diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 147 |
1 files changed, 96 insertions, 51 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b200f78098..57cd180d09 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.206 2025/05/31 15:17:11 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -151,6 +151,7 @@ tls1_clear(SSL *s) | |||
| 151 | } | 151 | } |
| 152 | 152 | ||
| 153 | struct supported_group { | 153 | struct supported_group { |
| 154 | uint16_t group_id; | ||
| 154 | int nid; | 155 | int nid; |
| 155 | int bits; | 156 | int bits; |
| 156 | }; | 157 | }; |
| @@ -160,119 +161,148 @@ struct supported_group { | |||
| 160 | * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8 | 161 | * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8 |
| 161 | */ | 162 | */ |
| 162 | static const struct supported_group nid_list[] = { | 163 | static const struct supported_group nid_list[] = { |
| 163 | [1] = { | 164 | { |
| 165 | .group_id = 1, | ||
| 164 | .nid = NID_sect163k1, | 166 | .nid = NID_sect163k1, |
| 165 | .bits = 80, | 167 | .bits = 80, |
| 166 | }, | 168 | }, |
| 167 | [2] = { | 169 | { |
| 170 | .group_id = 2, | ||
| 168 | .nid = NID_sect163r1, | 171 | .nid = NID_sect163r1, |
| 169 | .bits = 80, | 172 | .bits = 80, |
| 170 | }, | 173 | }, |
| 171 | [3] = { | 174 | { |
| 175 | .group_id = 3, | ||
| 172 | .nid = NID_sect163r2, | 176 | .nid = NID_sect163r2, |
| 173 | .bits = 80, | 177 | .bits = 80, |
| 174 | }, | 178 | }, |
| 175 | [4] = { | 179 | { |
| 180 | .group_id = 4, | ||
| 176 | .nid = NID_sect193r1, | 181 | .nid = NID_sect193r1, |
| 177 | .bits = 80, | 182 | .bits = 80, |
| 178 | }, | 183 | }, |
| 179 | [5] = { | 184 | { |
| 185 | .group_id = 5, | ||
| 180 | .nid = NID_sect193r2, | 186 | .nid = NID_sect193r2, |
| 181 | .bits = 80, | 187 | .bits = 80, |
| 182 | }, | 188 | }, |
| 183 | [6] = { | 189 | { |
| 190 | .group_id = 6, | ||
| 184 | .nid = NID_sect233k1, | 191 | .nid = NID_sect233k1, |
| 185 | .bits = 112, | 192 | .bits = 112, |
| 186 | }, | 193 | }, |
| 187 | [7] = { | 194 | { |
| 195 | .group_id = 7, | ||
| 188 | .nid = NID_sect233r1, | 196 | .nid = NID_sect233r1, |
| 189 | .bits = 112, | 197 | .bits = 112, |
| 190 | }, | 198 | }, |
| 191 | [8] = { | 199 | { |
| 200 | .group_id = 8, | ||
| 192 | .nid = NID_sect239k1, | 201 | .nid = NID_sect239k1, |
| 193 | .bits = 112, | 202 | .bits = 112, |
| 194 | }, | 203 | }, |
| 195 | [9] = { | 204 | { |
| 205 | .group_id = 9, | ||
| 196 | .nid = NID_sect283k1, | 206 | .nid = NID_sect283k1, |
| 197 | .bits = 128, | 207 | .bits = 128, |
| 198 | }, | 208 | }, |
| 199 | [10] = { | 209 | { |
| 210 | .group_id = 10, | ||
| 200 | .nid = NID_sect283r1, | 211 | .nid = NID_sect283r1, |
| 201 | .bits = 128, | 212 | .bits = 128, |
| 202 | }, | 213 | }, |
| 203 | [11] = { | 214 | { |
| 215 | .group_id = 11, | ||
| 204 | .nid = NID_sect409k1, | 216 | .nid = NID_sect409k1, |
| 205 | .bits = 192, | 217 | .bits = 192, |
| 206 | }, | 218 | }, |
| 207 | [12] = { | 219 | { |
| 220 | .group_id = 12, | ||
| 208 | .nid = NID_sect409r1, | 221 | .nid = NID_sect409r1, |
| 209 | .bits = 192, | 222 | .bits = 192, |
| 210 | }, | 223 | }, |
| 211 | [13] = { | 224 | { |
| 225 | .group_id = 13, | ||
