commit ab24010b543abb65f0c73e24ee68615e6f24bd05
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Feb 04 16:18:07 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Feb 06 10:28:38 2014 +0100
tree 5d248a87d39151d50ccffd380c719baa317aa51e
parent 7f38ed0bfa18ea236d2cf21e502ab1a2ad5af3d5

Enforce our choice of allowed curves.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0178c5e..a520583 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2664,7 +2664,23 @@
                                ssl->f_vrfy, ssl->p_vrfy );
 
         if( ret != 0 )
+        {
             SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
+        }
+#if defined(POLARSSL_SSL_SET_CURVES)
+        else
+        {
+            pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
+
+            /* If certificate uses an EC key, make sure the curve is OK */
+            if( pk_can_do( pk, POLARSSL_PK_ECKEY ) &&
+                ! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) )
+            {
+                SSL_DEBUG_MSG( 1, ( "bad server certificate (EC key curve)" ) );
+                ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
+            }
+        }
+#endif
 
         if( ssl->authmode != SSL_VERIFY_REQUIRED )
             ret = 0;
@@ -4625,3 +4641,19 @@
 
 #endif
 
+#if defined(POLARSSL_SSL_SET_CURVES)
+/*
+ * Check is a curve proposed by the peer is in our list.
+ * Return 1 if we're willing to use it, 0 otherwise.
+ */
+int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id )
+{
+    const ecp_group_id *gid;
+
+    for( gid = ssl->curve_list; *gid != POLARSSL_ECP_DP_NONE; gid++ )
+        if( *gid == grp_id )
+            return( 1 );
+
+    return( 0 );
+}
+#endif