root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Replace tls1_ec_curve_id2nid. 

Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns
the TLS_GROUP_INFO for the group.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/=4412)
This commit is contained in:
Dr. Stephen Henson 2017-09-23 00:15:34 +01:00
parent 0e464d9ddd
commit 43b95d7365
7 changed files with 45 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
ssl/s3_lib.c
View File

@ -3612,11 +3612,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
if (parg) { if (parg) {
size_t i; size_t i;
int *cptr = parg; int *cptr = parg;
for (i = 0; i < clistlen; i++) { for (i = 0; i < clistlen; i++) {
/* TODO(TLS1.3): Handle DH groups here */ const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
int nid = tls1_ec_curve_id2nid(clist[i], NULL);
if (nid != 0) if (cinf != NULL)
cptr[i] = nid; cptr[i] = cinf->nid;
else else
cptr[i] = TLSEXT_nid_unknown | clist[i]; cptr[i] = TLSEXT_nid_unknown | clist[i];
} }
@ -3633,8 +3634,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
&s->ext.supportedgroups_len, parg); &s->ext.supportedgroups_len, parg);
case SSL_CTRL_GET_SHARED_GROUP: case SSL_CTRL_GET_SHARED_GROUP:
return tls1_ec_curve_id2nid(tls1_shared_group(s, larg), NULL); {
uint16_t id = tls1_shared_group(s, larg);
if (larg != -1) {
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
return ginf == NULL ? 0 : ginf->nid;
}
return id;
}
#endif #endif
case SSL_CTRL_SET_SIGALGS: case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0); return tls1_set_sigalgs(s->cert, parg, larg, 0);
@ -4581,27 +4590,27 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
return pkey; return pkey;
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
/* Generate a private key a curve ID */ /* Generate a private key from a group ID */
EVP_PKEY *ssl_generate_pkey_curve(int id) EVP_PKEY *ssl_generate_pkey_group(uint16_t id)
{ {
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
unsigned int curve_flags; const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
int nid = tls1_ec_curve_id2nid(id, &curve_flags); uint16_t gtype;
if (nid == 0) if (ginf == NULL)
goto err; goto err;
if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { gtype = ginf->flags & TLS_CURVE_TYPE;
pctx = EVP_PKEY_CTX_new_id(nid, NULL); if (gtype == TLS_CURVE_CUSTOM)
nid = 0; pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
} else { else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
}
if (pctx == NULL) if (pctx == NULL)
goto err; goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0) if (EVP_PKEY_keygen_init(pctx) <= 0)
goto err; goto err;
if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) if (gtype != TLS_CURVE_CUSTOM
&& EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
goto err; goto err;
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);

4
ssl/ssl_locl.h
View File

@ -2339,7 +2339,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
# ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_EC
__owur int tls1_ec_curve_id2nid(uint16_t curve_id, unsigned int *pflags); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
__owur uint16_t tls1_ec_nid2curve_id(int nid); __owur uint16_t tls1_ec_nid2curve_id(int nid);
__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch); __owur uint16_t tls1_shared_group(SSL *s, int nmatch);
@ -2350,7 +2350,7 @@ __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
void tls1_get_formatlist(SSL *s, const unsigned char **pformats, void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats); size_t *num_formats);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id); __owur EVP_PKEY *ssl_generate_pkey_group(uint16_t id);
# endif /* OPENSSL_NO_EC */ # endif /* OPENSSL_NO_EC */
__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op); __owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);

2
ssl/statem/extensions_clnt.c
View File

@ -549,7 +549,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
*/ */
key_share_key = s->s3->tmp.pkey; key_share_key = s->s3->tmp.pkey;
} else { } else {
key_share_key = ssl_generate_pkey_curve(curve_id); key_share_key = ssl_generate_pkey_group(curve_id);
if (key_share_key == NULL) { if (key_share_key == NULL) {
SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_EVP_LIB); SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_EVP_LIB);
return 0; return 0;