| 212 | .nid = NID_sect571k1, | 226 | .nid = NID_sect571k1, |
| 213 | .bits = 256, | 227 | .bits = 256, |
| 214 | }, | 228 | }, |
| 215 | [14] = { | 229 | { |
| 230 | .group_id = 14, | ||
| 216 | .nid = NID_sect571r1, | 231 | .nid = NID_sect571r1, |
| 217 | .bits = 256, | 232 | .bits = 256, |
| 218 | }, | 233 | }, |
| 219 | [15] = { | 234 | { |
| 235 | .group_id = 15, | ||
| 220 | .nid = NID_secp160k1, | 236 | .nid = NID_secp160k1, |
| 221 | .bits = 80, | 237 | .bits = 80, |
| 222 | }, | 238 | }, |
| 223 | [16] = { | 239 | { |
| 240 | .group_id = 16, | ||
| 224 | .nid = NID_secp160r1, | 241 | .nid = NID_secp160r1, |
| 225 | .bits = 80, | 242 | .bits = 80, |
| 226 | }, | 243 | }, |
| 227 | [17] = { | 244 | { |
| 245 | .group_id = 17, | ||
| 228 | .nid = NID_secp160r2, | 246 | .nid = NID_secp160r2, |
| 229 | .bits = 80, | 247 | .bits = 80, |
| 230 | }, | 248 | }, |
| 231 | [18] = { | 249 | { |
| 250 | .group_id = 18, | ||
| 232 | .nid = NID_secp192k1, | 251 | .nid = NID_secp192k1, |
| 233 | .bits = 80, | 252 | .bits = 80, |
| 234 | }, | 253 | }, |
| 235 | [19] = { | 254 | { |
| 255 | .group_id = 19, | ||
| 236 | .nid = NID_X9_62_prime192v1, /* aka secp192r1 */ | 256 | .nid = NID_X9_62_prime192v1, /* aka secp192r1 */ |
| 237 | .bits = 80, | 257 | .bits = 80, |
| 238 | }, | 258 | }, |
| 239 | [20] = { | 259 | { |
| 260 | .group_id = 20, | ||
| 240 | .nid = NID_secp224k1, | 261 | .nid = NID_secp224k1, |
| 241 | .bits = 112, | 262 | .bits = 112, |
| 242 | }, | 263 | }, |
| 243 | [21] = { | 264 | { |
| 265 | .group_id = 21, | ||
| 244 | .nid = NID_secp224r1, | 266 | .nid = NID_secp224r1, |
| 245 | .bits = 112, | 267 | .bits = 112, |
| 246 | }, | 268 | }, |
| 247 | [22] = { | 269 | { |
| 270 | .group_id = 22, | ||
| 248 | .nid = NID_secp256k1, | 271 | .nid = NID_secp256k1, |
| 249 | .bits = 128, | 272 | .bits = 128, |
| 250 | }, | 273 | }, |
| 251 | [23] = { | 274 | { |
| 275 | .group_id = 23, | ||
| 252 | .nid = NID_X9_62_prime256v1, /* aka secp256r1 */ | 276 | .nid = NID_X9_62_prime256v1, /* aka secp256r1 */ |
| 253 | .bits = 128, | 277 | .bits = 128, |
| 254 | }, | 278 | }, |
| 255 | [24] = { | 279 | { |
| 280 | .group_id = 24, | ||
| 256 | .nid = NID_secp384r1, | 281 | .nid = NID_secp384r1, |
| 257 | .bits = 192, | 282 | .bits = 192, |
| 258 | }, | 283 | }, |
| 259 | [25] = { | 284 | { |
| 285 | .group_id = 25, | ||
| 260 | .nid = NID_secp521r1, | 286 | .nid = NID_secp521r1, |
| 261 | .bits = 256, | 287 | .bits = 256, |
| 262 | }, | 288 | }, |
| 263 | [26] = { | 289 | { |
| 290 | .group_id = 26, | ||
| 264 | .nid = NID_brainpoolP256r1, | 291 | .nid = NID_brainpoolP256r1, |
| 265 | .bits = 128, | 292 | .bits = 128, |
| 266 | }, | 293 | }, |
| 267 | [27] = { | 294 | { |
| 295 | .group_id = 27, | ||
| 268 | .nid = NID_brainpoolP384r1, | 296 | .nid = NID_brainpoolP384r1, |
| 269 | .bits = 192, | 297 | .bits = 192, |
| 270 | }, | 298 | }, |
| 271 | [28] = { | 299 | { |
| 300 | .group_id = 28, | ||
| 272 | .nid = NID_brainpoolP512r1, | 301 | .nid = NID_brainpoolP512r1, |
| 273 | .bits = 256, | 302 | .bits = 256, |
| 274 | }, | 303 | }, |
| 275 | [29] = { | 304 | { |
| 305 | .group_id = 29, | ||
| 276 | .nid = NID_X25519, | 306 | .nid = NID_X25519, |
