提交 5087afa1 编写于 作者: D Dr. Stephen Henson

Use default point formats extension for server side as well as client

side, if possible.

Don't advertise compressed char2 for SuiteB as it is not supported.
上级 93c2c9be
...@@ -624,6 +624,27 @@ static int tls1_check_ec_key(SSL *s, ...@@ -624,6 +624,27 @@ static int tls1_check_ec_key(SSL *s,
return 1; return 1;
} }
static void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *pformatslen)
{
/* If we have a custom point format list use it otherwise
* use default */
if (s->tlsext_ecpointformatlist)
{
*pformats = s->tlsext_ecpointformatlist;
*pformatslen = s->tlsext_ecpointformatlist_length;
}
else
{
*pformats = ecformats_default;
/* For Suite B we don't support char2 fields */
if (tls1_suiteb(s))
*pformatslen = sizeof(ecformats_default) - 1;
else
*pformatslen = sizeof(ecformats_default);
}
}
/* Check cert parameters compatible with extensions: currently just checks /* Check cert parameters compatible with extensions: currently just checks
* EC certificates have compatible curves and compression. * EC certificates have compatible curves and compression.
*/ */
...@@ -1155,16 +1176,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ...@@ -1155,16 +1176,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
long lenmax; long lenmax;
const unsigned char *plist; const unsigned char *plist;
size_t plistlen; size_t plistlen;
/* If we have a custom point format list use it otherwise
* use default */ tls1_get_formatlist(s, &plist, &plistlen);
plist = s->tlsext_ecpointformatlist;
if (plist)
plistlen = s->tlsext_ecpointformatlist_length;
else
{
plist = ecformats_default;
plistlen = sizeof(ecformats_default);
}
if ((lenmax = limit - ret - 5) < 0) return NULL; if ((lenmax = limit - ret - 5) < 0) return NULL;
if (plistlen > (size_t)lenmax) return NULL; if (plistlen > (size_t)lenmax) return NULL;
...@@ -1403,6 +1416,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha ...@@ -1403,6 +1416,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_NEXTPROTONEG #ifndef OPENSSL_NO_NEXTPROTONEG
int next_proto_neg_seen; int next_proto_neg_seen;
#endif #endif
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
/* don't add extensions for SSLv3, unless doing secure renegotiation */ /* don't add extensions for SSLv3, unless doing secure renegotiation */
if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
...@@ -1444,25 +1461,28 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha ...@@ -1444,25 +1461,28 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist != NULL && if (using_ecc && s->version != DTLS1_VERSION)
s->version != DTLS1_VERSION)
{ {
const unsigned char *plist;
size_t plistlen;
/* Add TLS extension ECPointFormats to the ServerHello message */ /* Add TLS extension ECPointFormats to the ServerHello message */
long lenmax; long lenmax;
tls1_get_formatlist(s, &plist, &plistlen);
if ((lenmax = limit - ret - 5) < 0) return NULL; if ((lenmax = limit - ret - 5) < 0) return NULL;
if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL; if (plistlen > (size_t)lenmax) return NULL;
if (s->tlsext_ecpointformatlist_length > 255) if (plistlen > 255)
{ {
SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return NULL; return NULL;
} }
s2n(TLSEXT_TYPE_ec_point_formats,ret); s2n(TLSEXT_TYPE_ec_point_formats,ret);
s2n(s->tlsext_ecpointformatlist_length + 1,ret); s2n(plistlen + 1,ret);
*(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length; *(ret++) = (unsigned char) plistlen;
memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); memcpy(ret, plist, plistlen);
ret+=s->tlsext_ecpointformatlist_length; ret+=plistlen;
} }
/* Currently the server should not respond with a SupportedCurves extension */ /* Currently the server should not respond with a SupportedCurves extension */
...@@ -2622,32 +2642,6 @@ int ssl_prepare_clienthello_tlsext(SSL *s) ...@@ -2622,32 +2642,6 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
int ssl_prepare_serverhello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s)
{ {
#ifndef OPENSSL_NO_EC
/* If we are server and using an ECC cipher suite, send the point formats we support
* if the client sent us an ECPointsFormat extension. Note that the server is not
* supposed to send an EllipticCurves extension.
*/
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
if (using_ecc)
{
if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
{
SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
return -1;
}
s->tlsext_ecpointformatlist_length = 3;
s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
}
#endif /* OPENSSL_NO_EC */
return 1; return 1;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册