Check that the specified curve is one of the client preferences.

Based on OpenSSL. ok miod@
author: jsing <> 2014-09-27 11:01:06 +0000
committer: jsing <> 2014-09-27 11:01:06 +0000
commit: 2e75e6d02f2e0d3b9d2ed384b0940da66d15244e (patch)
tree: 9bdf9e8b5c2c33851369eba1c6947e8be6c47ad7 /src
parent: 4e10b99e9f420212b077e11cb4f87d3f1f9e0f75 (diff)
download: openbsd-2e75e6d02f2e0d3b9d2ed384b0940da66d15244e.tar.gz
openbsd-2e75e6d02f2e0d3b9d2ed384b0940da66d15244e.tar.bz2
openbsd-2e75e6d02f2e0d3b9d2ed384b0940da66d15244e.zip
10 files changed, 140 insertions, 16 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 1f64091f87..9aa599a1c6 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.90 2014/09/19 14:32:23 tedu Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.91 2014/09/27 11:01:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1330,8 +1330,8 @@ ssl3_get_key_exchange(SSL *s)
                s->session->sess_cert->peer_dh_tmp = dh;
                dh = NULL;
        } else if (alg_k & SSL_kECDHE) {
-                EC_GROUP *ngroup;
                const EC_GROUP *group;
+                EC_GROUP *ngroup;
                if ((ecdh = EC_KEY_new()) == NULL) {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1351,8 +1351,24 @@ ssl3_get_key_exchange(SSL *s)
                 * and the ECParameters in this case is just three bytes.
                 */
                param_len = 3;
-                if ((param_len > n) || (*p != NAMED_CURVE_TYPE) ||
+                if (param_len > n) {
-                    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
+                        al = SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                            SSL_R_LENGTH_TOO_SHORT);
+                        goto f_err;
+                }
+                /*
+                 * Check curve is one of our preferences, if not server has
+                 * sent an invalid curve.
+                 */
+                if (tls1_check_curve(s, p, param_len) != 1) {
+                        al = SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
+                        goto f_err;
+                }
+                if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
                        al = SSL_AD_INTERNAL_ERROR;
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
                            SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 1f64091f87..9aa599a1c6 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.90 2014/09/19 14:32:23 tedu Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.91 2014/09/27 11:01:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1330,8 +1330,8 @@ ssl3_get_key_exchange(SSL *s)
                s->session->sess_cert->peer_dh_tmp = dh;
                dh = NULL;
        } else if (alg_k & SSL_kECDHE) {
-                EC_GROUP *ngroup;
                const EC_GROUP *group;
+                EC_GROUP *ngroup;
                if ((ecdh = EC_KEY_new()) == NULL) {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1351,8 +1351,24 @@ ssl3_get_key_exchange(SSL *s)
                 * and the ECParameters in this case is just three bytes.
                 */
                param_len = 3;
-                if ((param_len > n) || (*p != NAMED_CURVE_TYPE) ||
+                if (param_len > n) {
-                    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
+                        al = SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                            SSL_R_LENGTH_TOO_SHORT);
+                        goto f_err;
+                }
+                /*
+                 * Check curve is one of our preferences, if not server has
+                 * sent an invalid curve.
+                 */
+                if (tls1_check_curve(s, p, param_len) != 1) {
+                        al = SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
+                        goto f_err;
+                }
+                if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
                        al = SSL_AD_INTERNAL_ERROR;
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
                            SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 1851cd9525..3b948245f2 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.64 2014/09/21 17:11:04 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.65 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2318,6 +2318,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
 #define SSL_R_WRITE_BIO_NOT_SET                          260
 #define SSL_R_WRONG_CIPHER_RETURNED                      261
+#define SSL_R_WRONG_CURVE                                378
 #define SSL_R_WRONG_MESSAGE_TYPE                         262
 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
 #define SSL_R_WRONG_SIGNATURE_LENGTH                     264
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 9abd28bf88..33cd5f2f96 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.25 2014/06/13 11:52:03 jsing Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.26 2014/09/27 11:01:06 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -584,6 +584,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
        {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     , "write bio not set"},
        {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
+        {ERR_REASON(SSL_R_WRONG_CURVE)           , "wrong curve"},
        {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    , "wrong message type"},
        {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
        {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 7c1aef68b1..3eee18cbd6 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.68 2014/09/07 12:16:23 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.69 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -798,6 +798,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 int tls1_ec_curve_id2nid(int curve_id);
 int tls1_ec_nid2curve_id(int nid);
+int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
    unsigned char *limit);
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 38f7fcfe7b..20f576e796 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.58 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -364,6 +364,49 @@ tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen)
 }
 /*
+ * Return the appropriate curve list. If client_curves is non-zero, return
+ * the client/session curves. Otherwise return the custom curve list if one
+ * exists, or the default curves if a custom list has not been specified.
