Don't use the array index as the group_id

This is a precursor to adding new group ids for post quantum stuff which are up in the 4000 range, so using the array index as the group id will be silly. Instead we just add the group id to the structure and we walk the list to find it. This should never be a very large list for us, so no need to do anything cuter than linear search for now. ok jsing@, joshua@
author: beck <> 2025-05-20 05:39:08 +0000
committer: beck <> 2025-05-20 05:39:08 +0000
commit: ba497f049e31b884fb58688b50b8f9f306b75509 (patch)
tree: bec3bc3f81054a41d9cb7e104d3c76a4b34c649a /src/lib/libssl/t1_lib.c
parent: b7d2b00a69a9fe4778d1d5eb40407b1bba0ea5a8 (diff)
download: openbsd-ba497f049e31b884fb58688b50b8f9f306b75509.tar.gz
openbsd-ba497f049e31b884fb58688b50b8f9f306b75509.tar.bz2
openbsd-ba497f049e31b884fb58688b50b8f9f306b75509.zip
1 files changed, 97 insertions, 51 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b200f78098..0eb3354276 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.205 2025/05/20 05:39:08 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -151,6 +151,7 @@ tls1_clear(SSL *s)
 }
 struct supported_group {
+        uint16_t group_id;
        int nid;
        int bits;
 };
@@ -160,119 +161,148 @@ struct supported_group {
 * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
 */
 static const struct supported_group nid_list[] = {
-        [1] = {
+        {
+                .group_id = 1,
                .nid = NID_sect163k1,
                .bits = 80,
        },
-        [2] = {
+        {
+                .group_id = 2,
                .nid = NID_sect163r1,
                .bits = 80,
        },
-        [3] = {
+        {
+                .group_id = 3,
                .nid = NID_sect163r2,
                .bits = 80,
        },
-        [4] = {
+        {
+                .group_id = 4,
                .nid = NID_sect193r1,
                .bits = 80,
        },
-        [5] = {
+        {
+                .group_id = 5,
                .nid = NID_sect193r2,
                .bits = 80,
        },
-        [6] = {
+        {
+                .group_id = 6,
                .nid = NID_sect233k1,
                .bits = 112,
        },
-        [7] = {
+        {
+                .group_id = 7,
                .nid = NID_sect233r1,
                .bits = 112,
        },
-        [8] = {
+        {
+                .group_id = 8,
                .nid = NID_sect239k1,
                .bits = 112,
        },
-        [9] = {
+        {
+                .group_id = 9,
                .nid = NID_sect283k1,
                .bits = 128,
        },
-        [10] = {
+        {
+                .group_id = 10,
                .nid = NID_sect283r1,
                .bits = 128,
        },
-        [11] = {
+        {
+                .group_id = 11,
                .nid = NID_sect409k1,
                .bits = 192,
        },
-        [12] = {
+        {
+                .group_id = 12,
                .nid = NID_sect409r1,
                .bits = 192,
        },
-        [13] = {
+        {
+                .group_id = 13,
                .nid = NID_sect571k1,
                .bits = 256,
        },
-        [14] = {
+        {
+                .group_id = 14,
                .nid = NID_sect571r1,
                .bits = 256,
        },
-        [15] = {
+        {
+                .group_id = 15,
                .nid = NID_secp160k1,
                .bits = 80,
        },
-        [16] = {
+        {
+                .group_id = 16,
                .nid = NID_secp160r1,
                .bits = 80,
        },
-        [17] = {
+        {
+                .group_id = 17,
                .nid = NID_secp160r2,
                .bits = 80,
        },
-        [18] = {
+        {
+                .group_id = 18,
                .nid = NID_secp192k1,
                .bits = 80,
        },
