TLS: Use EVP_PKEY_get_group_name() to get the group name

For the moment, we translate the result to a NID, because that's still
used in several locations in libssl.  Future development should change
all the internals to be name based instead.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13436)

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index d0fd8b926bb672990a276c45b5054d85f5d3fd8b..c2a4087c3b6c85e796a8bd72bf2cd4b814d441ff 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -807,6 +807,8 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
                    size_t max_size);
 size_t ssl_hmac_size(const SSL_HMAC *ctx);
 
+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey);
+
 typedef struct tls_group_info_st {
     char *tlsname;           /* Curve Name as in TLS specs */
     char *realname;          /* Curve Name according to provider */

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 5d89b75c05b2379f2f65262958a4444fa320a713..44cf5a6ce0aee06d7499307da1a00cf9fd456ff2 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -14,7 +14,6 @@
 #include "../ssl_local.h"
 #include "statem_local.h"
 #include "internal/cryptlib.h"
-#include "internal/evp.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
@@ -1555,8 +1554,7 @@ static int is_tls13_capable(const SSL *s)
          * more restrictive so check that our sig algs are consistent with this
          * EC cert. See section 4.2.3 of RFC8446.
          */
-        curve = evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
-                                              .privatekey);
+        curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
         if (tls_check_sigalg_curve(s, curve))
             return 1;
 #else

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6ad6f1b26fecf4157dbff7f29de3f31866b7dfa3..bc366c8a7cf1b7f2c22165df37bd64678d89dcb3 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -21,7 +21,7 @@
 #include <openssl/provider.h>
 #include <openssl/param_build.h>
 #include "internal/nelem.h"
-#include "internal/evp.h"
+#include "internal/sizes.h"
 #include "internal/tlsgroups.h"
 #include "ssl_local.h"
 #include <openssl/ct.h>
@@ -865,7 +865,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
 /* Return group id of a key */
 static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
 {
-    int curve_nid = evp_pkey_get_EC_KEY_curve_nid(pkey);
+    int curve_nid = ssl_get_EC_curve_nid(pkey);
 
     if (curve_nid == NID_undef)
         return 0;
@@ -1498,7 +1498,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
 
         /* For TLS 1.3 or Suite B check curve matches signature algorithm */
         if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
-            int curve = evp_pkey_get_EC_KEY_curve_nid(pkey);
+            int curve = ssl_get_EC_curve_nid(pkey);
 
             if (lu->curve != NID_undef && curve != lu->curve) {
                 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_CURVE);
@@ -3151,14 +3151,10 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
                                  : s->cert->pkeys[lu->sig_idx].privatekey;
 
         if (lu->sig == EVP_PKEY_EC) {
-#ifndef OPENSSL_NO_EC
             if (curve == -1)
-                curve = evp_pkey_get_EC_KEY_curve_nid(tmppkey);
+                curve = ssl_get_EC_curve_nid(tmppkey);
             if (lu->curve != NID_undef && curve != lu->curve)
                 continue;
-#else
-            continue;
-#endif
         } else if (lu->sig == EVP_PKEY_RSA_PSS) {
             /* validate that key is large enough for the signature algorithm */
             if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu))
@@ -3211,15 +3207,12 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
         if (SSL_USE_SIGALGS(s)) {
             size_t i;
             if (s->s3.tmp.peer_sigalgs != NULL) {
-#ifndef OPENSSL_NO_EC
                 int curve = -1;
 
                 /* For Suite B need to match signature algorithm to curve */
                 if (tls1_suiteb(s))
-                    curve =
-                        evp_pkey_get_EC_KEY_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
-                                                      .privatekey);
-#endif
+                    curve = ssl_get_EC_curve_nid(s->cert->pkeys[SSL_PKEY_ECC]
+                                                 .privatekey);
 
                 /*
                  * Find highest preference signature algorithm matching
@@ -3248,9 +3241,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
                         if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu))
                             continue;
                     }
-#ifndef OPENSSL_NO_EC
                     if (curve == -1 || lu->curve == curve)
-#endif
                         break;
                 }
 #ifndef OPENSSL_NO_GOST
@@ -3454,3 +3445,12 @@ size_t ssl_hmac_size(const SSL_HMAC *ctx)
     return 0;
 }
 
+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey)
+{
+    char gname[OSSL_MAX_NAME_SIZE];
+
+    if (EVP_PKEY_get_group_name(pkey, gname, sizeof(gname), NULL) > 0)
+        return OBJ_txt2nid(gname);
+
+    return NID_undef;
+}