Remove static ECDH support.
Remove support for static ECDH ciphersuites. They require ECDH keys in certificates and don't support forward secrecy. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
parent
fd7dc201d3
commit
ce0c1f2bb2
7 changed files with 30 additions and 484 deletions
341
ssl/s3_lib.c
341
ssl/s3_lib.c
|
@ -1645,85 +1645,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
/* Cipher C001 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_eNULL,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
0,
|
||||
0,
|
||||
},
|
||||
|
||||
/* Cipher C002 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_RC4,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C003 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
},
|
||||
|
||||
/* Cipher C004 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C005 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
},
|
||||
|
||||
/* Cipher C006 */
|
||||
{
|
||||
|
@ -1805,86 +1726,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
},
|
||||
|
||||
/* Cipher C00B */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_eNULL,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
0,
|
||||
0,
|
||||
},
|
||||
|
||||
/* Cipher C00C */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_RC4,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C00D */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_3DES,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
112,
|
||||
168,
|
||||
},
|
||||
|
||||
/* Cipher C00E */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_AES128,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C00F */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_AES256,
|
||||
SSL_SHA1,
|
||||
SSL_SSLV3,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
256,
|
||||
256,
|
||||
},
|
||||
|
||||
/* Cipher C010 */
|
||||
{
|
||||
1,
|
||||
|
@ -2227,37 +2068,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
},
|
||||
|
||||
/* Cipher C025 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C026 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_AES256,
|
||||
SSL_SHA384,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256,
|
||||
},
|
||||
|
||||
/* Cipher C027 */
|
||||
{
|
||||
|
@ -2291,38 +2101,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
},
|
||||
|
||||
/* Cipher C029 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_AES128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C02A */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_AES256,
|
||||
SSL_SHA384,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256,
|
||||
},
|
||||
|
||||
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
|
||||
|
||||
/* Cipher C02B */
|
||||
|
@ -2357,38 +2135,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
},
|
||||
|
||||
/* Cipher C02D */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_AES128GCM,
|
||||
SSL_AEAD,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C02E */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_AES256GCM,
|
||||
SSL_AEAD,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256,
|
||||
},
|
||||
|
||||
/* Cipher C02F */
|
||||
{
|
||||
1,
|
||||
|
@ -2421,38 +2167,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
},
|
||||
|
||||
/* Cipher C031 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_AES128GCM,
|
||||
SSL_AEAD,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128,
|
||||
},
|
||||
|
||||
/* Cipher C032 */
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_AES256GCM,
|
||||
SSL_AEAD,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH | SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256,
|
||||
},
|
||||
|
||||
/* PSK ciphersuites from RFC 5489 */
|
||||
/* Cipher C033 */
|
||||
{
|
||||
|
@ -2627,34 +2341,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
256},
|
||||
|
||||
{ /* Cipher C074 */
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_CAMELLIA128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128},
|
||||
|
||||
{ /* Cipher C075 */
|
||||
1,
|
||||
TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
SSL_kECDHe,
|
||||
SSL_aECDH,
|
||||
SSL_CAMELLIA256,
|
||||
SSL_SHA384,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256},
|
||||
|
||||
{ /* Cipher C076 */
|
||||
1,
|
||||
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
|
@ -2683,33 +2369,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
|
|||
256,
|
||||
256},
|
||||
|
||||
{ /* Cipher C078 */
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_CAMELLIA128,
|
||||
SSL_SHA256,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||||
128,
|
||||
128},
|
||||
|
||||
{ /* Cipher C079 */
|
||||
1,
|
||||
TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
|
||||
SSL_kECDHr,
|
||||
SSL_aECDH,
|
||||
SSL_CAMELLIA256,
|
||||
SSL_SHA384,
|
||||
SSL_TLSV1_2,
|
||||
SSL_HIGH,
|
||||
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
|
||||
256,
|
||||
256},
|
||||
# endif /* OPENSSL_NO_CAMELLIA */
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
|
|
|
@ -310,12 +310,9 @@ static const SSL_CIPHER cipher_aliases[] = {
|
|||
{0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
|
||||
0},
|
||||
|
||||
{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kECDHE, 0, 0, 0, 0, 0,
|
||||
{0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0,
|
||||
0, 0, 0},
|
||||
|
||||
{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||
|
@ -330,7 +327,6 @@ static const SSL_CIPHER cipher_aliases[] = {
|
|||
{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
|
||||
|
@ -503,8 +499,8 @@ void ssl_load_ciphers(void)
|
|||
disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_EC
|
||||
disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK;
|
||||
disabled_auth_mask |= SSL_aECDSA | SSL_aECDH;
|
||||
disabled_mkey_mask |= SSL_kECDHEPSK;
|
||||
disabled_auth_mask |= SSL_aECDSA;
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_PSK
|
||||
disabled_mkey_mask |= SSL_PSK;
|
||||
|
@ -1459,9 +1455,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
|
|||
ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
|
||||
&tail);
|
||||
|
||||
/* Move ciphers without forward secrecy to the end */
|
||||
ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
|
||||
&tail);
|
||||
/*
|
||||
* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
|
||||
* &head, &tail);
|
||||
|
@ -1606,12 +1599,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
case SSL_kDHE:
|
||||
kx = "DH";
|
||||
break;
|
||||
case SSL_kECDHr:
|
||||
kx = "ECDH/RSA";
|
||||
break;
|
||||
case SSL_kECDHe:
|
||||
kx = "ECDH/ECDSA";
|
||||
break;
|
||||
case SSL_kECDHE:
|
||||
kx = "ECDH";
|
||||
break;
|
||||
|
@ -1644,9 +1631,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
case SSL_aDSS:
|
||||
au = "DSS";
|
||||
break;
|
||||
case SSL_aECDH:
|
||||
au = "ECDH";
|
||||
break;
|
||||
case SSL_aNULL:
|
||||
au = "None";
|
||||
break;
|
||||
|
@ -1939,22 +1923,11 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
|
|||
/* For a cipher return the index corresponding to the certificate type */
|
||||
int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
|
||||
{
|
||||
uint32_t alg_k, alg_a;
|
||||
uint32_t alg_a;
|
||||
|
||||
alg_k = c->algorithm_mkey;
|
||||
alg_a = c->algorithm_auth;
|
||||
|
||||
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
|
||||
/*
|
||||
* we don't need to look at SSL_kECDHE since no certificate is needed
|
||||
* for anon ECDH and for authenticated ECDHE, the check for the auth
|
||||
* algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC
|
||||
* not an RSA cert but for ECDHE-RSA we need an RSA cert. Placing the
|
||||
* checks for SSL_kECDH before RSA checks ensures the correct cert is
|
||||
* chosen.
|
||||
*/
|
||||
return SSL_PKEY_ECC;
|
||||
} else if (alg_a & SSL_aECDSA)
|
||||
if (alg_a & SSL_aECDSA)
|
||||
return SSL_PKEY_ECC;
|
||||
else if (alg_a & SSL_aDSS)
|
||||
return SSL_PKEY_DSA_SIGN;
|
||||
|
|
|
@ -2504,7 +2504,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
unsigned long mask_k, mask_a;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
