update TLS-ECC code
Submitted by: Douglas Stebila
This commit is contained in:
Bodo Möller
parent
23d43aae27
commit
bc9320452c
6 changed files with 219 additions and 271 deletions
4
CHANGES
4
CHANGES
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
|
||||
|
||||
*) Update support for ECC-based TLS ciphersuites according to
|
||||
draft-ietf-tls-ecc-12.txt with proposed changes.
|
||||
[Douglas Stebila]
|
||||
|
||||
*) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
|
||||
opaque EVP_CIPHER_CTX handling.
|
||||
[Steve Henson]
|
||||
|
|
|
|||
|
|
@ -20,23 +20,23 @@ SSLTEST=$OPENSSL_DIR/test/ssltest
|
|||
SSLVERSION=
|
||||
|
||||
# These don't really require any certificates
|
||||
AECDH_CIPHER_LIST="EXP-AECDH-RC4-40-SHA EXP-AECDH-DES-40-CBC-SHA AECDH-DES-CBC3-SHA AECDH-DES-CBC-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
|
||||
AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
|
||||
|
||||
# These require ECC certificates signed with ECDSA
|
||||
# The EC public key must be authorized for key agreement.
|
||||
ECDH_ECDSA_CIPHER_LIST="EXP-ECDH-ECDSA-RC4-56-SHA EXP-ECDH-ECDSA-RC4-40-SHA ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
|
||||
ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
|
||||
|
||||
# These require ECC certificates.
|
||||
# The EC public key must be authorized for digital signature.
|
||||
ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES128-SHA"
|
||||
ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"
|
||||
|
||||
# These require ECC certificates signed with RSA.
|
||||
# The EC public key must be authorized for key agreement.
|
||||
ECDH_RSA_CIPHER_LIST="EXP-ECDH-RSA-RC4-56-SHA EXP-ECDH-RSA-RC4-40-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-DES-CBC-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
|
||||
ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
|
||||
|
||||
# These require RSA certificates.
|
||||
# The RSA public key must be authorized for digital signature.
|
||||
ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES128-SHA"
|
||||
ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"
|
||||
|
||||
# List of Elliptic curves over which we wish to test generation of
|
||||
# ephemeral ECDH keys when using AECDH or ECDHE ciphers
|
||||
|
|
@ -78,9 +78,9 @@ done
|
|||
|
||||
for curve in $ELLIPTIC_CURVE_LIST
|
||||
do
|
||||
echo "Testing EXP-AECDH-RC4-40-SHA (with $curve)"
|
||||
echo "Testing AECDH-RC4-SHA (with $curve)"
|
||||
$SSLTEST $SSL_VERSION -cert $SERVER_PEM \
|
||||
-named_curve $curve -cipher EXP-AECDH-RC4-40-SHA
|
||||
-named_curve $curve -cipher AECDH-RC4-SHA
|
||||
done
|
||||
fi
|
||||
|
||||
|
|
@ -167,6 +167,9 @@ if [ "$1" = "ecdhe-rsa" ]; then
|
|||
for cipher in $ECDHE_RSA_CIPHER_LIST
|
||||
do
|
||||
echo "Testing $cipher (with server authentication)"
|
||||
echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
|
||||
-cert $SERVER_PEM -server_auth \
|
||||
-cipher $cipher -named_curve $DEFAULT_CURVE
|
||||
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \
|
||||
-cert $SERVER_PEM -server_auth \
|
||||
-cipher $cipher -named_curve $DEFAULT_CURVE
|
||||
|
|
|
|||
|
|
@ -1211,12 +1211,12 @@ int ssl3_get_key_exchange(SSL *s)
|
|||
*/
|
||||
|
||||
/* XXX: For now we only support named (not generic) curves
|
||||
* and the ECParameters in this case is just two bytes.
|
||||
* and the ECParameters in this case is just three bytes.
|
||||
*/
|
||||
param_len=2;
|
||||
param_len=3;
|
||||
if ((param_len > n) ||
|
||||
(*p != NAMED_CURVE_TYPE) ||
|
||||
((curve_nid = curve_id2nid(*(p + 1))) == 0))
|
||||
((curve_nid = curve_id2nid(*(p + 2))) == 0))
|
||||
{
|
||||
al=SSL_AD_INTERNAL_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
|
||||
|
|
@ -1246,7 +1246,7 @@ int ssl3_get_key_exchange(SSL *s)
|
|||
goto f_err;
|
||||
}
|
||||
|
||||
p+=2;
|
||||
p+=3;
|
||||
|
||||
/* Next, get the encoded ECPoint */
|
||||
if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
|
||||
|
|
@ -1614,22 +1614,6 @@ int ssl3_get_server_done(SSL *s)
|
|||
}
|
||||
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
static const int KDF1_SHA1_len = 20;
|
||||
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
if (*outlen < SHA_DIGEST_LENGTH)
|
||||
return NULL;
|
||||
else
|
||||
*outlen = SHA_DIGEST_LENGTH;
|
||||
return SHA1(in, inlen, out);
|
||||
#else
|
||||
return NULL;
|
||||
#endif /* OPENSSL_NO_SHA */
|
||||
}
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
int ssl3_send_client_key_exchange(SSL *s)
|
||||
{
|
||||
unsigned char *p,*d;
|
||||
|
|
@ -2027,14 +2011,7 @@ int ssl3_send_client_key_exchange(SSL *s)
|
|||
ERR_R_ECDH_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If field size is not more than 24 octets, then use SHA-1 hash of result;
|
||||
* otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
|
||||
* this is new with this version of the Internet Draft).
