From: Tobias Brunner Date: Mon, 17 Jul 2023 10:01:06 +0000 (+0200) Subject: openssl: Reject EC keys with explicitly encoded parameters X-Git-Tag: 5.9.12dr2~2^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2bccdefc2c9231d8f74e6a587b19139589f92c51;p=thirdparty%2Fstrongswan.git openssl: Reject EC keys with explicitly encoded parameters EC_KEY_decoded_from_explicit_params() was added with 1.1.1h but has been deprecated with 3.0. --- diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 512d624b76..21df4c035a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -62,6 +62,7 @@ struct private_openssl_ec_private_key_t { /* from openssl_ec_public_key */ bool openssl_check_ec_key_curve(EVP_PKEY *key, int nid_curve); +bool openssl_check_explicit_params(EVP_PKEY *key); /** * Build a DER encoded signature as in RFC 3279 @@ -474,8 +475,9 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, blob.len); } - if (!key) + if (!key || openssl_check_explicit_params(key)) { + EVP_PKEY_free(key); return NULL; } this = create_internal(key); diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 142e91f9be..7c21902a72 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -299,6 +299,26 @@ METHOD(public_key_t, destroy, void, } } +/** + * Check whether the EC key was decoded with explicit curve parameters instead + * of a named curve. + */ +bool openssl_check_explicit_params(const EVP_PKEY *key) +{ + int explicit = 0; + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (!EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, + &explicit)) + { + return FALSE; + } +#elif OPENSSL_VERSION_NUMBER >= 0x1010108fL + explicit = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY((EVP_PKEY*)key)); +#endif + return explicit == 1; +} + /** * See header. */ @@ -324,7 +344,8 @@ openssl_ec_public_key_t *openssl_ec_public_key_load(key_type_t type, break; } key = d2i_PUBKEY(NULL, (const u_char**)&blob.ptr, blob.len); - if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_EC) + if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_EC || + openssl_check_explicit_params(key)) { EVP_PKEY_free(key); return NULL;