int have_ecc_cert, ecdsa_ok;
|
||||
int ecdh_ok;
|
||||
X509 *x = NULL;
|
||||
int pk_nid = 0, md_nid = 0;
|
||||
#endif
|
||||
|
@ -2575,23 +2574,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
cpk = &c->pkeys[SSL_PKEY_ECC];
|
||||
x = cpk->x509;
|
||||
ex_kusage = X509_get_key_usage(x);
|
||||
ecdh_ok = ex_kusage & X509v3_KU_KEY_AGREEMENT;
|
||||
ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
|
||||
if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
|
||||
ecdsa_ok = 0;
|
||||
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
|
||||
if (ecdh_ok) {
|
||||
|
||||
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
|
||||
mask_k |= SSL_kECDHr;
|
||||
mask_a |= SSL_aECDH;
|
||||
}
|
||||
|
||||
if (pk_nid == NID_X9_62_id_ecPublicKey) {
|
||||
mask_k |= SSL_kECDHe;
|
||||
mask_a |= SSL_aECDH;
|
||||
}
|
||||
}
|
||||
if (ecdsa_ok) {
|
||||
mask_a |= SSL_aECDSA;
|
||||
}
|
||||
|
@ -2621,50 +2607,14 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
|
||||
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
{
|
||||
unsigned long alg_k, alg_a;
|
||||
int md_nid = 0, pk_nid = 0;
|
||||
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
|
||||
uint32_t ex_kusage = X509_get_key_usage(x);
|
||||
|
||||
alg_k = cs->algorithm_mkey;
|
||||
alg_a = cs->algorithm_auth;
|
||||
|
||||
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
|
||||
|
||||
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
|
||||
/* key usage, if present, must allow key agreement */
|
||||
if (!(ex_kusage & X509v3_KU_KEY_AGREEMENT)) {
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
|
||||
SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
|
||||
return 0;
|
||||
}
|
||||
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
|
||||
/* signature alg must be ECDSA */
|
||||
if (pk_nid != NID_X9_62_id_ecPublicKey) {
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
|
||||
SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
|
||||
/* signature alg must be RSA */
|
||||
|
||||
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
|
||||
SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (alg_a & SSL_aECDSA) {
|
||||
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
|
||||
/* key usage, if present, must allow signing */
|
||||
if (!(ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) {
|
||||
if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
|
||||
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
|
||||
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1; /* all checks are ok */
|
||||
}
|
||||
|
||||
|
|
|
@ -297,24 +297,20 @@
|
|||
# define SSL_kDHE 0x00000002U
|
||||
/* synonym */
|
||||
# define SSL_kEDH SSL_kDHE
|
||||
/* ECDH cert, RSA CA cert */
|
||||
# define SSL_kECDHr 0x00000004U
|
||||
/* ECDH cert, ECDSA CA cert */
|
||||
# define SSL_kECDHe 0x00000008U
|
||||
/* ephemeral ECDH */
|
||||
# define SSL_kECDHE 0x00000010U
|
||||
# define SSL_kECDHE 0x00000004U
|
||||
/* synonym */
|
||||
# define SSL_kEECDH SSL_kECDHE
|
||||
/* PSK */
|
||||
# define SSL_kPSK 0x00000020U
|
||||
# define SSL_kPSK 0x00000008U
|
||||
/* GOST key exchange */
|
||||
# define SSL_kGOST 0x00000040U
|
||||
# define SSL_kGOST 0x00000010U
|
||||
/* SRP */
|
||||
# define SSL_kSRP 0x00000080U
|
||||
# define SSL_kSRP 0x00000020U
|
||||
|
||||
# define SSL_kRSAPSK 0x00000100U
|
||||
# define SSL_kECDHEPSK 0x00000200U
|
||||
# define SSL_kDHEPSK 0x00000400U
|
||||
# define SSL_kRSAPSK 0x00000040U
|
||||
# define SSL_kECDHEPSK 0x00000080U
|
||||
# define SSL_kDHEPSK 0x00000100U
|
||||
|
||||
/* all PSK */
|
||||
|
||||
|
@ -327,18 +323,16 @@
|
|||
# define SSL_aDSS 0x00000002U
|
||||
/* no auth (i.e. use ADH or AECDH) */
|
||||
# define SSL_aNULL 0x00000004U
|
||||
/* Fixed ECDH auth (kECDHe or kECDHr) */
|
||||
# define SSL_aECDH 0x00000008U
|
||||
/* ECDSA auth*/
|
||||
# define SSL_aECDSA 0x00000010U
|
||||
# define SSL_aECDSA 0x00000008U
|
||||
/* PSK auth */
|
||||
# define SSL_aPSK 0x00000020U
|
||||
