root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Modify libssl to discover supported groups based on available providers 

Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported group list based on the loaded
providers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
This commit is contained in:
Matt Caswell 2020-05-18 23:37:18 +01:00
parent 82ec09ec6d
commit 9d2d857f13
10 changed files with 351 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
ssl/s3_lib.c
View File

@ -3650,12 +3650,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
int *cptr = parg;
for (i = 0; i < clistlen; i++) {
const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
const TLS_GROUP_INFO *cinf
= tls1_group_id_lookup(s->ctx, clist[i]);
if (cinf != NULL)
cptr[i] = cinf->nid;
else
if (cinf != NULL) {
cptr[i] = tls1_group_id2nid(cinf->group_id);
if (cptr[i] == NID_undef)
cptr[i] = TLSEXT_nid_unknown | clist[i];
} else {
cptr[i] = TLSEXT_nid_unknown | clist[i];
}
}
}
return (int)clistlen;
@ -4764,25 +4768,19 @@ EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm)
}
/* Generate a private key from a group ID */
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
{
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
uint16_t gtype;
# ifndef OPENSSL_NO_DH
DH *dh = NULL;
# endif
if (ginf == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_INTERNAL_ERROR);
goto err;
}
gtype = ginf->flags & TLS_GROUP_TYPE;
pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->keytype,
pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
s->ctx->propq);
if (pctx == NULL) {
@ -4795,40 +4793,11 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
ERR_R_EVP_LIB);
goto err;
}
# ifndef OPENSSL_NO_DH
if (gtype == TLS_GROUP_FFDHE) {
if ((pkey = EVP_PKEY_new()) == NULL
|| (dh = DH_new_by_nid(ginf->nid)) == NULL
|| !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
DH_free(dh);
EVP_PKEY_free(pkey);
pkey = NULL;
goto err;
}
if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
EVP_PKEY_free(pkey);
pkey = NULL;
goto err;
}
if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
goto err;
}
# ifndef OPENSSL_NO_EC
else
# endif
# endif
# ifndef OPENSSL_NO_EC
{
if (gtype != TLS_GROUP_CURVE_CUSTOM
&& EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
goto err;
}
}
# endif
if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
@ -4840,7 +4809,6 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
EVP_PKEY_CTX_free(pctx);
return pkey;
}
#endif
/*
* Generate parameters from a group ID
@ -4849,43 +4817,23 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
const char *pkey_ctx_name;
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id);
if (ginf == NULL)
goto err;
if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) {
pkey = EVP_PKEY_new();
if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
return pkey;
EVP_PKEY_free(pkey);
return NULL;
}
pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC";
pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name,
pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm,
s->ctx->propq);
if (pctx == NULL)
goto err;
if (EVP_PKEY_paramgen_init(pctx) <= 0)
goto err;
# ifndef OPENSSL_NO_DH
if (ginf->flags & TLS_GROUP_FFDHE) {
if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0)
goto err;
if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
ERR_R_EVP_LIB);
goto err;
}
# ifndef OPENSSL_NO_EC
else
# endif
# endif
# ifndef OPENSSL_NO_EC
{
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
goto err;
}
# endif
if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
EVP_PKEY_free(pkey);
pkey = NULL;

18
ssl/ssl_lib.c
View File

@ -3171,6 +3171,9 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
goto err2;
if (!ssl_load_groups(ret))
goto err2;
if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
goto err;
@ -3326,6 +3329,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx)
void SSL_CTX_free(SSL_CTX *a)
{
int i;
size_t j;
if (a == NULL)
return;
@ -3385,10 +3389,16 @@ void SSL_CTX_free(SSL_CTX *a)
ssl_evp_md_free(a->md5);
ssl_evp_md_free(a->sha1);
for (i = 0; i < SSL_ENC_NUM_IDX; i++)
ssl_evp_cipher_free(a->ssl_cipher_methods[i]);
for (i = 0; i < SSL_MD_NUM_IDX; i++)
ssl_evp_md_free(a->ssl_digest_methods[i]);
for (j = 0; j < SSL_ENC_NUM_IDX; j++)
ssl_evp_cipher_free(a->ssl_cipher_methods[j]);
for (j = 0; j < SSL_MD_NUM_IDX; j++)
ssl_evp_md_free(a->ssl_digest_methods[j]);
for (j = 0; j < a->group_list_len; j++) {
OPENSSL_free(a->group_list[j].tlsname);
OPENSSL_free(a->group_list[j].realname);
OPENSSL_free(a->group_list[j].algorithm);
}
OPENSSL_free(a->group_list);
OPENSSL_free(a->sigalg_lookup_cache);

