Use EVP_PKEY for server EC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
3f3504bdaf
commit
880d9d8609
@ -3760,7 +3760,8 @@ void ssl3_free(SSL *s)
|
|||||||
DH_free(s->s3->peer_dh_tmp);
|
DH_free(s->s3->peer_dh_tmp);
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
EC_KEY_free(s->s3->tmp.ecdh);
|
EVP_PKEY_free(s->s3->tmp.pkey);
|
||||||
|
s->s3->tmp.pkey = NULL;
|
||||||
EC_KEY_free(s->s3->peer_ecdh_tmp);
|
EC_KEY_free(s->s3->peer_ecdh_tmp);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -3798,8 +3799,8 @@ void ssl3_clear(SSL *s)
|
|||||||
s->s3->peer_dh_tmp = NULL;
|
s->s3->peer_dh_tmp = NULL;
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
EC_KEY_free(s->s3->tmp.ecdh);
|
EVP_PKEY_free(s->s3->tmp.pkey);
|
||||||
s->s3->tmp.ecdh = NULL;
|
s->s3->tmp.pkey = NULL;
|
||||||
EC_KEY_free(s->s3->peer_ecdh_tmp);
|
EC_KEY_free(s->s3->peer_ecdh_tmp);
|
||||||
s->s3->peer_ecdh_tmp = NULL;
|
s->s3->peer_ecdh_tmp = NULL;
|
||||||
s->s3->is_probably_safari = 0;
|
s->s3->is_probably_safari = 0;
|
||||||
|
|||||||
@ -1241,7 +1241,7 @@ typedef struct ssl3_state_st {
|
|||||||
DH *dh;
|
DH *dh;
|
||||||
# endif
|
# endif
|
||||||
# ifndef OPENSSL_NO_EC
|
# ifndef OPENSSL_NO_EC
|
||||||
EC_KEY *ecdh; /* holds short lived ECDH key */
|
EVP_PKEY *pkey; /* holds short lived ECDH key */
|
||||||
# endif
|
# endif
|
||||||
/* used for certificate requests */
|
/* used for certificate requests */
|
||||||
int cert_req;
|
int cert_req;
|
||||||
|
|||||||
@ -1823,10 +1823,9 @@ int tls_construct_server_key_exchange(SSL *s)
|
|||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
|
if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
|
||||||
EC_KEY *ecdh = NULL;
|
|
||||||
int nid;
|
int nid;
|
||||||
|
|
||||||
if (s->s3->tmp.ecdh != NULL) {
|
if (s->s3->tmp.pkey != NULL) {
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
||||||
ERR_R_INTERNAL_ERROR);
|
ERR_R_INTERNAL_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
@ -1840,21 +1839,17 @@ int tls_construct_server_key_exchange(SSL *s)
|
|||||||
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
|
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
ecdh = EC_KEY_new_by_curve_name(nid);
|
s->s3->tmp.pkey = ssl_generate_pkey(NULL, nid);
|
||||||
if (ecdh == NULL || !EC_KEY_generate_key(ecdh)) {
|
/* Generate a new key for this curve */
|
||||||
|
if (s->s3->tmp.pkey == NULL) {
|
||||||
al = SSL_AD_INTERNAL_ERROR;
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
|
||||||
ERR_R_EC_LIB);
|
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
s->s3->tmp.ecdh = ecdh;
|
/* Encode the public key. */
|
||||||
|
encodedlen = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(s->s3->tmp.pkey),
|
||||||
/*
|
POINT_CONVERSION_UNCOMPRESSED,
|
||||||
* Encode the public key. First check the size of encoding and
|
|
||||||
* allocate memory accordingly.