+ */
+static void
+tls1_get_curvelist(SSL *s, int client_curves, const unsigned char **pcurves,
+    size_t *pcurveslen)
+{
+        if (client_curves != 0) {
+                *pcurves = s->session->tlsext_ellipticcurvelist;
+                *pcurveslen = s->session->tlsext_ellipticcurvelist_length;
+                return;
+        }
+        *pcurves = s->tlsext_ellipticcurvelist;
+        *pcurveslen = s->tlsext_ellipticcurvelist_length;
+        if (*pcurves == NULL) {
+                *pcurves = eccurves_default;
+                *pcurveslen = sizeof(eccurves_default);
+        }
+}
+/* Check that a curve is one of our preferences. */
+int
+tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+{
+        const unsigned char *curves;
+        size_t curveslen, i;
+        /* Only named curves are supported. */
+        if (len != 3 || p[0] != NAMED_CURVE_TYPE)
+                return (0);
+        tls1_get_curvelist(s, 0, &curves, &curveslen);
+        for (i = 0; i < curveslen; i += 2, curves += 2) {
+                if (p[1] == curves[0] && p[2] == curves[1])
+                        return (1);
+        }
+        return (0);
+}
+/*
 * List of supported signature algorithms and hashes. Should make this
 * customisable at some point, for now include everything we support.
 */
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1851cd9525..3b948245f2 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.64 2014/09/21 17:11:04 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.65 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2318,6 +2318,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
 #define SSL_R_WRITE_BIO_NOT_SET                          260
 #define SSL_R_WRONG_CIPHER_RETURNED                      261
+#define SSL_R_WRONG_CURVE                                378
 #define SSL_R_WRONG_MESSAGE_TYPE                         262
 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
 #define SSL_R_WRONG_SIGNATURE_LENGTH                     264
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 9abd28bf88..33cd5f2f96 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.25 2014/06/13 11:52:03 jsing Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.26 2014/09/27 11:01:06 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -584,6 +584,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
        {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     , "write bio not set"},
        {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
+        {ERR_REASON(SSL_R_WRONG_CURVE)           , "wrong curve"},
        {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    , "wrong message type"},
        {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
        {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7c1aef68b1..3eee18cbd6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.68 2014/09/07 12:16:23 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.69 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -798,6 +798,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 int tls1_ec_curve_id2nid(int curve_id);
 int tls1_ec_nid2curve_id(int nid);
+int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
    unsigned char *limit);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 38f7fcfe7b..20f576e796 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.58 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -364,6 +364,49 @@ tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen)
 }
 /*
+ * Return the appropriate curve list. If client_curves is non-zero, return
+ * the client/session curves. Otherwise return the custom curve list if one
+ * exists, or the default curves if a custom list has not been specified.
+ */
+static void
+tls1_get_curvelist(SSL *s, int client_curves, const unsigned char **pcurves,
+    size_t *pcurveslen)
+{
+        if (client_curves != 0) {
+                *pcurves = s->session->tlsext_ellipticcurvelist;
+                *pcurveslen = s->session->tlsext_ellipticcurvelist_length;
+                return;
+        }
+        *pcurves = s->tlsext_ellipticcurvelist;
+        *pcurveslen = s->tlsext_ellipticcurvelist_length;
+        if (*pcurves == NULL) {
+                *pcurves = eccurves_default;
+                *pcurveslen = sizeof(eccurves_default);
+        }
+}
+/* Check that a curve is one of our preferences. */
+int
+tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+{
+        const unsigned char *curves;
+        size_t curveslen, i;
+        /* Only named curves are supported. */
+        if (len != 3 || p[0] != NAMED_CURVE_TYPE)
+                return (0);
+        tls1_get_curvelist(s, 0, &curves, &curveslen);
+        for (i = 0; i < curveslen; i += 2, curves += 2) {
+                if (p[1] == curves[0] && p[2] == curves[1])
+                        return (1);
+        }
+        return (0);
+}
+/*
 * List of supported signature algorithms and hashes. Should make this
 * customisable at some point, for now include everything we support.
