Remove static ECDH support.

Remove support for static ECDH ciphersuites. They require ECDH keys
in certificates and don't support forward secrecy.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2016-02-11 18:19:27 +00:00
parent fd7dc201d3
commit ce0c1f2bb2
7 changed files with 30 additions and 484 deletions

View file

@ -1645,85 +1645,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
#endif
#ifndef OPENSSL_NO_EC
/* Cipher C001 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
SSL_kECDHe,
SSL_aECDH,
SSL_eNULL,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
},
/* Cipher C002 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
SSL_kECDHe,
SSL_aECDH,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher C003 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHe,
SSL_aECDH,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher C004 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHe,
SSL_aECDH,
SSL_AES128,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher C005 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
SSL_kECDHe,
SSL_aECDH,
SSL_AES256,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher C006 */
{
@ -1805,86 +1726,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher C00B */
{
1,
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
SSL_kECDHr,
SSL_aECDH,
SSL_eNULL,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0,
0,
},
/* Cipher C00C */
{
1,
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
SSL_kECDHr,
SSL_aECDH,
SSL_RC4,
SSL_SHA1,
SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher C00D */
{
1,
TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHr,
SSL_aECDH,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher C00E */
{
1,
TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHr,
SSL_aECDH,
SSL_AES128,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher C00F */
{
1,
TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
SSL_kECDHr,
SSL_aECDH,
SSL_AES256,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher C010 */
{
1,
@ -2227,37 +2068,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher C025 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
SSL_kECDHe,
SSL_aECDH,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C026 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
SSL_kECDHe,
SSL_aECDH,
SSL_AES256,
SSL_SHA384,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
/* Cipher C027 */
{
@ -2291,38 +2101,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher C029 */
{
1,
TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
SSL_kECDHr,
SSL_aECDH,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C02A */
{
1,
TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
SSL_kECDHr,
SSL_aECDH,
SSL_AES256,
SSL_SHA384,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
/* GCM based TLS v1.2 ciphersuites from RFC5289 */
/* Cipher C02B */
@ -2357,38 +2135,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher C02D */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHe,
SSL_aECDH,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C02E */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHe,
SSL_aECDH,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
/* Cipher C02F */
{
1,
@ -2421,38 +2167,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher C031 */
{
1,
TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHr,
SSL_aECDH,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher C032 */
{
1,
TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHr,
SSL_aECDH,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
/* PSK ciphersuites from RFC 5489 */
/* Cipher C033 */
{
@ -2627,34 +2341,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256},
{ /* Cipher C074 */
1,
TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHe,
SSL_aECDH,
SSL_CAMELLIA128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128},
{ /* Cipher C075 */
1,
TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHe,
SSL_aECDH,
SSL_CAMELLIA256,
SSL_SHA384,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
{ /* Cipher C076 */
1,
TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
@ -2683,33 +2369,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256},
{ /* Cipher C078 */
1,
TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kECDHr,
SSL_aECDH,
SSL_CAMELLIA128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128},
{ /* Cipher C079 */
1,
TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
SSL_kECDHr,
SSL_aECDH,
SSL_CAMELLIA256,
SSL_SHA384,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256},
# endif /* OPENSSL_NO_CAMELLIA */
#endif /* OPENSSL_NO_EC */