| 277 | .bits = 128, | 307 | .bits = 128, |
| 278 | }, | 308 | }, |
| @@ -339,18 +369,41 @@ static const uint16_t ecgroups_server_default[] = { | |||
| 339 | 24, /* secp384r1 (24) */ | 369 | 24, /* secp384r1 (24) */ |
| 340 | }; | 370 | }; |
| 341 | 371 | ||
| 372 | static const struct supported_group * | ||
| 373 | tls1_supported_group_by_id(uint16_t group_id) | ||
| 374 | { | ||
| 375 | int i; | ||
| 376 | |||
| 377 | for (i = 0; i < NID_LIST_LEN; i++) { | ||
| 378 | if (group_id == nid_list[i].group_id) | ||
| 379 | return &nid_list[i]; | ||
| 380 | } | ||
| 381 | |||
| 382 | return NULL; | ||
| 383 | } | ||
| 384 | |||
| 385 | static const struct supported_group * | ||
| 386 | tls1_supported_group_by_nid(int nid) | ||
| 387 | { | ||
| 388 | int i; | ||
| 389 | |||
| 390 | for (i = 0; i < NID_LIST_LEN; i++) { | ||
| 391 | if (nid == nid_list[i].nid) | ||
| 392 | return &nid_list[i]; | ||
| 393 | } | ||
| 394 | |||
| 395 | return NULL; | ||
| 396 | } | ||
| 397 | |||
| 342 | int | 398 | int |
| 343 | tls1_ec_group_id2nid(uint16_t group_id, int *out_nid) | 399 | tls1_ec_group_id2nid(uint16_t group_id, int *out_nid) |
| 344 | { | 400 | { |
| 345 | int nid; | 401 | const struct supported_group *sg; |
| 346 | |||
| 347 | if (group_id >= NID_LIST_LEN) | ||
| 348 | return 0; | ||
| 349 | 402 | ||
| 350 | if ((nid = nid_list[group_id].nid) == 0) | 403 | if ((sg = tls1_supported_group_by_id(group_id)) == NULL) |
| 351 | return 0; | 404 | return 0; |
| 352 | 405 | ||
| 353 | *out_nid = nid; | 406 | *out_nid = sg->nid; |
| 354 | 407 | ||
| 355 | return 1; | 408 | return 1; |
| 356 | } | 409 | } |
| @@ -358,15 +411,12 @@ tls1_ec_group_id2nid(uint16_t group_id, int *out_nid) | |||
| 358 | int | 411 | int |
| 359 | tls1_ec_group_id2bits(uint16_t group_id, int *out_bits) | 412 | tls1_ec_group_id2bits(uint16_t group_id, int *out_bits) |
| 360 | { | 413 | { |
| 361 | int bits; | 414 | const struct supported_group *sg; |
| 362 | |||
| 363 | if (group_id >= NID_LIST_LEN) | ||
| 364 | return 0; | ||
| 365 | 415 | ||
| 366 | if ((bits = nid_list[group_id].bits) == 0) | 416 | if ((sg = tls1_supported_group_by_id(group_id)) == NULL) |
| 367 | return 0; | 417 | return 0; |
| 368 | 418 | ||
| 369 | *out_bits = bits; | 419 | *out_bits = sg->bits; |
| 370 | 420 | ||
| 371 | return 1; | 421 | return 1; |
| 372 | } | 422 | } |
| @@ -374,19 +424,14 @@ tls1_ec_group_id2bits(uint16_t group_id, int *out_bits) | |||
| 374 | int | 424 | int |
| 375 | tls1_ec_nid2group_id(int nid, uint16_t *out_group_id) | 425 | tls1_ec_nid2group_id(int nid, uint16_t *out_group_id) |
| 376 | { | 426 | { |
| 377 | uint16_t group_id; | 427 | const struct supported_group *sg; |
| 378 | 428 | ||
| 379 | if (nid == 0) | 429 | if ((sg = tls1_supported_group_by_nid(nid)) == NULL) |
| 380 | return 0; | 430 | return 0; |
| 381 | 431 | ||
| 382 | for (group_id = 0; group_id < NID_LIST_LEN; group_id++) { | 432 | *out_group_id = sg->group_id; |
| 383 | if (nid_list[group_id].nid == nid) { | ||
| 384 | *out_group_id = group_id; | ||
| 385 | return 1; | ||
| 386 | } | ||
| 387 | } | ||
| 388 | 433 | ||
| 389 | return 0; | 434 | return 1; |
| 390 | } | 435 | } |
| 391 | 436 | ||
| 392 | /* | 437 | /* |