Set nid on group decoded from EC parameters

We match curve parameters against the builtin curves and only accept
them if they're encoding a curve known to us. After getting rid of the
wtls curves, some of which used to coincide with secp curves (sometimes
the wrong ones), the nid is unambiguous. Setting the nid has no direct
implications on the encoding.

This helps ssh avoid doing ugly computations during the key exchange
for PEM keys using this encoding.

ok djm joshua jsing

3 files changed, 14 insertions, 7 deletions

diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index b5be7b496d..7d2243db0c 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.107 2024/11/22 12:01:14 tb Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.108 2024/12/06 04:35:03 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -1069,6 +1069,7 @@ static EC_GROUP *
 ec_asn1_parameters2group(const ECPARAMETERS *params)
 {
         EC_GROUP *group = NULL;
+        int nid = NID_undef;
 
         if (params == NULL) {
                 ECerror(EC_R_ASN1_ERROR);
@@ -1077,8 +1078,9 @@ ec_asn1_parameters2group(const ECPARAMETERS *params)
 
         if (!ec_asn1_parameters_extract_prime_group(params, &group))
                 goto err;
-        if (!ec_group_is_builtin_curve(group))
+        if (!ec_group_is_builtin_curve(group, &nid))
                 goto err;
+        EC_GROUP_set_curve_name(group, nid);
 
         return group;
 
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index a37f324a24..cc5ad4d4e6 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_curve.c,v 1.51 2024/12/04 09:50:52 tb Exp $ */
+/* $OpenBSD: ec_curve.c,v 1.52 2024/12/06 04:35:03 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -2685,16 +2685,21 @@ ec_group_nid_from_curve(const struct ec_curve *curve)
 }
 
 int
-ec_group_is_builtin_curve(const EC_GROUP *group)
+ec_group_is_builtin_curve(const EC_GROUP *group, int *out_nid)
 {
         struct ec_curve *curve;
         int ret = 0;
+        int nid;
+
+        *out_nid = NID_undef;
 
         if ((curve = ec_curve_from_group(group)) == NULL)
                 goto err;
-        if (ec_group_nid_from_curve(curve) == NID_undef)
+        if ((nid = ec_group_nid_from_curve(curve)) == NID_undef)
                 goto err;
 
+        *out_nid = nid;
+
         ret = 1;
 
  err:
diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h
index 11cc36cf67..9a5c42f866 100644
--- a/src/lib/libcrypto/ec/ec_local.h
+++ b/src/lib/libcrypto/ec/ec_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.40 2024/11/30 21:09:59 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.41 2024/12/06 04:35:03 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -294,7 +294,7 @@ int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p,
 int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
     const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
 
-int ec_group_is_builtin_curve(const EC_GROUP *group);
+int ec_group_is_builtin_curve(const EC_GROUP *group, int *out_nid);
 int ec_group_get_field_type(const EC_GROUP *group);
 
 /*