Browse Source

EVP & TLS: Add necessary EC_KEY data extraction functions, and use them

libssl code uses EVP_PKEY_get0_EC_KEY() to extract certain basic data
from the EC_KEY.  We replace that with internal EVP_PKEY functions.

This may or may not be refactored later on.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11358)
master
Richard Levitte 2 years ago
parent
commit
c2041da8c1
9 changed files with 107 additions and 35 deletions
  1. +1
    -0
      Configurations/unix-Makefile.tmpl
  2. +43
    -0
      crypto/evp/p_lib.c
  3. +23
    -0
      include/internal/evp.h
  4. +1
    -0
      include/openssl/evp.h
  5. +1
    -1
      ssl/ssl_rsa.c
  6. +3
    -5
      ssl/statem/statem_lib.c
  7. +32
    -29
      ssl/t1_lib.c
  8. +1
    -0
      util/libcrypto.num
  9. +2
    -0
      util/missingcrypto.txt

+ 1
- 0
Configurations/unix-Makefile.tmpl View File

@ -1025,6 +1025,7 @@ errors:
qw( include/internal/dso.h
include/internal/o_dir.h
include/internal/err.h
include/internal/evp.h
include/internal/sslconf.h );
our @cryptoskipheaders = ( @sslheaders,
qw( include/openssl/conf_api.h


+ 43
- 0
crypto/evp/p_lib.c View File

@ -33,6 +33,7 @@
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "internal/evp.h"
#include "internal/provider.h"
#include "evp_local.h"
@ -810,6 +811,48 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
return 0;
}
#ifndef OPENSSL_NO_EC
/*
* TODO rewrite when we have proper data extraction functions
* Note: an octet pointer would be desirable!
*/
static OSSL_CALLBACK get_ec_curve_name_cb;
static int get_ec_curve_name_cb(const OSSL_PARAM params[], void *arg)
{
const OSSL_PARAM *p = NULL;
if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME)) != NULL)
return OSSL_PARAM_get_utf8_string(p, arg, 0);
/* If there is no curve name, this is not an EC key */
return 0;
}
int evp_pkey_get_EC_KEY_curve_nid(const EVP_PKEY *pkey)
{
int ret = NID_undef;
if (pkey->keymgmt == NULL) {
if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) {
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
ret = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
}
} else if (EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "SM2")) {
char *curve_name = NULL;
ret = evp_keymgmt_export(pkey->keymgmt, pkey->keydata,
OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
get_ec_curve_name_cb, &curve_name);
if (ret)
ret = ec_curve_name2nid(curve_name);
OPENSSL_free(curve_name);
}
return ret;
}
#endif
static int print_reset_indent(BIO **out, int pop_f_prefix, long saved_indent)
{
BIO_set_indent(*out, saved_indent);


+ 23
- 0
include/internal/evp.h View File

@ -0,0 +1,23 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_INTERNAL_EVP_H
# define OSSL_INTERNAL_EVP_H
# include <openssl/evp.h>
# ifndef OPENSSL_NO_EC
/*
* TODO(3.0) While waiting for more generic getters, we have these functions
* as an interim solution. This should be removed when the generic getters
* appear.
*/
int evp_pkey_get_EC_KEY_curve_nid(const EVP_PKEY *pkey);
# endif
#endif

+ 1
- 0
include/openssl/evp.h View File

@ -1111,6 +1111,7 @@ int EVP_PKEY_base_id(const EVP_PKEY *pkey);
int EVP_PKEY_bits(const EVP_PKEY *pkey);
int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
int EVP_PKEY_size(const EVP_PKEY *pkey);
int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt);


+ 1
- 1
ssl/ssl_rsa.c View File

@ -338,7 +338,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
return 0;
}
#ifndef OPENSSL_NO_EC
if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
if (i == SSL_PKEY_ECC && !EVP_PKEY_can_sign(pkey)) {
SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
return 0;
}


+ 3
- 5
ssl/statem/statem_lib.c View File

@ -14,6 +14,7 @@
#include "../ssl_local.h"
#include "statem_local.h"
#include "internal/cryptlib.h"
#include "internal/evp.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
@ -1531,7 +1532,6 @@ static int is_tls13_capable(const SSL *s)
int i;
#ifndef OPENSSL_NO_EC
int curve;
EC_KEY *eckey;
#endif
#ifndef OPENSSL_NO_PSK
@ -1563,10 +1563,8 @@ static int is_tls13_capable(const SSL *s)
* more restrictive so check that our sig algs are consistent with this
* EC cert. See section 4.2.3 of RFC8446.
*/
eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
if (eckey == NULL)
continue;
curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
curve = evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
.privatekey);
if (tls_check_sigalg_curve(s, curve))
return 1;
#else