|
||||
*/
|
||||
if (field_size <= 24 * 8)
|
||||
n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1);
|
||||
else
|
||||
n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
|
||||
n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
|
||||
if (n <= 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
|
||||
|
|
|
|||
298
ssl/s3_lib.c
298
ssl/s3_lib.c
|
|
@ -901,8 +901,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* Cipher 47 */
|
||||
/* Cipher C001 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
|
|
@ -916,7 +917,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 48 */
|
||||
/* Cipher C002 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
|
|
@ -930,21 +931,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 49 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4A */
|
||||
/* Cipher C003 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
|
|
@ -958,7 +945,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4B */
|
||||
/* Cipher C004 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
|
|
@ -972,7 +959,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4C */
|
||||
/* Cipher C005 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
|
|
@ -986,7 +973,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4D */
|
||||
/* Cipher C006 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C007 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C008 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C009 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00A */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C00B */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
|
||||
|
|
@ -1000,7 +1057,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4E */
|
||||
/* Cipher C00C */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
|
|
@ -1014,21 +1071,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 4F */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 50 */
|
||||
/* Cipher C00D */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
|
|
@ -1042,7 +1085,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 51 */
|
||||
/* Cipher C00E */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
|
|
@ -1056,7 +1099,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 52 */
|
||||
/* Cipher C00F */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
|
|
@ -1070,35 +1113,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 53 */
|
||||
/* Cipher C010 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
40,
|
||||
0,
|
||||
0,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C011 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 54 */
|
||||
/* Cipher C012 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
|
||||
TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
|
||||
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP56,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
56,
|
||||
168,
|
||||
168,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C013 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 55 */
|
||||
/* Cipher C014 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher C015 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
|
||||
|
|
@ -1112,7 +1197,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 56 */
|
||||
/* Cipher C016 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
|
||||
|
|
@ -1126,21 +1211,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 57 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_LOW,
|
||||
0,
|
||||
56,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 58 */
|
||||
/* Cipher C017 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
|
||||
|
|
@ -1154,63 +1225,33 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 59 */
|
||||
/* Cipher C018 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
40,
|
||||
56,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 5A */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
/* Cipher 5B */
|
||||
/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP40,
|
||||
0,
|
||||
40,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 5C */
|
||||
/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
|
||||
/* Cipher C019 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
|
||||
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
|
||||
SSL_EXPORT|SSL_EXP56,
|
||||
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
56,
|
||||
128,
|
||||
256,
|
||||
256,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
|
||||
|
|
@ -1308,45 +1349,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
|
|||
},
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
|
||||
* are not yet specified in the ECC/TLS draft but our code
|
||||
* allows them to be implemented very easily. To add such
|
||||
* a cipher suite, one needs to add two constant definitions
|
||||
* to tls1.h and a new structure in this file as shown below. We
|
||||
* illustrate the process for the made-up cipher
|
||||
* ECDHE-ECDSA-AES128-SHA.
|
||||
*/
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
|
||||
/* Cipher 78 XXX: Another made-up ECC cipher suite that
|
||||
* offers forward secrecy (ECDHE-RSA-AES128-SHA).
|
||||
*/
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
0,
|
||||
128,
|
||||
128,
|
||||
SSL_ALL_CIPHERS,
|
||||
SSL_ALL_STRENGTHS,
|
||||
},
|
||||
#endif /* !OPENSSL_NO_ECDH */
|
||||
|
||||
/* end of list */
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s)
|
|||
|
||||
/* XXX: For now, we only support named (not
|
||||
* generic) curves in ECDH ephemeral key exchanges.
|
||||
* In this situation, we need three additional bytes
|
||||
* In this situation, we need four additional bytes
|
||||
* to encode the entire ServerECDHParams
|
||||
* structure.
|
||||
*/
|
||||
n = 3 + encodedlen;
|
||||
n = 4 + encodedlen;
|
||||
|
||||
/* We'll generate the serverKeyExchange message
|
||||
* explicitly so we can set these to NULLs
|
||||
|
|
@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s)
|
|||
r[0]=NULL;
|
||||
r[1]=NULL;
|
||||
r[2]=NULL;
|
||||
r[3]=NULL;
|
||||
}
|
||||
else
|
||||
#endif /* !OPENSSL_NO_ECDH */
|
||||
|
|
@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s)
|
|||
{
|
||||
/* XXX: For now, we only support named (not generic) curves.
