Replace tls1_ec_curve_id2nid.
Replace tls1_ec_curve_id2nid() with tls_group_id_lookup() which returns
the TLS_GROUP_INFO for the group.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/=4412)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 6975b94..d8a7f2f 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -549,7 +549,7 @@
*/
key_share_key = s->s3->tmp.pkey;
} else {
- key_share_key = ssl_generate_pkey_curve(curve_id);
+ key_share_key = ssl_generate_pkey_group(curve_id);
if (key_share_key == NULL) {
SSLerr(SSL_F_ADD_KEY_SHARE, ERR_R_EVP_LIB);
return 0;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 583b8dd..5fb0d05 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -501,8 +501,8 @@
PACKET key_share_list, encoded_pt;
const uint16_t *clntcurves, *srvrcurves;
size_t clnt_num_curves, srvr_num_curves;
- int group_nid, found = 0;
- unsigned int curve_flags;
+ int found = 0;
+ const TLS_GROUP_INFO *ginf;
if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
return 1;
@@ -575,20 +575,20 @@
continue;
}
- group_nid = tls1_ec_curve_id2nid(group_id, &curve_flags);
+ ginf = tls1_group_id_lookup(group_id);
- if (group_nid == 0) {
+ if (ginf == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
}
- if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+ if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
/* Can happen for some curves, e.g. X25519 */
EVP_PKEY *key = EVP_PKEY_new();
- if (key == NULL || !EVP_PKEY_set_type(key, group_nid)) {
+ if (key == NULL || !EVP_PKEY_set_type(key, ginf->nid)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
EVP_PKEY_free(key);
@@ -602,7 +602,7 @@
if (pctx == NULL
|| EVP_PKEY_paramgen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
- group_nid) <= 0
+ ginf->nid) <= 0
|| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, ERR_R_EVP_LIB);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5f17864..a20bf00 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2041,8 +2041,7 @@
#ifndef OPENSSL_NO_EC
PACKET encoded_pt;
const unsigned char *ecparams;
- int curve_nid;
- unsigned int curve_flags;
+ const TLS_GROUP_INFO *ginf;
EVP_PKEY_CTX *pctx = NULL;
/*
@@ -2065,19 +2064,19 @@
return 0;
}
- curve_nid = tls1_ec_curve_id2nid(*(ecparams + 2), &curve_flags);
+ ginf = tls1_group_id_lookup(ecparams[2]);
- if (curve_nid == 0) {
+ if (ginf == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
return 0;
}
- if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+ if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
EVP_PKEY *key = EVP_PKEY_new();
- if (key == NULL || !EVP_PKEY_set_type(key, curve_nid)) {
+ if (key == NULL || !EVP_PKEY_set_type(key, ginf->nid)) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
EVP_PKEY_free(key);
@@ -2089,7 +2088,7 @@
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
if (pctx == NULL
|| EVP_PKEY_paramgen_init(pctx) <= 0
- || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, curve_nid) <= 0
+ || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0
|| EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_ECDHE, ERR_R_EVP_LIB);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index dc727e1..3e118a8 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2345,7 +2345,7 @@
SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err;
}
- s->s3->tmp.pkey = ssl_generate_pkey_curve(curve_id);
+ s->s3->tmp.pkey = ssl_generate_pkey_group(curve_id);
/* Generate a new key for this curve */
if (s->s3->tmp.pkey == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EVP_LIB);
