root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Add back check for the DH public key size 

This is needed for TLS-1.3.

Also add check for uncompressed point format for ECDHE as
the other formats are not allowed by RFC 8446.

Fixes #17667

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17785)
This commit is contained in:
Tomas Mraz 2022-02-10 11:49:37 +01:00
parent deaf22669a
commit 2e8be29cad
4 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/ssl_local.h
View File

@ -811,6 +811,9 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
size_t ssl_hmac_size(const SSL_HMAC *ctx); size_t ssl_hmac_size(const SSL_HMAC *ctx);
int ssl_get_EC_curve_nid(const EVP_PKEY *pkey); int ssl_get_EC_curve_nid(const EVP_PKEY *pkey);
__owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey,
const unsigned char *enckey,
size_t enckeylen);
typedef struct tls_group_info_st { typedef struct tls_group_info_st {
char *tlsname; /* Curve Name as in TLS specs */ char *tlsname; /* Curve Name as in TLS specs */

4
ssl/statem/extensions_clnt.c
View File

@ -1838,8 +1838,8 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 0; return 0;
} }
if (EVP_PKEY_set1_encoded_public_key(skey, PACKET_data(&encoded_pt), if (tls13_set_encoded_pub_key(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt)) <= 0) { PACKET_remaining(&encoded_pt)) <= 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT);
EVP_PKEY_free(skey); EVP_PKEY_free(skey);
return 0; return 0;

6
ssl/statem/extensions_srvr.c
View File

@ -663,9 +663,9 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
/* Cache the selected group ID in the SSL_SESSION */ /* Cache the selected group ID in the SSL_SESSION */
s->session->kex_group = group_id; s->session->kex_group = group_id;
if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, if (tls13_set_encoded_pub_key(s->s3.peer_tmp,
PACKET_data(&encoded_pt), PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt)) <= 0) { PACKET_remaining(&encoded_pt)) <= 0) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT);
return 0; return 0;
} }

19
ssl/t1_lib.c
View File

@ -3477,3 +3477,22 @@ int ssl_get_EC_curve_nid(const EVP_PKEY *pkey)
return NID_undef; return NID_undef;
} }
__owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey,
const unsigned char *enckey,
size_t enckeylen)
{
if (EVP_PKEY_is_a(pkey, "DH")) {
int bits = EVP_PKEY_get_bits(pkey);
if (bits <= 0 || enckeylen != (size_t)bits / 8)
/* the encoded key must be padded to the length of the p */
return 0;
} else if (EVP_PKEY_is_a(pkey, "EC")) {
if (enckeylen < 3 /* point format and at least 1 byte for x and y */
|| enckey[0] != 0x04)
return 0;
}
return EVP_PKEY_set1_encoded_public_key(pkey, enckey, enckeylen);
}