50
ssl/ssl_local.h
View File

@ -807,6 +807,28 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
size_t max_size);
size_t ssl_hmac_size(const SSL_HMAC *ctx);
typedef struct tls_group_info_st {
char *tlsname; /* Curve Name as in TLS specs */
char *realname; /* Curve Name according to provider */
char *algorithm; /* Algorithm name to fetch */
unsigned int secbits; /* Bits of security (from SP800-57) */
uint16_t group_id; /* Group ID */
int mintls; /* Minimum TLS version, -1 unsupported */
int maxtls; /* Maximum TLS version (or 0 for undefined) */
int mindtls; /* Minimum DTLS version, -1 unsupported */
int maxdtls; /* Maximum DTLS version (or 0 for undefined) */
} TLS_GROUP_INFO;
/* flags values */
# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */
# define TLS_GROUP_CURVE_PRIME 0x00000001U
# define TLS_GROUP_CURVE_CHAR2 0x00000002U
# define TLS_GROUP_CURVE_CUSTOM 0x00000004U
# define TLS_GROUP_FFDHE 0x00000008U
# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U
# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3)
struct ssl_ctx_st {
OPENSSL_CTX *libctx;
@ -1160,6 +1182,10 @@ struct ssl_ctx_st {
/* Cache of all sigalgs we know and whether they are available or not */
struct sigalg_lookup_st *sigalg_lookup_cache;
TLS_GROUP_INFO *group_list;
size_t group_list_len;
size_t group_list_max_len;
};
typedef struct cert_pkey_st CERT_PKEY;
@ -1783,24 +1809,6 @@ typedef struct sigalg_lookup_st {
int enabled;
} SIGALG_LOOKUP;
typedef struct tls_group_info_st {
int nid; /* Curve NID */
const char *keytype;
int secbits; /* Bits of security (from SP800-57) */
uint32_t flags; /* For group type and applicable TLS versions */
uint16_t group_id; /* Group ID */
} TLS_GROUP_INFO;
/* flags values */
# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */
# define TLS_GROUP_CURVE_PRIME 0x00000001U
# define TLS_GROUP_CURVE_CHAR2 0x00000002U
# define TLS_GROUP_CURVE_CUSTOM 0x00000004U
# define TLS_GROUP_FFDHE 0x00000008U
# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U
# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3)
/*
* Structure containing table entry of certificate info corresponding to
* CERT_PKEY entries
@ -2438,6 +2446,7 @@ __owur int ssl_x509err2alert(int type);
void ssl_sort_cipher_list(void);
int ssl_load_ciphers(SSL_CTX *ctx);
__owur int ssl_setup_sig_algs(SSL_CTX *ctx);
int ssl_load_groups(SSL_CTX *ctx);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
size_t len, DOWNGRADE dgrd);
__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
@ -2626,7 +2635,7 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id);
__owur int tls1_group_id2nid(uint16_t group_id);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
@ -2635,7 +2644,8 @@ __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int version);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion,
int maxversion);
__owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id);
# ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,

10
ssl/statem/extensions_clnt.c
View File

@ -117,7 +117,7 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
#endif
#ifndef OPENSSL_NO_EC
static int use_ecc(SSL *s, int max_version)
static int use_ecc(SSL *s, int min_version, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
@ -152,7 +152,7 @@ static int use_ecc(SSL *s, int max_version)
for (j = 0; j < num_groups; j++) {
uint16_t ctmp = pgroups[j];
if (tls_valid_group(s, ctmp, max_version)
if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
return 1;
}
@ -174,7 +174,7 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
return EXT_RETURN_FAIL;
}
if (!use_ecc(s, max_version))
if (!use_ecc(s, min_version, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
@ -214,7 +214,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
if (max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#else
if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#endif
@ -237,7 +237,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
for (i = 0; i < num_groups; i++) {
uint16_t ctmp = pgroups[i];
if (tls_valid_group(s, ctmp, max_version)
if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,

4
ssl/statem/extensions_srvr.c
View File

@ -1424,6 +1424,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
{
const uint16_t *groups;
size_t numgroups, i, first = 1;
int version;
/* s->s3.group_id is non zero if we accepted a key_share */
if (s->s3.group_id == 0)
@ -1438,10 +1439,11 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
}
/* Copy group ID if supported */
version = SSL_version(s);
for (i = 0; i < numgroups; i++) {
uint16_t group = groups[i];
if (tls_valid_group(s, group, SSL_version(s))
if (tls_valid_group(s, group, version, version)
&& tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
if (first) {
/*

