diff options
author | Bodo Möller <bodo@openssl.org> | 2003-07-22 12:34:21 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2003-07-22 12:34:21 +0000 |
commit | 968766cad84d15d556d9b8f7ab3c927df700c378 (patch) | |
tree | 29bd70e47d518c70ba3fdd1dbc360f3f6799b3bd /ssl | |
parent | 652ae06badda3a8964f650ce1713e335257548d9 (diff) |
updates for draft-ietf-tls-ecc-03.txt
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 20 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 20 | ||||
-rw-r--r-- | ssl/tls1.h | 4 |
3 files changed, 40 insertions, 4 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 211dd03b11..7eff4f1d5e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1870,6 +1870,7 @@ static int ssl3_send_client_key_exchange(SSL *s) { EC_GROUP *srvr_group = NULL; int ecdh_clnt_cert = 0; + int field_size = 0; /* Did we send out the client's * ECDH share for use in premaster @@ -1962,7 +1963,21 @@ static int ssl3_send_client_key_exchange(SSL *s) * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(clnt_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + else + n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2375,7 +2390,8 @@ err: /* This is the complement of nid2curve_id in s3_srvr.c. */ static int curve_id2nid(int curve_id) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ static int nid_list[26] = { 0, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c2ac8cb2fc..32ddc48090 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1962,6 +1962,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if ((l & SSL_kECDH) || (l & SSL_kECDHE)) { int ret = 1; + int field_size = 0; /* initialize structures for server's ECDH key pair */ if ((srvr_ecdh = EC_KEY_new()) == NULL) @@ -2062,7 +2063,21 @@ static int ssl3_get_client_key_exchange(SSL *s) } /* Compute the shared pre-master secret */ - i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(srvr_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + else + i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -2459,7 +2474,8 @@ int ssl3_send_server_certificate(SSL *s) /* This is the complement of curve_id2nid in s3_clnt.c. */ static int nid2curve_id(int nid) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ switch (nid) { case NID_sect163k1: /* sect163k1 (1) */ return 1; diff --git a/ssl/tls1.h b/ssl/tls1.h index 7f4a2f3085..be15445384 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -131,6 +131,10 @@ extern "C" { * suites to use 5B and 5C instead (this may change with future * updates to the IETF draft). */ +/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of + * ciphersuites, but does not define numbers for all of them + * because of possible conflicts with other Internet Drafts; + * most numbers are still subject to change. */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 #define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 |