Fix #7391

src/ssl.c

@@ -412,50 +412,6 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local)
 
 #include <wolfssl/wolfcrypt/hpke.h>
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
-const WOLF_EC_NIST_NAME kNistCurves[] = {
- {XSTR_SIZEOF("P-192"), "P-192", NID_X9_62_prime192v1},
- {XSTR_SIZEOF("P-256"), "P-256", NID_X9_62_prime256v1},
- {XSTR_SIZEOF("P-112"), "P-112", NID_secp112r1},
- {XSTR_SIZEOF("P-112-2"), "P-112-2", NID_secp112r2},
- {XSTR_SIZEOF("P-128"), "P-128", NID_secp128r1},
- {XSTR_SIZEOF("P-128-2"), "P-128-2", NID_secp128r2},
- {XSTR_SIZEOF("P-160"), "P-160", NID_secp160r1},
- {XSTR_SIZEOF("P-160-2"), "P-160-2", NID_secp160r2},
- {XSTR_SIZEOF("P-224"), "P-224", NID_secp224r1},
- {XSTR_SIZEOF("P-384"), "P-384", NID_secp384r1},
- {XSTR_SIZEOF("P-521"), "P-521", NID_secp521r1},
- {XSTR_SIZEOF("K-160"), "K-160", NID_secp160k1},
- {XSTR_SIZEOF("K-192"), "K-192", NID_secp192k1},
- {XSTR_SIZEOF("K-224"), "K-224", NID_secp224k1},
- {XSTR_SIZEOF("K-256"), "K-256", NID_secp256k1},
- {XSTR_SIZEOF("B-160"), "B-160", NID_brainpoolP160r1},
- {XSTR_SIZEOF("B-192"), "B-192", NID_brainpoolP192r1},
- {XSTR_SIZEOF("B-224"), "B-224", NID_brainpoolP224r1},
- {XSTR_SIZEOF("B-256"), "B-256", NID_brainpoolP256r1},
- {XSTR_SIZEOF("B-320"), "B-320", NID_brainpoolP320r1},
- {XSTR_SIZEOF("B-384"), "B-384", NID_brainpoolP384r1},
- {XSTR_SIZEOF("B-512"), "B-512", NID_brainpoolP512r1},
-#ifdef HAVE_PQC
- {XSTR_SIZEOF("KYBER_LEVEL1"), "KYBER_LEVEL1", WOLFSSL_KYBER_LEVEL1},
- {XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3},
- {XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5},
-#ifdef HAVE_LIBOQS
- {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1",
- WOLFSSL_P256_KYBER_LEVEL1},
- {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3",
- WOLFSSL_P384_KYBER_LEVEL3},
- {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5",
- WOLFSSL_P521_KYBER_LEVEL5},
-#endif
-#endif
-#ifdef WOLFSSL_SM2
- {XSTR_SIZEOF("SM2"), "SM2", NID_sm2},
-#endif
- {0, NULL, 0},
-};
-#endif
-
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH)
 /* create the hpke key and ech config to send to clients */
 int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName,
@@ -17599,80 +17555,22 @@ int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl, int* nid)
 #ifdef HAVE_ECC
 
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
-static int populate_groups(int* groups, int max_count, const char *list)
-{
- const char *end;
- int count = 0;
- const WOLF_EC_NIST_NAME* nist_name;
-
- if (!groups || !list) {
- return -1;
- }
-
- for (end = list; ; list = ++end) {
- int len;
-
- if (count > max_count) {
- WOLFSSL_MSG("Too many curves in list");
- return -1;
- }
- while (*end != ':' && *end != '\0') end++;
- len = (int)(end - list); /* end points to char after end
- * of curve name so no need for -1 */
- if ((len < kNistCurves_MIN_NAME_LEN) ||
- (len > kNistCurves_MAX_NAME_LEN)) {
- WOLFSSL_MSG("Unrecognized curve name in list");
- return -1;
- }
- for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
- if (len == nist_name->name_len &&
- XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
- break;
- }
- }
- if (!nist_name->name) {
- WOLFSSL_MSG("Unrecognized curve name in list");
- return -1;
- }
- groups[count++] = nist_name->nid;
- if (*end == '\0') break;
- }
-
- return count;
-}
-
 int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list)
 {
- int groups[WOLFSSL_MAX_GROUP_COUNT];
- int count = 0;
-
  if (!ctx || !list) {
  return WOLFSSL_FAILURE;
  }
 