View file

@ -310,12 +310,9 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
0},
{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kECDHE, 0, 0, 0, 0, 0,
{0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0,
0, 0, 0},
{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
@ -330,7 +327,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
@ -503,8 +499,8 @@ void ssl_load_ciphers(void)
disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
#endif
#ifdef OPENSSL_NO_EC
disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK;
disabled_auth_mask |= SSL_aECDSA | SSL_aECDH;
disabled_mkey_mask |= SSL_kECDHEPSK;
disabled_auth_mask |= SSL_aECDSA;
#endif
#ifdef OPENSSL_NO_PSK
disabled_mkey_mask |= SSL_PSK;
@ -1459,9 +1455,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
/* Move ciphers without forward secrecy to the end */
ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
/*
* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
* &head, &tail);
@ -1606,12 +1599,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kDHE:
kx = "DH";
break;
case SSL_kECDHr:
kx = "ECDH/RSA";
break;
case SSL_kECDHe:
kx = "ECDH/ECDSA";
break;
case SSL_kECDHE:
kx = "ECDH";
break;
@ -1644,9 +1631,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aDSS:
au = "DSS";
break;
case SSL_aECDH:
au = "ECDH";
break;
case SSL_aNULL:
au = "None";
break;
@ -1939,22 +1923,11 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
/* For a cipher return the index corresponding to the certificate type */
int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
{
uint32_t alg_k, alg_a;
uint32_t alg_a;
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
/*
* we don't need to look at SSL_kECDHE since no certificate is needed
* for anon ECDH and for authenticated ECDHE, the check for the auth
* algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC
* not an RSA cert but for ECDHE-RSA we need an RSA cert. Placing the
* checks for SSL_kECDH before RSA checks ensures the correct cert is
* chosen.
*/
return SSL_PKEY_ECC;
} else if (alg_a & SSL_aECDSA)
if (alg_a & SSL_aECDSA)
return SSL_PKEY_ECC;
else if (alg_a & SSL_aDSS)
return SSL_PKEY_DSA_SIGN;

View file

@ -2504,7 +2504,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
unsigned long mask_k, mask_a;
#ifndef OPENSSL_NO_EC
int have_ecc_cert, ecdsa_ok;
int ecdh_ok;
X509 *x = NULL;
int pk_nid = 0, md_nid = 0;
#endif
@ -2575,23 +2574,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
cpk = &c->pkeys[SSL_PKEY_ECC];
x = cpk->x509;
ex_kusage = X509_get_key_usage(x);
ecdh_ok = ex_kusage & X509v3_KU_KEY_AGREEMENT;
ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
ecdsa_ok = 0;
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
if (ecdh_ok) {
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
mask_k |= SSL_kECDHr;
mask_a |= SSL_aECDH;
}
if (pk_nid == NID_X9_62_id_ecPublicKey) {
mask_k |= SSL_kECDHe;
mask_a |= SSL_aECDH;
}
}
if (ecdsa_ok) {
mask_a |= SSL_aECDSA;
}
@ -2621,50 +2607,14 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
{
unsigned long alg_k, alg_a;
int md_nid = 0, pk_nid = 0;
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
uint32_t ex_kusage = X509_get_key_usage(x);
alg_k = cs->algorithm_mkey;
alg_a = cs->algorithm_auth;
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
/* key usage, if present, must allow key agreement */
if (!(ex_kusage & X509v3_KU_KEY_AGREEMENT)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
return 0;
}
if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
/* signature alg must be ECDSA */
if (pk_nid != NID_X9_62_id_ecPublicKey) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
return 0;
}
}
if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
/* signature alg must be RSA */
if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
return 0;
}
}
}
if (alg_a & SSL_aECDSA) {
if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
/* key usage, if present, must allow signing */
if (!(ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) {
if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}
}
return 1; /* all checks are ok */
}

