[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Feb 16 14:04:34 UTC 2016
The branch master has been updated
via 2235b7f2dd9604e8a658a9068d03275cd1c1df66 (commit)
via 2fa2d15ac87645959be4cf736d2169fa5be12c9e (commit)
via 2dc1aeed3b56b29be3a177411c698d06052a1603 (commit)
from b0c93ee7477ce17d784bcfc71790c4051ae01778 (commit)
- Log -----------------------------------------------------------------
commit 2235b7f2dd9604e8a658a9068d03275cd1c1df66
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Feb 13 15:26:15 2016 +0000
Simplify tls1_set_ec_id.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 2fa2d15ac87645959be4cf736d2169fa5be12c9e
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Feb 13 15:28:25 2016 +0000
Use nid_list table to lookup curve IDs.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 2dc1aeed3b56b29be3a177411c698d06052a1603
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Feb 13 15:27:43 2016 +0000
Add explanation and warning to TLS id table.
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_lib.c | 107 +++++++++++++----------------------------------------------
1 file changed, 23 insertions(+), 84 deletions(-)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 522f0e6..dbb1e85 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -221,9 +221,16 @@ typedef struct {
unsigned int flags; /* Flags: currently just field type */
} tls_curve_info;
+# define TLS_CURVE_TYPE 0x1
# define TLS_CURVE_CHAR2 0x1
# define TLS_CURVE_PRIME 0x0
+/*
+ * Table of curve information.
+ * NB: do not delete entries or reorder this array. It is used as a lookup
+ * table: the index of each entry is one less than the TLS curve id.
+ */
+
static const tls_curve_info nid_list[] = {
{NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
{NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
@@ -335,67 +342,12 @@ int tls1_ec_curve_id2nid(int curve_id)
int tls1_ec_nid2curve_id(int nid)
{
- /* ECC curves from RFC 4492 and RFC 7027 */
- switch (nid) {
- case NID_sect163k1: /* sect163k1 (1) */
- return 1;
- case NID_sect163r1: /* sect163r1 (2) */
- return 2;
- case NID_sect163r2: /* sect163r2 (3) */
- return 3;
- case NID_sect193r1: /* sect193r1 (4) */
- return 4;
- case NID_sect193r2: /* sect193r2 (5) */
- return 5;
- case NID_sect233k1: /* sect233k1 (6) */
- return 6;
- case NID_sect233r1: /* sect233r1 (7) */
- return 7;
- case NID_sect239k1: /* sect239k1 (8) */
- return 8;
- case NID_sect283k1: /* sect283k1 (9) */
- return 9;
- case NID_sect283r1: /* sect283r1 (10) */
- return 10;
- case NID_sect409k1: /* sect409k1 (11) */
- return 11;
- case NID_sect409r1: /* sect409r1 (12) */
- return 12;
- case NID_sect571k1: /* sect571k1 (13) */
- return 13;
- case NID_sect571r1: /* sect571r1 (14) */
- return 14;
- case NID_secp160k1: /* secp160k1 (15) */
- return 15;
- case NID_secp160r1: /* secp160r1 (16) */
- return 16;
- case NID_secp160r2: /* secp160r2 (17) */
- return 17;
- case NID_secp192k1: /* secp192k1 (18) */
- return 18;
- case NID_X9_62_prime192v1: /* secp192r1 (19) */
- return 19;
- case NID_secp224k1: /* secp224k1 (20) */
- return 20;
- case NID_secp224r1: /* secp224r1 (21) */
- return 21;
- case NID_secp256k1: /* secp256k1 (22) */
- return 22;
- case NID_X9_62_prime256v1: /* secp256r1 (23) */
- return 23;
- case NID_secp384r1: /* secp384r1 (24) */
- return 24;
- case NID_secp521r1: /* secp521r1 (25) */
- return 25;
- case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
- return 26;
- case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
- return 27;
- case NID_brainpoolP512r1: /* brainpool512r1 (28) */
- return 28;
- default:
- return 0;
+ size_t i;
+ for (i = 0; i < OSSL_NELEM(nid_list); i++) {
+ if (nid_list[i].nid == nid)
+ return i + 1;
}
+ return 0;
}
/*
@@ -666,46 +618,33 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
EC_KEY *ec)
{
- int is_prime, id;
+ int id;
const EC_GROUP *grp;
- const EC_METHOD *meth;
if (!ec)
return 0;
/* Determine if it is a prime field */
grp = EC_KEY_get0_group(ec);
if (!grp)
return 0;
- meth = EC_GROUP_method_of(grp);
- if (!meth)
- return 0;
- if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
- is_prime = 1;
- else
- is_prime = 0;
/* Determine curve ID */
id = EC_GROUP_get_curve_name(grp);
id = tls1_ec_nid2curve_id(id);
- /* If we have an ID set it, otherwise set arbitrary explicit curve */
- if (id) {
- curve_id[0] = 0;
- curve_id[1] = (unsigned char)id;
- } else {
- curve_id[0] = 0xff;
- if (is_prime)
- curve_id[1] = 0x01;
- else
- curve_id[1] = 0x02;
- }
+ /* If no id return error: we don't support arbitrary explicit curves */
+ if (id == 0)
+ return 0;
+ curve_id[0] = 0;
+ curve_id[1] = (unsigned char)id;
if (comp_id) {
if (EC_KEY_get0_public_key(ec) == NULL)
return 0;
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
- if (is_prime)
+ if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+ *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ } else {
+ if ((nid_list[id - 1].flags & TLS_CURVE_TYPE) == TLS_CURVE_PRIME)
*comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
else
*comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- } else
- *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ }
}
return 1;
}
More information about the openssl-commits
mailing list