1213 { 1133 {
1214 .valid = 1, 1134 .valid = 1,
@@ -1289,86 +1209,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1289 .alg_bits = 256, 1209 .alg_bits = 256,
1290 }, 1210 },
1291 1211
1292 /* Cipher C00B */
1293 {
1294 .valid = 1,
1295 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1296 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1297 .algorithm_mkey = SSL_kECDHr,
1298 .algorithm_auth = SSL_aECDH,
1299 .algorithm_enc = SSL_eNULL,
1300 .algorithm_mac = SSL_SHA1,
1301 .algorithm_ssl = SSL_TLSV1,
1302 .algo_strength = SSL_STRONG_NONE,
1303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1304 .strength_bits = 0,
1305 .alg_bits = 0,
1306 },
1307
1308 /* Cipher C00C */
1309 {
1310 .valid = 1,
1311 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1312 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1313 .algorithm_mkey = SSL_kECDHr,
1314 .algorithm_auth = SSL_aECDH,
1315 .algorithm_enc = SSL_RC4,
1316 .algorithm_mac = SSL_SHA1,
1317 .algorithm_ssl = SSL_TLSV1,
1318 .algo_strength = SSL_MEDIUM,
1319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1320 .strength_bits = 128,
1321 .alg_bits = 128,
1322 },
1323
1324 /* Cipher C00D */
1325 {
1326 .valid = 1,
1327 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1328 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1329 .algorithm_mkey = SSL_kECDHr,
1330 .algorithm_auth = SSL_aECDH,
1331 .algorithm_enc = SSL_3DES,
1332 .algorithm_mac = SSL_SHA1,
1333 .algorithm_ssl = SSL_TLSV1,
1334 .algo_strength = SSL_HIGH,
1335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1336 .strength_bits = 112,
1337 .alg_bits = 168,
1338 },
1339
1340 /* Cipher C00E */
1341 {
1342 .valid = 1,
1343 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1344 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1345 .algorithm_mkey = SSL_kECDHr,
1346 .algorithm_auth = SSL_aECDH,
1347 .algorithm_enc = SSL_AES128,
1348 .algorithm_mac = SSL_SHA1,
1349 .algorithm_ssl = SSL_TLSV1,
1350 .algo_strength = SSL_HIGH,
1351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1352 .strength_bits = 128,
1353 .alg_bits = 128,
1354 },
1355
1356 /* Cipher C00F */
1357 {
1358 .valid = 1,
1359 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1360 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1361 .algorithm_mkey = SSL_kECDHr,
1362 .algorithm_auth = SSL_aECDH,
1363 .algorithm_enc = SSL_AES256,
1364 .algorithm_mac = SSL_SHA1,
1365 .algorithm_ssl = SSL_TLSV1,
1366 .algo_strength = SSL_HIGH,
1367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1368 .strength_bits = 256,
1369 .alg_bits = 256,
1370 },
1371
1372 /* Cipher C010 */ 1212 /* Cipher C010 */
1373 { 1213 {
1374 .valid = 1, 1214 .valid = 1,
@@ -1564,38 +1404,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1564 .alg_bits = 256, 1404 .alg_bits = 256,
1565 }, 1405 },
1566 1406
1567 /* Cipher C025 */
1568 {
1569 .valid = 1,
1570 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
1571 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
1572 .algorithm_mkey = SSL_kECDHe,
1573 .algorithm_auth = SSL_aECDH,
1574 .algorithm_enc = SSL_AES128,
1575 .algorithm_mac = SSL_SHA256,
1576 .algorithm_ssl = SSL_TLSV1_2,
1577 .algo_strength = SSL_HIGH,
1578 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1579 .strength_bits = 128,
1580 .alg_bits = 128,
1581 },
1582
1583 /* Cipher C026 */
1584 {
1585 .valid = 1,
1586 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
1587 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
1588 .algorithm_mkey = SSL_kECDHe,
1589 .algorithm_auth = SSL_aECDH,
1590 .algorithm_enc = SSL_AES256,
1591 .algorithm_mac = SSL_SHA384,
1592 .algorithm_ssl = SSL_TLSV1_2,
1593 .algo_strength = SSL_HIGH,
1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1595 .strength_bits = 256,
1596 .alg_bits = 256,
1597 },
1598
1599 /* Cipher C027 */ 1407 /* Cipher C027 */
1600 { 1408 {
1601 .valid = 1, 1409 .valid = 1,
@@ -1628,38 +1436,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1628 .alg_bits = 256, 1436 .alg_bits = 256,
1629 }, 1437 },
1630 1438
1631 /* Cipher C029 */
1632 {
1633 .valid = 1,
1634 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
1635 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
