diff options
| author | jsing <> | 2014-09-26 14:58:42 +0000 |
|---|---|---|
| committer | jsing <> | 2014-09-26 14:58:42 +0000 |
| commit | d6d3c94e716944f599b1fba47074672a44305369 (patch) | |
| tree | d327bedc22db8c96e14f4151c7ff0f726ab369cb | |
| parent | bd790d54c42ff79b98f9b8b96c3b33f3bcf6c757 (diff) | |
| download | openbsd-d6d3c94e716944f599b1fba47074672a44305369.tar.gz openbsd-d6d3c94e716944f599b1fba47074672a44305369.tar.bz2 openbsd-d6d3c94e716944f599b1fba47074672a44305369.zip | |
Now that we have a static version of the default EC formats, also use it
for the server hello.
From OpenSSL.
ok miod@
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 91 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 91 |
2 files changed, 88 insertions, 94 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 7e4aba7f23..38f7fcfe7b 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.56 2014/09/22 14:26:22 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -349,6 +349,20 @@ tls1_ec_nid2curve_id(int nid) | |||
| 349 | } | 349 | } |
| 350 | } | 350 | } |
| 351 | 351 | ||
| 352 | static void | ||
| 353 | tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen) | ||
| 354 | { | ||
| 355 | /* | ||
| 356 | * If we have a custom point format list use it, otherwise use default. | ||
| 357 | */ | ||
| 358 | *pformats = s->tlsext_ecpointformatlist; | ||
| 359 | *pformatslen = s->tlsext_ecpointformatlist_length; | ||
| 360 | if (*pformats == NULL) { | ||
| 361 | *pformats = ecformats_default; | ||
| 362 | *pformatslen = sizeof(ecformats_default); | ||
| 363 | } | ||
| 364 | } | ||
| 365 | |||
| 352 | /* | 366 | /* |
| 353 | * List of supported signature algorithms and hashes. Should make this | 367 | * List of supported signature algorithms and hashes. Should make this |
| 354 | * customisable at some point, for now include everything we support. | 368 | * customisable at some point, for now include everything we support. |
| @@ -486,20 +500,11 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 486 | /* | 500 | /* |
| 487 | * Add TLS extension ECPointFormats to the ClientHello message. | 501 | * Add TLS extension ECPointFormats to the ClientHello message. |
| 488 | */ | 502 | */ |
| 489 | size_t lenmax; | ||
| 490 | const unsigned char *plist; | 503 | const unsigned char *plist; |
| 491 | size_t plistlen; | 504 | size_t plistlen; |
| 505 | size_t lenmax; | ||
| 492 | 506 | ||
| 493 | /* | 507 | tls1_get_formatlist(s, &plist, &plistlen); |
| 494 | * If we have a custom point format list use it otherwise | ||
| 495 | * use default. | ||
| 496 | */ | ||
| 497 | plist = s->tlsext_ecpointformatlist; | ||
| 498 | plistlen = s->tlsext_ecpointformatlist_length; | ||
| 499 | if (plist == NULL) { | ||
| 500 | plist = ecformats_default; | ||
| 501 | plistlen = sizeof(ecformats_default); | ||
| 502 | } | ||
| 503 | 508 | ||
| 504 | if ((size_t)(limit - ret) < 5) | 509 | if ((size_t)(limit - ret) < 5) |
| 505 | return NULL; | 510 | return NULL; |
| @@ -723,12 +728,19 @@ skip_ext: | |||
| 723 | unsigned char * | 728 | unsigned char * |
| 724 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | 729 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) |
| 725 | { | 730 | { |
| 726 | int extdatalen = 0; | 731 | int using_ecc, extdatalen = 0; |
| 732 | unsigned long alg_a, alg_k; | ||
| 727 | unsigned char *ret = p; | 733 | unsigned char *ret = p; |
| 728 | #ifndef OPENSSL_NO_NEXTPROTONEG | 734 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 729 | int next_proto_neg_seen; | 735 | int next_proto_neg_seen; |
| 730 | #endif | 736 | #endif |
| 731 | 737 | ||
| 738 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 739 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 740 | using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || | ||
| 741 | alg_a & SSL_aECDSA) && | ||
