diff options
author | Martin Willi <martin@revosec.ch> | 2010-09-06 15:31:32 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-09-06 15:37:51 +0200 |
commit | e6cce7ff0d1b38ba720dcdda6bbc0308839f85f4 (patch) | |
tree | 452ad834a05f7a3ed942f55f42d254e2cca3f143 /src/libtls/tls_server.c | |
parent | e4fd2bb4289b37be47ba9d6b072b28b06fef6db9 (diff) | |
download | strongswan-e6cce7ff0d1b38ba720dcdda6bbc0308839f85f4.tar.bz2 strongswan-e6cce7ff0d1b38ba720dcdda6bbc0308839f85f4.tar.xz |
Prepend point format to ECDH public key
Diffstat (limited to 'src/libtls/tls_server.c')
-rw-r--r-- | src/libtls/tls_server.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 409fe83c9..e48e6c5b7 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -412,13 +412,21 @@ static status_t process_key_exchange_dhe(private_tls_server_t *this, ec = diffie_hellman_group_is_ec(this->dh->get_dh_group(this->dh)); if ((ec && !reader->read_data8(reader, &pub)) || - (!ec && !reader->read_data16(reader, &pub))) + (!ec && (!reader->read_data16(reader, &pub) || pub.len == 0))) { DBG1(DBG_TLS, "received invalid Client Key Exchange"); this->alert->add(this->alert, TLS_FATAL, TLS_DECODE_ERROR); return NEED_MORE; } - this->dh->set_other_public_value(this->dh, pub); + + if (pub.ptr[0] != TLS_ECP_UNCOMPRESSED) + { + DBG1(DBG_TLS, "DH point format '%N' not supported", + tls_ecp_format_names, pub.ptr[0]); + this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); + return NEED_MORE; + } + this->dh->set_other_public_value(this->dh, chunk_skip(pub, 1)); if (this->dh->get_shared_secret(this->dh, &premaster) != SUCCESS) { DBG1(DBG_TLS, "calculating premaster from DH failed"); @@ -847,8 +855,10 @@ static status_t send_server_key_exchange(private_tls_server_t *this, writer->write_data16(writer, chunk); } else - { /* 8bit header for EC groups */ - writer->write_data8(writer, chunk); + { /* ECP uses 8bit length header only, but a point format */ + writer->write_uint8(writer, chunk.len + 1); + writer->write_uint8(writer, TLS_ECP_UNCOMPRESSED); + writer->write_data(writer, chunk); } free(chunk.ptr); |