diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-09-23 14:10:07 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-09-25 00:20:56 +0100 |
| commit | 3b4a7618534f11c6dcdc00d3402409725d9db7bf (patch) | |
| tree | c186d355f19ff29931b7949c6c31126165357966 /ssl/t1_lib.c | |
| parent | 255401756d8ad1fbd056ba017e24d790e82bbf45 (diff) | |
Don't allow non-FIPS curves in FIPS mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index aaf76d7963..5fed446ae0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -296,6 +296,38 @@ static const unsigned char suiteb_curves[] = 0, TLSEXT_curve_P_384 }; +#ifdef OPENSSL_FIPS +/* Brainpool not allowed in FIPS mode */ +static const unsigned char fips_curves_default[] = + { + 0,14, /* sect571r1 (14) */ + 0,13, /* sect571k1 (13) */ + 0,25, /* secp521r1 (25) */ + 0,11, /* sect409k1 (11) */ + 0,12, /* sect409r1 (12) */ + 0,24, /* secp384r1 (24) */ + 0,9, /* sect283k1 (9) */ + 0,10, /* sect283r1 (10) */ + 0,22, /* secp256k1 (22) */ + 0,23, /* secp256r1 (23) */ + 0,8, /* sect239k1 (8) */ + 0,6, /* sect233k1 (6) */ + 0,7, /* sect233r1 (7) */ + 0,20, /* secp224k1 (20) */ + 0,21, /* secp224r1 (21) */ + 0,4, /* sect193r1 (4) */ + 0,5, /* sect193r2 (5) */ + 0,18, /* secp192k1 (18) */ + 0,19, /* secp192r1 (19) */ + 0,1, /* sect163k1 (1) */ + 0,2, /* sect163r1 (2) */ + 0,3, /* sect163r2 (3) */ + 0,15, /* secp160k1 (15) */ + 0,16, /* secp160r1 (16) */ + 0,17, /* secp160r2 (17) */ + }; +#endif + int tls1_ec_curve_id2nid(int curve_id) { /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ @@ -406,6 +438,14 @@ static void tls1_get_curvelist(SSL *s, int sess, } if (!*pcurves) { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + *pcurves = fips_curves_default; + *pcurveslen = sizeof(fips_curves_default); + return; + } +#endif *pcurves = eccurves_default; *pcurveslen = sizeof(eccurves_default); } @@ -523,6 +563,14 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, unsigned long idmask; int id; id = tls1_ec_nid2curve_id(curves[i]); +#ifdef OPENSSL_FIPS + /* NB: 25 is last curve ID supported by FIPS module */ + if (FIPS_mode() && id > 25) + { + OPENSSL_free(clist); + return 0; + } +#endif idmask = 1L << id; if (!id || (dup_list & idmask)) { |