Remove static ECDH support. (ce0c1f2b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_lib.c

+0 −341

Original line number	Diff line number	Diff line
		@@ -1645,85 +1645,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		#endif

		#ifndef OPENSSL_NO_EC
		/* Cipher C001 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
		TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_eNULL,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_DEFAULT \| SSL_STRONG_NONE \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		0,
		0,
		},

		/* Cipher C002 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
		TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_RC4,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		},

		/* Cipher C003 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
		TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_3DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		},

		/* Cipher C004 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
		TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_AES128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		},

		/* Cipher C005 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
		TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_AES256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		},

		/* Cipher C006 */
		{
		@@ -1805,86 +1726,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		},

		/* Cipher C00B */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
		TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_eNULL,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_DEFAULT \| SSL_STRONG_NONE \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		0,
		0,
		},

		/* Cipher C00C */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
		TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_RC4,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_NOT_DEFAULT \| SSL_MEDIUM,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		},

		/* Cipher C00D */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
		TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_3DES,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		112,
		168,
		},

		/* Cipher C00E */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
		TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_AES128,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128,
		},

		/* Cipher C00F */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
		TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_AES256,
		SSL_SHA1,
		SSL_SSLV3,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		256,
		256,
		},

		/* Cipher C010 */
		{
		1,
		@@ -2227,37 +2068,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		},

		/* Cipher C025 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
		TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_AES128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		},

		/* Cipher C026 */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
		TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_AES256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		},

		/* Cipher C027 */
		{
		@@ -2291,38 +2101,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		},

		/* Cipher C029 */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
		TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_AES128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		},

		/* Cipher C02A */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
		TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_AES256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		},

		/* GCM based TLS v1.2 ciphersuites from RFC5289 */

		/* Cipher C02B */
		@@ -2357,38 +2135,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		},

		/* Cipher C02D */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
		TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_AES128GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		},

		/* Cipher C02E */
		{
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
		TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_AES256GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		},

		/* Cipher C02F */
		{
		1,
		@@ -2421,38 +2167,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		},

		/* Cipher C031 */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
		TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_AES128GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128,
		},

		/* Cipher C032 */
		{
		1,
		TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
		TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_AES256GCM,
		SSL_AEAD,
		SSL_TLSV1_2,
		SSL_HIGH \| SSL_FIPS,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256,
		},

		/* PSK ciphersuites from RFC 5489 */
		/* Cipher C033 */
		{
		@@ -2627,34 +2341,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		256},

		{ /* Cipher C074 */
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128},

		{ /* Cipher C075 */
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},

		{ /* Cipher C076 */
		1,
		TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		@@ -2683,33 +2369,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		256,
		256},

		{ /* Cipher C078 */
		1,
		TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256 \| TLS1_PRF_SHA256,
		128,
		128},

		{ /* Cipher C079 */
		1,
		TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		# endif /* OPENSSL_NO_CAMELLIA */
		#endif /* OPENSSL_NO_EC */

ssl/ssl_ciph.c

+5 −32

Original line number	Diff line number	Diff line
		@@ -310,12 +310,9 @@ static const SSL_CIPHER cipher_aliases[] = {
		{0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
		0},

		{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_kECDH, 0, SSL_kECDHr \| SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_ECDH, 0, SSL_kECDHr \| SSL_kECDHe \| SSL_kECDHE, 0, 0, 0, 0, 0,
		{0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0,
		0, 0, 0},

		{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
		@@ -330,7 +327,6 @@ static const SSL_CIPHER cipher_aliases[] = {
		{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
		{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
		@@ -503,8 +499,8 @@ void ssl_load_ciphers(void)
		disabled_mkey_mask \|= SSL_kDHE \| SSL_kDHEPSK;
		#endif
		#ifdef OPENSSL_NO_EC
		disabled_mkey_mask \|= SSL_kECDHe \| SSL_kECDHr \| SSL_kECDHEPSK;
		disabled_auth_mask \|= SSL_aECDSA \| SSL_aECDH;
		disabled_mkey_mask \|= SSL_kECDHEPSK;
		disabled_auth_mask \|= SSL_aECDSA;
		#endif
		#ifdef OPENSSL_NO_PSK
		disabled_mkey_mask \|= SSL_PSK;
		@@ -1459,9 +1455,6 @@ STACK_OF(SSL_CIPHER) ssl_create_cipher_list(const SSL_METHOD ssl_method, STACK
		ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
		&tail);