| 742 | s->session->tlsext_ecpointformatlist != NULL; | ||
| 743 | |||
| 732 | /* don't add extensions for SSLv3, unless doing secure renegotiation */ | 744 | /* don't add extensions for SSLv3, unless doing secure renegotiation */ |
| 733 | if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) | 745 | if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) |
| 734 | return p; | 746 | return p; |
| @@ -770,32 +782,39 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 770 | ret += el; | 782 | ret += el; |
| 771 | } | 783 | } |
| 772 | 784 | ||
| 773 | if (s->tlsext_ecpointformatlist != NULL && | 785 | if (using_ecc && s->version != DTLS1_VERSION) { |
| 774 | s->version != DTLS1_VERSION) { | 786 | /* |
| 775 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 787 | * Add TLS extension ECPointFormats to the ServerHello message. |
| 788 | */ | ||
| 789 | const unsigned char *plist; | ||
| 790 | size_t plistlen; | ||
| 776 | size_t lenmax; | 791 | size_t lenmax; |
| 777 | 792 | ||
| 793 | tls1_get_formatlist(s, &plist, &plistlen); | ||
| 794 | |||
| 778 | if ((size_t)(limit - ret) < 5) | 795 | if ((size_t)(limit - ret) < 5) |
| 779 | return NULL; | 796 | return NULL; |
| 780 | 797 | ||
| 781 | lenmax = limit - ret - 5; | 798 | lenmax = limit - ret - 5; |
| 782 | if (s->tlsext_ecpointformatlist_length > lenmax) | 799 | if (plistlen > lenmax) |
| 783 | return NULL; | 800 | return NULL; |
| 784 | if (s->tlsext_ecpointformatlist_length > 255) { | 801 | if (plistlen > 255) { |
| 785 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 802 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, |
| 786 | ERR_R_INTERNAL_ERROR); | 803 | ERR_R_INTERNAL_ERROR); |
| 787 | return NULL; | 804 | return NULL; |
| 788 | } | 805 | } |
| 789 | 806 | ||
| 790 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 807 | s2n(TLSEXT_TYPE_ec_point_formats, ret); |
| 791 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 808 | s2n(plistlen + 1, ret); |
| 792 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 809 | *(ret++) = (unsigned char)plistlen; |
| 793 | memcpy(ret, s->tlsext_ecpointformatlist, | 810 | memcpy(ret, plist, plistlen); |
| 794 | s->tlsext_ecpointformatlist_length); | 811 | ret += plistlen; |
| 795 | ret += s->tlsext_ecpointformatlist_length; | ||
| 796 | |||
| 797 | } | 812 | } |
| 798 | /* Currently the server should not respond with a SupportedCurves extension */ | 813 | |
| 814 | /* | ||
| 815 | * Currently the server should not respond with a SupportedCurves | ||
| 816 | * extension. | ||
| 817 | */ | ||
| 799 | 818 | ||
| 800 | if (s->tlsext_ticket_expected && | 819 | if (s->tlsext_ticket_expected && |
| 801 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 820 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { |
| @@ -1526,28 +1545,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1526 | int | 1545 | int |
| 1527 | ssl_prepare_serverhello_tlsext(SSL *s) | 1546 | ssl_prepare_serverhello_tlsext(SSL *s) |
| 1528 | { | 1547 | { |
| 1529 | /* If we are server and using an ECC cipher suite, send the point formats we support | ||
| 1530 | * if the client sent us an ECPointsFormat extension. Note that the server is not | ||
| 1531 | * supposed to send an EllipticCurves extension. | ||
| 1532 | */ | ||
| 1533 | |||
| 1534 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1535 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 1536 | int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); | ||
| 1537 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); | ||
| 1538 | |||
| 1539 | if (using_ecc) { | ||
| 1540 | free(s->tlsext_ecpointformatlist); | ||
| 1541 | if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { | ||
| 1542 | SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); | ||
| 1543 | return -1; | ||
| 1544 | } | ||