|
||||
* In this situation, the serverKeyExchange message has:
|
||||
* [1 byte CurveType], [1 byte CurveName]
|
||||
* [1 byte CurveType], [2 byte CurveName]
|
||||
* [1 byte length of encoded point], followed by
|
||||
* the actual encoded point itself
|
||||
*/
|
||||
*p = NAMED_CURVE_TYPE;
|
||||
p += 1;
|
||||
*p = 0;
|
||||
p += 1;
|
||||
*p = curve_id;
|
||||
p += 1;
|
||||
*p = encodedlen;
|
||||
|
|
@ -1637,23 +1640,6 @@ err:
|
|||
return(-1);
|
||||
}
|
||||
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
static const int KDF1_SHA1_len = 20;
|
||||
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
|
||||
{
|
||||
#ifndef OPENSSL_NO_SHA
|
||||
if (*outlen < SHA_DIGEST_LENGTH)
|
||||
return NULL;
|
||||
else
|
||||
*outlen = SHA_DIGEST_LENGTH;
|
||||
return SHA1(in, inlen, out);
|
||||
#else
|
||||
return NULL;
|
||||
#endif /* OPENSSL_NO_SHA */
|
||||
}
|
||||
#endif /* OPENSSL_NO_ECDH */
|
||||
|
||||
int ssl3_get_client_key_exchange(SSL *s)
|
||||
{
|
||||
int i,al,ok;
|
||||
|
|
@ -2156,14 +2142,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
|||
ERR_R_ECDH_LIB);
|
||||
goto err;
|
||||
}
|
||||
/* If field size is not more than 24 octets, then use SHA-1 hash of result;
|
||||
* otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
|
||||
* this is new with this version of the Internet Draft).
|
||||
*/
|
||||
if (field_size <= 24 * 8)
|
||||
i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1);
|
||||
else
|
||||
i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
|
||||
i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
|
||||
if (i <= 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
|
|
|
|||
103
ssl/tls1.h
103
ssl/tls1.h
|
|
@ -125,51 +125,36 @@ extern "C" {
|
|||
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
|
||||
#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
|
||||
|
||||
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001).
|
||||
* XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C
|
||||
* are defined twice so we define ECDH_ECDSA_EXPORT cipher
|
||||
* suites to use 5B and 5C instead (this may change with future
|
||||
* updates to the IETF draft).
|
||||
*/
|
||||
/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of
|
||||
* ciphersuites, but does not define numbers for all of them
|
||||
* because of possible conflicts with other Internet Drafts;
|
||||
* most numbers are still subject to change. */
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C
|
||||
#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B
|
||||
#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C
|
||||
/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
|
||||
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
|
||||
|
||||
#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D
|
||||
#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E
|
||||
#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F
|
||||
#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052
|
||||
#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053
|
||||
#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
|
||||
|
||||
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055
|
||||
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056
|
||||
#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057
|
||||
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058
|
||||
#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059
|
||||
#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A
|
||||
#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
|
||||
#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
|
||||
#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
|
||||
#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
|
||||
|
||||
/* XXX: ECC ciphersuites offering forward secrecy are not yet specified
|
||||
* in the ECC/TLS draft but our code allows them to be implemented
|
||||
* very easily. To add such a cipher suite, one needs to add two constant
|
||||
* definitions to this file and a new structure in s3_lib.c. We illustrate
|
||||
* the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and
|
||||
* ECDHE-RSA-AES128-SHA.
|
||||
*/
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
|
||||
#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
|
||||
|
||||
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
|
||||
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
|
||||
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
|
||||
#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
|
||||
#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
|
||||
|
||||
/* XXX
|
||||
* Inconsistency alert:
|
||||
|
|
@ -204,43 +189,41 @@ extern "C" {
|
|||
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA "ECDH-ECDSA-DES-CBC-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-ECDSA-RC4-40-SHA"
|
||||
#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-ECDSA-RC4-56-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA "ECDH-RSA-DES-CBC-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-RSA-RC4-40-SHA"
|
||||
#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-RSA-RC4-56-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA "AECDH-DES-CBC-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA "EXP-AECDH-DES-40-CBC-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA "EXP-AECDH-RC4-40-SHA"
|
||||
|
||||
/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for
|
||||
* illustration only.
|
||||
*/
|
||||
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
|
||||
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
|
||||
|
||||
#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
|
||||
#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
|
||||
|
||||
#define TLS_CT_RSA_SIGN 1
|
||||
#define TLS_CT_DSS_SIGN 2
|
||||
#define TLS_CT_RSA_FIXED_DH 3
|
||||
#define TLS_CT_DSS_FIXED_DH 4
|
||||
#define TLS_CT_ECDSA_SIGN 5
|
||||
#define TLS_CT_RSA_FIXED_ECDH 6
|
||||
#define TLS_CT_ECDSA_FIXED_ECDH 7
|
||||
#define TLS_CT_ECDSA_SIGN 64
|
||||
#define TLS_CT_RSA_FIXED_ECDH 65
|
||||
#define TLS_CT_ECDSA_FIXED_ECDH 66
|
||||
#define TLS_CT_NUMBER 7
|
||||
|
||||
#define TLS1_FINISH_MAC_LENGTH 12
|
||||
|
|
|
|||
Loading…
Reference in a new issue