-        [19] = {
+        {
+                .group_id = 19,
                .nid = NID_X9_62_prime192v1,    /* aka secp192r1 */
                .bits = 80,
        },
-        [20] = {
+        {
+                .group_id = 20,
                .nid = NID_secp224k1,
                .bits = 112,
        },
-        [21] = {
+        {
+                .group_id = 21,
                .nid = NID_secp224r1,
                .bits = 112,
        },
-        [22] = {
+        {
+                .group_id = 22,
                .nid = NID_secp256k1,
                .bits = 128,
        },
-        [23] = {
+        {
+                .group_id = 23,
                .nid = NID_X9_62_prime256v1,    /* aka secp256r1 */
                .bits = 128,
        },
-        [24] = {
+        {
+                .group_id = 24,
                .nid = NID_secp384r1,
                .bits = 192,
        },
-        [25] = {
+        {
+                .group_id = 25,
                .nid = NID_secp521r1,
                .bits = 256,
        },
-        [26] = {
+        {
+                .group_id = 26,
                .nid = NID_brainpoolP256r1,
                .bits = 128,
        },
-        [27] = {
+        {
+                .group_id = 27,
                .nid = NID_brainpoolP384r1,
                .bits = 192,
        },
-        [28] = {
+        {
+                .group_id = 28,
                .nid = NID_brainpoolP512r1,
                .bits = 256,
        },
-        [29] = {
+        {
+                .group_id = 29,
                .nid = NID_X25519,
                .bits = 128,
        },
@@ -339,18 +369,41 @@ static const uint16_t ecgroups_server_default[] = {
        24,                     /* secp384r1 (24) */
 };
+static const struct supported_group *
+tls1_supported_group_by_id(uint16_t group_id)
+{
+        int i;
+        for (i = 0; i < NID_LIST_LEN; i++) {
+                if (group_id == nid_list[i].group_id)
+                        return &nid_list[i];
+        }
+        return NULL;
+}
+static const struct supported_group *
+tls1_supported_group_by_nid(int nid)
+{
+        int i;
+        for (i = 0; i < NID_LIST_LEN; i++) {
+                if (nid == nid_list[i].nid)
+                        return &nid_list[i];
+        }
+        return NULL;
+}
 int
 tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
 {
-        int nid;
+        const struct supported_group *sg;
-        if (group_id >= NID_LIST_LEN)
-                return 0;
-        if ((nid = nid_list[group_id].nid) == 0)
+        if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
                return 0;
-        *out_nid = nid;
+        *out_nid = sg->nid;
        return 1;
 }
@@ -358,15 +411,12 @@ tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
 int
 tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
 {
-        int bits;
+        const struct supported_group *sg;
-        if (group_id >= NID_LIST_LEN)
+        if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
                return 0;
-        if ((bits = nid_list[group_id].bits) == 0)
+        *out_bits = sg->bits;
-                return 0;
-        *out_bits = bits;
        return 1;
 }
@@ -374,19 +424,15 @@ tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
 int
 tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)
 {
-        uint16_t group_id;
+        const struct supported_group *sg;
-        if (nid == 0)
+        if ((sg = tls1_supported_group_by_nid(nid)) == NULL)
                return 0;
-        for (group_id = 0; group_id < NID_LIST_LEN; group_id++) {
+        *out_group_id = sg->group_id;
-                if (nid_list[group_id].nid == nid) {
-                        *out_group_id = group_id;
+        return 1;
-                        return 1;
-                }
-        }
-        return 0;
 }
 /*
author	beck <>	2025-05-20 05:39:08 +0000
