TLS: Use EVP_PKEY_get_group_name() to get the group name

For the moment, we translate the result to a NID, because that's still used in several locations in libssl. Future development should change all the internals to be name based instead. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
2025-01-30 14:01:55 +08:00 · 2020-11-18 10:43:50 +01:00 · 2020-11-18 10:43:50 +01:00 · d8975dec0c
commit d8975dec0c
parent 88bddad42e
3 changed files with 18 additions and 18 deletions
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@ -807,6 +807,8 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
                   size_t max_size);
 size_t ssl_hmac_size(const SSL_HMAC *ctx);

+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey);
+
 typedef struct tls_group_info_st {
    char *tlsname;           /* Curve Name as in TLS specs */
    char *realname;          /* Curve Name according to provider */
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -14,7 +14,6 @@
 #include "../ssl_local.h"
 #include "statem_local.h"
 #include "internal/cryptlib.h"
-#include "internal/evp.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@ -1555,8 +1554,7 @@ static int is_tls13_capable(const SSL *s)
         * more restrictive so check that our sig algs are consistent with this
         * EC cert. See section 4.2.3 of RFC8446.
         */
-        curve = evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
-                                              .privatekey);
+        curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
        if (tls_check_sigalg_curve(s, curve))
            return 1;
 #else
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -21,7 +21,7 @@
 #include <openssl/provider.h>
 #include <openssl/param_build.h>
 #include "internal/nelem.h"
-#include "internal/evp.h"
+#include "internal/sizes.h"
 #include "internal/tlsgroups.h"
 #include "ssl_local.h"
 #include <openssl/ct.h>
@ -865,7 +865,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
 /* Return group id of a key */
 static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
 {
-    int curve_nid = evp_pkey_get_EC_KEY_curve_nid(pkey);
+    int curve_nid = ssl_get_EC_curve_nid(pkey);

    if (curve_nid == NID_undef)
        return 0;
@ -1498,7 +1498,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)

        /* For TLS 1.3 or Suite B check curve matches signature algorithm */
        if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
-            int curve = evp_pkey_get_EC_KEY_curve_nid(pkey);
+            int curve = ssl_get_EC_curve_nid(pkey);

            if (lu->curve != NID_undef && curve != lu->curve) {
                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE);
@ -3151,14 +3151,10 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
                                 : s->cert->pkeys[lu->sig_idx].privatekey;

        if (lu->sig == EVP_PKEY_EC) {
-#ifndef OPENSSL_NO_EC
            if (curve == -1)
-                curve = evp_pkey_get_EC_KEY_curve_nid(tmppkey);
+                curve = ssl_get_EC_curve_nid(tmppkey);
            if (lu->curve != NID_undef && curve != lu->curve)
                continue;
-#else
-            continue;
-#endif
        } else if (lu->sig == EVP_PKEY_RSA_PSS) {
            /* validate that key is large enough for the signature algorithm */
            if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu))
@ -3211,15 +3207,12 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
        if (SSL_USE_SIGALGS(s)) {
            size_t i;
            if (s->s3.tmp.peer_sigalgs != NULL) {
-#ifndef OPENSSL_NO_EC
                int curve = -1;

                /* For Suite B need to match signature algorithm to curve */
                if (tls1_suiteb(s))
-                    curve =
-                        evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
-                                                      .privatekey);
-#endif
+                    curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
+                                                 .privatekey);

                /*
                 * Find highest preference signature algorithm matching
@ -3248,9 +3241,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
                        if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu))
                            continue;
                    }
-#ifndef OPENSSL_NO_EC
                    if (curve == -1 || lu->curve == curve)
-#endif
                        break;
                }
 #ifndef OPENSSL_NO_GOST
@ -3454,3 +3445,12 @@ size_t ssl_hmac_size(const SSL_HMAC *ctx)
    return 0;
 }

+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey)
+{
+    char gname[OSSL_MAX_NAME_SIZE];
+
+    if (EVP_PKEY_get_group_name(pkey, gname, sizeof(gname), NULL) > 0)
+        return OBJ_txt2nid(gname);
+
+    return NID_undef;
+}