349
ssl/t1_lib.c
View File

@ -21,6 +21,7 @@
#include <openssl/x509v3.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/provider.h>
#include "internal/nelem.h"
#include "internal/evp.h"
#include "ssl_local.h"
@ -140,60 +141,54 @@ int tls1_clear(SSL *s)
return 1;
}
/*
* Table of group information.
*/
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
static const TLS_GROUP_INFO nid_list[] = {
# ifndef OPENSSL_NO_EC
{NID_sect163k1, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0001}, /* sect163k1 (1) */
{NID_sect163r1, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0002}, /* sect163r1 (2) */
{NID_sect163r2, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0003}, /* sect163r2 (3) */
{NID_sect193r1, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0004}, /* sect193r1 (4) */
{NID_sect193r2, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0005}, /* sect193r2 (5) */
{NID_sect233k1, "EC", 112, TLS_GROUP_CURVE_CHAR2, 0x0006}, /* sect233k1 (6) */
{NID_sect233r1, "EC", 112, TLS_GROUP_CURVE_CHAR2, 0x0007}, /* sect233r1 (7) */
{NID_sect239k1, "EC", 112, TLS_GROUP_CURVE_CHAR2, 0x0008}, /* sect239k1 (8) */
{NID_sect283k1, "EC", 128, TLS_GROUP_CURVE_CHAR2, 0x0009}, /* sect283k1 (9) */
{NID_sect283r1, "EC", 128, TLS_GROUP_CURVE_CHAR2, 0x000A}, /* sect283r1 (10) */
{NID_sect409k1, "EC", 192, TLS_GROUP_CURVE_CHAR2, 0x000B}, /* sect409k1 (11) */
{NID_sect409r1, "EC", 192, TLS_GROUP_CURVE_CHAR2, 0x000C}, /* sect409r1 (12) */
{NID_sect571k1, "EC", 256, TLS_GROUP_CURVE_CHAR2, 0x000D}, /* sect571k1 (13) */
{NID_sect571r1, "EC", 256, TLS_GROUP_CURVE_CHAR2, 0x000E}, /* sect571r1 (14) */
{NID_secp160k1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x000F}, /* secp160k1 (15) */
{NID_secp160r1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0010}, /* secp160r1 (16) */
{NID_secp160r2, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0011}, /* secp160r2 (17) */
{NID_secp192k1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0012}, /* secp192k1 (18) */
{NID_X9_62_prime192v1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0013}, /* secp192r1 (19) */
{NID_secp224k1, "EC", 112, TLS_GROUP_CURVE_PRIME, 0x0014}, /* secp224k1 (20) */
{NID_secp224r1, "EC", 112, TLS_GROUP_CURVE_PRIME, 0x0015}, /* secp224r1 (21) */
{NID_secp256k1, "EC", 128, TLS_GROUP_CURVE_PRIME, 0x0016}, /* secp256k1 (22) */
{NID_X9_62_prime256v1, "EC", 128, TLS_GROUP_CURVE_PRIME, 0x0017}, /* secp256r1 (23) */
{NID_secp384r1, "EC", 192, TLS_GROUP_CURVE_PRIME, 0x0018}, /* secp384r1 (24) */
{NID_secp521r1, "EC", 256, TLS_GROUP_CURVE_PRIME, 0x0019}, /* secp521r1 (25) */
{NID_brainpoolP256r1, "EC", 128, TLS_GROUP_CURVE_PRIME, 0x001A}, /* brainpoolP256r1 (26) */
{NID_brainpoolP384r1, "EC", 192, TLS_GROUP_CURVE_PRIME, 0x001B}, /* brainpoolP384r1 (27) */
{NID_brainpoolP512r1, "EC", 256, TLS_GROUP_CURVE_PRIME, 0x001C}, /* brainpool512r1 (28) */
{EVP_PKEY_X25519, "X25519", 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */
{EVP_PKEY_X448, "X448", 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_GOST
{NID_id_tc26_gost_3410_2012_256_paramSetA, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0022}, /* GC256A (34) */
{NID_id_tc26_gost_3410_2012_256_paramSetB, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0023}, /* GC256B (35) */
{NID_id_tc26_gost_3410_2012_256_paramSetC, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0024}, /* GC256C (36) */
{NID_id_tc26_gost_3410_2012_256_paramSetD, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0025}, /* GC256D (37) */
{NID_id_tc26_gost_3410_2012_512_paramSetA, "GOST_2012_512", 256, TLS_GROUP_CURVE_PRIME, 0x0026}, /* GC512A (38) */
{NID_id_tc26_gost_3410_2012_512_paramSetB, "GOST_2012_512", 256, TLS_GROUP_CURVE_PRIME, 0x0027}, /* GC512B (39) */
{NID_id_tc26_gost_3410_2012_512_paramSetC, "GOST_2012_512", 256, TLS_GROUP_CURVE_PRIME, 0x0028}, /* GC512C (40) */
# endif /* OPENSSL_NO_GOST */
# ifndef OPENSSL_NO_DH
/* Security bit values for FFDHE groups are updated as per RFC 7919 */
{NID_ffdhe2048, "DH", 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */
