From 43b95d736561e64dd7c1c97555f39a98c56d1ae3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Sep 2017 00:15:34 +0100 Subject: [PATCH] Replace tls1_ec_curve_id2nid. Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns the TLS_GROUP_INFO for the group. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/=4412) --- ssl/s3_lib.c | 41 ++++++++++++++++++++++-------------- ssl/ssl_locl.h | 4 ++-- ssl/statem/extensions_clnt.c | 2 +- ssl/statem/extensions_srvr.c | 14 ++++++------ ssl/statem/statem_clnt.c | 13 ++++++------ ssl/statem/statem_srvr.c | 2 +- ssl/t1_lib.c | 10 +++------ 7 files changed, 45 insertions(+), 41 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 84e945fc1d..46e76e33c8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3612,11 +3612,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (parg) { size_t i; int *cptr = parg; + for (i = 0; i < clistlen; i++) { - /* TODO(TLS1.3): Handle DH groups here */ - int nid = tls1_ec_curve_id2nid(clist[i], NULL); - if (nid != 0) - cptr[i] = nid; + const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]); + + if (cinf != NULL) + cptr[i] = cinf->nid; else cptr[i] = TLSEXT_nid_unknown | clist[i]; } @@ -3633,8 +3634,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) &s->ext.supportedgroups_len, parg); case SSL_CTRL_GET_SHARED_GROUP: - return tls1_ec_curve_id2nid(tls1_shared_group(s, larg), NULL); + { + uint16_t id = tls1_shared_group(s, larg); + if (larg != -1) { + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); + + return ginf == NULL ? 0 : ginf->nid; + } + return id; + } #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -4581,27 +4590,27 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm) return pkey; } #ifndef OPENSSL_NO_EC -/* Generate a private key a curve ID */ -EVP_PKEY *ssl_generate_pkey_curve(int id) +/* Generate a private key from a group ID */ +EVP_PKEY *ssl_generate_pkey_group(uint16_t id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; - unsigned int curve_flags; - int nid = tls1_ec_curve_id2nid(id, &curve_flags); + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); + uint16_t gtype; - if (nid == 0) + if (ginf == NULL) goto err; - if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { - pctx = EVP_PKEY_CTX_new_id(nid, NULL); - nid = 0; - } else { + gtype = ginf->flags & TLS_CURVE_TYPE; + if (gtype == TLS_CURVE_CUSTOM) + pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL); + else pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); - } if (pctx == NULL) goto err; if (EVP_PKEY_keygen_init(pctx) <= 0) goto err; - if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) + if (gtype != TLS_CURVE_CUSTOM + && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) goto err; if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { EVP_PKEY_free(pkey); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index aa99153a01..029372e41e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2339,7 +2339,7 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); # ifndef OPENSSL_NO_EC -__owur int tls1_ec_curve_id2nid(uint16_t curve_id, unsigned int *pflags); +__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); __owur uint16_t tls1_ec_nid2curve_id(int nid); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); @@ -2350,7 +2350,7 @@ __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, void tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -__owur EVP_PKEY *ssl_generate_pkey_curve(int id); +__owur EVP_PKEY *ssl_generate_pkey_group(uint16_t id); # endif /* OPENSSL_NO_EC */ __owur int tls_curve_allowed(SSL *s, uint16_t curve, int op); diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 6975b940f7..d8a7f2f6a9 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -549,7 +549,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) */ key_share_key = s->s3->tmp.pkey; } else { - key_share_key = ssl_generate_pkey_curve(curve_id); + key_share_key = ssl_generate_pkey_group(curve_id); if (key_share_key == NULL) { SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_EVP_LIB); return 0; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 583b8ddda4..5fb0d05a2a 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -501,8 +501,8 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, PACKET key_share_list, encoded_pt; const uint16_t *clntcurves, *srvrcurves; size_t clnt_num_curves, srvr_num_curves; - int group_nid, found = 0; - unsigned int curve_flags; + int found = 0; + const TLS_GROUP_INFO *ginf; if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) return 1; @@ -575,20 +575,20 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, continue; } - group_nid = tls1_ec_curve_id2nid(group_id, &curve_flags); + ginf = tls1_group_id_lookup(group_id); - if (group_nid == 0) { + if (ginf == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } - if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { + if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { /* Can happen for some curves, e.g. X25519 */ EVP_PKEY *key = EVP_PKEY_new(); - if (key == NULL || !EVP_PKEY_set_type(key, group_nid)) { + if (key == NULL || !EVP_PKEY_set_type(key, ginf->nid)) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB); EVP_PKEY_free(key); @@ -602,7 +602,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (pctx == NULL || EVP_PKEY_paramgen_init(pctx) <= 0 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - group_nid) <= 0 + ginf->nid) <= 0 || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 5f17864f98..a20bf00593 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2041,8 +2041,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) #ifndef OPENSSL_NO_EC PACKET encoded_pt; const unsigned char *ecparams; - int curve_nid; - unsigned int curve_flags; + const TLS_GROUP_INFO *ginf; EVP_PKEY_CTX *pctx = NULL; /* @@ -2065,19 +2064,19 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) return 0; } - curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags); + ginf = tls1_group_id_lookup(ecparams[2]); - if (curve_nid == 0) { + if (ginf == NULL) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } - if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { + if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { EVP_PKEY *key = EVP_PKEY_new(); - if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) { + if (key == NULL || !EVP_PKEY_set_type(key, ginf->nid)) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); EVP_PKEY_free(key); @@ -2089,7 +2088,7 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al) pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); if (pctx == NULL || EVP_PKEY_paramgen_init(pctx) <= 0 - || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0 + || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0 || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) { *al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index dc727e1e0f..3e118a8749 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2345,7 +2345,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); goto err; } - s->s3->tmp.pkey = ssl_generate_pkey_curve(curve_id); + s->s3->tmp.pkey = ssl_generate_pkey_group(curve_id); /* Generate a new key for this curve */ if (s->s3->tmp.pkey == NULL) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 0f57b53f77..c7a8a53dc4 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -186,16 +186,12 @@ static const uint16_t suiteb_curves[] = { TLSEXT_curve_P_384 }; -int tls1_ec_curve_id2nid(uint16_t curve_id, unsigned int *pflags) +const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id) { - const TLS_GROUP_INFO *cinfo; /* ECC curves from RFC 4492 and RFC 7027 */ if (curve_id < 1 || curve_id > OSSL_NELEM(nid_list)) - return NID_undef; - cinfo = nid_list + curve_id - 1; - if (pflags) - *pflags = cinfo->flags; - return cinfo->nid; + return NULL; + return &nid_list[curve_id - 1]; } uint16_t tls1_ec_nid2curve_id(int nid) -- 2.25.1