From e1a22fe807746821be4523e8c84fddfb79e8b1a0 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 17 Aug 2022 18:51:47 +0000 Subject: [PATCH] Implement the SSL_CTRL_GET_SHARED_GROUP control This implements SSL_get_shared_{curve,group}() in a bug-compatible fashion with OpenSSL. This is your average OpenSSL-style overloaded parameter API where n >= 0 means "return the n-th shared group's NID" (as if anyone possibly ever cared about the case n > 0) and n == -1 means "return the number of shared groups". There is also an undocumented case n == -2 for Suite B profile support which falls back to n == 0 in case Suite B profile support is disabled, so n == -2 is the same as n == 0 in LibreSSL. The API also returns 0 for error, which is indistinguishable from a count of 0 shared groups but coincides with NID_undef. Contrary to claims in the documentation, the API doesn't actually return -1 for clients, rather it returns 0. Obviously this entire exercise is pretty useless, but since somebody exposed it because they could and someone else used it because they could we need to provide it. ok jsing --- lib/libssl/s3_lib.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 27267443576..e93298c2dbf 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.236 2022/08/17 07:39:19 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1655,6 +1655,39 @@ ssl3_clear(SSL *s) s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); } +long +_SSL_get_shared_group(SSL *s, long n) +{ + size_t count; + int nid; + + /* OpenSSL document that they return -1 for clients. They return 0. */ + if (!s->server) + return 0; + + if (n == -1) { + if (!tls1_count_shared_groups(s, &count)) + return 0; + + if (count > LONG_MAX) + count = LONG_MAX; + + return count; + } + + /* Undocumented special case added for Suite B profile support. */ + if (n == -2) + n = 0; + + if (n < 0) + return 0; + + if (!tls1_get_shared_group_by_index(s, n, &nid)) + return NID_undef; + + return nid; +} + long _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key) { @@ -2075,6 +2108,9 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_GROUPS_LIST: return SSL_set1_groups_list(s, parg); + case SSL_CTRL_GET_SHARED_GROUP: + return _SSL_get_shared_group(s, larg); + /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */ case SSL_CTRL_GET_SERVER_TMP_KEY: if (s->server != 0) -- 2.20.1