From cae4136431e7298760cae50732226c64e438d8dd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 12 Dec 2015 01:13:42 +0000 Subject: [PATCH] Use EC_KEY_key2buf and EC_oct2key in libssl. Reviewed-by: Richard Levitte --- ssl/statem/statem_clnt.c | 62 +++++++--------------------------------- ssl/statem/statem_srvr.c | 40 +++----------------------- 2 files changed, 14 insertions(+), 88 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 633e67731..4527cce79 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1586,8 +1586,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) #endif #ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; - BN_CTX *bn_ctx = NULL; - EC_POINT *srvr_ecpoint = NULL; int curve_nid = 0; #endif PACKET save_param_start, signature; @@ -1742,16 +1740,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) #ifndef OPENSSL_NO_EC else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) { - EC_GROUP *ngroup; - const EC_GROUP *group; PACKET encoded_pt; unsigned char *ecparams; - if ((ecdh = EC_KEY_new()) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } - /* * Extract elliptic curve parameters and the server's ephemeral ECDH * public key. For now we only support named (not generic) curves and @@ -1777,23 +1768,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto f_err; } - ngroup = EC_GROUP_new_by_curve_name(curve_nid); - if (ngroup == NULL) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - if (EC_KEY_set_group(ecdh, ngroup) == 0) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EC_LIB); - goto err; - } - EC_GROUP_free(ngroup); + ecdh = EC_KEY_new_by_curve_name(curve_nid); - group = EC_KEY_get0_group(ecdh); - - /* Next, get the encoded ECPoint */ - if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || - ((bn_ctx = BN_CTX_new()) == NULL)) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + if (ecdh == NULL) { + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } @@ -1802,8 +1780,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) goto f_err; } - if (EC_POINT_oct2point(group, srvr_ecpoint, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt), bn_ctx) == 0) { + if (EC_KEY_oct2key(ecdh, PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt), NULL) == 0) { SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT); goto f_err; } @@ -1823,13 +1801,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) pkey = X509_get_pubkey(s->session->peer); # endif /* else anonymous ECDH, so no certificate or pkey. */ - EC_KEY_set_public_key(ecdh, srvr_ecpoint); s->s3->peer_ecdh_tmp = ecdh; ecdh = NULL; - BN_CTX_free(bn_ctx); - bn_ctx = NULL; - EC_POINT_free(srvr_ecpoint); - srvr_ecpoint = NULL; } else if (alg_k) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); @@ -1940,8 +1913,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) DH_free(dh); #endif #ifndef OPENSSL_NO_EC - BN_CTX_free(bn_ctx); - EC_POINT_free(srvr_ecpoint); EC_KEY_free(ecdh); #endif EVP_MD_CTX_free(md_ctx); @@ -2272,7 +2243,6 @@ int tls_construct_client_key_exchange(SSL *s) EVP_PKEY *srvr_pub_pkey = NULL; unsigned char *encodedPoint = NULL; int encoded_pt_len = 0; - BN_CTX *bn_ctx = NULL; #endif unsigned char *pms = NULL; size_t pmslen = 0; @@ -2620,25 +2590,15 @@ psk_err: * accordingly. */ encoded_pt_len = - EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); + EC_KEY_key2buf(clnt_ecdh, POINT_CONVERSION_UNCOMPRESSED, + &encodedPoint, NULL); - encodedPoint = (unsigned char *) - OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char)); - bn_ctx = BN_CTX_new(); - if ((encodedPoint == NULL) || (bn_ctx == NULL)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); + if (encoded_pt_len == 0) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } - /* Encode the public key */ - n = EC_POINT_point2oct(srvr_group, - EC_KEY_get0_public_key(clnt_ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encoded_pt_len, bn_ctx); + n = encoded_pt_len; *p = n; /* length of encoded point */ /* Encoded point will be copied here */ @@ -2650,7 +2610,6 @@ psk_err: } /* Free allocated memory */ - BN_CTX_free(bn_ctx); OPENSSL_free(encodedPoint); EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); @@ -2828,7 +2787,6 @@ psk_err: OPENSSL_clear_free(pms, pmslen); s->s3->tmp.pms = NULL; #ifndef OPENSSL_NO_EC - BN_CTX_free(bn_ctx); OPENSSL_free(encodedPoint); EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 13078160e..12a8b32ae 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1721,7 +1721,6 @@ int tls_construct_server_key_exchange(SSL *s) unsigned char *encodedPoint = NULL; int encodedlen = 0; int curve_id = 0; - BN_CTX *bn_ctx = NULL; #endif EVP_PKEY *pkey; const EVP_MD *md = NULL; @@ -1879,33 +1878,14 @@ int tls_construct_server_key_exchange(SSL *s) * Encode the public key. First check the size of encoding and * allocate memory accordingly. */ - encodedlen = EC_POINT_point2oct(group, - EC_KEY_get0_public_key(ecdh), - POINT_CONVERSION_UNCOMPRESSED, - NULL, 0, NULL); - - encodedPoint = (unsigned char *) - OPENSSL_malloc(encodedlen * sizeof(unsigned char)); - bn_ctx = BN_CTX_new(); - if ((encodedPoint == NULL) || (bn_ctx == NULL)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - encodedlen = EC_POINT_point2oct(group, - EC_KEY_get0_public_key(ecdh), - POINT_CONVERSION_UNCOMPRESSED, - encodedPoint, encodedlen, bn_ctx); + encodedlen = EC_KEY_key2buf(ecdh, POINT_CONVERSION_UNCOMPRESSED, + &encodedPoint, NULL); if (encodedlen == 0) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); + SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } - BN_CTX_free(bn_ctx); - bn_ctx = NULL; - /* * XXX: For now, we only support named (not generic) curves in * ECDH ephemeral key exchanges. In this situation, we need four @@ -2082,7 +2062,6 @@ int tls_construct_server_key_exchange(SSL *s) err: #ifndef OPENSSL_NO_EC OPENSSL_free(encodedPoint); - BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_free(md_ctx); ossl_statem_set_error(s); @@ -2176,9 +2155,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) #endif #ifndef OPENSSL_NO_EC EC_KEY *srvr_ecdh = NULL; - EVP_PKEY *clnt_pub_pkey = NULL; EC_POINT *clnt_ecpoint = NULL; - BN_CTX *bn_ctx = NULL; #endif PACKET enc_premaster; unsigned char *data, *rsa_decrypt = NULL; @@ -2581,11 +2558,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) * Get client's public key from encoded point in the * ClientKeyExchange message. */ - if ((bn_ctx = BN_CTX_new()) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } /* Get encoded point length */ if (!PACKET_get_1(pkt, &i)) { @@ -2599,7 +2571,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } - if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, bn_ctx) == 0) { + if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, NULL) == 0) { SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } @@ -2624,10 +2596,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) goto err; } - EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); EC_KEY_free(srvr_ecdh); - BN_CTX_free(bn_ctx); EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; @@ -2780,10 +2750,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) err: #endif #ifndef OPENSSL_NO_EC - EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); EC_KEY_free(srvr_ecdh); - BN_CTX_free(bn_ctx); OPENSSL_free(rsa_decrypt); #endif #ifndef OPENSSL_NO_PSK