committer	beck <>	2025-05-20 05:39:08 +0000
commit	ba497f049e31b884fb58688b50b8f9f306b75509 (patch)
tree	bec3bc3f81054a41d9cb7e104d3c76a4b34c649a /src/lib/libssl/t1_lib.c
parent	b7d2b00a69a9fe4778d1d5eb40407b1bba0ea5a8 (diff)
download	openbsd-ba497f049e31b884fb58688b50b8f9f306b75509.tar.gz openbsd-ba497f049e31b884fb58688b50b8f9f306b75509.tar.bz2 openbsd-ba497f049e31b884fb58688b50b8f9f306b75509.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b200f78098..0eb3354276 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.205 2025/05/20 05:39:08 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -151,6 +151,7 @@ tls1_clear(SSL *s)
151	}	151	}
152		152
153	struct supported_group {	153	struct supported_group {
		154	uint16_t group_id;
154	int nid;	155	int nid;
155	int bits;	156	int bits;
156	};	157	};
@@ -160,119 +161,148 @@ struct supported_group {
160	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-8	161	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
161	*/	162	*/
162	static const struct supported_group nid_list[] = {	163	static const struct supported_group nid_list[] = {
163	[1] = {	164	{
		165	.group_id = 1,
164	.nid = NID_sect163k1,	166	.nid = NID_sect163k1,
165	.bits = 80,	167	.bits = 80,
166	},	168	},
167	[2] = {	169	{
		170	.group_id = 2,
168	.nid = NID_sect163r1,	171	.nid = NID_sect163r1,
169	.bits = 80,	172	.bits = 80,
170	},	173	},
171	[3] = {	174	{
		175	.group_id = 3,
172	.nid = NID_sect163r2,	176	.nid = NID_sect163r2,
173	.bits = 80,	177	.bits = 80,
174	},	178	},
175	[4] = {	179	{
		180	.group_id = 4,
176	.nid = NID_sect193r1,	181	.nid = NID_sect193r1,
177	.bits = 80,	182	.bits = 80,
178	},	183	},
179	[5] = {	184	{
		185	.group_id = 5,
180	.nid = NID_sect193r2,	186	.nid = NID_sect193r2,
181	.bits = 80,	187	.bits = 80,
182	},	188	},
183	[6] = {	189	{
		190	.group_id = 6,
184	.nid = NID_sect233k1,	191	.nid = NID_sect233k1,
185	.bits = 112,	192	.bits = 112,
186	},	193	},
187	[7] = {	194	{
		195	.group_id = 7,
188	.nid = NID_sect233r1,	196	.nid = NID_sect233r1,
189	.bits = 112,	197	.bits = 112,
190	},	198	},
191	[8] = {	199	{
		200	.group_id = 8,
192	.nid = NID_sect239k1,	201	.nid = NID_sect239k1,
193	.bits = 112,	202	.bits = 112,
194	},	203	},
195	[9] = {	204	{
		205	.group_id = 9,
196	.nid = NID_sect283k1,	206	.nid = NID_sect283k1,
197	.bits = 128,	207	.bits = 128,
198	},	208	},
199	[10] = {	209	{
		210	.group_id = 10,
200	.nid = NID_sect283r1,	211	.nid = NID_sect283r1,
201	.bits = 128,	212	.bits = 128,
202	},	213	},
203	[11] = {	214	{
		215	.group_id = 11,
204	.nid = NID_sect409k1,	216	.nid = NID_sect409k1,
205	.bits = 192,	217	.bits = 192,
206	},	218	},
207	[12] = {	219	{
		220	.group_id = 12,
208	.nid = NID_sect409r1,	221	.nid = NID_sect409r1,
209	.bits = 192,	222	.bits = 192,
210	},	223	},
211	[13] = {	224	{
		225	.group_id = 13,
212	.nid = NID_sect571k1,	226	.nid = NID_sect571k1,
213	.bits = 256,	227	.bits = 256,
214	},	228	},
215	[14] = {	229	{
		230	.group_id = 14,
216	.nid = NID_sect571r1,	231	.nid = NID_sect571r1,
217	.bits = 256,	232	.bits = 256,
218	},	233	},
219	[15] = {	234	{
		235	.group_id = 15,
220	.nid = NID_secp160k1,	236	.nid = NID_secp160k1,
221	.bits = 80,	237	.bits = 80,
222	},	238	},
223	[16] = {	239	{
		240	.group_id = 16,
224	.nid = NID_secp160r1,	241	.nid = NID_secp160r1,
225	.bits = 80,	242	.bits = 80,
226	},	243	},
227	[17] = {	244	{
		245	.group_id = 17,
228	.nid = NID_secp160r2,	246	.nid = NID_secp160r2,
229	.bits = 80,	247	.bits = 80,
230	},	248	},
231	[18] = {	249	{
		250	.group_id = 18,
232	.nid = NID_secp192k1,	251	.nid = NID_secp192k1,
233	.bits = 80,	252	.bits = 80,
234	},	253	},
235	[19] = {	254	{
		255	.group_id = 19,
236	.nid = NID_X9_62_prime192v1, /* aka secp192r1 */	256	.nid = NID_X9_62_prime192v1, /* aka secp192r1 */
237	.bits = 80,	257	.bits = 80,
238	},	258	},
239	[20] = {	259	{
		260	.group_id = 20,