View file

@ -297,24 +297,20 @@
# define SSL_kDHE 0x00000002U
/* synonym */
# define SSL_kEDH SSL_kDHE
/* ECDH cert, RSA CA cert */
# define SSL_kECDHr 0x00000004U
/* ECDH cert, ECDSA CA cert */
# define SSL_kECDHe 0x00000008U
/* ephemeral ECDH */
# define SSL_kECDHE 0x00000010U
# define SSL_kECDHE 0x00000004U
/* synonym */
# define SSL_kEECDH SSL_kECDHE
/* PSK */
# define SSL_kPSK 0x00000020U
# define SSL_kPSK 0x00000008U
/* GOST key exchange */
# define SSL_kGOST 0x00000040U
# define SSL_kGOST 0x00000010U
/* SRP */
# define SSL_kSRP 0x00000080U
# define SSL_kSRP 0x00000020U
# define SSL_kRSAPSK 0x00000100U
# define SSL_kECDHEPSK 0x00000200U
# define SSL_kDHEPSK 0x00000400U
# define SSL_kRSAPSK 0x00000040U
# define SSL_kECDHEPSK 0x00000080U
# define SSL_kDHEPSK 0x00000100U
/* all PSK */
@ -327,18 +323,16 @@
# define SSL_aDSS 0x00000002U
/* no auth (i.e. use ADH or AECDH) */
# define SSL_aNULL 0x00000004U
/* Fixed ECDH auth (kECDHe or kECDHr) */
# define SSL_aECDH 0x00000008U
/* ECDSA auth*/
# define SSL_aECDSA 0x00000010U
# define SSL_aECDSA 0x00000008U
/* PSK auth */
# define SSL_aPSK 0x00000020U
# define SSL_aPSK 0x00000010U
/* GOST R 34.10-2001 signature auth */
# define SSL_aGOST01 0x00000040U
# define SSL_aGOST01 0x00000020U
/* SRP auth */
# define SSL_aSRP 0x00000080U
# define SSL_aSRP 0x00000040U
/* GOST R 34.10-2012 signature auth */
# define SSL_aGOST12 0x00000100U
# define SSL_aGOST12 0x00000080U
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U

View file

@ -2264,19 +2264,14 @@ psk_err:
#endif
#ifndef OPENSSL_NO_EC
else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
if (s->s3->peer_tmp != NULL) {
skey = s->s3->peer_tmp;
} else {
/* Get the Server Public Key from Cert */
skey = X509_get0_pubkey(s->session->peer);
if ((skey == NULL) || EVP_PKEY_get0_EC_KEY(skey) == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
}
ckey = ssl_generate_pkey(skey, NID_undef);
@ -2777,9 +2772,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_ECDSA_SIGNING_CERT);
goto f_err;
} else if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_ECDH_CERT);
goto f_err;
}
#endif
pkey = X509_get0_pubkey(s->session->peer);

View file

@ -2365,20 +2365,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#endif
#ifndef OPENSSL_NO_EC
if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) {
EVP_PKEY *skey = NULL;
/* Let's get server private key and group information */
if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
/* use the certificate */
skey = s->cert->pkeys[SSL_PKEY_ECC].privatekey;
} else {
/*
* use the ephermeral values we saved when generating the
* ServerKeyExchange msg.
*/
skey = s->s3->tmp.pkey;
}
if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
EVP_PKEY *skey = s->s3->tmp.pkey;
if (PACKET_remaining(pkt) == 0L) {
/* We don't support ECDH client auth */

View file

@ -1072,14 +1072,6 @@ void ssl_set_client_disabled(SSL *s)
if (s->client_version == SSL3_VERSION)
s->s3->tmp.mask_ssl |= SSL_TLSV1;
ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
/*
* Disable static DH if we don't include any appropriate signature
* algorithms.
*/
if (s->s3->tmp.mask_a & SSL_aRSA)
s->s3->tmp.mask_k |= SSL_kECDHr;
if (s->s3->tmp.mask_a & SSL_aECDSA)
s->s3->tmp.mask_k |= SSL_kECDHe;
# ifndef OPENSSL_NO_PSK
/* with PSK there must be client callback set */
if (!s->psk_client_callback) {
@ -1130,8 +1122,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)
|| (alg_a & SSL_aECDSA))) {
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|| (alg_a & SSL_aECDSA)) {
using_ecc = 1;
break;
}
@ -1507,8 +1499,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
#ifndef OPENSSL_NO_EC
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe))
|| (alg_a & SSL_aECDSA);
int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif
@ -2815,8 +2806,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
&& (s->tlsext_ecpointformatlist_length > 0)
&& (s->session->tlsext_ecpointformatlist != NULL)
&& (s->session->tlsext_ecpointformatlist_length > 0)
&& ((alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe))
|| (alg_a & SSL_aECDSA))) {
&& ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
/* we are using an ECC cipher */
size_t i;
unsigned char *list;