 */
author	jsing <>	2014-09-27 11:01:06 +0000
committer	jsing <>	2014-09-27 11:01:06 +0000
commit	2e75e6d02f2e0d3b9d2ed384b0940da66d15244e (patch)
tree	9bdf9e8b5c2c33851369eba1c6947e8be6c47ad7 /src
parent	4e10b99e9f420212b077e11cb4f87d3f1f9e0f75 (diff)
download	openbsd-2e75e6d02f2e0d3b9d2ed384b0940da66d15244e.tar.gz openbsd-2e75e6d02f2e0d3b9d2ed384b0940da66d15244e.tar.bz2 openbsd-2e75e6d02f2e0d3b9d2ed384b0940da66d15244e.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 1f64091f87..9aa599a1c6 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.90 2014/09/19 14:32:23 tedu Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.91 2014/09/27 11:01:05 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1330,8 +1330,8 @@ ssl3_get_key_exchange(SSL *s)
1330	s->session->sess_cert->peer_dh_tmp = dh;	1330	s->session->sess_cert->peer_dh_tmp = dh;
1331	dh = NULL;	1331	dh = NULL;
1332	} else if (alg_k & SSL_kECDHE) {	1332	} else if (alg_k & SSL_kECDHE) {
1333	EC_GROUP *ngroup;
1334	const EC_GROUP *group;	1333	const EC_GROUP *group;
		1334	EC_GROUP *ngroup;
1335		1335
1336	if ((ecdh = EC_KEY_new()) == NULL) {	1336	if ((ecdh = EC_KEY_new()) == NULL) {
1337	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,	1337	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1351,8 +1351,24 @@ ssl3_get_key_exchange(SSL *s)
1351	* and the ECParameters in this case is just three bytes.	1351	* and the ECParameters in this case is just three bytes.
1352	*/	1352	*/
1353	param_len = 3;	1353	param_len = 3;
1354	if ((param_len > n) \|\| (*p != NAMED_CURVE_TYPE) \|\|	1354	if (param_len > n) {
1355	((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {	1355	al = SSL_AD_DECODE_ERROR;
		1356	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
		1357	SSL_R_LENGTH_TOO_SHORT);
		1358	goto f_err;
		1359	}
		1360
		1361	/*
		1362	* Check curve is one of our preferences, if not server has
		1363	* sent an invalid curve.
		1364	*/
		1365	if (tls1_check_curve(s, p, param_len) != 1) {
		1366	al = SSL_AD_DECODE_ERROR;
		1367	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
		1368	goto f_err;
		1369	}
		1370
		1371	if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
1356	al = SSL_AD_INTERNAL_ERROR;	1372	al = SSL_AD_INTERNAL_ERROR;
1357	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,	1373	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1358	SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);	1374	SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);


diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 1f64091f87..9aa599a1c6 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.90 2014/09/19 14:32:23 tedu Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.91 2014/09/27 11:01:05 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1330,8 +1330,8 @@ ssl3_get_key_exchange(SSL *s)
1330	s->session->sess_cert->peer_dh_tmp = dh;	1330	s->session->sess_cert->peer_dh_tmp = dh;
1331	dh = NULL;	1331	dh = NULL;
1332	} else if (alg_k & SSL_kECDHE) {	1332	} else if (alg_k & SSL_kECDHE) {
1333	EC_GROUP *ngroup;
1334	const EC_GROUP *group;	1333	const EC_GROUP *group;
		1334	EC_GROUP *ngroup;
1335		1335
1336	if ((ecdh = EC_KEY_new()) == NULL) {	1336	if ((ecdh = EC_KEY_new()) == NULL) {
1337	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,	1337	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
@@ -1351,8 +1351,24 @@ ssl3_get_key_exchange(SSL *s)
1351	* and the ECParameters in this case is just three bytes.	1351	* and the ECParameters in this case is just three bytes.
1352	*/	1352	*/
1353	param_len = 3;	1353	param_len = 3;
1354	if ((param_len > n) \|\| (*p != NAMED_CURVE_TYPE) \|\|	1354	if (param_len > n) {
1355	((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {	1355	al = SSL_AD_DECODE_ERROR;
		1356	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
		1357	SSL_R_LENGTH_TOO_SHORT);
		1358	goto f_err;
		1359	}
		1360
		1361	/*
		1362	* Check curve is one of our preferences, if not server has
		1363	* sent an invalid curve.