| 1545 | s->tlsext_ecpointformatlist_length = 3; | ||
| 1546 | s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; | ||
| 1547 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | ||
| 1548 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | ||
| 1549 | } | ||
| 1550 | |||
| 1551 | return 1; | 1548 | return 1; |
| 1552 | } | 1549 | } |
| 1553 | 1550 | ||
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 7e4aba7f23..38f7fcfe7b 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.56 2014/09/22 14:26:22 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -349,6 +349,20 @@ tls1_ec_nid2curve_id(int nid) | |||
| 349 | } | 349 | } |
| 350 | } | 350 | } |
| 351 | 351 | ||
| 352 | static void | ||
| 353 | tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen) | ||
| 354 | { | ||
| 355 | /* | ||
| 356 | * If we have a custom point format list use it, otherwise use default. | ||
| 357 | */ | ||
| 358 | *pformats = s->tlsext_ecpointformatlist; | ||
| 359 | *pformatslen = s->tlsext_ecpointformatlist_length; | ||
| 360 | if (*pformats == NULL) { | ||
| 361 | *pformats = ecformats_default; | ||
| 362 | *pformatslen = sizeof(ecformats_default); | ||
| 363 | } | ||
| 364 | } | ||
| 365 | |||
| 352 | /* | 366 | /* |
| 353 | * List of supported signature algorithms and hashes. Should make this | 367 | * List of supported signature algorithms and hashes. Should make this |
| 354 | * customisable at some point, for now include everything we support. | 368 | * customisable at some point, for now include everything we support. |
| @@ -486,20 +500,11 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 486 | /* | 500 | /* |
| 487 | * Add TLS extension ECPointFormats to the ClientHello message. | 501 | * Add TLS extension ECPointFormats to the ClientHello message. |
| 488 | */ | 502 | */ |
| 489 | size_t lenmax; | ||
| 490 | const unsigned char *plist; | 503 | const unsigned char *plist; |
| 491 | size_t plistlen; | 504 | size_t plistlen; |
| 505 | size_t lenmax; | ||
| 492 | 506 | ||
| 493 | /* | 507 | tls1_get_formatlist(s, &plist, &plistlen); |
| 494 | * If we have a custom point format list use it otherwise | ||
| 495 | * use default. | ||
| 496 | */ | ||
| 497 | plist = s->tlsext_ecpointformatlist; | ||
| 498 | plistlen = s->tlsext_ecpointformatlist_length; | ||
| 499 | if (plist == NULL) { | ||
| 500 | plist = ecformats_default; | ||
| 501 | plistlen = sizeof(ecformats_default); | ||
| 502 | } | ||
| 503 | 508 | ||
| 504 | if ((size_t)(limit - ret) < 5) | 509 | if ((size_t)(limit - ret) < 5) |
| 505 | return NULL; | 510 | return NULL; |
| @@ -723,12 +728,19 @@ skip_ext: | |||
| 723 | unsigned char * | 728 | unsigned char * |
| 724 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | 729 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) |
| 725 | { | 730 | { |
| 726 | int extdatalen = 0; | 731 | int using_ecc, extdatalen = 0; |
| 732 | unsigned long alg_a, alg_k; | ||
| 727 | unsigned char *ret = p; | 733 | unsigned char *ret = p; |
| 728 | #ifndef OPENSSL_NO_NEXTPROTONEG | 734 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 729 | int next_proto_neg_seen; | 735 | int next_proto_neg_seen; |
| 730 | #endif | 736 | #endif |
| 731 | 737 | ||
| 738 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 739 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 740 | using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || | ||
| 741 | alg_a & SSL_aECDSA) && | ||
| 742 | s->session->tlsext_ecpointformatlist != NULL; | ||
| 743 | |||
| 732 | /* don't add extensions for SSLv3, unless doing secure renegotiation */ | 744 | /* don't add extensions for SSLv3, unless doing secure renegotiation */ |
| 733 | if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) | 745 | if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) |
| 734 | return p; | 746 | return p; |
