diff options
| author | jsing <> | 2014-09-27 11:01:06 +0000 |
|---|---|---|
| committer | jsing <> | 2014-09-27 11:01:06 +0000 |
| commit | e82d769243512ab6c9b239e874920d017e626428 (patch) | |
| tree | 9bdf9e8b5c2c33851369eba1c6947e8be6c47ad7 /src/lib/libssl/s3_clnt.c | |
| parent | f2b4debf2dec428decbf29cca424c6ff07a4bd78 (diff) | |
| download | openbsd-e82d769243512ab6c9b239e874920d017e626428.tar.gz openbsd-e82d769243512ab6c9b239e874920d017e626428.tar.bz2 openbsd-e82d769243512ab6c9b239e874920d017e626428.zip | |
Check that the specified curve is one of the client preferences.
Based on OpenSSL.
ok miod@
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 1f64091f87..9aa599a1c6 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.90 2014/09/19 14:32:23 tedu Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.91 2014/09/27 11:01:05 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1330,8 +1330,8 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1330 | s->session->sess_cert->peer_dh_tmp = dh; | 1330 | s->session->sess_cert->peer_dh_tmp = dh; |
| 1331 | dh = NULL; | 1331 | dh = NULL; |
| 1332 | } else if (alg_k & SSL_kECDHE) { | 1332 | } else if (alg_k & SSL_kECDHE) { |
| 1333 | EC_GROUP *ngroup; | ||
| 1334 | const EC_GROUP *group; | 1333 | const EC_GROUP *group; |
| 1334 | EC_GROUP *ngroup; | ||
| 1335 | 1335 | ||
| 1336 | if ((ecdh = EC_KEY_new()) == NULL) { | 1336 | if ((ecdh = EC_KEY_new()) == NULL) { |
| 1337 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1337 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| @@ -1351,8 +1351,24 @@ ssl3_get_key_exchange(SSL *s) | |||
| 1351 | * and the ECParameters in this case is just three bytes. | 1351 | * and the ECParameters in this case is just three bytes. |
| 1352 | */ | 1352 | */ |
| 1353 | param_len = 3; | 1353 | param_len = 3; |
| 1354 | if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || | 1354 | if (param_len > n) { |
| 1355 | ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) { | 1355 | al = SSL_AD_DECODE_ERROR; |
| 1356 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1357 | SSL_R_LENGTH_TOO_SHORT); | ||
| 1358 | goto f_err; | ||
| 1359 | } | ||
| 1360 | |||
| 1361 | /* | ||
| 1362 | * Check curve is one of our preferences, if not server has | ||
| 1363 | * sent an invalid curve. | ||
| 1364 | */ | ||
| 1365 | if (tls1_check_curve(s, p, param_len) != 1) { | ||
| 1366 | al = SSL_AD_DECODE_ERROR; | ||
| 1367 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE); | ||
| 1368 | goto f_err; | ||
| 1369 | } | ||
| 1370 | |||
| 1371 | if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) { | ||
| 1356 | al = SSL_AD_INTERNAL_ERROR; | 1372 | al = SSL_AD_INTERNAL_ERROR; |
| 1357 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | 1373 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, |
| 1358 | SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); | 1374 | SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); |