diff options
| author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-04-25 12:10:26 +0900 |
|---|---|---|
| committer | Ruben Bridgewater <ruben@bridgewater.de> | 2018-04-28 17:17:53 +0200 |
| commit | c51b7b296e0fd59a00b1c1337d744f4fc8d2fb35 (patch) | |
| tree | 049f77c2e66353ebbb249694c8cecc5cee331f7f | |
| parent | bdf0d9b364094805183be3197b6099dd0c88a246 (diff) | |
| download | android-node-v8-c51b7b296e0fd59a00b1c1337d744f4fc8d2fb35.tar.gz android-node-v8-c51b7b296e0fd59a00b1c1337d744f4fc8d2fb35.tar.bz2 android-node-v8-c51b7b296e0fd59a00b1c1337d744f4fc8d2fb35.zip | |
tls: fix getEphemeralKeyInfo to support X25519
`EVP_PKEY_EC` only covers ANSI X9.62 curves not IETF ones(curve25519
and curve448). This fixes to add support of X25519 in
`tlsSocket.getEphemeralKeyInfo()`.
X448 should be added in the future upgrade to OpenSSL-1.1.1.
PR-URL: https://github.com/nodejs/node/pull/20273
Fixes: https://github.com/nodejs/node/issues/20262
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
| -rw-r--r-- | src/node_crypto.cc | 21 | ||||
| -rw-r--r-- | src/node_crypto.h | 2 | ||||
| -rw-r--r-- | test/parallel/test-tls-client-getephemeralkeyinfo.js | 9 |
3 files changed, 25 insertions, 7 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 42f4d4035d..01b6b5c8ea 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2098,7 +2098,8 @@ void SSLWrap<Base>::GetEphemeralKeyInfo( EVP_PKEY* key; if (SSL_get_server_tmp_key(w->ssl_, &key)) { - switch (EVP_PKEY_id(key)) { + int kid = EVP_PKEY_id(key); + switch (kid) { case EVP_PKEY_DH: info->Set(context, env->type_string(), FIXED_ONE_BYTE_STRING(env->isolate(), "DH")).FromJust(); @@ -2106,19 +2107,29 @@ void SSLWrap<Base>::GetEphemeralKeyInfo( Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust(); break; case EVP_PKEY_EC: + // TODO(shigeki) Change this to EVP_PKEY_X25519 and add EVP_PKEY_X448 + // after upgrading to 1.1.1. + case NID_X25519: { - EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); - int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - EC_KEY_free(ec); + const char* curve_name; + if (kid == EVP_PKEY_EC) { + EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + curve_name = OBJ_nid2sn(nid); + EC_KEY_free(ec); + } else { + curve_name = OBJ_nid2sn(kid); + } info->Set(context, env->type_string(), FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")).FromJust(); info->Set(context, env->name_string(), OneByteString(args.GetIsolate(), - OBJ_nid2sn(nid))).FromJust(); + curve_name)).FromJust(); info->Set(context, env->size_string(), Integer::New(env->isolate(), EVP_PKEY_bits(key))).FromJust(); } + break; } EVP_PKEY_free(key); } diff --git a/src/node_crypto.h b/src/node_crypto.h index a8fe8b0d4a..3963f7050f 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -44,6 +44,8 @@ #endif // !OPENSSL_NO_ENGINE #include <openssl/err.h> #include <openssl/evp.h> +// TODO(shigeki) Remove this after upgrading to 1.1.1 +#include <openssl/obj_mac.h> #include <openssl/pem.h> #include <openssl/x509.h> #include <openssl/x509v3.h> diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js b/test/parallel/test-tls-client-getephemeralkeyinfo.js index be6777b1ae..9432a277ac 100644 --- a/test/parallel/test-tls-client-getephemeralkeyinfo.js +++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js @@ -82,7 +82,12 @@ function testECDHE256() { } function testECDHE512() { - test(521, 'ECDH', 'secp521r1', null); + test(521, 'ECDH', 'secp521r1', testX25519); + ntests++; +} + +function testX25519() { + test(253, 'ECDH', 'X25519', null); ntests++; } @@ -90,5 +95,5 @@ testNOT_PFS(); process.on('exit', function() { assert.strictEqual(ntests, nsuccess); - assert.strictEqual(ntests, 5); + assert.strictEqual(ntests, 6); }); |