Remove ECDH client auth code.
Remove incomplete non-functional ECDH client authentication code. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson
parent
57be4444c6
commit
c66ce5eb23
@ -4722,14 +4722,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
|
|||||||
p[ret++] = SSL3_CT_DSS_SIGN;
|
p[ret++] = SSL3_CT_DSS_SIGN;
|
||||||
#endif
|
#endif
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
|
|
||||||
if (nostrict || !(alg_a & SSL_aRSA))
|
|
||||||
p[ret++] = TLS_CT_RSA_FIXED_ECDH;
|
|
||||||
if (nostrict || !(alg_a & SSL_aECDSA))
|
|
||||||
p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
|
|
||||||
}
|
|
||||||
/*
|
/*
|
||||||
* ECDSA certs can be used with RSA cipher suites as well so we don't
|
* ECDSA certs can be used with RSA cipher suites too so we don't
|
||||||
* need to check for SSL_kECDH or SSL_kECDHE
|
* need to check for SSL_kECDH or SSL_kECDHE
|
||||||
*/
|
*/
|
||||||
if (s->version >= TLS1_VERSION) {
|
if (s->version >= TLS1_VERSION) {
|
||||||
|
|||||||
@ -2470,35 +2470,7 @@ psk_err:
|
|||||||
else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
|
else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
|
||||||
const EC_GROUP *srvr_group = NULL;
|
const EC_GROUP *srvr_group = NULL;
|
||||||
EC_KEY *tkey;
|
EC_KEY *tkey;
|
||||||
int ecdh_clnt_cert = 0;
|
|
||||||
int field_size = 0;
|
int field_size = 0;
|
||||||
/*
|
|
||||||
* Did we send out the client's ECDH share for use in premaster
|
|
||||||
* computation as part of client certificate? If so, set
|
|
||||||
* ecdh_clnt_cert to 1.
|
|
||||||
*/
|
|
||||||
if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) {
|
|
||||||
/*-
|
|
||||||
* XXX: For now, we do not support client
|
|
||||||
* authentication using ECDH certificates.
|
|
||||||
* To add such support, one needs to add
|
|
||||||
* code that checks for appropriate
|
|
||||||
* conditions and sets ecdh_clnt_cert to 1.
|
|
||||||
* For example, the cert have an ECC
|
|
||||||
* key on the same curve as the server's
|
|
||||||
* and the key should be authorized for
|
|
||||||
* key agreement.
|
|
||||||
*
|
|
||||||
* One also needs to add code in ssl3_connect
|
|
||||||
* to skip sending the certificate verify
|
|
||||||
* message.
|
|
||||||
*
|
|
||||||
* if ((s->cert->key->privatekey != NULL) &&
|
|
||||||
* (s->cert->key->privatekey->type ==
|
|
||||||
* EVP_PKEY_EC) && ...)
|
|
||||||
* ecdh_clnt_cert = 1;
|
|
||||||
*/
|
|
||||||
}
|
|
||||||
|
|
||||||
if (s->s3->peer_ecdh_tmp != NULL) {
|
if (s->s3->peer_ecdh_tmp != NULL) {
|
||||||
tkey = s->s3->peer_ecdh_tmp;
|
tkey = s->s3->peer_ecdh_tmp;
|
||||||
@ -2535,30 +2507,10 @@ psk_err:
|
|||||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (ecdh_clnt_cert) {
|
/* Generate a new ECDH key pair */
|
||||||
/*
|
if (!(EC_KEY_generate_key(clnt_ecdh))) {
|
||||||
* Reuse key info from our certificate We only need our
|
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
|
||||||
* private key to perform the ECDH computation.
