From d6d3c94e716944f599b1fba47074672a44305369 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 26 Sep 2014 14:58:42 +0000 Subject: Now that we have a static version of the default EC formats, also use it for the server hello. From OpenSSL. ok miod@ --- src/lib/libssl/src/ssl/t1_lib.c | 91 ++++++++++++++++++++--------------------- src/lib/libssl/t1_lib.c | 91 ++++++++++++++++++++--------------------- 2 files changed, 88 insertions(+), 94 deletions(-) diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 7e4aba7f23..38f7fcfe7b 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.56 2014/09/22 14:26:22 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -349,6 +349,20 @@ tls1_ec_nid2curve_id(int nid) } } +static void +tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen) +{ + /* + * If we have a custom point format list use it, otherwise use default. + */ + *pformats = s->tlsext_ecpointformatlist; + *pformatslen = s->tlsext_ecpointformatlist_length; + if (*pformats == NULL) { + *pformats = ecformats_default; + *pformatslen = sizeof(ecformats_default); + } +} + /* * List of supported signature algorithms and hashes. Should make this * customisable at some point, for now include everything we support. @@ -486,20 +500,11 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) /* * Add TLS extension ECPointFormats to the ClientHello message. */ - size_t lenmax; const unsigned char *plist; size_t plistlen; + size_t lenmax; - /* - * If we have a custom point format list use it otherwise - * use default. - */ - plist = s->tlsext_ecpointformatlist; - plistlen = s->tlsext_ecpointformatlist_length; - if (plist == NULL) { - plist = ecformats_default; - plistlen = sizeof(ecformats_default); - } + tls1_get_formatlist(s, &plist, &plistlen); if ((size_t)(limit - ret) < 5) return NULL; @@ -723,12 +728,19 @@ skip_ext: unsigned char * ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) { - int extdatalen = 0; + int using_ecc, extdatalen = 0; + unsigned long alg_a, alg_k; unsigned char *ret = p; #ifndef OPENSSL_NO_NEXTPROTONEG int next_proto_neg_seen; #endif + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || + alg_a & SSL_aECDSA) && + s->session->tlsext_ecpointformatlist != NULL; + /* don't add extensions for SSLv3, unless doing secure renegotiation */ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) return p; @@ -770,32 +782,39 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) ret += el; } - if (s->tlsext_ecpointformatlist != NULL && - s->version != DTLS1_VERSION) { - /* Add TLS extension ECPointFormats to the ServerHello message */ + if (using_ecc && s->version != DTLS1_VERSION) { + /* + * Add TLS extension ECPointFormats to the ServerHello message. + */ + const unsigned char *plist; + size_t plistlen; size_t lenmax; + tls1_get_formatlist(s, &plist, &plistlen); + if ((size_t)(limit - ret) < 5) return NULL; lenmax = limit - ret - 5; - if (s->tlsext_ecpointformatlist_length > lenmax) + if (plistlen > lenmax) return NULL; - if (s->tlsext_ecpointformatlist_length > 255) { + if (plistlen > 255) { SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } s2n(TLSEXT_TYPE_ec_point_formats, ret); - s2n(s->tlsext_ecpointformatlist_length + 1, ret); - *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; - memcpy(ret, s->tlsext_ecpointformatlist, - s->tlsext_ecpointformatlist_length); - ret += s->tlsext_ecpointformatlist_length; - + s2n(plistlen + 1, ret); + *(ret++) = (unsigned char)plistlen; + memcpy(ret, plist, plistlen); + ret += plistlen; } - /* Currently the server should not respond with a SupportedCurves extension */ + + /* + * Currently the server should not respond with a SupportedCurves + * extension. + */ if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { @@ -1526,28 +1545,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s) { - /* If we are server and using an ECC cipher suite, send the point formats we support - * if the client sent us an ECPointsFormat extension. Note that the server is not - * supposed to send an EllipticCurves extension. - */ - - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); - using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); - - if (using_ecc) { - free(s->tlsext_ecpointformatlist); - if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { - SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); - return -1; - } - s->tlsext_ecpointformatlist_length = 3; - s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; - s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - } - return 1; } diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 7e4aba7f23..38f7fcfe7b 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.56 2014/09/22 14:26:22 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -349,6 +349,20 @@ tls1_ec_nid2curve_id(int nid) } } +static void +tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen) +{ + /* + * If we have a custom point format list use it, otherwise use default. + */ + *pformats = s->tlsext_ecpointformatlist; + *pformatslen = s->tlsext_ecpointformatlist_length; + if (*pformats == NULL) { + *pformats = ecformats_default; + *pformatslen = sizeof(ecformats_default); + } +} + /* * List of supported signature algorithms and hashes. Should make this * customisable at some point, for now include everything we support. @@ -486,20 +500,11 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) /* * Add TLS extension ECPointFormats to the ClientHello message. */ - size_t lenmax; const unsigned char *plist; size_t plistlen; + size_t lenmax; - /* - * If we have a custom point format list use it otherwise - * use default. - */ - plist = s->tlsext_ecpointformatlist; - plistlen = s->tlsext_ecpointformatlist_length; - if (plist == NULL) { - plist = ecformats_default; - plistlen = sizeof(ecformats_default); - } + tls1_get_formatlist(s, &plist, &plistlen); if ((size_t)(limit - ret) < 5) return NULL; @@ -723,12 +728,19 @@ skip_ext: unsigned char * ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) { - int extdatalen = 0; + int using_ecc, extdatalen = 0; + unsigned long alg_a, alg_k; unsigned char *ret = p; #ifndef OPENSSL_NO_NEXTPROTONEG int next_proto_neg_seen; #endif + alg_a = s->s3->tmp.new_cipher->algorithm_auth; + alg_k = s->s3->tmp.new_cipher->algorithm_mkey; + using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || + alg_a & SSL_aECDSA) && + s->session->tlsext_ecpointformatlist != NULL; + /* don't add extensions for SSLv3, unless doing secure renegotiation */ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) return p; @@ -770,32 +782,39 @@ ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) ret += el; } - if (s->tlsext_ecpointformatlist != NULL && - s->version != DTLS1_VERSION) { - /* Add TLS extension ECPointFormats to the ServerHello message */ + if (using_ecc && s->version != DTLS1_VERSION) { + /* + * Add TLS extension ECPointFormats to the ServerHello message. + */ + const unsigned char *plist; + size_t plistlen; size_t lenmax; + tls1_get_formatlist(s, &plist, &plistlen); + if ((size_t)(limit - ret) < 5) return NULL; lenmax = limit - ret - 5; - if (s->tlsext_ecpointformatlist_length > lenmax) + if (plistlen > lenmax) return NULL; - if (s->tlsext_ecpointformatlist_length > 255) { + if (plistlen > 255) { SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } s2n(TLSEXT_TYPE_ec_point_formats, ret); - s2n(s->tlsext_ecpointformatlist_length + 1, ret); - *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; - memcpy(ret, s->tlsext_ecpointformatlist, - s->tlsext_ecpointformatlist_length); - ret += s->tlsext_ecpointformatlist_length; - + s2n(plistlen + 1, ret); + *(ret++) = (unsigned char)plistlen; + memcpy(ret, plist, plistlen); + ret += plistlen; } - /* Currently the server should not respond with a SupportedCurves extension */ + + /* + * Currently the server should not respond with a SupportedCurves + * extension. + */ if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { @@ -1526,28 +1545,6 @@ ssl_prepare_clienthello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s) { - /* If we are server and using an ECC cipher suite, send the point formats we support - * if the client sent us an ECPointsFormat extension. Note that the server is not - * supposed to send an EllipticCurves extension. - */ - - unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); - using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); - - if (using_ecc) { - free(s->tlsext_ecpointformatlist); - if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) { - SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); - return -1; - } - s->tlsext_ecpointformatlist_length = 3; - s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; - s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - } - return 1; } -- cgit v1.2.3-55-g6feb