Merge pull request #123 from open-quantum-safe/issue-116-2

Made OQS group ID lookup more robust.
open-quantum-safe · Oct 1, 2019 · ae53cfa · ae53cfa
2 parents 4002082 + 69e8cea
commit ae53cfa
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/crypto/ec/oqs_meth.c b/crypto/ec/oqs_meth.c
@@ -147,7 +147,6 @@ static int get_classical_nid(int hybrid_id)
     case NID_p384_dilithium4:
     case NID_p384_qteslapiii:
       return NID_secp384r1;
-
 ///// OQS_TEMPLATE_FRAGMENT_ASSIGN_CLASSICAL_NIDS_END
     default:
       return 0;

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
@@ -172,13 +172,8 @@ static const TLS_GROUP_INFO nid_list[] = {
     {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */
 };
 
-/* FIXMEOQS: the design of oqs_nid_list and oqs_hybrid_nid_list, below, is
-             very fragile; a missing value will offset the alg selection.
-             TODO: revise when integrating round2 schemes. */
-
-    /* OQS groups. The values are arbitraty, since the TLS spec does not specify values
-       for non finite field and elliptic curve "groups". Security level is classical.
-     */
+/* OQS groups. The values are arbitraty, since the TLS spec does not specify values for non finite field and elliptic curve "groups". Security level is classical.
+ */
 static const TLS_GROUP_INFO oqs_nid_list[] = {
     {NID_OQS_KEM_DEFAULT, 128, TLS_CURVE_CUSTOM}, /* OQS KEM default (0x01FF) */
 ///// OQS_TEMPLATE_FRAGMENT_OQS_NID_LIST_START
@@ -361,12 +356,21 @@ static const uint16_t suiteb_curves[] = {
 
 const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
 {
+    size_t i;
     /* check if it is an OQS group */
     if (IS_OQS_KEM_CURVEID(group_id)) {
-      return &oqs_nid_list[group_id - 0x01FF /* first oqs value */];
+        for (i = 0; i < OSSL_NELEM(oqs_nid_list); i++) {
+            if (oqs_nid_list[i].nid == group_id) {
+                return &oqs_nid_list[i];
+            }
+        }
     }
     if (IS_OQS_KEM_HYBRID_CURVEID(group_id)) {
-      return &oqs_hybrid_nid_list[group_id - 0x02FF /* first oqs hybrid value */ ];
+        for (i = 0; i < OSSL_NELEM(oqs_nid_list); i++) {
+            if (oqs_hybrid_nid_list[i].nid == group_id) {
+                return &oqs_hybrid_nid_list[i];
+            }
+        }
     }
 
     /* ECC curves from RFC 4492 and RFC 7027 */