		1364	*/
		1365	if (tls1_check_curve(s, p, param_len) != 1) {
		1366	al = SSL_AD_DECODE_ERROR;
		1367	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
		1368	goto f_err;
		1369	}
		1370
		1371	if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
1356	al = SSL_AD_INTERNAL_ERROR;	1372	al = SSL_AD_INTERNAL_ERROR;
1357	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,	1373	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1358	SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);	1374	SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);


diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 1851cd9525..3b948245f2 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.64 2014/09/21 17:11:04 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.65 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2318,6 +2318,7 @@ void ERR_load_SSL_strings(void);
2318	#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369	2318	#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
2319	#define SSL_R_WRITE_BIO_NOT_SET 260	2319	#define SSL_R_WRITE_BIO_NOT_SET 260
2320	#define SSL_R_WRONG_CIPHER_RETURNED 261	2320	#define SSL_R_WRONG_CIPHER_RETURNED 261
		2321	#define SSL_R_WRONG_CURVE 378
2321	#define SSL_R_WRONG_MESSAGE_TYPE 262	2322	#define SSL_R_WRONG_MESSAGE_TYPE 262
2322	#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263	2323	#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2323	#define SSL_R_WRONG_SIGNATURE_LENGTH 264	2324	#define SSL_R_WRONG_SIGNATURE_LENGTH 264


diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c index 9abd28bf88..33cd5f2f96 100644 --- a/src/lib/libssl/src/ssl/ssl_err.c +++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_err.c,v 1.25 2014/06/13 11:52:03 jsing Exp $ */	1	/* $OpenBSD: ssl_err.c,v 1.26 2014/09/27 11:01:06 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -584,6 +584,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
584	{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},	584	{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
585	{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"},	585	{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"},
586	{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},	586	{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
		587	{ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"},
587	{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"},	588	{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"},
588	{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},	589	{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
589	{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},	590	{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 7c1aef68b1..3eee18cbd6 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.68 2014/09/07 12:16:23 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.69 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -798,6 +798,7 @@ SSL_COMP ssl3_comp_find(STACK_OF(SSL_COMP) sk, int n);
798		798
799	int tls1_ec_curve_id2nid(int curve_id);	799	int tls1_ec_curve_id2nid(int curve_id);
800	int tls1_ec_nid2curve_id(int nid);	800	int tls1_ec_nid2curve_id(int nid);
		801	int tls1_check_curve(SSL s, const unsigned char p, size_t len);
801		802
802	unsigned char ssl_add_clienthello_tlsext(SSL s, unsigned char *p,	803	unsigned char ssl_add_clienthello_tlsext(SSL s, unsigned char *p,
803	unsigned char *limit);	804	unsigned char *limit);


diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 38f7fcfe7b..20f576e796 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.58 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -364,6 +364,49 @@ tls1_get_formatlist(SSL s, const unsigned char pformats, size_t pformatslen)
364	}	364	}
365		365
366	/*	366	/*
		367	* Return the appropriate curve list. If client_curves is non-zero, return
		368	* the client/session curves. Otherwise return the custom curve list if one
		369	* exists, or the default curves if a custom list has not been specified.
		370	*/
		371	static void
		372	tls1_get_curvelist(SSL s, int client_curves, const unsigned char *pcurves,
		373	size_t *pcurveslen)
		374	{
		375	if (client_curves != 0) {
		376	*pcurves = s->session->tlsext_ellipticcurvelist;
		377	*pcurveslen = s->session->tlsext_ellipticcurvelist_length;
		378	return;
		379	}
		380
		381	*pcurves = s->tlsext_ellipticcurvelist;
		382	*pcurveslen = s->tlsext_ellipticcurvelist_length;
		383	if (*pcurves == NULL) {
		384	*pcurves = eccurves_default;
		385	*pcurveslen = sizeof(eccurves_default);
		386	}
		387	}
		388
		389	/* Check that a curve is one of our preferences. */
		390	int
		391	tls1_check_curve(SSL s, const unsigned char p, size_t len)
		392	{
		393	const unsigned char *curves;
		394	size_t curveslen, i;
		395
		396	/* Only named curves are supported. */
		397	if (len != 3 \|\| p[0] != NAMED_CURVE_TYPE)
		398	return (0);
		399
		400	tls1_get_curvelist(s, 0, &curves, &curveslen);
		401
		402	for (i = 0; i < curveslen; i += 2, curves += 2) {
		403	if (p[1] == curves[0] && p[2] == curves[1])
		404	return (1);
		405	}
		406	return (0);
		407	}
		408
		409	/*
367	* List of supported signature algorithms and hashes. Should make this	410	* List of supported signature algorithms and hashes. Should make this
368	* customisable at some point, for now include everything we support.	411	* customisable at some point, for now include everything we support.