1636 .algorithm_mkey = SSL_kECDHr,
1637 .algorithm_auth = SSL_aECDH,
1638 .algorithm_enc = SSL_AES128,
1639 .algorithm_mac = SSL_SHA256,
1640 .algorithm_ssl = SSL_TLSV1_2,
1641 .algo_strength = SSL_HIGH,
1642 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1643 .strength_bits = 128,
1644 .alg_bits = 128,
1645 },
1646
1647 /* Cipher C02A */
1648 {
1649 .valid = 1,
1650 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
1651 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
1652 .algorithm_mkey = SSL_kECDHr,
1653 .algorithm_auth = SSL_aECDH,
1654 .algorithm_enc = SSL_AES256,
1655 .algorithm_mac = SSL_SHA384,
1656 .algorithm_ssl = SSL_TLSV1_2,
1657 .algo_strength = SSL_HIGH,
1658 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1659 .strength_bits = 256,
1660 .alg_bits = 256,
1661 },
1662
1663 /* GCM based TLS v1.2 ciphersuites from RFC5289 */ 1439 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1664 1440
1665 /* Cipher C02B */ 1441 /* Cipher C02B */
@@ -1698,42 +1474,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1698 .alg_bits = 256, 1474 .alg_bits = 256,
1699 }, 1475 },
1700 1476
1701 /* Cipher C02D */
1702 {
1703 .valid = 1,
1704 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1705 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1706 .algorithm_mkey = SSL_kECDHe,
1707 .algorithm_auth = SSL_aECDH,
1708 .algorithm_enc = SSL_AES128GCM,
1709 .algorithm_mac = SSL_AEAD,
1710 .algorithm_ssl = SSL_TLSV1_2,
1711 .algo_strength = SSL_HIGH,
1712 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1713 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1714 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1715 .strength_bits = 128,
1716 .alg_bits = 128,
1717 },
1718
1719 /* Cipher C02E */
1720 {
1721 .valid = 1,
1722 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1723 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1724 .algorithm_mkey = SSL_kECDHe,
1725 .algorithm_auth = SSL_aECDH,
1726 .algorithm_enc = SSL_AES256GCM,
1727 .algorithm_mac = SSL_AEAD,
1728 .algorithm_ssl = SSL_TLSV1_2,
1729 .algo_strength = SSL_HIGH,
1730 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1731 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1732 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1733 .strength_bits = 256,
1734 .alg_bits = 256,
1735 },
1736
1737 /* Cipher C02F */ 1477 /* Cipher C02F */
1738 { 1478 {
1739 .valid = 1, 1479 .valid = 1,
@@ -1770,42 +1510,6 @@ SSL_CIPHER ssl3_ciphers[] = {
1770 .alg_bits = 256, 1510 .alg_bits = 256,
1771 }, 1511 },
1772 1512
1773 /* Cipher C031 */
1774 {
1775 .valid = 1,
1776 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1777 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1778 .algorithm_mkey = SSL_kECDHr,
1779 .algorithm_auth = SSL_aECDH,
1780 .algorithm_enc = SSL_AES128GCM,
1781 .algorithm_mac = SSL_AEAD,
1782 .algorithm_ssl = SSL_TLSV1_2,
1783 .algo_strength = SSL_HIGH,
1784 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1785 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1786 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1787 .strength_bits = 128,
1788 .alg_bits = 128,
1789 },
1790
1791 /* Cipher C032 */
1792 {
1793 .valid = 1,
1794 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1795 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1796 .algorithm_mkey = SSL_kECDHr,
1797 .algorithm_auth = SSL_aECDH,
1798 .algorithm_enc = SSL_AES256GCM,
1799 .algorithm_mac = SSL_AEAD,
1800 .algorithm_ssl = SSL_TLSV1_2,
1801 .algo_strength = SSL_HIGH,
1802 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1803 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1804 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1805 .strength_bits = 256,
1806 .alg_bits = 256,
1807 },
1808
1809#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1513#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1810 /* Cipher CC13 */ 1514 /* Cipher CC13 */
1811 { 1515 {
@@ -2604,7 +2308,7 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2604 * If we are considering an ECC cipher suite that uses our 2308 * If we are considering an ECC cipher suite that uses our
2605 * certificate check it. 2309 * certificate check it.