		/* Move ciphers without forward secrecy to the end */
		ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
		&tail);
		/*
		* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
		* &head, &tail);
		@@ -1606,12 +1599,6 @@ char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
		case SSL_kDHE:
		kx = "DH";
		break;
		case SSL_kECDHr:
		kx = "ECDH/RSA";
		break;
		case SSL_kECDHe:
		kx = "ECDH/ECDSA";
		break;
		case SSL_kECDHE:
		kx = "ECDH";
		break;
		@@ -1644,9 +1631,6 @@ char SSL_CIPHER_description(const SSL_CIPHER cipher, char *buf, int len)
		case SSL_aDSS:
		au = "DSS";
		break;
		case SSL_aECDH:
		au = "ECDH";
		break;
		case SSL_aNULL:
		au = "None";
		break;
		@@ -1939,22 +1923,11 @@ const char SSL_COMP_get_name(const COMP_METHOD comp)
		/* For a cipher return the index corresponding to the certificate type */
		int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
		{
		uint32_t alg_k, alg_a;
		uint32_t alg_a;

		alg_k = c->algorithm_mkey;
		alg_a = c->algorithm_auth;

		if (alg_k & (SSL_kECDHr \| SSL_kECDHe)) {
		/*
		* we don't need to look at SSL_kECDHE since no certificate is needed
		* for anon ECDH and for authenticated ECDHE, the check for the auth
		* algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC
		* not an RSA cert but for ECDHE-RSA we need an RSA cert. Placing the
		* checks for SSL_kECDH before RSA checks ensures the correct cert is
		* chosen.
		*/
		return SSL_PKEY_ECC;
		} else if (alg_a & SSL_aECDSA)
		if (alg_a & SSL_aECDSA)
		return SSL_PKEY_ECC;
		else if (alg_a & SSL_aDSS)
		return SSL_PKEY_DSA_SIGN;

ssl/ssl_lib.c

+2 −52

Original line number	Diff line number	Diff line
		@@ -2504,7 +2504,6 @@ void ssl_set_masks(SSL s, const SSL_CIPHER cipher)
		unsigned long mask_k, mask_a;
		#ifndef OPENSSL_NO_EC
		int have_ecc_cert, ecdsa_ok;
		int ecdh_ok;
		X509 *x = NULL;
		int pk_nid = 0, md_nid = 0;
		#endif
		@@ -2575,23 +2574,10 @@ void ssl_set_masks(SSL s, const SSL_CIPHER cipher)
		cpk = &c->pkeys[SSL_PKEY_ECC];
		x = cpk->x509;
		ex_kusage = X509_get_key_usage(x);
		ecdh_ok = ex_kusage & X509v3_KU_KEY_AGREEMENT;
		ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
		if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
		ecdsa_ok = 0;
		OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
		if (ecdh_ok) {

		if (pk_nid == NID_rsaEncryption \|\| pk_nid == NID_rsa) {
		mask_k \|= SSL_kECDHr;
		mask_a \|= SSL_aECDH;
		}

		if (pk_nid == NID_X9_62_id_ecPublicKey) {
		mask_k \|= SSL_kECDHe;
		mask_a \|= SSL_aECDH;
		}
		}
		if (ecdsa_ok) {
		mask_a \|= SSL_aECDSA;
		}
		@@ -2621,50 +2607,14 @@ void ssl_set_masks(SSL s, const SSL_CIPHER cipher)

		int ssl_check_srvr_ecc_cert_and_alg(X509 x, SSL s)
		{
		unsigned long alg_k, alg_a;
		int md_nid = 0, pk_nid = 0;
		const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
		uint32_t ex_kusage = X509_get_key_usage(x);

		alg_k = cs->algorithm_mkey;
		alg_a = cs->algorithm_auth;

		OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);

		if (alg_k & SSL_kECDHe \|\| alg_k & SSL_kECDHr) {
		/* key usage, if present, must allow key agreement */
		if (!(ex_kusage & X509v3_KU_KEY_AGREEMENT)) {
		SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
		SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
		return 0;
		}
		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
		/* signature alg must be ECDSA */
		if (pk_nid != NID_X9_62_id_ecPublicKey) {
		SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
		SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
		return 0;
		}
		}
		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
		/* signature alg must be RSA */

		if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
		SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
		SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
		return 0;
		}
		}
		}
		if (alg_a & SSL_aECDSA) {
		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
		/* key usage, if present, must allow signing */
		if (!(ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) {
		if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
		SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
		SSL_R_ECC_CERT_NOT_FOR_SIGNING);
		return 0;
		}
		}

		return 1; /* all checks are ok */
		}

ssl/ssl_locl.h

+12 −18

Original line number	Diff line number	Diff line
		@@ -297,24 +297,20 @@
		# define SSL_kDHE 0x00000002U
		/* synonym */
		# define SSL_kEDH SSL_kDHE
		/* ECDH cert, RSA CA cert */
		# define SSL_kECDHr 0x00000004U
		/* ECDH cert, ECDSA CA cert */
		# define SSL_kECDHe 0x00000008U
		/* ephemeral ECDH */
		# define SSL_kECDHE 0x00000010U
		# define SSL_kECDHE 0x00000004U
		/* synonym */
		# define SSL_kEECDH SSL_kECDHE
		/* PSK */
		# define SSL_kPSK 0x00000020U
		# define SSL_kPSK 0x00000008U
		/* GOST key exchange */
		# define SSL_kGOST 0x00000040U
		# define SSL_kGOST 0x00000010U
		/* SRP */
		# define SSL_kSRP 0x00000080U
		# define SSL_kSRP 0x00000020U

		# define SSL_kRSAPSK 0x00000100U
		# define SSL_kECDHEPSK 0x00000200U
		# define SSL_kDHEPSK 0x00000400U
		# define SSL_kRSAPSK 0x00000040U
		# define SSL_kECDHEPSK 0x00000080U
		# define SSL_kDHEPSK 0x00000100U

		/* all PSK */

		@@ -327,18 +323,16 @@
		# define SSL_aDSS 0x00000002U
		/* no auth (i.e. use ADH or AECDH) */
		# define SSL_aNULL 0x00000004U
		/* Fixed ECDH auth (kECDHe or kECDHr) */
		# define SSL_aECDH 0x00000008U
		/* ECDSA auth*/
		# define SSL_aECDSA 0x00000010U
		# define SSL_aECDSA 0x00000008U
		/* PSK auth */
		# define SSL_aPSK 0x00000020U
		# define SSL_aPSK 0x00000010U
		/* GOST R 34.10-2001 signature auth */
		# define SSL_aGOST01 0x00000040U
		# define SSL_aGOST01 0x00000020U
		/* SRP auth */
		# define SSL_aSRP 0x00000080U
		# define SSL_aSRP 0x00000040U
		/* GOST R 34.10-2012 signature auth */
		# define SSL_aGOST12 0x00000100U
		# define SSL_aGOST12 0x00000080U

		/* Bits for algorithm_enc (symmetric encryption) */
		# define SSL_DES 0x00000001U

ssl/statem/statem_clnt.c

+5 −13

Original line number	Diff line number	Diff line
		@@ -2264,19 +2264,14 @@ psk_err:
		#endif

		#ifndef OPENSSL_NO_EC
		else if (alg_k & (SSL_kECDHE \| SSL_kECDHr \| SSL_kECDHe \| SSL_kECDHEPSK)) {
		else if (alg_k & (SSL_kECDHE \| SSL_kECDHEPSK)) {

		if (s->s3->peer_tmp != NULL) {
		skey = s->s3->peer_tmp;
		} else {
		/* Get the Server Public Key from Cert */
		skey = X509_get0_pubkey(s->session->peer);
		if ((skey == NULL) \|\| EVP_PKEY_get0_EC_KEY(skey) == NULL) {
		SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
		ERR_R_INTERNAL_ERROR);
		goto err;
		}
		}

		ckey = ssl_generate_pkey(skey, NID_undef);

		@@ -2777,9 +2772,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
		SSL_R_MISSING_ECDSA_SIGNING_CERT);
		goto f_err;
		} else if (alg_k & (SSL_kECDHr \| SSL_kECDHe)) {
		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_ECDH_CERT);
		goto f_err;
		}
		#endif
		pkey = X509_get0_pubkey(s->session->peer);