Replace tls1_ec_curve_id2nid. (43b95d73) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/s3_lib.c

+25 −16

Original line number	Diff line number	Diff line
		@@ -3612,11 +3612,12 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		if (parg) {
		size_t i;
		int *cptr = parg;

		for (i = 0; i < clistlen; i++) {
		/* TODO(TLS1.3): Handle DH groups here */
		int nid = tls1_ec_curve_id2nid(clist[i], NULL);
		if (nid != 0)
		cptr[i] = nid;
		const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);

		if (cinf != NULL)
		cptr[i] = cinf->nid;
		else
		cptr[i] = TLSEXT_nid_unknown \| clist[i];
		}
		@@ -3633,8 +3634,16 @@ long ssl3_ctrl(SSL s, int cmd, long larg, void parg)
		&s->ext.supportedgroups_len, parg);

		case SSL_CTRL_GET_SHARED_GROUP:
		return tls1_ec_curve_id2nid(tls1_shared_group(s, larg), NULL);
		{
		uint16_t id = tls1_shared_group(s, larg);

		if (larg != -1) {
		const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);

		return ginf == NULL ? 0 : ginf->nid;
		}
		return id;
		}
		#endif
		case SSL_CTRL_SET_SIGALGS:
		return tls1_set_sigalgs(s->cert, parg, larg, 0);
		@@ -4581,27 +4590,27 @@ EVP_PKEY ssl_generate_pkey(EVP_PKEY pm)
		return pkey;
		}
		#ifndef OPENSSL_NO_EC
		/* Generate a private key a curve ID */
		EVP_PKEY *ssl_generate_pkey_curve(int id)
		/* Generate a private key from a group ID */
		EVP_PKEY *ssl_generate_pkey_group(uint16_t id)
		{
		EVP_PKEY_CTX *pctx = NULL;
		EVP_PKEY *pkey = NULL;
		unsigned int curve_flags;
		int nid = tls1_ec_curve_id2nid(id, &curve_flags);
		const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
		uint16_t gtype;

		if (nid == 0)
		if (ginf == NULL)
		goto err;
		if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
		pctx = EVP_PKEY_CTX_new_id(nid, NULL);
		nid = 0;
		} else {
		gtype = ginf->flags & TLS_CURVE_TYPE;
		if (gtype == TLS_CURVE_CUSTOM)
		pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
		else
		pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
		}
		if (pctx == NULL)
		goto err;
		if (EVP_PKEY_keygen_init(pctx) <= 0)
		goto err;
		if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0)
		if (gtype != TLS_CURVE_CUSTOM
		&& EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
		goto err;
		if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
		EVP_PKEY_free(pkey);

ssl/ssl_locl.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -2339,7 +2339,7 @@ SSL_COMP ssl3_comp_find(STACK_OF(SSL_COMP) sk, int n);

		# ifndef OPENSSL_NO_EC

		__owur int tls1_ec_curve_id2nid(uint16_t curve_id, unsigned int *pflags);
		__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
		__owur uint16_t tls1_ec_nid2curve_id(int nid);
		__owur int tls1_check_curve(SSL s, const unsigned char p, size_t len);
		__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
		@@ -2350,7 +2350,7 @@ __owur int tls1_set_groups_list(uint16_t *pext, size_t pextlen,
		void tls1_get_formatlist(SSL s, const unsigned char *pformats,
		size_t *num_formats);
		__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
		__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
		__owur EVP_PKEY *ssl_generate_pkey_group(uint16_t id);
		# endif /* OPENSSL_NO_EC */

		__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);

ssl/statem/extensions_clnt.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -549,7 +549,7 @@ static int add_key_share(SSL s, WPACKET pkt, unsigned int curve_id)
		*/
		key_share_key = s->s3->tmp.pkey;
		} else {
		key_share_key = ssl_generate_pkey_curve(curve_id);
		key_share_key = ssl_generate_pkey_group(curve_id);
		if (key_share_key == NULL) {
		SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_EVP_LIB);
		return 0;

ssl/statem/extensions_srvr.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -501,8 +501,8 @@ int tls_parse_ctos_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		PACKET key_share_list, encoded_pt;
		const uint16_t clntcurves, srvrcurves;
		size_t clnt_num_curves, srvr_num_curves;
		int group_nid, found = 0;
		unsigned int curve_flags;
		int found = 0;
		const TLS_GROUP_INFO *ginf;

		if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
		return 1;
		@@ -575,20 +575,20 @@ int tls_parse_ctos_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		continue;
		}

		group_nid = tls1_ec_curve_id2nid(group_id, &curve_flags);
		ginf = tls1_group_id_lookup(group_id);

		if (group_nid == 0) {
		if (ginf == NULL) {
		*al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
		SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
		return 0;
		}

		if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
		if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
		/* Can happen for some curves, e.g. X25519 */
		EVP_PKEY *key = EVP_PKEY_new();

		if (key == NULL \|\| !EVP_PKEY_set_type(key, group_nid)) {
		if (key == NULL \|\| !EVP_PKEY_set_type(key, ginf->nid)) {
		*al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
		EVP_PKEY_free(key);
		@@ -602,7 +602,7 @@ int tls_parse_ctos_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		if (pctx == NULL
		\|\| EVP_PKEY_paramgen_init(pctx) <= 0
		\|\| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
		group_nid) <= 0
		ginf->nid) <= 0
		\|\| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
		*al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);

ssl/statem/statem_clnt.c

+6 −7

Original line number	Diff line number	Diff line
		@@ -2041,8 +2041,7 @@ static int tls_process_ske_ecdhe(SSL s, PACKET pkt, EVP_PKEY *pkey, int al)
		#ifndef OPENSSL_NO_EC
		PACKET encoded_pt;
		const unsigned char *ecparams;
		int curve_nid;
		unsigned int curve_flags;
		const TLS_GROUP_INFO *ginf;
		EVP_PKEY_CTX *pctx = NULL;

		/*
		@@ -2065,19 +2064,19 @@ static int tls_process_ske_ecdhe(SSL s, PACKET pkt, EVP_PKEY *pkey, int al)
		return 0;
		}

		curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags);
		ginf = tls1_group_id_lookup(ecparams[2]);

		if (curve_nid == 0) {
		if (ginf == NULL) {
		*al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
		SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
		return 0;
		}

		if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
		if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
		EVP_PKEY *key = EVP_PKEY_new();

		if (key == NULL \|\| !EVP_PKEY_set_type(key, curve_nid)) {
		if (key == NULL \|\| !EVP_PKEY_set_type(key, ginf->nid)) {
		*al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
		EVP_PKEY_free(key);
		@@ -2089,7 +2088,7 @@ static int tls_process_ske_ecdhe(SSL s, PACKET pkt, EVP_PKEY *pkey, int al)
		pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
		if (pctx == NULL
		\|\| EVP_PKEY_paramgen_init(pctx) <= 0
		\|\| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
		\|\| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0
		\|\| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
		*al = SSL_AD_INTERNAL_ERROR;
		SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);

Admin message