2606 */ 2310 */
2607 if (alg_a & (SSL_aECDSA|SSL_aECDH)) 2311 if (alg_a & SSL_aECDSA)
2608 ok = ok && tls1_check_ec_server_key(s); 2312 ok = ok && tls1_check_ec_server_key(s);
2609 /* 2313 /*
2610 * If we are considering an ECC cipher suite that uses 2314 * If we are considering an ECC cipher suite that uses
@@ -2647,14 +2351,10 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2647 } 2351 }
2648 p[ret++] = SSL3_CT_RSA_SIGN; 2352 p[ret++] = SSL3_CT_RSA_SIGN;
2649 p[ret++] = SSL3_CT_DSS_SIGN; 2353 p[ret++] = SSL3_CT_DSS_SIGN;
2650 if ((alg_k & (SSL_kECDHr|SSL_kECDHe))) {
2651 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
2652 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
2653 }
2654 2354
2655 /* 2355 /*
2656 * ECDSA certs can be used with RSA cipher suites as well 2356 * ECDSA certs can be used with RSA cipher suites as well
2657 * so we don't need to check for SSL_kECDH or SSL_kECDHE 2357 * so we don't need to check for SSL_kECDH or SSL_kECDHE.
2658 */ 2358 */
2659 p[ret++] = TLS_CT_ECDSA_SIGN; 2359 p[ret++] = TLS_CT_ECDSA_SIGN;
2660 2360
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index d2a03e05d2..8ecd51669a 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.127 2016/09/22 07:17:41 guenther Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.128 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1764,9 +1764,7 @@ ssl3_get_client_key_exchange(SSL *s)
1764 s->method->ssl3_enc->generate_master_secret( 1764 s->method->ssl3_enc->generate_master_secret(
1765 s, s->session->master_key, p, i); 1765 s, s->session->master_key, p, i);
1766 explicit_bzero(p, i); 1766 explicit_bzero(p, i);
1767 } else 1767 } else if (alg_k & SSL_kECDHE) {
1768
1769 if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
1770 int ret = 1; 1768 int ret = 1;
1771 int key_size; 1769 int key_size;
1772 const EC_KEY *tkey; 1770 const EC_KEY *tkey;
@@ -1780,17 +1778,11 @@ ssl3_get_client_key_exchange(SSL *s)
1780 goto err; 1778 goto err;
1781 } 1779 }
1782 1780
1783 /* Let's get server private key and group information. */ 1781 /*
1784 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { 1782 * Use the ephemeral values we saved when
1785 /* Use the certificate */ 1783 * generating the ServerKeyExchange message.
1786 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; 1784 */
1787 } else { 1785 tkey = s->s3->tmp.ecdh;
1788 /*
1789 * Use the ephermeral values we saved when
1790 * generating the ServerKeyExchange msg.
