openssl: Reject EC keys with explicitly encoded parameters

EC_KEY_decoded_from_explicit_params() was added with 1.1.1h but has been
deprecated with 3.0.

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 512d624b76e4b7a26ffcefd77e52fdac3e7a9a29..21df4c035a6149c7c2700b383eafcca134096b4f 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -62,6 +62,7 @@ struct private_openssl_ec_private_key_t {
 
 /* from openssl_ec_public_key */
 bool openssl_check_ec_key_curve(EVP_PKEY *key, int nid_curve);
+bool openssl_check_explicit_params(EVP_PKEY *key);
 
 /**
  * Build a DER encoded signature as in RFC 3279
@@ -474,8 +475,9 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
                                                         blob.len);
        }
 
-       if (!key)
+       if (!key || openssl_check_explicit_params(key))
        {
+               EVP_PKEY_free(key);
                return NULL;
        }
        this = create_internal(key);

diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 142e91f9be4722e4321297e61ef4711eb5608cff..7c21902a7223631d5b7fde2d3ae7ab23c3d6bd9b 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -299,6 +299,26 @@ METHOD(public_key_t, destroy, void,
        }
 }
 
+/**
+ * Check whether the EC key was decoded with explicit curve parameters instead
+ * of a named curve.
+ */
+bool openssl_check_explicit_params(const EVP_PKEY *key)
+{
+       int explicit = 0;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+       if (!EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
+                                                               &explicit))
+       {
+               return FALSE;
+       }
+#elif OPENSSL_VERSION_NUMBER >= 0x1010108fL
+       explicit = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY((EVP_PKEY*)key));
+#endif
+       return explicit == 1;
+}
+
 /**
  * See header.
  */
@@ -324,7 +344,8 @@ openssl_ec_public_key_t *openssl_ec_public_key_load(key_type_t type,
                break;
        }
        key = d2i_PUBKEY(NULL, (const u_char**)&blob.ptr, blob.len);
-       if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_EC)
+       if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_EC ||
+               openssl_check_explicit_params(key))
        {
                EVP_PKEY_free(key);
                return NULL;