Use EC_KEY_key2buf and EC_oct2key in libssl.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-12 01:13:42 +00:00 · 2015-12-12 01:13:42 +00:00 · cae4136431
commit cae4136431
parent 981bd8a2f2
2 changed files with 14 additions and 88 deletions
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -1586,8 +1586,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
 #endif
 #ifndef OPENSSL_NO_EC
    EC_KEY *ecdh = NULL;
    BN_CTX *bn_ctx = NULL;
    EC_POINT *srvr_ecpoint = NULL;
    int curve_nid = 0;
 #endif
    PACKET save_param_start, signature;
@ -1742,16 +1740,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
 #ifndef OPENSSL_NO_EC
    else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
        EC_GROUP *ngroup;
        const EC_GROUP *group;
        PACKET encoded_pt;
        unsigned char *ecparams;
        if ((ecdh = EC_KEY_new()) == NULL) {
            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        /*
         * Extract elliptic curve parameters and the server's ephemeral ECDH
         * public key. For now we only support named (not generic) curves and
@ -1777,23 +1768,10 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
            goto f_err;
        }
-        ngroup = EC_GROUP_new_by_curve_name(curve_nid);
+        ecdh = EC_KEY_new_by_curve_name(curve_nid);
        if (ngroup == NULL) {
            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EC_LIB);
            goto err;
        }
        if (EC_KEY_set_group(ecdh, ngroup) == 0) {
            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EC_LIB);
            goto err;
        }
        EC_GROUP_free(ngroup);
-        group = EC_KEY_get0_group(ecdh);
+        if (ecdh == NULL) {
-
+            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EC_LIB);
        /* Next, get the encoded ECPoint */
        if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
            ((bn_ctx = BN_CTX_new()) == NULL)) {
            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
            goto err;
        }
@ -1802,8 +1780,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
            goto f_err;
        }
-        if (EC_POINT_oct2point(group, srvr_ecpoint, PACKET_data(&encoded_pt),
+        if (EC_KEY_oct2key(ecdh, PACKET_data(&encoded_pt),
-                               PACKET_remaining(&encoded_pt), bn_ctx) == 0) {
+                           PACKET_remaining(&encoded_pt), NULL) == 0) {
            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
            goto f_err;
        }
@ -1823,13 +1801,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
            pkey = X509_get_pubkey(s->session->peer);
 # endif
        /* else anonymous ECDH, so no certificate or pkey. */
        EC_KEY_set_public_key(ecdh, srvr_ecpoint);
        s->s3->peer_ecdh_tmp = ecdh;
        ecdh = NULL;
        BN_CTX_free(bn_ctx);
        bn_ctx = NULL;
        EC_POINT_free(srvr_ecpoint);
        srvr_ecpoint = NULL;
    } else if (alg_k) {
        al = SSL_AD_UNEXPECTED_MESSAGE;
        SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
@ -1940,8 +1913,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
    DH_free(dh);
 #endif
 #ifndef OPENSSL_NO_EC
    BN_CTX_free(bn_ctx);
    EC_POINT_free(srvr_ecpoint);
    EC_KEY_free(ecdh);
 #endif
    EVP_MD_CTX_free(md_ctx);
@ -2272,7 +2243,6 @@ int tls_construct_client_key_exchange(SSL *s)
    EVP_PKEY *srvr_pub_pkey = NULL;
    unsigned char *encodedPoint = NULL;
    int encoded_pt_len = 0;
    BN_CTX *bn_ctx = NULL;
 #endif
    unsigned char *pms = NULL;
    size_t pmslen = 0;
@ -2620,25 +2590,15 @@ psk_err:
             * accordingly.