{NID_ffdhe3072, "DH", 125, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0101}, /* ffdhe3072 (0x0101) */
{NID_ffdhe4096, "DH", 150, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0102}, /* ffdhe4096 (0x0102) */
{NID_ffdhe6144, "DH", 175, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0103}, /* ffdhe6144 (0x0103) */
{NID_ffdhe8192, "DH", 192, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0104}, /* ffdhe8192 (0x0104) */
# endif /* OPENSSL_NO_DH */
/* Legacy NID to group_id mapping. Only works for groups we know about */
static struct {
int nid;
uint16_t group_id;
} nid_to_group[] = {
{NID_sect163k1, 0x0001},
{NID_sect163r1, 0x0002},
{NID_sect163r2, 0x0003},
{NID_sect193r1, 0x0004},
{NID_sect193r2, 0x0005},
{NID_sect233k1, 0x0006},
{NID_sect233r1, 0x0007},
{NID_sect239k1, 0x0008},
{NID_sect283k1, 0x0009},
{NID_sect283r1, 0x000A},
{NID_sect409k1, 0x000B},
{NID_sect409r1, 0x000C},
{NID_sect571k1, 0x000D},
{NID_sect571r1, 0x000E},
{NID_secp160k1, 0x000F},
{NID_secp160r1, 0x0010},
{NID_secp160r2, 0x0011},
{NID_secp192k1, 0x0012},
{NID_X9_62_prime192v1, 0x0013},
{NID_secp224k1, 0x0014},
{NID_secp224r1, 0x0015},
{NID_secp256k1, 0x0016},
{NID_X9_62_prime256v1, 0x0017},
{NID_secp384r1, 0x0018},
{NID_secp521r1, 0x0019},
{NID_brainpoolP256r1, 0x001A},
{NID_brainpoolP384r1, 0x001B},
{NID_brainpoolP512r1, 0x001C},
{EVP_PKEY_X25519, 0x001D},
{EVP_PKEY_X448, 0x001E},
{NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022},
{NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023},
{NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024},
{NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025},
{NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026},
{NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027},
{NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028},
{NID_ffdhe2048, 0x0100},
{NID_ffdhe3072, 0x0101},
{NID_ffdhe4096, 0x0102},
{NID_ffdhe6144, 0x0103},
{NID_ffdhe8192, 0x0104}
};
#endif
@ -241,36 +236,213 @@ static const uint16_t suiteb_curves[] = {
};
#endif
const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
struct provider_group_data_st {
SSL_CTX *ctx;
OSSL_PROVIDER *provider;
};
#define TLS_GROUP_LIST_MALLOC_BLOCK_SIZE 10
static OSSL_CALLBACK add_provider_groups;
static int add_provider_groups(const OSSL_PARAM params[], void *data)
{
struct provider_group_data_st *pgd = data;
SSL_CTX *ctx = pgd->ctx;
OSSL_PROVIDER *provider = pgd->provider;
const OSSL_PARAM *p;
TLS_GROUP_INFO *ginf = NULL;
EVP_KEYMGMT *keymgmt;
unsigned int gid;
int ret = 0;
if (ctx->group_list_max_len == ctx->group_list_len) {
TLS_GROUP_INFO *tmp = NULL;
if (ctx->group_list_max_len == 0)
tmp = OPENSSL_malloc(sizeof(TLS_GROUP_INFO)
* TLS_GROUP_LIST_MALLOC_BLOCK_SIZE);
else
tmp = OPENSSL_realloc(ctx->group_list,
(ctx->group_list_max_len
+ TLS_GROUP_LIST_MALLOC_BLOCK_SIZE)
* sizeof(TLS_GROUP_INFO));
if (tmp == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
return 0;
}
ctx->group_list = tmp;
memset(tmp + ctx->group_list_max_len,
0,
sizeof(TLS_GROUP_INFO) * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE);
ctx->group_list_max_len += TLS_GROUP_LIST_MALLOC_BLOCK_SIZE;
}
ginf = &ctx->group_list[ctx->group_list_len];
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME);
if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->tlsname = OPENSSL_strdup(p->data);
if (ginf->tlsname == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL);
if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->realname = OPENSSL_strdup(p->data);
if (ginf->realname == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_ID);
if (p == NULL || !OSSL_PARAM_get_uint(p, &gid) || gid > UINT16_MAX) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->group_id = (uint16_t)gid;
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_ALG);
if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
ginf->algorithm = OPENSSL_strdup(p->data);
if (ginf->algorithm == NULL) {
SSLerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS);