- if ((count = populate_groups(groups,
- WOLFSSL_MAX_GROUP_COUNT, list)) == -1) {
- return WOLFSSL_FAILURE;
- }
-
- return wolfSSL_CTX_set1_groups(ctx, groups, count);
+ return set_curves_list(NULL, ctx, list, 0);
 }
 
 int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list)
 {
- int groups[WOLFSSL_MAX_GROUP_COUNT];
- int count = 0;
-
  if (!ssl || !list) {
  return WOLFSSL_FAILURE;
  }
 
- if ((count = populate_groups(groups,
- WOLFSSL_MAX_GROUP_COUNT, list)) == -1) {
- return WOLFSSL_FAILURE;
- }
-
- return wolfSSL_set1_groups(ssl, groups, count);
+ return set_curves_list(ssl, NULL, list, 0);
 }
 #endif /* WOLFSSL_TLS13 */
 
@@ -21388,7 +21286,55 @@ int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id)
 
 #if (defined(HAVE_ECC) || \
  defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))
-static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
+#define CURVE_NAME(c) XSTR_SIZEOF((c)), (c)
+
+const WOLF_EC_NIST_NAME kNistCurves[] = {
+ {CURVE_NAME("P-160"), NID_secp160r1, WOLFSSL_ECC_SECP160R1},
+ {CURVE_NAME("P-160-2"), NID_secp160r2, WOLFSSL_ECC_SECP160R2},
+ {CURVE_NAME("P-192"), NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1},
+ {CURVE_NAME("P-224"), NID_secp224r1, WOLFSSL_ECC_SECP224R1},
+ {CURVE_NAME("P-256"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+ {CURVE_NAME("P-384"), NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+ {CURVE_NAME("P-521"), NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+ {CURVE_NAME("K-160"), NID_secp160k1, WOLFSSL_ECC_SECP160K1},
+ {CURVE_NAME("K-192"), NID_secp192k1, WOLFSSL_ECC_SECP192K1},
+ {CURVE_NAME("K-224"), NID_secp224k1, WOLFSSL_ECC_SECP224R1},
+ {CURVE_NAME("K-256"), NID_secp256k1, WOLFSSL_ECC_SECP256K1},
+ {CURVE_NAME("B-256"), NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1},
+ {CURVE_NAME("B-384"), NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1},
+ {CURVE_NAME("B-512"), NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1},
+#ifdef HAVE_CURVE25519
+ {CURVE_NAME("X25519"), NID_X25519, WOLFSSL_ECC_X25519},
+#endif
+#ifdef HAVE_CURVE448
+ {CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448},
+#endif
+#ifdef HAVE_PQC
+ {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1},
+ {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1},
+ {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1},
+#ifdef HAVE_LIBOQS
+ {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1},
+ {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1},
+ {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1},
+#endif
+#endif
+#ifdef WOLFSSL_SM2
+ {CURVE_NAME("SM2"), NID_sm2, WOLFSSL_ECC_SM2P256V1},
+#endif
+ /* Alternative curve names */
+ {CURVE_NAME("prime256v1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+ {CURVE_NAME("secp256r1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1},
+ {CURVE_NAME("secp384r1"), NID_secp384r1, WOLFSSL_ECC_SECP384R1},
+ {CURVE_NAME("secp521r1"), NID_secp521r1, WOLFSSL_ECC_SECP521R1},
+#ifdef WOLFSSL_SM2
+ {CURVE_NAME("sm2p256v1"), NID_sm2, WOLFSSL_ECC_SM2P256V1},
+#endif
+ {0, NULL, 0, 0},
+};
+
+int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names,
+ byte curves_only)
 {
  int idx, start = 0, len, i, ret = WOLFSSL_FAILURE;
  word16 curve;
@@ -21401,6 +21347,7 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
 #else
  int groups[WOLFSSL_MAX_GROUP_COUNT];
 #endif
+ const WOLF_EC_NIST_NAME* nist_name;
 
 #ifdef WOLFSSL_SMALL_STACK
  groups = (int*)XMALLOC(sizeof(int)*WOLFSSL_MAX_GROUP_COUNT,
@@ -21420,45 +21367,18 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
  goto leave;
 
  XMEMCPY(name, names + start, len);
- name[len++] = 0;
+ name[len] = 0;
+ curve = WOLFSSL_NAMED_GROUP_INVALID;
 
