Commit 1db3107a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

TLS support for X25519 



Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent db50c1da

crypto/ec/ec_err.c

+2 −1
Original line number Diff line number Diff line 
/* crypto/ec/ec_err.c */

/* ====================================================================

 * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.

 *
@@ -275,6 +274,8 @@ static ERR_STRING_DATA EC_str_reasons[] = { 
    {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},

    {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},

    {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},

    {ERR_REASON(EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),

     "curve does not support signing"},

    {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),

     "d2i ecpkparameters failure"},

    {ERR_REASON(EC_R_DECODE_ERROR), "decode error"},

include/openssl/ec.h

+1 −0
Original line number Diff line number Diff line
@@ -1569,6 +1569,7 @@ void ERR_load_EC_strings(void); 
# define EC_R_BIGNUM_OUT_OF_RANGE                         144

# define EC_R_BUFFER_TOO_SMALL                            100

# define EC_R_COORDINATES_OUT_OF_RANGE                    146

# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159

# define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117

# define EC_R_DECODE_ERROR                                142

# define EC_R_DISCRIMINANT_IS_ZERO                        118

ssl/ssl_rsa.c

+5 −0
Original line number Diff line number Diff line
@@ -378,6 +378,11 @@ static int ssl_set_cert(CERT *c, X509 *x) 
        return 0;

    }



    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {

        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);

        return 0;

    }



    if (c->pkeys[i].privatekey != NULL) {

        /*

         * The return code from EVP_PKEY_copy_parameters is deliberately

ssl/t1_lib.c

+8 −2
Original line number Diff line number Diff line
@@ -222,9 +222,11 @@ typedef struct { 
    unsigned int flags;         /* Flags: currently just field type */

} tls_curve_info;



# define TLS_CURVE_TYPE          0x1

# define TLS_CURVE_CHAR2         0x1

/* Mask for curve type */

# define TLS_CURVE_TYPE          0x3

# define TLS_CURVE_PRIME         0x0

# define TLS_CURVE_CHAR2         0x1

# define TLS_CURVE_CUSTOM        0x2



/*

 * Table of curve information.
@@ -261,6 +263,8 @@ static const tls_curve_info nid_list[] = { 
    {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */

    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */

    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */

    /* X25519 (29) */

    {NID_X25519, 128, TLS_CURVE_CUSTOM},

};



static const unsigned char ecformats_default[] = {
@@ -271,6 +275,7 @@ static const unsigned char ecformats_default[] = { 


/* The default curves */

static const unsigned char eccurves_default[] = {

    0, 29,                      /* X25519 (29) */

    /* Prefer P-256 which has the fastest and most secure implementations. */

    0, 23,                      /* secp256r1 (23) */

    /* Other >= 256-bit prime curves. */
@@ -290,6 +295,7 @@ static const unsigned char eccurves_default[] = { 
};



static const unsigned char eccurves_all[] = {

    0, 29,                      /* X25519 (29) */

    /* Prefer P-256 which has the fastest and most secure implementations. */

    0, 23,                      /* secp256r1 (23) */

    /* Other >= 256-bit prime curves. */