tls: fix getEphemeralKeyInfo to support X25519
`EVP_PKEY_EC` only covers ANSI X9.62 curves not IETF ones(curve25519 and curve448). This fixes to add support of X25519 in `tlsSocket.getEphemeralKeyInfo()`. X448 should be added in the future upgrade to OpenSSL-1.1.1. PR-URL: https://github.com/nodejs/node/pull/20273 Fixes: https://github.com/nodejs/node/issues/20262 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This commit is contained in:
parent
bdf0d9b364
commit
c51b7b296e
@ -2098,7 +2098,8 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
|
|||||||
EVP_PKEY* key;
|
EVP_PKEY* key;
|
||||||
|
|
||||||
if (SSL_get_server_tmp_key(w->ssl_, &key)) {
|
if (SSL_get_server_tmp_key(w->ssl_, &key)) {
|
||||||
switch (EVP_PKEY_id(key)) {
|
int kid = EVP_PKEY_id(key);
|
||||||
|
switch (kid) {
|
||||||
case EVP_PKEY_DH:
|
case EVP_PKEY_DH:
|
||||||
info->Set(context, env->type_string(),
|
info->Set(context, env->type_string(),
|
||||||
FIXED_ONE_BYTE_STRING(env->isolate(), "DH")).FromJust();
|
FIXED_ONE_BYTE_STRING(env->isolate(), "DH")).FromJust();
|
||||||
@ -2106,19 +2107,29 @@ void SSLWrap<Base>::GetEphemeralKeyInfo(
|
|||||||
Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust();
|
Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust();
|
||||||
break;
|
break;
|
||||||
case EVP_PKEY_EC:
|
case EVP_PKEY_EC:
|
||||||
|
// TODO(shigeki) Change this to EVP_PKEY_X25519 and add EVP_PKEY_X448
|
||||||
|
// after upgrading to 1.1.1.
|
||||||
|
case NID_X25519:
|
||||||
{
|
{
|
||||||
EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key);
|
const char* curve_name;
|
||||||
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
|
if (kid == EVP_PKEY_EC) {
|
||||||
EC_KEY_free(ec);
|
EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key);
|
||||||
|
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
|
||||||
|
curve_name = OBJ_nid2sn(nid);
|
||||||
|
EC_KEY_free(ec);
|
||||||
|
} else {
|
||||||
|
curve_name = OBJ_nid2sn(kid);
|
||||||
|
}
|
||||||
info->Set(context, env->type_string(),
|
info->Set(context, env->type_string(),
|
||||||
FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")).FromJust();
|
FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")).FromJust();
|
||||||
info->Set(context, env->name_string(),
|
info->Set(context, env->name_string(),
|
||||||
OneByteString(args.GetIsolate(),
|
OneByteString(args.GetIsolate(),
|
||||||
OBJ_nid2sn(nid))).FromJust();
|
curve_name)).FromJust();
|
||||||
info->Set(context, env->size_string(),
|
info->Set(context, env->size_string(),
|
||||||
Integer::New(env->isolate(),
|
Integer::New(env->isolate(),
|
||||||
EVP_PKEY_bits(key))).FromJust();
|
EVP_PKEY_bits(key))).FromJust();
|
||||||
}
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
EVP_PKEY_free(key);
|
EVP_PKEY_free(key);
|
||||||
}
|
}
|
||||||
|
@ -44,6 +44,8 @@
|
|||||||
#endif // !OPENSSL_NO_ENGINE
|
#endif // !OPENSSL_NO_ENGINE
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
// TODO(shigeki) Remove this after upgrading to 1.1.1
|
||||||
|
#include <openssl/obj_mac.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
|
@ -82,7 +82,12 @@ function testECDHE256() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function testECDHE512() {
|
function testECDHE512() {
|
||||||
test(521, 'ECDH', 'secp521r1', null);
|
test(521, 'ECDH', 'secp521r1', testX25519);
|
||||||
|
ntests++;
|
||||||
|
}
|
||||||
|
|
||||||
|
function testX25519() {
|
||||||
|
test(253, 'ECDH', 'X25519', null);
|
||||||
ntests++;
|
ntests++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,5 +95,5 @@ testNOT_PFS();
|
|||||||
|
|
||||||
process.on('exit', function() {
|
process.on('exit', function() {
|
||||||
assert.strictEqual(ntests, nsuccess);
|
assert.strictEqual(ntests, nsuccess);
|
||||||
assert.strictEqual(ntests, 5);
|
assert.strictEqual(ntests, 6);
|
||||||
});
|
});
|
||||||
|
Loading…
x
Reference in New Issue
Block a user