1791 */
1792 tkey = s->s3->tmp.ecdh;
1793 }
1794 1786
1795 group = EC_KEY_get0_group(tkey); 1787 group = EC_KEY_get0_group(tkey);
1796 priv_key = EC_KEY_get0_private_key(tkey); 1788 priv_key = EC_KEY_get0_private_key(tkey);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 526d98e293..2bf73c6606 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.86 2016/04/28 16:39:45 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.87 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -257,28 +257,14 @@ static const SSL_CIPHER cipher_aliases[] = {
257 .name = SSL_TXT_DH, 257 .name = SSL_TXT_DH,
258 .algorithm_mkey = SSL_kDHE, 258 .algorithm_mkey = SSL_kDHE,
259 }, 259 },
260
261 {
262 .name = SSL_TXT_kECDHr,
263 .algorithm_mkey = SSL_kECDHr,
264 },
265 {
266 .name = SSL_TXT_kECDHe,
267 .algorithm_mkey = SSL_kECDHe,
268 },
269 {
270 .name = SSL_TXT_kECDH,
271 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
272 },
273 { 260 {
274 .name = SSL_TXT_kEECDH, 261 .name = SSL_TXT_kEECDH,
275 .algorithm_mkey = SSL_kECDHE, 262 .algorithm_mkey = SSL_kECDHE,
276 }, 263 },
277 { 264 {
278 .name = SSL_TXT_ECDH, 265 .name = SSL_TXT_ECDH,
279 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE, 266 .algorithm_mkey = SSL_kECDHE,
280 }, 267 },
281
282 { 268 {
283 .name = SSL_TXT_kGOST, 269 .name = SSL_TXT_kGOST,
284 .algorithm_mkey = SSL_kGOST, 270 .algorithm_mkey = SSL_kGOST,
@@ -302,10 +288,6 @@ static const SSL_CIPHER cipher_aliases[] = {
302 .algorithm_auth = SSL_aNULL, 288 .algorithm_auth = SSL_aNULL,
303 }, 289 },
304 { 290 {
305 .name = SSL_TXT_aECDH,
306 .algorithm_auth = SSL_aECDH,
307 },
308 {
309 .name = SSL_TXT_aECDSA, 291 .name = SSL_TXT_aECDSA,
310 .algorithm_auth = SSL_aECDSA, 292 .algorithm_auth = SSL_aECDSA,
311 }, 293 },
@@ -1455,7 +1437,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1455 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1437 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1456 1438
1457 /* Move ciphers without forward secrecy to the end */ 1439 /* Move ciphers without forward secrecy to the end */
1458 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1459 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); 1440 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1460 1441
1461 /* RC4 is sort of broken - move it to the end */ 1442 /* RC4 is sort of broken - move it to the end */
@@ -1597,12 +1578,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1597 case SSL_kDHE: 1578 case SSL_kDHE:
1598 kx = "DH"; 1579 kx = "DH";
1599 break; 1580 break;
1600 case SSL_kECDHr:
1601 kx = "ECDH/RSA";
1602 break;
1603 case SSL_kECDHe:
1604 kx = "ECDH/ECDSA";
1605 break;
1606 case SSL_kECDHE: 1581 case SSL_kECDHE:
1607 kx = "ECDH"; 1582 kx = "ECDH";
1608 break; 1583 break;
@@ -1620,9 +1595,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1620 case SSL_aDSS: 1595 case SSL_aDSS:
1621 au = "DSS"; 1596 au = "DSS";
1622 break; 1597 break;
1623 case SSL_aECDH:
1624 au = "ECDH";
1625 break;
1626 case SSL_aNULL: 1598 case SSL_aNULL:
1627 au = "None"; 1599 au = "None";
1628 break; 1600 break;
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 3596315166..4fa9b149b1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.118 2016/09/22 12:34:59 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.119 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2004,14 +2004,11 @@ SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2004void 2004void
2005ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) 2005ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2006{ 2006{
2007 CERT_PKEY *cpk;
2008 int rsa_enc, rsa_sign, dh_tmp, dsa_sign; 2007 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
2008 int have_ecc_cert, have_ecdh_tmp;
2009 unsigned long mask_k, mask_a; 2009 unsigned long mask_k, mask_a;
2010 int have_ecc_cert, ecdh_ok, ecdsa_ok;
2011 int have_ecdh_tmp;
2012 X509 *x = NULL; 2010 X509 *x = NULL;
2013 EVP_PKEY *ecc_pkey = NULL; 2011 CERT_PKEY *cpk;
2014 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2015 2012
2016 if (c == NULL) 2013 if (c == NULL)
2017 return; 2014 return;
@@ -2021,6 +2018,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2021 2018
2022 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL || 2019 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
2023 c->ecdh_tmp_auto != 0); 2020 c->ecdh_tmp_auto != 0);
2021
2024 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 2022 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2025 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); 2023 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2026 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 2024 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
@@ -2058,93 +2056,40 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2058 * ECDSA cipher suites depending on the key usage extension. 2056 * ECDSA cipher suites depending on the key usage extension.
