Tidy up EC parameter check code: instead of accessing internal structures
add utility functions to t1_lib.c to check if EC certificates and parameters are consistent with peer.
This commit is contained in:
Dr. Stephen Henson
167
ssl/s3_lib.c
167
ssl/s3_lib.c
@@ -152,11 +152,6 @@
|
||||
#include <openssl/objects.h>
|
||||
#include "ssl_locl.h"
|
||||
#include "kssl_lcl.h"
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#include "../crypto/ec/ec_lcl.h"
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
#endif /* OPENSSL_NO_TLSEXT */
|
||||
#include <openssl/md5.h>
|
||||
#ifndef OPENSSL_NO_DH
|
||||
#include <openssl/dh.h>
|
||||
@@ -3844,11 +3839,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
||||
SSL_CIPHER *c,*ret=NULL;
|
||||
STACK_OF(SSL_CIPHER) *prio, *allow;
|
||||
int i,ii,ok;
|
||||
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
|
||||
unsigned int j;
|
||||
int ec_ok, ec_nid;
|
||||
unsigned char ec_search1 = 0, ec_search2 = 0;
|
||||
#endif
|
||||
CERT *cert;
|
||||
unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
|
||||
|
||||
@@ -3949,155 +3939,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (
|
||||
/* if we are considering an ECC cipher suite that uses our certificate */
|
||||
(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
|
||||
/* and we have an ECC certificate */
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
|
||||
/* and the client specified a Supported Point Formats extension */
|
||||
&& ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
|
||||
/* and our certificate's point is compressed */
|
||||
&& (
|
||||
(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
|
||||
&& (
|
||||
(*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
|
||||
|| (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
|
||||
)
|
||||
)
|
||||
)
|
||||
{
|
||||
ec_ok = 0;
|
||||
/* if our certificate's curve is over a field type that the client does not support
|
||||
* then do not allow this cipher suite to be negotiated */
|
||||
if (
|
||||
(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
|
||||
&& (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
|
||||
)
|
||||
{
|
||||
for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
|
||||
{
|
||||
if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
|
||||
{
|
||||
ec_ok = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
|
||||
{
|
||||
for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
|
||||
{
|
||||
if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
|
||||
{
|
||||
ec_ok = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
ok = ok && ec_ok;
|
||||
}
|
||||
if (
|
||||
/* if we are considering an ECC cipher suite that uses our certificate */
|
||||
(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
|
||||
/* and we have an ECC certificate */
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
|
||||
/* and the client specified an EllipticCurves extension */
|
||||
&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
|
||||
)
|
||||
{
|
||||
ec_ok = 0;
|
||||
if (
|
||||
(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
|
||||
)
|
||||
{
|
||||
ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
|
||||
if ((ec_nid == 0)
|
||||
&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
|
||||
)
|
||||
{
|
||||
if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
|
||||
{
|
||||
ec_search1 = 0xFF;
|
||||
ec_search2 = 0x01;
|
||||
}
|
||||
else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
|
||||
{
|
||||
ec_search1 = 0xFF;
|
||||
ec_search2 = 0x02;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ec_search1 = 0x00;
|
||||
ec_search2 = tls1_ec_nid2curve_id(ec_nid);
|
||||
}
|
||||
if ((ec_search1 != 0) || (ec_search2 != 0))
|
||||
{
|
||||
for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
|
||||
{
|
||||
if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
|
||||
{
|
||||
ec_ok = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
ok = ok && ec_ok;
|
||||
}
|
||||
if (
|
||||
/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
|
||||
(alg_k & SSL_kEECDH)
|
||||
/* and we have an ephemeral EC key */
|
||||
&& (s->cert->ecdh_tmp != NULL)
|
||||
/* and the client specified an EllipticCurves extension */
|
||||
&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
|
||||
)
|
||||
{
|
||||
ec_ok = 0;
|
||||
if (s->cert->ecdh_tmp->group != NULL)
|
||||
{
|
||||
ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
|
||||
if ((ec_nid == 0)
|
||||
&& (s->cert->ecdh_tmp->group->meth != NULL)
|
||||
)
|
||||
{
|
||||
if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
|
||||
{
|
||||
ec_search1 = 0xFF;
|
||||
ec_search2 = 0x01;
|
||||
}
|
||||
else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
|
||||
{
|
||||
ec_search1 = 0xFF;
|
||||
ec_search2 = 0x02;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ec_search1 = 0x00;
|
||||
ec_search2 = tls1_ec_nid2curve_id(ec_nid);
|
||||
}
|
||||
if ((ec_search1 != 0) || (ec_search2 != 0))
|
||||
{
|
||||
for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
|
||||
{
|
||||
if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
|
||||
{
|
||||
ec_ok = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
ok = ok && ec_ok;
|
||||
}
|
||||
/* if we are considering an ECC cipher suite that uses our
|
||||
* certificate check it */
|
||||
if (alg_a & (SSL_aECDSA|SSL_aECDH))
|
||||
ok = ok && tls1_check_ec_server_key(s);
|
||||
/* if we are considering an ECC cipher suite that uses
|
||||
* an ephemeral EC key check it */
|
||||
if (alg_k & SSL_kEECDH)
|
||||
ok = ok && tls1_check_ec_tmp_key(s);
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
#endif /* OPENSSL_NO_TLSEXT */
|
||||
|
||||
|
||||
Reference in New Issue
Block a user