369	*/	412	*/


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 1851cd9525..3b948245f2 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.64 2014/09/21 17:11:04 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.65 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2318,6 +2318,7 @@ void ERR_load_SSL_strings(void);
2318	#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369	2318	#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
2319	#define SSL_R_WRITE_BIO_NOT_SET 260	2319	#define SSL_R_WRITE_BIO_NOT_SET 260
2320	#define SSL_R_WRONG_CIPHER_RETURNED 261	2320	#define SSL_R_WRONG_CIPHER_RETURNED 261
		2321	#define SSL_R_WRONG_CURVE 378
2321	#define SSL_R_WRONG_MESSAGE_TYPE 262	2322	#define SSL_R_WRONG_MESSAGE_TYPE 262
2322	#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263	2323	#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2323	#define SSL_R_WRONG_SIGNATURE_LENGTH 264	2324	#define SSL_R_WRONG_SIGNATURE_LENGTH 264


diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 9abd28bf88..33cd5f2f96 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_err.c,v 1.25 2014/06/13 11:52:03 jsing Exp $ */	1	/* $OpenBSD: ssl_err.c,v 1.26 2014/09/27 11:01:06 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -584,6 +584,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
584	{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},	584	{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
585	{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"},	585	{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"},
586	{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},	586	{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
		587	{ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"},
587	{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"},	588	{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"},
588	{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},	589	{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
589	{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},	590	{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7c1aef68b1..3eee18cbd6 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.68 2014/09/07 12:16:23 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.69 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -798,6 +798,7 @@ SSL_COMP ssl3_comp_find(STACK_OF(SSL_COMP) sk, int n);
798		798
799	int tls1_ec_curve_id2nid(int curve_id);	799	int tls1_ec_curve_id2nid(int curve_id);
800	int tls1_ec_nid2curve_id(int nid);	800	int tls1_ec_nid2curve_id(int nid);
		801	int tls1_check_curve(SSL s, const unsigned char p, size_t len);
801		802
802	unsigned char ssl_add_clienthello_tlsext(SSL s, unsigned char *p,	803	unsigned char ssl_add_clienthello_tlsext(SSL s, unsigned char *p,
803	unsigned char *limit);	804	unsigned char *limit);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 38f7fcfe7b..20f576e796 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.58 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -364,6 +364,49 @@ tls1_get_formatlist(SSL s, const unsigned char pformats, size_t pformatslen)
364	}	364	}
365		365
366	/*	366	/*
		367	* Return the appropriate curve list. If client_curves is non-zero, return
		368	* the client/session curves. Otherwise return the custom curve list if one
		369	* exists, or the default curves if a custom list has not been specified.
		370	*/
		371	static void
		372	tls1_get_curvelist(SSL s, int client_curves, const unsigned char *pcurves,
		373	size_t *pcurveslen)
		374	{
		375	if (client_curves != 0) {
		376	*pcurves = s->session->tlsext_ellipticcurvelist;
		377	*pcurveslen = s->session->tlsext_ellipticcurvelist_length;
		378	return;
		379	}
		380
		381	*pcurves = s->tlsext_ellipticcurvelist;
		382	*pcurveslen = s->tlsext_ellipticcurvelist_length;
		383	if (*pcurves == NULL) {
		384	*pcurves = eccurves_default;
		385	*pcurveslen = sizeof(eccurves_default);
		386	}
		387	}
		388
		389	/* Check that a curve is one of our preferences. */
		390	int
		391	tls1_check_curve(SSL s, const unsigned char p, size_t len)
		392	{
		393	const unsigned char *curves;
		394	size_t curveslen, i;
		395
		396	/* Only named curves are supported. */
		397	if (len != 3 \|\| p[0] != NAMED_CURVE_TYPE)
		398	return (0);
		399
		400	tls1_get_curvelist(s, 0, &curves, &curveslen);
		401
		402	for (i = 0; i < curveslen; i += 2, curves += 2) {
		403	if (p[1] == curves[0] && p[2] == curves[1])
		404	return (1);
		405	}
		406	return (0);
		407	}
		408
		409	/*
367	* List of supported signature algorithms and hashes. Should make this	410	* List of supported signature algorithms and hashes. Should make this
368	* customisable at some point, for now include everything we support.	411	* customisable at some point, for now include everything we support.
369	*/	412	*/