From: Dr. Stephen Henson Date: Wed, 26 Dec 2012 15:27:04 +0000 (+0000) Subject: check EC tmp key matches preferences X-Git-Tag: OpenSSL_1_0_2-beta1~508 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=44adfeb6c0cc283e89b716d194ce557a592d2018;p=oweals%2Fopenssl.git check EC tmp key matches preferences (backport from HEAD) --- diff --git a/CHANGES b/CHANGES index 7b58b29603..df99053807 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,9 @@ OID NID. [Steve Henson] + *) If server EC tmp key is not in client preference list abort handshake. + [Steve Henson] + *) Add support for certificate stores in CERT structure. This makes it possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4c1967ea01..a5f3d02b4c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1648,9 +1648,17 @@ int ssl3_get_key_exchange(SSL *s) * and the ECParameters in this case is just three bytes. */ param_len=3; - if ((param_len > n) || - (*p != NAMED_CURVE_TYPE) || - ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) + /* Check curve is one of our prefrences, if not server has + * sent an invalid curve. + */ + if (!tls1_check_curve(s, p, param_len)) + { + al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_CURVE); + goto f_err; + } + + if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); diff --git a/ssl/ssl.h b/ssl/ssl.h index e9ed52bb41..d399fbc971 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2745,6 +2745,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CIPHER_RETURNED 261 +#define SSL_R_WRONG_CURVE 378 #define SSL_R_WRONG_MESSAGE_TYPE 262 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 #define SSL_R_WRONG_SIGNATURE_LENGTH 264 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 99192e9182..d3429403df 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -604,6 +604,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, +{ERR_REASON(SSL_R_WRONG_CURVE) ,"wrong curve"}, {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 874d12b3b9..2e02145082 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1188,6 +1188,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); #ifndef OPENSSL_NO_EC int tls1_ec_curve_id2nid(int curve_id); int tls1_ec_nid2curve_id(int nid); +int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); int tls1_shared_curve(SSL *s, int nmatch); int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d84c24df8f..101cfa12a6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -333,6 +333,21 @@ static void tls1_get_curvelist(SSL *s, int sess, *pcurveslen = sizeof(eccurves_default); } } +/* Check a curve is one of our preferences */ +int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) + { + const unsigned char *curves; + size_t curveslen, i; + if (len != 3 || p[0] != NAMED_CURVE_TYPE) + return 0; + tls1_get_curvelist(s, 0, &curves, &curveslen); + for (i = 0; i < curveslen; i += 2, curves += 2) + { + if (p[1] == curves[0] && p[2] == curves[1]) + return 1; + } + return 0; + } /* Return nth shared curve. If nmatch == -1 return number of * matches. @@ -584,7 +599,12 @@ int tls1_check_ec_tmp_key(SSL *s) } if (!tls1_set_ec_id(curve_id, NULL, ec)) return 0; +/* Set this to allow use of invalid curves for testing */ +#if 0 + return 1; +#else return tls1_check_ec_key(s, curve_id, NULL); +#endif } #endif /* OPENSSL_NO_EC */