ECDH was badly broken in Cryptlib 3.4.5.

Unbreak it. While we're here, prefer ECDH so we get an 'A' from ssllabs.

ECDH was badly broken in Cryptlib 3.4.5.
566bc43c · deuce · 71cc93fa · 566bc43c · 566bc43c · 566bc43c
Commit 566bc43c authored 5 years ago by deuce
--- a/3rdp/build/GNUmakefile
+++ b/3rdp/build/GNUmakefile
@@ -67,7 +67,7 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
 $(CRYPT_IDIR): | $(3RDPODIR)
 	$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)

-$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw-vcver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-build-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-odbc.patch $(3RDP_ROOT)$(DIRSEP)build/cl-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-noasm-defines.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-RSA-suites.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
+$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw-vcver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-build-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-gcc-non-const-time-val.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-odbc.patch $(3RDP_ROOT)$(DIRSEP)build/cl-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-noasm-defines.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn-noasm64-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-no-RSA-suites.patch $(3RDP_ROOT)$(DIRSEP)build/cl-fix-ECC-RSA.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC.patch $(3RDP_ROOT)$(DIRSEP)build/cl-prefer-ECC-harder.patch $(3RDP_ROOT)$(DIRSEP)build/cl-more-RSA-ECC-fixes.patch $(3RDP_ROOT)$(DIRSEP)build/cl-DH-key-init.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
 	@echo Creating $@ ...
 	$(QUIET)-rm -rf $(CRYPT_SRC)/*
 	$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
@@ -98,6 +98,11 @@ $(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)b
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-noasm-defines.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-bn-noasm64-fix.patch
 	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-no-RSA-suites.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-fix-ECC-RSA.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-prefer-ECC.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-prefer-ECC-harder.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-more-RSA-ECC-fixes.patch
+	$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-DH-key-init.patch
 ifeq ($(CC),mingw32-gcc)
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
 	$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts

--- a/3rdp/build/cl-DH-key-init.patch
+++ b/3rdp/build/cl-DH-key-init.patch
+--- session/ssl_kmgmt.c.orig	2019-01-11 01:54:56.000000000 -0500
+++ session/ssl_kmgmt.c	2020-01-23 18:18:40.754040000 -0500
+@@ -448,7 +448,7 @@
+ 			status = krnlSendMessage( createInfo.cryptHandle, 
+ 									  IMESSAGE_SETATTRIBUTE, 
+ 									  ( MESSAGE_CAST ) &eccParams, 
+-									  CRYPT_IATTRIBUTE_KEY_DLPPARAM );
+									  CRYPT_IATTRIBUTE_KEY_ECCPARAM );
+ 			}
+ 		else
+ #endif /* USE_ECDH */
--- a/3rdp/build/cl-fix-ECC-RSA.patch
+++ b/3rdp/build/cl-fix-ECC-RSA.patch
+--- session/ssl_hs.c.orig	2018-11-14 23:22:26.000000000 -0500
+++ session/ssl_hs.c	2020-01-23 18:23:41.236235000 -0500
+@@ -240,6 +240,7 @@
+ 	const CIPHERSUITE_INFO **cipherSuiteInfo;
+ 	const BOOLEAN isServer = isServer( sessionInfoPtr ) ? TRUE : FALSE;
+ 	BOOLEAN allowDH = algoAvailable( CRYPT_ALGO_DH ) ? TRUE : FALSE;
+	BOOLEAN allowECCAuth = TRUE;
+ 	BOOLEAN allowECC = ( algoAvailable( CRYPT_ALGO_ECDH ) && \
+ 						 algoAvailable( CRYPT_ALGO_ECDSA ) ) ? TRUE : FALSE;
+ 	BOOLEAN allowRSA = algoAvailable( CRYPT_ALGO_RSA ) ? TRUE : FALSE;
+@@ -268,7 +269,7 @@
+ 			{
+ 			/* There's no server private key present, we're limited to PSK
+ 			   suites */
+-			allowECC = allowRSA = FALSE;
+			allowECC = allowRSA = allowECCAuth = FALSE;
+ 			}
+ 		else
+ 			{
+@@ -278,7 +279,7 @@
+ 			   capable */
+ 			if( !checkContextCapability( sessionInfoPtr->privateKey,
+ 										 MESSAGE_CHECK_PKC_SIGN ) )
+-				allowDH = allowECC = FALSE;
+				allowDH = allowECC = allowECCAuth = FALSE;
+ 
+ 			/* To be usable for ECC or RSA the server key has to itself be 
+ 			   an ECC or RSA key */
+@@ -286,13 +287,16 @@
+ 									  IMESSAGE_GETATTRIBUTE, &pkcAlgo,
+ 									  CRYPT_CTXINFO_ALGO );
+ 			if( cryptStatusError( status ) )
+-				allowECC = allowRSA = FALSE;
+				allowECC = allowRSA = allowECCAuth = FALSE;
+ 			else
+ 				{
+ 				if( !isEccAlgo( pkcAlgo ) )
+ 					allowECC = FALSE;
+ 				if( pkcAlgo != CRYPT_ALGO_RSA )
+					{
+ 					allowRSA = FALSE;
+					allowECCAuth = FALSE;
+					}
+ 				}
+ 			}
+ 		}
+@@ -443,8 +447,13 @@
+ 			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_DH ) )
+ 			continue;
+ 		if( !allowECC && \
+-			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) )
+			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) && \
+			( cipherSuiteInfoPtr->authAlgo != CRYPT_ALGO_RSA) )
+ 			continue;
+		if( !allowECCAuth && \
+			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_ECC ) && \
+			( cipherSuiteInfoPtr->authAlgo == CRYPT_ALGO_RSA) )
+			continue;
+ 		if( !allowTLS12 && \
+ 			( cipherSuiteInfoPtr->flags & CIPHERSUITE_FLAG_TLS12 ) )
+ 			continue;
+@@ -521,7 +530,7 @@
+ 	   find out that we can use it */
+ 	if( altSuiteIndex < cipherSuiteInfoSize )
+ 		{
+-		REQUIRES( allowECC );
+		REQUIRES( allowECCAuth );
+ 
+ 		handshakeInfo->eccSuiteInfoPtr = cipherSuiteInfo[ altSuiteIndex ];
+ 		}
--- a/3rdp/build/cl-more-RSA-ECC-fixes.patch
+++ b/3rdp/build/cl-more-RSA-ECC-fixes.patch
+--- session/ssl_ext.c.orig	2020-01-23 15:25:30.640683000 -0500
+++ session/ssl_ext.c	2020-01-23 15:25:40.141297000 -0500
+@@ -607,8 +607,8 @@
+ #endif /* CONFIG_SUITEB */
+ 
+ 		/* Make sure that the curve matches the server's signing key */
+-		if( curveSize != keySize )
+-			continue;
+		//if( curveSize != keySize )
+		//	continue;
+ 
+ 		/* We've got a matching curve, remember it.  In theory we could exit
+ 		   at this point but we continue anyway to clear the remainder of 
--- a/3rdp/build/cl-no-RSA-suites.patch
+++ b/3rdp/build/cl-no-RSA-suites.patch
--- misc/config.h.orig	2020-01-23 11:58:21.156148000 -0500
-+++ misc/config.h	2020-01-23 11:59:42.599159000 -0500
+--- misc/config.h.orig	2020-01-23 12:03:27.741075000 -0500
+++ misc/config.h	2020-01-23 12:03:27.806947000 -0500
 @@ -684,7 +684,7 @@
    64-bit systems, which by definition are going to be fairly recent */
 

