Don't allocate a group/curve ID for CECPQ1.
We ended up switching this from a curve to a cipher suite, so the group
ID isn't used. This is in preparation for adding an API for the curve
ID, at which point leaving the protocol constants undefined seems
somewhat bad manners.
Change-Id: Icb8bf4594879dbbc24177551868ecfe89bc2f8c3
Reviewed-on: https://boringssl-review.googlesource.com/8563
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 3d70f73..b4123dd 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1274,9 +1274,7 @@
assert(sizeof(ssl->s3->tmp.peer_key_len) == 2 && peer_key_len <= 0xffff);
ssl->s3->tmp.peer_key_len = (uint16_t)peer_key_len;
} else if (alg_k & SSL_kCECPQ1) {
- if (!SSL_ECDH_CTX_init(&ssl->s3->tmp.ecdh_ctx, SSL_GROUP_CECPQ1)) {
- goto err;
- }
+ SSL_ECDH_CTX_init_for_cecpq1(&ssl->s3->tmp.ecdh_ctx);
CBS key;
if (!CBS_get_u16_length_prefixed(&server_key_exchange, &key)) {
al = SSL_AD_DECODE_ERROR;
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 133278e..e0e1cd7 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -1223,8 +1223,8 @@
goto err;
}
} else if (alg_k & SSL_kCECPQ1) {
- if (!SSL_ECDH_CTX_init(&ssl->s3->tmp.ecdh_ctx, SSL_GROUP_CECPQ1) ||
- !CBB_add_u16_length_prefixed(&cbb, &child) ||
+ SSL_ECDH_CTX_init_for_cecpq1(&ssl->s3->tmp.ecdh_ctx);
+ if (!CBB_add_u16_length_prefixed(&cbb, &child) ||
!SSL_ECDH_CTX_offer(&ssl->s3->tmp.ecdh_ctx, &child)) {
goto err;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index c98172b..41543eb 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -549,7 +549,6 @@
#define SSL_GROUP_SECP384R1 24
#define SSL_GROUP_SECP521R1 25
#define SSL_GROUP_X25519 29
-#define SSL_GROUP_CECPQ1 65165
/* An SSL_ECDH_METHOD is an implementation of ECDH-like key exchanges for
* TLS. */
@@ -608,6 +607,9 @@
* where the server specifies a group. It takes ownership of |params|. */
void SSL_ECDH_CTX_init_for_dhe(SSL_ECDH_CTX *ctx, DH *params);
+/* SSL_ECDH_CTX_init_for_cecpq1 sets up |ctx| for use with CECPQ1. */
+void SSL_ECDH_CTX_init_for_cecpq1(SSL_ECDH_CTX *ctx);
+
/* SSL_ECDH_CTX_cleanup releases memory associated with |ctx|. It is legal to
* call it in the zero state. */
void SSL_ECDH_CTX_cleanup(SSL_ECDH_CTX *ctx);
diff --git a/ssl/ssl_ecdh.c b/ssl/ssl_ecdh.c
index 1236cd3..4d7b63f 100644
--- a/ssl/ssl_ecdh.c
+++ b/ssl/ssl_ecdh.c
@@ -448,6 +448,16 @@
CBB_add_u16_length_prefixed,
};
+static const SSL_ECDH_METHOD kCECPQ1Method = {
+ NID_undef, 0, "",
+ ssl_cecpq1_cleanup,
+ ssl_cecpq1_offer,
+ ssl_cecpq1_accept,
+ ssl_cecpq1_finish,
+ CBS_get_u16_length_prefixed,
+ CBB_add_u16_length_prefixed,
+};
+
static const SSL_ECDH_METHOD kMethods[] = {
{
NID_X9_62_prime256v1,
@@ -493,17 +503,6 @@
CBS_get_u8_length_prefixed,
CBB_add_u8_length_prefixed,
},
- {
- NID_cecpq1,
- SSL_GROUP_CECPQ1,
- "CECPQ1",
- ssl_cecpq1_cleanup,
- ssl_cecpq1_offer,
- ssl_cecpq1_accept,
- ssl_cecpq1_finish,
- CBS_get_u16_length_prefixed,
- CBB_add_u16_length_prefixed,
- },
};
static const SSL_ECDH_METHOD *method_from_group_id(uint16_t group_id) {
@@ -562,6 +561,12 @@
ctx->data = params;
}
+void SSL_ECDH_CTX_init_for_cecpq1(SSL_ECDH_CTX *ctx) {
+ SSL_ECDH_CTX_cleanup(ctx);
+
+ ctx->method = &kCECPQ1Method;
+}
+
int SSL_ECDH_CTX_get_key(SSL_ECDH_CTX *ctx, CBS *cbs, CBS *out) {
if (ctx->method == NULL) {
return 0;