2059 */ 2057 */
2060 if (have_ecc_cert) { 2058 if (have_ecc_cert) {
2061 /* This call populates extension flags (ex_flags) */
2062 x = (c->pkeys[SSL_PKEY_ECC]).x509; 2059 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2060
2061 /* This call populates extension flags (ex_flags). */
2063 X509_check_purpose(x, -1, 0); 2062 X509_check_purpose(x, -1, 0);
2064 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2063
2065 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; 2064 /* Key usage, if present, must allow signing. */
2066 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 2065 if ((x->ex_flags & EXFLAG_KUSAGE) == 0 ||
2067 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 2066 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE))
2068 ecc_pkey = X509_get_pubkey(x);
2069 EVP_PKEY_free(ecc_pkey);
2070 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2071 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2072 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2073 }
2074 if (ecdh_ok) {
2075 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2076 mask_k|=SSL_kECDHr;
2077 mask_a|=SSL_aECDH;
2078 }
2079 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2080 mask_k|=SSL_kECDHe;
2081 mask_a|=SSL_aECDH;
2082 }
2083 }
2084 if (ecdsa_ok)
2085 mask_a|=SSL_aECDSA; 2067 mask_a|=SSL_aECDSA;
2086 } 2068 }
2087 2069
2088 if (have_ecdh_tmp) { 2070 if (have_ecdh_tmp)
2089 mask_k|=SSL_kECDHE; 2071 mask_k|=SSL_kECDHE;
2090 }
2091
2092 2072
2093 c->mask_k = mask_k; 2073 c->mask_k = mask_k;
2094 c->mask_a = mask_a; 2074 c->mask_a = mask_a;
2095 c->valid = 1; 2075 c->valid = 1;
2096} 2076}
2097 2077
2098/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2099#define ku_reject(x, usage) \
2100 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2101
2102
2103int 2078int
2104ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) 2079ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2105{ 2080{
2106 unsigned long alg_k, alg_a;
2107 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2108 const SSL_CIPHER *cs = s->s3->tmp.new_cipher; 2081 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2082 unsigned long alg_a;
2109 2083
2110 alg_k = cs->algorithm_mkey;
2111 alg_a = cs->algorithm_auth; 2084 alg_a = cs->algorithm_auth;
2112 2085
2113 /* This call populates the ex_flags field correctly */
2114 X509_check_purpose(x, -1, 0);
2115 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2116 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2117 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2118 }
2119 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2120 /* key usage, if present, must allow key agreement */
2121 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2122 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2123 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2124 return (0);
2125 }
2126 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2127 TLS1_2_VERSION) {
2128 /* signature alg must be ECDSA */
2129 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2130 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2131 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2132 return (0);
2133 }
2134 }
2135 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2136 TLS1_2_VERSION) {
2137 /* signature alg must be RSA */
2138 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2139 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2140 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2141 return (0);
2142 }
2143 }
2144 }
2145 if (alg_a & SSL_aECDSA) { 2086 if (alg_a & SSL_aECDSA) {
2146 /* key usage, if present, must allow signing */ 2087 /* This call populates extension flags (ex_flags). */
2147 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { 2088 X509_check_purpose(x, -1, 0);
2089
2090 /* Key usage, if present, must allow signing. */
2091 if ((x->ex_flags & EXFLAG_KUSAGE) &&
2092 ((x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) == 0)) {
2148 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 2093 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2149 SSL_R_ECC_CERT_NOT_FOR_SIGNING); 2094 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2150 return (0); 2095 return (0);
@@ -2152,39 +2097,21 @@ ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2152 } 2097 }
2153 2098
2154 return (1); 2099 return (1);
2155 /* all checks are ok */
2156} 2100}
2157 2101
2158
2159/* THIS NEEDS CLEANING UP */
2160CERT_PKEY * 2102CERT_PKEY *
2161ssl_get_server_send_pkey(const SSL *s) 2103ssl_get_server_send_pkey(const SSL *s)
2162{ 2104{
2163 unsigned long alg_k, alg_a; 2105 unsigned long alg_a;
2164 CERT *c; 2106 CERT *c;
2165 int i; 2107 int i;
2166 2108
2167 c = s->cert; 2109 c = s->cert;
2168 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2110 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2169 2111
2170 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2171 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 2112 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2172 2113
2173 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { 2114 if (alg_a & SSL_aECDSA) {
2174 /*
2175 * We don't need to look at SSL_kECDHE
2176 * since no certificate is needed for
2177 * anon ECDH and for authenticated
2178 * ECDHE, the check for the auth
2179 * algorithm will set i correctly
2180 * NOTE: For ECDH-RSA, we need an ECC
2181 * not an RSA cert but for EECDH-RSA
2182 * we need an RSA cert. Placing the
2183 * checks for SSL_kECDH before RSA
2184 * checks ensures the correct cert is chosen.