+ 32
- 29
ssl/t1_lib.c View File

@ -22,6 +22,7 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include "internal/nelem.h"
#include "internal/evp.h"
#include "ssl_local.h"
#include <openssl/ct.h>
@ -583,7 +584,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
size_t i;
/* If not an EC key nothing to check */
if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
if (!EVP_PKEY_is_a(pkey, "EC"))
return 1;
ec = EVP_PKEY_get0_EC_KEY(pkey);
grp = EC_KEY_get0_group(ec);
@ -624,13 +625,11 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
/* Return group id of a key */
static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
{
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
const EC_GROUP *grp;
int curve_nid = evp_pkey_get_EC_KEY_curve_nid(pkey);
if (ec == NULL)
if (curve_nid == NID_undef)
return 0;
grp = EC_KEY_get0_group(ec);
return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
return tls1_nid2group_id(curve_nid);
}
/*
@ -645,7 +644,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
if (pkey == NULL)
return 0;
/* If not EC nothing to do */
if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
if (!EVP_PKEY_is_a(pkey, "EC"))
return 1;
/* Check compression */
if (!tls1_check_pkey_comp(s, pkey))
@ -1111,10 +1110,22 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
const EVP_MD *md = NULL;
char sigalgstr[2];
size_t sent_sigslen, i, cidx;
int pkeyid = EVP_PKEY_id(pkey);
int pkeyid = -1;
const SIGALG_LOOKUP *lu;
int secbits = 0;
/*
* TODO(3.0) Remove this when we adapted this function for provider
* side keys. We know that EVP_PKEY_get0() downgrades an EVP_PKEY
* to contain a legacy key.
*
* THIS IS TEMPORARY
*/
EVP_PKEY_get0(pkey);
if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE)
return 0;
pkeyid = EVP_PKEY_id(pkey);
/* Should never happen */
if (pkeyid == -1)
return -1;
@ -1163,8 +1174,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
/* For TLS 1.3 or Suite B check curve matches signature algorithm */
if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
int curve = evp_pkey_get_EC_KEY_curve_nid(pkey);
if (lu->curve != NID_undef && curve != lu->curve) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
@ -2449,17 +2459,14 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
if (!s->server && strict_mode) {
STACK_OF(X509_NAME) *ca_dn;
int check_type = 0;
switch (EVP_PKEY_id(pk)) {
case EVP_PKEY_RSA:
if (EVP_PKEY_is_a(pk, "RSA"))
check_type = TLS_CT_RSA_SIGN;
break;
case EVP_PKEY_DSA:
else if (EVP_PKEY_is_a(pk, "DSA"))
check_type = TLS_CT_DSS_SIGN;
break;
case EVP_PKEY_EC:
else if (EVP_PKEY_is_a(pk, "EC"))
check_type = TLS_CT_ECDSA_SIGN;
break;
}
if (check_type) {
const uint8_t *ctypes = s->s3.tmp.ctype;
size_t j;
@ -2820,10 +2827,8 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
if (lu->sig == EVP_PKEY_EC) {
#ifndef OPENSSL_NO_EC
if (curve == -1) {
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmppkey);
curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
}
if (curve == -1)
curve = evp_pkey_get_EC_KEY_curve_nid(tmppkey);
if (lu->curve != NID_undef && curve != lu->curve)
continue;
#else
@ -2882,15 +2887,13 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
size_t i;
if (s->s3.tmp.peer_sigalgs != NULL) {
#ifndef OPENSSL_NO_EC
int curve;
int curve = -1;
/* For Suite B need to match signature algorithm to curve */
if (tls1_suiteb(s)) {
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
} else {
curve = -1;
}
if (tls1_suiteb(s))
curve =
evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
.privatekey);
#endif
/*


+ 1
- 0
util/libcrypto.num View File

@ -5039,3 +5039,4 @@ EVP_PKEY_get_utf8_string_param ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get_octet_string_param ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_is_a ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_can_sign ? 3_0_0 EXIST::FUNCTION:
evp_pkey_get_EC_KEY_curve_nid ? 3_0_0 EXIST::FUNCTION:EC

+ 2
- 0
util/missingcrypto.txt View File

@ -1558,6 +1558,8 @@ conf_ssl_name_find(3)
d2i_X509_bio(3)
d2i_X509_fp(3)
err_free_strings_int(3)
# The following is internal but exported by libcrypto
evp_pkey_get_EC_KEY_curve_nid(3)
i2a_ACCESS_DESCRIPTION(3)
i2a_ASN1_ENUMERATED(3)
i2a_ASN1_INTEGER(3)


Loading…
Cancel
Save