240	.nid = NID_secp224k1,	261	.nid = NID_secp224k1,
241	.bits = 112,	262	.bits = 112,
242	},	263	},
243	[21] = {	264	{
		265	.group_id = 21,
244	.nid = NID_secp224r1,	266	.nid = NID_secp224r1,
245	.bits = 112,	267	.bits = 112,
246	},	268	},
247	[22] = {	269	{
		270	.group_id = 22,
248	.nid = NID_secp256k1,	271	.nid = NID_secp256k1,
249	.bits = 128,	272	.bits = 128,
250	},	273	},
251	[23] = {	274	{
		275	.group_id = 23,
252	.nid = NID_X9_62_prime256v1, /* aka secp256r1 */	276	.nid = NID_X9_62_prime256v1, /* aka secp256r1 */
253	.bits = 128,	277	.bits = 128,
254	},	278	},
255	[24] = {	279	{
		280	.group_id = 24,
256	.nid = NID_secp384r1,	281	.nid = NID_secp384r1,
257	.bits = 192,	282	.bits = 192,
258	},	283	},
259	[25] = {	284	{
		285	.group_id = 25,
260	.nid = NID_secp521r1,	286	.nid = NID_secp521r1,
261	.bits = 256,	287	.bits = 256,
262	},	288	},
263	[26] = {	289	{
		290	.group_id = 26,
264	.nid = NID_brainpoolP256r1,	291	.nid = NID_brainpoolP256r1,
265	.bits = 128,	292	.bits = 128,
266	},	293	},
267	[27] = {	294	{
		295	.group_id = 27,
268	.nid = NID_brainpoolP384r1,	296	.nid = NID_brainpoolP384r1,
269	.bits = 192,	297	.bits = 192,
270	},	298	},
271	[28] = {	299	{
		300	.group_id = 28,
272	.nid = NID_brainpoolP512r1,	301	.nid = NID_brainpoolP512r1,
273	.bits = 256,	302	.bits = 256,
274	},	303	},
275	[29] = {	304	{
		305	.group_id = 29,
276	.nid = NID_X25519,	306	.nid = NID_X25519,
277	.bits = 128,	307	.bits = 128,
278	},	308	},
@@ -339,18 +369,41 @@ static const uint16_t ecgroups_server_default[] = {
339	24, /* secp384r1 (24) */	369	24, /* secp384r1 (24) */
340	};	370	};
341		371
		372	static const struct supported_group *
		373	tls1_supported_group_by_id(uint16_t group_id)
		374	{
		375	int i;
		376
		377	for (i = 0; i < NID_LIST_LEN; i++) {
		378	if (group_id == nid_list[i].group_id)
		379	return &nid_list[i];
		380	}
		381
		382	return NULL;
		383	}
		384
		385	static const struct supported_group *
		386	tls1_supported_group_by_nid(int nid)
		387	{
		388	int i;
		389
		390	for (i = 0; i < NID_LIST_LEN; i++) {
		391	if (nid == nid_list[i].nid)
		392	return &nid_list[i];
		393	}
		394
		395	return NULL;
		396	}
		397
342	int	398	int
343	tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)	399	tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
344	{	400	{
345	int nid;	401	const struct supported_group *sg;
346
347	if (group_id >= NID_LIST_LEN)
348	return 0;
349		402
350	if ((nid = nid_list[group_id].nid) == 0)	403	if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
351	return 0;	404	return 0;
352		405
353	*out_nid = nid;	406	*out_nid = sg->nid;
354		407
355	return 1;	408	return 1;
356	}	409	}
@@ -358,15 +411,12 @@ tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
358	int	411	int
359	tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)	412	tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
360	{	413	{
361	int bits;	414	const struct supported_group *sg;
362		415
363	if (group_id >= NID_LIST_LEN)	416	if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
364	return 0;	417	return 0;
365		418
366	if ((bits = nid_list[group_id].bits) == 0)	419	*out_bits = sg->bits;
367	return 0;
368
369	*out_bits = bits;
370		420
371	return 1;	421	return 1;
372	}	422	}
@@ -374,19 +424,15 @@ tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
374	int	424	int
375	tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)	425	tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)
376	{	426	{
377	uint16_t group_id;	427	const struct supported_group *sg;
378		428
379	if (nid == 0)	429	if ((sg = tls1_supported_group_by_nid(nid)) == NULL)
380	return 0;	430	return 0;
381		431
382	for (group_id = 0; group_id < NID_LIST_LEN; group_id++) {	432	*out_group_id = sg->group_id;
383	if (nid_list[group_id].nid == nid) {	433
384	*out_group_id = group_id;	434	return 1;
385	return 1;
386	}
387	}
388		435
389	return 0;
390	}	436	}
391		437
392	/*	438	/*