Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

4 files changed, 82 insertions, 41 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0739bc9082..34980b0bc6 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -18,6 +18,7 @@
 #include <openssl/rand.h>
 #include <openssl/trace.h>
 #include <openssl/x509v3.h>
+#include <openssl/core_names.h>
 #include "internal/cryptlib.h"
 
 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
@@ -3429,6 +3430,29 @@ static char *srp_password_from_info_cb(SSL *s, void *arg)
 }
 #endif
 
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+static int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+                                   EVP_PKEY *pkey)
+{
+    char name[80];
+    int nid, ret = 0;
+    size_t name_len;
+
+    if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
+                                        name, sizeof(name), &name_len)) {
+        SSLerr(0, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+    nid = OBJ_txt2nid(name);
+    if (nid == NID_undef)
+        goto end;
+    ret = tls1_set_groups(pext, pextlen, &nid, 1);
+end:
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+#endif
+
 static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
 
 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
@@ -3472,33 +3496,28 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
             return ret;
         }
-# endif
+#endif
     case SSL_CTRL_SET_DH_AUTO:
         s->cert->dh_tmp_auto = larg;
         return 1;
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            const EC_GROUP *group = NULL;
-            int nid;
+            EVP_PKEY *pkecdh = NULL;
 
             if (parg == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            group = EC_KEY_get0_group((const EC_KEY *)parg);
-            if (group == NULL) {
-                ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
+            pkecdh = ssl_ecdh_to_pkey(parg);
+            if (pkecdh == NULL) {
+                ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
-            nid = EC_GROUP_get_curve_name(group);
-            if (nid == NID_undef)
-                return 0;
-            return tls1_set_groups(&s->ext.supportedgroups,
-                                   &s->ext.supportedgroups_len,
-                                   &nid, 1);
+            return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
+                                           &s->ext.supportedgroups_len,
+                                           pkecdh);
         }
-        break;
 #endif                          /* !OPENSSL_NO_EC */
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         /*
@@ -3816,27 +3835,23 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     case SSL_CTRL_SET_DH_AUTO:
         ctx->cert->dh_tmp_auto = larg;
         return 1;
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            const EC_GROUP *group = NULL;
-            int nid;
+            EVP_PKEY *pkecdh = NULL;
 
             if (parg == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            group = EC_KEY_get0_group((const EC_KEY *)parg);
-            if (group == NULL) {
-                ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
+            pkecdh = ssl_ecdh_to_pkey(parg);
+            if (pkecdh == NULL) {
+                ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
-            nid = EC_GROUP_get_curve_name(group);
-            if (nid == NID_undef)
-                return 0;
-            return tls1_set_groups(&ctx->ext.supportedgroups,
-                                   &ctx->ext.supportedgroups_len,
-                                   &nid, 1);
+            return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
+                                           &ctx->ext.supportedgroups_len,
+                                           pkecdh);
         }
 #endif                          /* !OPENSSL_NO_EC */
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 22ab387422..1819ccd981 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2468,6 +2468,9 @@ __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
                            unsigned char **ctp, size_t *ctlenp,
                            int gensecret);
 __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+# if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+__owur EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec);
+# endif
 __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
 __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 60c17dd809..799ff357f8 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -818,32 +818,39 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
 /* Check a key is compatible with compression extension */
 static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
 {
-    const EC_KEY *ec;
-    const EC_GROUP *grp;
     unsigned char comp_id;
     size_t i;
+    char name[80];
+    size_t name_len;
+
 
     /* If not an EC key nothing to check */
     if (!EVP_PKEY_is_a(pkey, "EC"))
         return 1;
-    ec = EVP_PKEY_get0_EC_KEY(pkey);
-    grp = EC_KEY_get0_group(ec);
+
+    if (!EVP_PKEY_get_utf8_string_param(pkey,
+                                        OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                                        name, sizeof(name), &name_len))
+        return 0;
 
     /* Get required compression id */
-    if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
-            comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+    if (strcasecmp(name, "uncompressed") == 0) {
+        comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
     } else if (SSL_IS_TLS13(s)) {
-            /*
-             * ec_point_formats extension is not used in TLSv1.3 so we ignore
-             * this check.
-             */
-            return 1;
+        /*
+         * ec_point_formats extension is not used in TLSv1.3 so we ignore
+         * this check.
+         */
+        return 1;
     } else {
-        int field_type = EC_GROUP_get_field_type(grp);
+        if (!EVP_PKEY_get_utf8_string_param(pkey,
+                                            OSSL_PKEY_PARAM_EC_FIELD_TYPE,
+                                            name, sizeof(name), &name_len))
+            return 0;
 
-        if (field_type == NID_X9_62_prime_field)
+        if (strcasecmp(name, SN_X9_62_prime_field) == 0)
             comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-        else if (field_type == NID_X9_62_characteristic_two_field)
+        else if (strcasecmp(name, SN_X9_62_characteristic_two_field) == 0)
             comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
         else
             return 0;
diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c
index 6f2103ad91..68b007b12d 100644
--- a/ssl/tls_depr.c
+++ b/ssl/tls_depr.c
@@ -159,5 +159,21 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh)
     return ret;
 }
 # endif
-#endif
 
+/* Some deprecated public APIs pass EC_KEY objects */
+# ifndef OPENSSL_NO_EC
+EVP_PKEY *ssl_ecdh_to_pkey(EC_KEY *ec)
+{
+    EVP_PKEY *ret;
+
+    if (ec == NULL)
+        return NULL;
+    ret = EVP_PKEY_new();
+    if (EVP_PKEY_set1_EC_KEY(ret, ec) <= 0) {
+        EVP_PKEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+# endif
+#endif