From 1db3107ada6a93140b6b7deb59346b1c14e0adb8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 25 Feb 2016 17:46:14 +0000 Subject: TLS support for X25519 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add X25519 to TLS supported curve list. Reject attempts to configure keys which cannot be used for signing. Reviewed-by: Rich Salz Reviewed-by: Emilia Käsper --- crypto/ec/ec_err.c | 3 ++- include/openssl/ec.h | 1 + ssl/ssl_rsa.c | 5 +++++ ssl/t1_lib.c | 10 ++++++++-- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index b4edc212f5..399e4c79fc 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,4 +1,3 @@ -/* crypto/ec/ec_err.c */ /* ==================================================================== * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * @@ -275,6 +274,8 @@ static ERR_STRING_DATA EC_str_reasons[] = { {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"}, + {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), + "curve does not support signing"}, {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE), "d2i ecpkparameters failure"}, {ERR_REASON(EC_R_DECODE_ERROR), "decode error"}, diff --git a/include/openssl/ec.h b/include/openssl/ec.h index ccd410f772..b03b65d1ee 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1569,6 +1569,7 @@ void ERR_load_EC_strings(void); # define EC_R_BIGNUM_OUT_OF_RANGE 144 # define EC_R_BUFFER_TOO_SMALL 100 # define EC_R_COORDINATES_OUT_OF_RANGE 146 +# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 # define EC_R_DECODE_ERROR 142 # define EC_R_DISCRIMINANT_IS_ZERO 118 diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f93db31c77..abced26ae1 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -378,6 +378,11 @@ static int ssl_set_cert(CERT *c, X509 *x) return 0; } + if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) { + SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING); + return 0; + } + if (c->pkeys[i].privatekey != NULL) { /* * The return code from EVP_PKEY_copy_parameters is deliberately diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index db5f0f6b44..f02317e09f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -222,9 +222,11 @@ typedef struct { unsigned int flags; /* Flags: currently just field type */ } tls_curve_info; -# define TLS_CURVE_TYPE 0x1 -# define TLS_CURVE_CHAR2 0x1 +/* Mask for curve type */ +# define TLS_CURVE_TYPE 0x3 # define TLS_CURVE_PRIME 0x0 +# define TLS_CURVE_CHAR2 0x1 +# define TLS_CURVE_CUSTOM 0x2 /* * Table of curve information. @@ -261,6 +263,8 @@ static const tls_curve_info nid_list[] = { {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ + /* X25519 (29) */ + {NID_X25519, 128, TLS_CURVE_CUSTOM}, }; static const unsigned char ecformats_default[] = { @@ -271,6 +275,7 @@ static const unsigned char ecformats_default[] = { /* The default curves */ static const unsigned char eccurves_default[] = { + 0, 29, /* X25519 (29) */ /* Prefer P-256 which has the fastest and most secure implementations. */ 0, 23, /* secp256r1 (23) */ /* Other >= 256-bit prime curves. */ @@ -290,6 +295,7 @@ static const unsigned char eccurves_default[] = { }; static const unsigned char eccurves_all[] = { + 0, 29, /* X25519 (29) */ /* Prefer P-256 which has the fastest and most secure implementations. */ 0, 23, /* secp256r1 (23) */ /* Other >= 256-bit prime curves. */ -- cgit v1.2.3