- /* Use XSTRNCMP to avoid valgrind error. */
- if ((XSTRNCMP(name, "prime256v1", len) == 0) ||
- (XSTRNCMP(name, "secp256r1", len) == 0) ||
- (XSTRNCMP(name, "P-256", len) == 0))
- {
- curve = WOLFSSL_ECC_SECP256R1;
- }
- else if ((XSTRNCMP(name, "secp384r1", len) == 0) ||
- (XSTRNCMP(name, "P-384", len) == 0))
- {
- curve = WOLFSSL_ECC_SECP384R1;
- }
- else if ((XSTRNCMP(name, "secp521r1", len) == 0) ||
- (XSTRNCMP(name, "P-521", len) == 0))
- {
- curve = WOLFSSL_ECC_SECP521R1;
- }
- #ifdef WOLFSSL_SM2
- else if ((XSTRNCMP(name, "sm2p256v1", len) == 0) ||
- (XSTRNCMP(name, "SM2", len) == 0))
- {
- curve = WOLFSSL_ECC_SM2P256V1;
- }
- #endif
- #ifdef HAVE_CURVE25519
- else if (XSTRNCMP(name, "X25519", len) == 0)
- {
- curve = WOLFSSL_ECC_X25519;
- }
- #endif
- #ifdef HAVE_CURVE448
- else if (XSTRNCMP(name, "X448", len) == 0)
- {
- curve = WOLFSSL_ECC_X448;
+ for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
+ if (len == nist_name->name_len &&
+ XSTRNCMP(name, nist_name->name, len) == 0) {
+ curve = nist_name->curve;
+ break;
+ }
  }
- #endif
- else {
+
+ if (curve == WOLFSSL_NAMED_GROUP_INVALID) {
  #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(HAVE_ECC)
  int nret;
  const ecc_set_type *eccSet;
@@ -21482,7 +21402,8 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
  #endif
  }
 
- if (curve >= WOLFSSL_ECC_MAX_AVAIL) {
+ if ((curves_only && curve >= WOLFSSL_ECC_MAX_AVAIL) ||
+ curve == WOLFSSL_NAMED_GROUP_INVALID) {
  WOLFSSL_MSG("curve value is not supported");
  goto leave;
  }
@@ -21564,7 +21485,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
  WOLFSSL_MSG("ctx or names was NULL");
  return WOLFSSL_FAILURE;
  }
- return set_curves_list(NULL, ctx, names);
+ return set_curves_list(NULL, ctx, names, 1);
 }
 
 int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names)
@@ -21574,7 +21495,7 @@ int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names)
  WOLFSSL_MSG("ssl or names was NULL");
  return WOLFSSL_FAILURE;
  }
- return set_curves_list(ssl, NULL, names);
+ return set_curves_list(ssl, NULL, names, 1);
 }
 #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */
 #endif /* OPENSSL_EXTRA || HAVE_CURL */

tests/api.c

@@ -55214,15 +55214,21 @@ static int test_tls13_apis(void)
 #endif
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  char groupList[] =
+#ifdef HAVE_CURVE25519
+ "X25519:"
+#endif
+#ifdef HAVE_CURVE448
+ "X448:"
+#endif
 #ifndef NO_ECC_SECP
 #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
- "P-521:"
+ "P-521:secp521r1:"
 #endif
 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
- "P-384:"
+ "P-384:secp384r1:"
 #endif
 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- "P-256"
+ "P-256:secp256r1"
 #if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
  ":P256_KYBER_LEVEL1"
 #endif

wolfssl/internal.h

@@ -1768,7 +1768,7 @@ enum Misc {
  ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */
 #endif
  MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */
- MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
+ MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */
 
  NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
  ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
@@ -6117,16 +6117,11 @@ typedef struct {
  int name_len;
  const char *name;
  int nid;
+ word16 curve;
 } WOLF_EC_NIST_NAME;
 extern const WOLF_EC_NIST_NAME kNistCurves[];
-/* This is the longest and shortest curve name in the kNistCurves list. Note we
- * also have quantum-safe group names as well. */
-#define kNistCurves_MIN_NAME_LEN 5
-#ifdef HAVE_PQC
-#define kNistCurves_MAX_NAME_LEN 32
-#else
-#define kNistCurves_MAX_NAME_LEN 7
-#endif
+WOLFSSL_LOCAL int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx,
+ const char* names, byte curves_only);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 /* internal functions */

wolfssl/openssl/ec.h

@@ -74,9 +74,15 @@ enum {
 #ifdef HAVE_ED448
  NID_ED448 = ED448k,
 #endif
+#ifdef HAVE_CURVE448
+ NID_X448 = X448k,
+#endif
 #ifdef HAVE_ED25519
  NID_ED25519 = ED25519k,
 #endif
+#ifdef HAVE_CURVE25519
+ NID_X25519 = X25519k,
+#endif
 
  OPENSSL_EC_EXPLICIT_CURVE = 0x000,
  OPENSSL_EC_NAMED_CURVE = 0x001,