| @@ -770,32 +782,39 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 770 | ret += el; | 782 | ret += el; |
| 771 | } | 783 | } |
| 772 | 784 | ||
| 773 | if (s->tlsext_ecpointformatlist != NULL && | 785 | if (using_ecc && s->version != DTLS1_VERSION) { |
| 774 | s->version != DTLS1_VERSION) { | 786 | /* |
| 775 | /* Add TLS extension ECPointFormats to the ServerHello message */ | 787 | * Add TLS extension ECPointFormats to the ServerHello message. |
| 788 | */ | ||
| 789 | const unsigned char *plist; | ||
| 790 | size_t plistlen; | ||
| 776 | size_t lenmax; | 791 | size_t lenmax; |
| 777 | 792 | ||
| 793 | tls1_get_formatlist(s, &plist, &plistlen); | ||
| 794 | |||
| 778 | if ((size_t)(limit - ret) < 5) | 795 | if ((size_t)(limit - ret) < 5) |
| 779 | return NULL; | 796 | return NULL; |
| 780 | 797 | ||
| 781 | lenmax = limit - ret - 5; | 798 | lenmax = limit - ret - 5; |
| 782 | if (s->tlsext_ecpointformatlist_length > lenmax) | 799 | if (plistlen > lenmax) |
| 783 | return NULL; | 800 | return NULL; |
| 784 | if (s->tlsext_ecpointformatlist_length > 255) { | 801 | if (plistlen > 255) { |
| 785 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | 802 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, |
| 786 | ERR_R_INTERNAL_ERROR); | 803 | ERR_R_INTERNAL_ERROR); |
| 787 | return NULL; | 804 | return NULL; |
| 788 | } | 805 | } |
| 789 | 806 | ||
| 790 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | 807 | s2n(TLSEXT_TYPE_ec_point_formats, ret); |
| 791 | s2n(s->tlsext_ecpointformatlist_length + 1, ret); | 808 | s2n(plistlen + 1, ret); |
| 792 | *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; | 809 | *(ret++) = (unsigned char)plistlen; |
| 793 | memcpy(ret, s->tlsext_ecpointformatlist, | 810 | memcpy(ret, plist, plistlen); |
| 794 | s->tlsext_ecpointformatlist_length); | 811 | ret += plistlen; |
| 795 | ret += s->tlsext_ecpointformatlist_length; | ||
| 796 | |||
| 797 | } | 812 | } |
| 798 | /* Currently the server should not respond with a SupportedCurves extension */ | 813 | |
| 814 | /* | ||
| 815 | * Currently the server should not respond with a SupportedCurves | ||
| 816 | * extension. | ||
| 817 | */ | ||
| 799 | 818 | ||
| 800 | if (s->tlsext_ticket_expected && | 819 | if (s->tlsext_ticket_expected && |
| 801 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | 820 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { |
| @@ -1526,28 +1545,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) | |||
| 1526 | int | 1545 | int |
| 1527 | ssl_prepare_serverhello_tlsext(SSL *s) | 1546 | ssl_prepare_serverhello_tlsext(SSL *s) |
| 1528 | { | 1547 | { |
| 1529 | /* If we are server and using an ECC cipher suite, send the point formats we support | ||
| 1530 | * if the client sent us an ECPointsFormat extension. Note that the server is not | ||
| 1531 | * supposed to send an EllipticCurves extension. | ||
| 1532 | */ | ||
| 1533 | |||
| 1534 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1535 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 1536 | int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); | ||
| 1537 | using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); | ||
| 1538 | |||
| 1539 | if (using_ecc) { | ||
| 1540 | free(s->tlsext_ecpointformatlist); | ||
| 1541 | if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { | ||
| 1542 | SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); | ||
| 1543 | return -1; | ||
| 1544 | } | ||
| 1545 | s->tlsext_ecpointformatlist_length = 3; | ||
| 1546 | s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; | ||
| 1547 | s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; | ||
| 1548 | s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | ||
| 1549 | } | ||
| 1550 | |||
| 1551 | return 1; | 1548 | return 1; |
| 1552 | } | 1549 | } |
| 1553 | 1550 | ||