# define SSL_aPSK 0x00000010U
|
||||
/* GOST R 34.10-2001 signature auth */
|
||||
# define SSL_aGOST01 0x00000040U
|
||||
# define SSL_aGOST01 0x00000020U
|
||||
/* SRP auth */
|
||||
# define SSL_aSRP 0x00000080U
|
||||
# define SSL_aSRP 0x00000040U
|
||||
/* GOST R 34.10-2012 signature auth */
|
||||
# define SSL_aGOST12 0x00000100U
|
||||
# define SSL_aGOST12 0x00000080U
|
||||
|
||||
/* Bits for algorithm_enc (symmetric encryption) */
|
||||
# define SSL_DES 0x00000001U
|
||||
|
|
|
@ -2264,19 +2264,14 @@ psk_err:
|
|||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
|
||||
else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
|
||||
|
||||
if (s->s3->peer_tmp != NULL) {
|
||||
skey = s->s3->peer_tmp;
|
||||
} else {
|
||||
/* Get the Server Public Key from Cert */
|
||||
skey = X509_get0_pubkey(s->session->peer);
|
||||
if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
ckey = ssl_generate_pkey(skey, NID_undef);
|
||||
|
||||
|
@ -2777,9 +2772,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_ECDSA_SIGNING_CERT);
|
||||
goto f_err;
|
||||
} else if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_ECDH_CERT);
|
||||
goto f_err;
|
||||
}
|
||||
#endif
|
||||
pkey = X509_get0_pubkey(s->session->peer);
|
||||
|
|
|
@ -2365,20 +2365,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
|
||||
EVP_PKEY *skey = NULL;
|
||||
|
||||
/* Let's get server private key and group information */
|
||||
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
|
||||
/* use the certificate */
|
||||
skey = s->cert->pkeys[SSL_PKEY_ECC].privatekey;
|
||||
} else {
|
||||
/*
|
||||
* use the ephermeral values we saved when generating the
|
||||
* ServerKeyExchange msg.
|
||||
*/
|
||||
skey = s->s3->tmp.pkey;
|
||||
}
|
||||
if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
|
||||
EVP_PKEY *skey = s->s3->tmp.pkey;
|
||||
|
||||
if (PACKET_remaining(pkt) == 0L) {
|
||||
/* We don't support ECDH client auth */
|
||||
|
|
18
ssl/t1_lib.c
18
ssl/t1_lib.c
|
@ -1072,14 +1072,6 @@ void ssl_set_client_disabled(SSL *s)
|
|||
if (s->client_version == SSL3_VERSION)
|
||||
s->s3->tmp.mask_ssl |= SSL_TLSV1;
|
||||
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
|
||||
/*
|
||||
* Disable static DH if we don't include any appropriate signature
|
||||
* algorithms.
|
||||
*/
|
||||
if (s->s3->tmp.mask_a & SSL_aRSA)
|
||||
s->s3->tmp.mask_k |= SSL_kECDHr;
|
||||
if (s->s3->tmp.mask_a & SSL_aECDSA)
|
||||
s->s3->tmp.mask_k |= SSL_kECDHe;
|
||||
# ifndef OPENSSL_NO_PSK
|
||||
/* with PSK there must be client callback set */
|
||||
if (!s->psk_client_callback) {
|
||||
|
@ -1130,8 +1122,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
|
|||
|
||||
alg_k = c->algorithm_mkey;
|
||||
alg_a = c->algorithm_auth;
|
||||
if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)
|
||||
|| (alg_a & SSL_aECDSA))) {
|
||||
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|
||||
|| (alg_a & SSL_aECDSA)) {
|
||||
using_ecc = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -1507,8 +1499,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
|
|||
#ifndef OPENSSL_NO_EC
|
||||
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
||||
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
|
||||
int using_ecc = (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe))
|
||||
|| (alg_a & SSL_aECDSA);
|
||||
int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
|
||||
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
|
||||
#endif
|
||||
|
||||
|
@ -2815,8 +2806,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
|
|||
&& (s->tlsext_ecpointformatlist_length > 0)
|
||||
&& (s->session->tlsext_ecpointformatlist != NULL)
|
||||
&& (s->session->tlsext_ecpointformatlist_length > 0)
|
||||
&& ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe))
|
||||
|| (alg_a & SSL_aECDSA))) {
|
||||
&& ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
|
||||
/* we are using an ECC cipher */
|
||||
size_t i;
|
||||
unsigned char *list;
|
||||
|
|
Loading…
Reference in a new issue