2185 */
2186 i = SSL_PKEY_ECC;
2187 } else if (alg_a & SSL_aECDSA) {
2188 i = SSL_PKEY_ECC; 2115 i = SSL_PKEY_ECC;
2189 } else if (alg_a & SSL_aDSS) { 2116 } else if (alg_a & SSL_aDSS) {
2190 i = SSL_PKEY_DSA_SIGN; 2117 i = SSL_PKEY_DSA_SIGN;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 2a521fe26a..1b768e3939 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.129 2016/04/28 16:39:45 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.130 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -255,8 +255,6 @@
255/* Bits for algorithm_mkey (key exchange algorithm) */ 255/* Bits for algorithm_mkey (key exchange algorithm) */
256#define SSL_kRSA 0x00000001L /* RSA key exchange */ 256#define SSL_kRSA 0x00000001L /* RSA key exchange */
257#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ 257#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
258#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
259#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
260#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ 258#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
261#define SSL_kGOST 0x00000200L /* GOST key exchange */ 259#define SSL_kGOST 0x00000200L /* GOST key exchange */
262 260
@@ -264,11 +262,9 @@
264#define SSL_aRSA 0x00000001L /* RSA auth */ 262#define SSL_aRSA 0x00000001L /* RSA auth */
265#define SSL_aDSS 0x00000002L /* DSS auth */ 263#define SSL_aDSS 0x00000002L /* DSS auth */
266#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ 264#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
267#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
268#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ 265#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
269#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ 266#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
270 267
271
272/* Bits for algorithm_enc (symmetric encryption) */ 268/* Bits for algorithm_enc (symmetric encryption) */
273#define SSL_DES 0x00000001L 269#define SSL_DES 0x00000001L
274#define SSL_3DES 0x00000002L 270#define SSL_3DES 0x00000002L
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 257cd0bd07..e7dbe9cd99 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.92 2016/10/02 21:18:08 guenther Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.93 2016/10/19 16:38:40 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -651,8 +651,7 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
651 alg_k = c->algorithm_mkey; 651 alg_k = c->algorithm_mkey;
652 alg_a = c->algorithm_auth; 652 alg_a = c->algorithm_auth;
653 653
654 if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || 654 if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
655 (alg_a & SSL_aECDSA))) {
656 using_ecc = 1; 655 using_ecc = 1;
657 break; 656 break;
658 } 657 }
@@ -964,8 +963,7 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
964 963
965 alg_a = s->s3->tmp.new_cipher->algorithm_auth; 964 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
966 alg_k = s->s3->tmp.new_cipher->algorithm_mkey; 965 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
967 using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || 966 using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
968 alg_a & SSL_aECDSA) &&
969 s->session->tlsext_ecpointformatlist != NULL; 967 s->session->tlsext_ecpointformatlist != NULL;
970 968
971 ret += 2; 969 ret += 2;
@@ -1959,7 +1957,7 @@ ssl_check_serverhello_tlsext(SSL *s)
1959 (s->tlsext_ecpointformatlist_length > 0) && 1957 (s->tlsext_ecpointformatlist_length > 0) &&
1960 (s->session->tlsext_ecpointformatlist != NULL) && 1958 (s->session->tlsext_ecpointformatlist != NULL) &&
1961 (s->session->tlsext_ecpointformatlist_length > 0) && 1959 (s->session->tlsext_ecpointformatlist_length > 0) &&
1962 ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { 1960 ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
1963 /* we are using an ECC cipher */ 1961 /* we are using an ECC cipher */
1964 size_t i; 1962 size_t i;
1965 unsigned char *list; 1963 unsigned char *list;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:36:58 +0000