From: Dr. Stephen Henson Date: Sat, 12 Dec 2015 17:41:18 +0000 (+0000) Subject: Remove ECDH client auth code. X-Git-Tag: OpenSSL_1_1_0-pre2~213 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=c66ce5eb23f7611bd2822650d6ffeacbe0671072 Remove ECDH client auth code. Remove incomplete non-functional ECDH client authentication code. Reviewed-by: Richard Levitte --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c08065f035..fd101285c4 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4722,14 +4722,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) p[ret++] = SSL3_CT_DSS_SIGN; #endif #ifndef OPENSSL_NO_EC - if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { - if (nostrict || !(alg_a & SSL_aRSA)) - p[ret++] = TLS_CT_RSA_FIXED_ECDH; - if (nostrict || !(alg_a & SSL_aECDSA)) - p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; - } /* - * ECDSA certs can be used with RSA cipher suites as well so we don't + * ECDSA certs can be used with RSA cipher suites too so we don't * need to check for SSL_kECDH or SSL_kECDHE */ if (s->version >= TLS1_VERSION) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4527cce796..69a9763d82 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2470,35 +2470,7 @@ psk_err: else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe | SSL_kECDHEPSK)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; - int ecdh_clnt_cert = 0; int field_size = 0; - /* - * Did we send out the client's ECDH share for use in premaster - * computation as part of client certificate? If so, set - * ecdh_clnt_cert to 1. - */ - if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) { - /*- - * XXX: For now, we do not support client - * authentication using ECDH certificates. - * To add such support, one needs to add - * code that checks for appropriate - * conditions and sets ecdh_clnt_cert to 1. - * For example, the cert have an ECC - * key on the same curve as the server's - * and the key should be authorized for - * key agreement. - * - * One also needs to add code in ssl3_connect - * to skip sending the certificate verify - * message. - * - * if ((s->cert->key->privatekey != NULL) && - * (s->cert->key->privatekey->type == - * EVP_PKEY_EC) && ...) - * ecdh_clnt_cert = 1; - */ - } if (s->s3->peer_ecdh_tmp != NULL) { tkey = s->s3->peer_ecdh_tmp; @@ -2535,30 +2507,10 @@ psk_err: SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } - if (ecdh_clnt_cert) { - /* - * Reuse key info from our certificate We only need our - * private key to perform the ECDH computation. - */ - const BIGNUM *priv_key; - tkey = s->cert->key->privatekey->pkey.ec; - priv_key = EC_KEY_get0_private_key(tkey); - if (priv_key == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - } else { - /* Generate a new ECDH key pair */ - if (!(EC_KEY_generate_key(clnt_ecdh))) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_ECDH_LIB); - goto err; - } + /* Generate a new ECDH key pair */ + if (!(EC_KEY_generate_key(clnt_ecdh))) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); + goto err; } /* @@ -2581,33 +2533,28 @@ psk_err: goto err; } - if (ecdh_clnt_cert) { - /* Send empty client key exch message */ - n = 0; - } else { - /* - * First check the size of encoding and allocate memory - * accordingly. - */ - encoded_pt_len = - EC_KEY_key2buf(clnt_ecdh, POINT_CONVERSION_UNCOMPRESSED, + /* + * First check the size of encoding and allocate memory + * accordingly. + */ + encoded_pt_len = + EC_KEY_key2buf(clnt_ecdh, POINT_CONVERSION_UNCOMPRESSED, &encodedPoint, NULL); - if (encoded_pt_len == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } + if (encoded_pt_len == 0) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); + goto err; + } - n = encoded_pt_len; + n = encoded_pt_len; - *p = n; /* length of encoded point */ - /* Encoded point will be copied here */ - p += 1; - /* copy the point */ - memcpy(p, encodedPoint, n); - /* increment n to account for length field */ - n += 1; - } + *p = n; /* length of encoded point */ + /* Encoded point will be copied here */ + p += 1; + /* copy the point */ + memcpy(p, encodedPoint, n); + /* increment n to account for length field */ + n += 1; /* Free allocated memory */ OPENSSL_free(encodedPoint); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d37415940f..a8c765c851 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2497,37 +2497,11 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) } if (PACKET_remaining(pkt) == 0L) { - /* Client Publickey was in Client Certificate */ - - if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_TMP_ECDH_KEY); - goto f_err; - } - if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer)) - == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) { - /* - * XXX: For now, we do not support client authentication - * using ECDH certificates so this branch (n == 0L) of the - * code is never executed. When that support is added, we - * ought to ensure the key received in the certificate is - * authorized for key agreement. ECDH_compute_key implicitly - * checks that the two ECDH shares are for the same group. - */ - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); - goto f_err; - } - - if (EC_POINT_copy(clnt_ecpoint, - EC_KEY_get0_public_key(clnt_pub_pkey-> - pkey.ec)) == 0) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - s->statem.no_cert_verify = 1; + /* We don't support ECDH client auth */ + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_MISSING_TMP_ECDH_KEY); + goto f_err; } else { /* * Get client's public key from encoded point in the