14
ssl/statem/extensions_srvr.c
View File

@ -501,8 +501,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
PACKET key_share_list, encoded_pt; PACKET key_share_list, encoded_pt;
const uint16_t *clntcurves, *srvrcurves; const uint16_t *clntcurves, *srvrcurves;
size_t clnt_num_curves, srvr_num_curves; size_t clnt_num_curves, srvr_num_curves;
int group_nid, found = 0; int found = 0;
unsigned int curve_flags; const TLS_GROUP_INFO *ginf;
if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
return 1; return 1;
@ -575,20 +575,20 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
continue; continue;
} }
group_nid = tls1_ec_curve_id2nid(group_id, &curve_flags); ginf = tls1_group_id_lookup(group_id);
if (group_nid == 0) { if (ginf == NULL) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0; return 0;
} }
if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
/* Can happen for some curves, e.g. X25519 */ /* Can happen for some curves, e.g. X25519 */
EVP_PKEY *key = EVP_PKEY_new(); EVP_PKEY *key = EVP_PKEY_new();
if (key == NULL || !EVP_PKEY_set_type(key, group_nid)) { if (key == NULL || !EVP_PKEY_set_type(key, ginf->nid)) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
EVP_PKEY_free(key); EVP_PKEY_free(key);
@ -602,7 +602,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
if (pctx == NULL if (pctx == NULL
|| EVP_PKEY_paramgen_init(pctx) <= 0 || EVP_PKEY_paramgen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
group_nid) <= 0 ginf->nid) <= 0
|| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);

13
ssl/statem/statem_clnt.c
View File

@ -2041,8 +2041,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
PACKET encoded_pt; PACKET encoded_pt;
const unsigned char *ecparams; const unsigned char *ecparams;
int curve_nid; const TLS_GROUP_INFO *ginf;
unsigned int curve_flags;
EVP_PKEY_CTX *pctx = NULL; EVP_PKEY_CTX *pctx = NULL;
/* /*
@ -2065,19 +2064,19 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
return 0; return 0;
} }
curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags); ginf = tls1_group_id_lookup(ecparams[2]);
if (curve_nid == 0) { if (ginf == NULL) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0; return 0;
} }
if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
EVP_PKEY *key = EVP_PKEY_new(); EVP_PKEY *key = EVP_PKEY_new();
if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) { if (key == NULL || !EVP_PKEY_set_type(key, ginf->nid)) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
EVP_PKEY_free(key); EVP_PKEY_free(key);
@ -2089,7 +2088,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
if (pctx == NULL if (pctx == NULL
|| EVP_PKEY_paramgen_init(pctx) <= 0 || EVP_PKEY_paramgen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0
|| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
*al = SSL_AD_INTERNAL_ERROR; *al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);

2
ssl/statem/statem_srvr.c
View File

@ -2345,7 +2345,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err; goto err;
} }
s->s3->tmp.pkey = ssl_generate_pkey_curve(curve_id); s->s3->tmp.pkey = ssl_generate_pkey_group(curve_id);
/* Generate a new key for this curve */ /* Generate a new key for this curve */
if (s->s3->tmp.pkey == NULL) { if (s->s3->tmp.pkey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB); SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);

10
ssl/t1_lib.c
View File

@ -186,16 +186,12 @@ static const uint16_t suiteb_curves[] = {
TLSEXT_curve_P_384 TLSEXT_curve_P_384
}; };
int tls1_ec_curve_id2nid(uint16_t curve_id, unsigned int *pflags) const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id)
{ {
const TLS_GROUP_INFO *cinfo;
/* ECC curves from RFC 4492 and RFC 7027 */ /* ECC curves from RFC 4492 and RFC 7027 */
if (curve_id < 1 || curve_id > OSSL_NELEM(nid_list)) if (curve_id < 1 || curve_id > OSSL_NELEM(nid_list))
return NID_undef; return NULL;
cinfo = nid_list + curve_id - 1; return &nid_list[curve_id - 1];
if (pflags)
*pflags = cinfo->flags;
return cinfo->nid;
} }
uint16_t tls1_ec_nid2curve_id(int nid) uint16_t tls1_ec_nid2curve_id(int nid)