Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
author: Tomas Mraz <tomas@openssl.org> 2021-01-20 14:01:01 +0100
committer: Tomas Mraz <tomas@openssl.org> 2021-01-26 15:26:49 +0100
commit: 0c8e98e615d3522592a5bde6fcef43e42eb70deb (patch)
tree: d4cde4d46f67f9d2baf6a5d9c7bf8982699d856f /ssl
parent: f377e58fde1a7e6b29067c48df7d3c04fdaeba38 (diff)
3 files changed, 17 insertions, 53 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 34980b0bc6..966d799d6b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3430,29 +3430,6 @@ static char *srp_password_from_info_cb(SSL *s, void *arg)
 }
 #endif
 
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
-                                   EVP_PKEY *pkey)
-{
-    char name[80];
-    int nid, ret = 0;
-    size_t name_len;
-
-    if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
-                                        name, sizeof(name), &name_len)) {
-        SSLerr(0, EC_R_MISSING_PARAMETERS);
-        return 0;
-    }
-    nid = OBJ_txt2nid(name);
-    if (nid == NID_undef)
-        goto end;
-    ret = tls1_set_groups(pext, pextlen, &nid, 1);
-end:
-    EVP_PKEY_free(pkey);
-    return ret;
-}
-#endif
-
 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
 
 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3503,22 +3480,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            EVP_PKEY *pkecdh = NULL;
-
             if (parg == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            pkecdh = ssl_ecdh_to_pkey(parg);
-            if (pkecdh == NULL) {
-                ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
             return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
                                            &s->ext.supportedgroups_len,
-                                           pkecdh);
+                                           parg);
         }
-#endif                          /* !OPENSSL_NO_EC */
+#endif
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         /*
          * TODO(OpenSSL1.2)
@@ -3838,22 +3808,15 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            EVP_PKEY *pkecdh = NULL;
-
             if (parg == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            pkecdh = ssl_ecdh_to_pkey(parg);
-            if (pkecdh == NULL) {
-                ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
             return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
                                            &ctx->ext.supportedgroups_len,
-                                           pkecdh);
+                                           parg);
         }
-#endif                          /* !OPENSSL_NO_EC */
+#endif
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
         ctx->ext.servername_arg = parg;
         break;
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 1819ccd981..810461bc51 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2468,9 +2468,8 @@ __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
                            unsigned char **ctp, size_t *ctlenp,
                            int gensecret);
 __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
-# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-__owur EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec);
-# endif
+__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+                                   void *key);
 __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
 __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
 
diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c
index 68b007b12d..4ac7fcb916 100644
--- a/ssl/tls_depr.c
+++ b/ssl/tls_depr.c
@@ -162,18 +162,20 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh)
 
 /* Some deprecated public APIs pass EC_KEY objects */
 # ifndef OPENSSL_NO_EC
-EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec)
+int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+                            void *key)
 {
-    EVP_PKEY *ret;
+    const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
+    int nid;
 
-    if (ec == NULL)
-        return NULL;
-    ret = EVP_PKEY_new();
-    if (EVP_PKEY_set1_EC_KEY(ret, ec) <= 0) {
-        EVP_PKEY_free(ret);
-        return NULL;
+    if (group == NULL) {
+        ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
+        return 0;
     }
-    return ret;
+    nid = EC_GROUP_get_curve_name(group);
+    if (nid == NID_undef)
+        return 0;
+    return tls1_set_groups(pext, pextlen, &nid, 1);
 }
 # endif
 #endif
author	Tomas Mraz <tomas@openssl.org>	2021-01-20 14:01:01 +0100
committer	Tomas Mraz <tomas@openssl.org>	2021-01-26 15:26:49 +0100
commit	0c8e98e615d3522592a5bde6fcef43e42eb70deb (patch)
tree	d4cde4d46f67f9d2baf6a5d9c7bf8982699d856f /ssl
parent	f377e58fde1a7e6b29067c48df7d3c04fdaeba38 (diff)