|
goto err;
|
||||||
*/
|
|
||||||
const BIGNUM *priv_key;
|
|
||||||
tkey = s->cert->key->privatekey->pkey.ec;
|
|
||||||
priv_key = EC_KEY_get0_private_key(tkey);
|
|
||||||
if (priv_key == NULL) {
|
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
|
|
||||||
ERR_R_MALLOC_FAILURE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
|
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
/* Generate a new ECDH key pair */
|
|
||||||
if (!(EC_KEY_generate_key(clnt_ecdh))) {
|
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
|
|
||||||
ERR_R_ECDH_LIB);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2581,34 +2533,29 @@ psk_err:
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ecdh_clnt_cert) {
|
/*
|
||||||
/* Send empty client key exch message */
|
* First check the size of encoding and allocate memory
|
||||||
n = 0;
|
* accordingly.
|
||||||
} else {
|
*/
|
||||||
/*
|
encoded_pt_len =
|
||||||
* First check the size of encoding and allocate memory
|
EC_KEY_key2buf(clnt_ecdh, POINT_CONVERSION_UNCOMPRESSED,
|
||||||
* accordingly.
|
|
||||||
*/
|
|
||||||
encoded_pt_len =
|
|
||||||
EC_KEY_key2buf(clnt_ecdh, POINT_CONVERSION_UNCOMPRESSED,
|
|
||||||
&encodedPoint, NULL);
|
&encodedPoint, NULL);
|
||||||
|
|
||||||
if (encoded_pt_len == 0) {
|
if (encoded_pt_len == 0) {
|
||||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
|
||||||
|
|
||||||
n = encoded_pt_len;
|
|
||||||
|
|
||||||
*p = n; /* length of encoded point */
|
|
||||||
/* Encoded point will be copied here */
|
|
||||||
p += 1;
|
|
||||||
/* copy the point */
|
|
||||||
memcpy(p, encodedPoint, n);
|
|
||||||
/* increment n to account for length field */
|
|
||||||
n += 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
n = encoded_pt_len;
|
||||||
|
|
||||||
|
*p = n; /* length of encoded point */
|
||||||
|
/* Encoded point will be copied here */
|
||||||
|
p += 1;
|
||||||
|
/* copy the point */
|
||||||
|
memcpy(p, encodedPoint, n);
|
||||||
|
/* increment n to account for length field */
|
||||||
|
n += 1;
|
||||||
|
|
||||||
/* Free allocated memory */
|
/* Free allocated memory */
|
||||||
OPENSSL_free(encodedPoint);
|
OPENSSL_free(encodedPoint);
|
||||||
EC_KEY_free(clnt_ecdh);
|
EC_KEY_free(clnt_ecdh);
|
||||||
|
|||||||
@ -2497,37 +2497,11 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (PACKET_remaining(pkt) == 0L) {
|
if (PACKET_remaining(pkt) == 0L) {
|
||||||
/* Client Publickey was in Client Certificate */
|
/* We don't support ECDH client auth */
|
||||||
|
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||||
if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
|
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
|
||||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
SSL_R_MISSING_TMP_ECDH_KEY);
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
|
goto f_err;
|
||||||
SSL_R_MISSING_TMP_ECDH_KEY);
|
|
||||||
goto f_err;
|
|
||||||
}
|
|
||||||
if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer))
|
|
||||||
== NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) {
|
|
||||||
/*
|
|
||||||
* XXX: For now, we do not support client authentication
|
|
||||||
* using ECDH certificates so this branch (n == 0L) of the
|
|
||||||
* code is never executed. When that support is added, we
|
|
||||||
* ought to ensure the key received in the certificate is
|
|
||||||
* authorized for key agreement. ECDH_compute_key implicitly
|
|
||||||
* checks that the two ECDH shares are for the same group.
|
|
||||||
*/
|
|
||||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
|
|
||||||
SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
|
|
||||||
goto f_err;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (EC_POINT_copy(clnt_ecpoint,
|
|
||||||
EC_KEY_get0_public_key(clnt_pub_pkey->
|
|
||||||
pkey.ec)) == 0) {
|
|
||||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
s->statem.no_cert_verify = 1;
|
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
* Get client's public key from encoded point in the
|
* Get client's public key from encoded point in the
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user