             */
            encoded_pt_len =
-                EC_POINT_point2oct(srvr_group,
+                EC_KEY_key2buf(clnt_ecdh, POINT_CONVERSION_UNCOMPRESSED,
-                                   EC_KEY_get0_public_key(clnt_ecdh),
+                               &encodedPoint, NULL);
                                   POINT_CONVERSION_UNCOMPRESSED,
                                   NULL, 0, NULL);
-            encodedPoint = (unsigned char *)
+            if (encoded_pt_len == 0) {
-                OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
+                SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
            bn_ctx = BN_CTX_new();
            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
                SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
                       ERR_R_MALLOC_FAILURE);
                goto err;
            }
-            /* Encode the public key */
+            n = encoded_pt_len;
            n = EC_POINT_point2oct(srvr_group,
                                   EC_KEY_get0_public_key(clnt_ecdh),
                                   POINT_CONVERSION_UNCOMPRESSED,
                                   encodedPoint, encoded_pt_len, bn_ctx);
            *p = n;         /* length of encoded point */
            /* Encoded point will be copied here */
@ -2650,7 +2610,6 @@ psk_err:
        }
        /* Free allocated memory */
        BN_CTX_free(bn_ctx);
        OPENSSL_free(encodedPoint);
        EC_KEY_free(clnt_ecdh);
        EVP_PKEY_free(srvr_pub_pkey);
@ -2828,7 +2787,6 @@ psk_err:
    OPENSSL_clear_free(pms, pmslen);
    s->s3->tmp.pms = NULL;
 #ifndef OPENSSL_NO_EC
    BN_CTX_free(bn_ctx);
    OPENSSL_free(encodedPoint);
    EC_KEY_free(clnt_ecdh);
    EVP_PKEY_free(srvr_pub_pkey);
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -1721,7 +1721,6 @@ int tls_construct_server_key_exchange(SSL *s)
    unsigned char *encodedPoint = NULL;
    int encodedlen = 0;
    int curve_id = 0;
    BN_CTX *bn_ctx = NULL;
 #endif
    EVP_PKEY *pkey;
    const EVP_MD *md = NULL;
@ -1879,33 +1878,14 @@ int tls_construct_server_key_exchange(SSL *s)
         * Encode the public key. First check the size of encoding and
         * allocate memory accordingly.
         */
-        encodedlen = EC_POINT_point2oct(group,
+        encodedlen = EC_KEY_key2buf(ecdh, POINT_CONVERSION_UNCOMPRESSED,
-                                        EC_KEY_get0_public_key(ecdh),
+                                    &encodedPoint, NULL);
                                        POINT_CONVERSION_UNCOMPRESSED,
                                        NULL, 0, NULL);
        encodedPoint = (unsigned char *)
            OPENSSL_malloc(encodedlen * sizeof(unsigned char));
        bn_ctx = BN_CTX_new();
        if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
                   ERR_R_MALLOC_FAILURE);
            goto err;
        }
        encodedlen = EC_POINT_point2oct(group,
                                        EC_KEY_get0_public_key(ecdh),
                                        POINT_CONVERSION_UNCOMPRESSED,
                                        encodedPoint, encodedlen, bn_ctx);
        if (encodedlen == 0) {
-            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+            SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
            goto err;
        }
        BN_CTX_free(bn_ctx);
        bn_ctx = NULL;
        /*
         * XXX: For now, we only support named (not generic) curves in
         * ECDH ephemeral key exchanges. In this situation, we need four
@ -2082,7 +2062,6 @@ int tls_construct_server_key_exchange(SSL *s)
 err:
 #ifndef OPENSSL_NO_EC
    OPENSSL_free(encodedPoint);
    BN_CTX_free(bn_ctx);
 #endif
    EVP_MD_CTX_free(md_ctx);
    ossl_statem_set_error(s);
@ -2176,9 +2155,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 #endif
 #ifndef OPENSSL_NO_EC
    EC_KEY *srvr_ecdh = NULL;
    EVP_PKEY *clnt_pub_pkey = NULL;
    EC_POINT *clnt_ecpoint = NULL;
    BN_CTX *bn_ctx = NULL;
 #endif
    PACKET enc_premaster;
    unsigned char *data, *rsa_decrypt = NULL;
@ -2581,11 +2558,6 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
             * Get client's public key from encoded point in the
             * ClientKeyExchange message.
             */
            if ((bn_ctx = BN_CTX_new()) == NULL) {
                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
                       ERR_R_MALLOC_FAILURE);
                goto err;
            }
            /* Get encoded point length */
            if (!PACKET_get_1(pkt, &i)) {
@ -2599,7 +2571,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
                goto err;
            }
-            if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, bn_ctx) == 0) {
+            if (EC_POINT_oct2point(group, clnt_ecpoint, data, i, NULL) == 0) {
                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
                goto err;
            }
@ -2624,10 +2596,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
            goto err;
        }
        EVP_PKEY_free(clnt_pub_pkey);
        EC_POINT_free(clnt_ecpoint);
        EC_KEY_free(srvr_ecdh);
        BN_CTX_free(bn_ctx);
        EC_KEY_free(s->s3->tmp.ecdh);
        s->s3->tmp.ecdh = NULL;
@ -2780,10 +2750,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 err:
 #endif
 #ifndef OPENSSL_NO_EC
    EVP_PKEY_free(clnt_pub_pkey);
    EC_POINT_free(clnt_ecpoint);
    EC_KEY_free(srvr_ecdh);
    BN_CTX_free(bn_ctx);
    OPENSSL_free(rsa_decrypt);
 #endif
 #ifndef OPENSSL_NO_PSK