|
|
||||||
*/
|
|
||||||
encodedlen = EC_KEY_key2buf(ecdh, POINT_CONVERSION_UNCOMPRESSED,
|
|
||||||
&encodedPoint, NULL);
|
&encodedPoint, NULL);
|
||||||
|
|
||||||
if (encodedlen == 0) {
|
if (encodedlen == 0) {
|
||||||
@ -2129,7 +2124,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||||||
DH *dh_srvr, *dh_clnt = NULL;
|
DH *dh_srvr, *dh_clnt = NULL;
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
EC_POINT *clnt_ecpoint = NULL;
|
EVP_PKEY *ckey = NULL;
|
||||||
|
EVP_PKEY_CTX *pctx = NULL;
|
||||||
#endif
|
#endif
|
||||||
PACKET enc_premaster;
|
PACKET enc_premaster;
|
||||||
unsigned char *data, *rsa_decrypt = NULL;
|
unsigned char *data, *rsa_decrypt = NULL;
|
||||||
@ -2456,29 +2452,18 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||||||
|
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
|
if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
|
||||||
int field_size = 0;
|
EVP_PKEY *skey = NULL;
|
||||||
const EC_KEY *tkey;
|
|
||||||
const EC_GROUP *group;
|
|
||||||
unsigned char *shared;
|
|
||||||
|
|
||||||
/* Let's get server private key and group information */
|
/* Let's get server private key and group information */
|
||||||
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
|
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
|
||||||
/* use the certificate */
|
/* use the certificate */
|
||||||
tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
|
skey = s->cert->pkeys[SSL_PKEY_ECC].privatekey;
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
* use the ephermeral values we saved when generating the
|
* use the ephermeral values we saved when generating the
|
||||||
* ServerKeyExchange msg.
|
* ServerKeyExchange msg.
|
||||||
*/
|
*/
|
||||||
tkey = s->s3->tmp.ecdh;
|
skey = s->s3->tmp.pkey;
|
||||||
}
|
|
||||||
|
|
||||||
group = EC_KEY_get0_group(tkey);
|
|
||||||
|
|
||||||
/* Let's get client's public key */
|
|
||||||
if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
|
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
|
||||||
goto err;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PACKET_remaining(pkt) == 0L) {
|
if (PACKET_remaining(pkt) == 0L) {
|
||||||
@ -2505,40 +2490,27 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, NULL) == 0) {
|
ckey = EVP_PKEY_new();
|
||||||
|
if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
|
||||||
|
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
|
||||||
|
NULL) == 0) {
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Compute the shared pre-master secret */
|
if (ssl_derive(s, skey, ckey) == 0) {
|
||||||
field_size = EC_GROUP_get_degree(group);
|
|
||||||
if (field_size <= 0) {
|
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
shared = OPENSSL_malloc((field_size + 7) / 8);
|
|
||||||
if (shared == NULL) {
|
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
i = ECDH_compute_key(shared, (field_size + 7) / 8, clnt_ecpoint,
|
|
||||||
tkey, NULL);
|
|
||||||
if (i <= 0) {
|
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
|
|
||||||
OPENSSL_free(shared);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
|
|
||||||
EC_POINT_free(clnt_ecpoint);
|
|
||||||
EC_KEY_free(s->s3->tmp.ecdh);
|
|
||||||
s->s3->tmp.ecdh = NULL;
|
|
||||||
|
|
||||||
if (!ssl_generate_master_secret(s, shared, i, 1)) {
|
|
||||||
al = SSL_AD_INTERNAL_ERROR;
|
al = SSL_AD_INTERNAL_ERROR;
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EVP_PKEY_free(ckey);
|
||||||
|
ckey = NULL;
|
||||||
|
|
||||||
return MSG_PROCESS_CONTINUE_PROCESSING;
|
return MSG_PROCESS_CONTINUE_PROCESSING;
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
@ -2683,7 +2655,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||||||
err:
|
err:
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
EC_POINT_free(clnt_ecpoint);
|
EVP_PKEY_free(ckey);
|
||||||
|
EVP_PKEY_CTX_free(pctx);
|
||||||
OPENSSL_free(rsa_decrypt);
|
OPENSSL_free(rsa_decrypt);
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_PSK
|
#ifndef OPENSSL_NO_PSK
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user