--- a/3rdp/build/cl-prefer-ECC-harder.patch
+++ b/3rdp/build/cl-prefer-ECC-harder.patch
+--- session/ssl_suites.c.orig	2020-01-23 14:12:41.131472000 -0500
+++ session/ssl_suites.c	2020-01-23 14:12:59.980267000 -0500
+@@ -357,12 +357,12 @@
+ static const CIPHERSUITES_LIST cipherSuitesList[] = {
+ 	{ cipherSuitePSK, FAILSAFE_ARRAYSIZE( cipherSuitePSK, CIPHERSUITE_INFO ) },
+ #ifdef PREFER_ECC
+-  #ifdef USE_GCM
+-	{ cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
+-  #endif /* USE_GCM */
+   #if defined( USE_ECDH )
+ 	{ cipherSuiteECC, FAILSAFE_ARRAYSIZE( cipherSuiteECC, CIPHERSUITE_INFO ) },
+   #endif /* USE_ECDH */
+  #ifdef USE_GCM
+	{ cipherSuiteGCM, FAILSAFE_ARRAYSIZE( cipherSuiteGCM, CIPHERSUITE_INFO ) },
+  #endif /* USE_GCM */
+ #endif /* PREFER_ECC */
+ 	{ cipherSuiteDH, FAILSAFE_ARRAYSIZE( cipherSuiteDH, CIPHERSUITE_INFO ) },
+ #ifdef USE_RSA_SUITES 
--- a/3rdp/build/cl-prefer-ECC.patch
+++ b/3rdp/build/cl-prefer-ECC.patch
+--- misc/config.h.orig	2020-01-23 14:08:29.914160000 -0500
+++ misc/config.h	2020-01-23 14:08:38.693115000 -0500
+@@ -12,6 +12,7 @@
+ #define USE_PROBLEMATIC_ALGORITHMS
+ #define USE_SSH_EXTENDED
+ #define USE_CERTLEVEL_STANDARD
+#define PREFER_ECC
+ /****************************************************************************
+ *																			*
+ *						Custom Configuration Profiles						*