if (p == NULL || !OSSL_PARAM_get_uint(p, &ginf->secbits)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mintls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_TLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mindtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS);
if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxdtls)) {
SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
/*
* Now check that the algorithm is actually usable for our property query
* string. Regardless of the result we still return success because we have
* successfully processed this group, even though we may decide not to use
* it.
*/
ret = 1;
keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq);
if (keymgmt != NULL) {
/*
* We have successfully fetched the algorithm - however if the provider
* doesn't match this one then we ignore it.
*
* Note: We're cheating a little here. Technically if the same algorithm
* is available from more than one provider then it is undefined which
* implementation you will get back. Theoretically this could be
* different every time...we assume here that you'll always get the
* same one back if you repeat the exact same fetch. Is this a reasonable
* assumption to make (in which case perhaps we should document this
* behaviour)?
*/
if (EVP_KEYMGMT_provider(keymgmt) == provider) {
/* We have a match - so we will use this group */
ctx->group_list_len++;
ginf = NULL;
}
EVP_KEYMGMT_free(keymgmt);
}
err:
if (ginf != NULL) {
OPENSSL_free(ginf->tlsname);
OPENSSL_free(ginf->realname);
OPENSSL_free(ginf->algorithm);
ginf->tlsname = ginf->realname = NULL;
}
return ret;
}
static int discover_provider_groups(OSSL_PROVIDER *provider, void *vctx)
{
struct provider_group_data_st pgd;
pgd.ctx = vctx;
pgd.provider = provider;
return OSSL_PROVIDER_get_capabilities(provider, "TLS-GROUP",
add_provider_groups, &pgd);
}
int ssl_load_groups(SSL_CTX *ctx)
{
return OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx);
}
const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t group_id)
{
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
size_t i;
/* ECC curves from RFC 4492 and RFC 7027 FFDHE group from RFC 8446 */
for (i = 0; i < OSSL_NELEM(nid_list); i++) {
if (nid_list[i].group_id == group_id)
return &nid_list[i];
for (i = 0; i < ctx->group_list_len; i++) {
if (ctx->group_list[i].group_id == group_id)
return &ctx->group_list[i];
}
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
return NULL;
}
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
int tls1_group_id2nid(uint16_t group_id)
{
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(group_id);
size_t i;
return ginf == NULL ? NID_undef : ginf->nid;
/*
* Return well known Group NIDs - for backwards compatibility. This won't
* work for groups we don't know about.
*/
for (i = 0; i < OSSL_NELEM(nid_to_group); i++)
{
if (nid_to_group[i].group_id == group_id)
return nid_to_group[i].nid;
}
return NID_undef;
}
static uint16_t tls1_nid2group_id(int nid)
{
size_t i;
for (i = 0; i < OSSL_NELEM(nid_list); i++) {
if (nid_list[i].nid == nid)
return nid_list[i].group_id;
/*
* Return well known Group ids - for backwards compatibility. This won't
* work for groups we don't know about.
*/
for (i = 0; i < OSSL_NELEM(nid_to_group); i++)
{
if (nid_to_group[i].nid == nid)
return nid_to_group[i].group_id;
}
return 0;
}
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
@ -318,36 +490,50 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
}
int tls_valid_group(SSL *s, uint16_t group_id, int version)
int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion)
{
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group_id);
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id);
int ret;
if (version < TLS1_3_VERSION) {
if ((ginfo->flags & TLS_GROUP_ONLY_FOR_TLS1_3) != 0)
if (ginfo == NULL)
return 0;
if (SSL_IS_DTLS(s)) {
if (ginfo->mindtls < 0 || ginfo->maxdtls < 0)
return 0;
if (ginfo->maxdtls == 0)
ret = 1;
else
ret = DTLS_VERSION_LE(minversion, ginfo->maxdtls);
if (ginfo->mindtls > 0)
ret &= DTLS_VERSION_GE(maxversion, ginfo->mindtls);
} else {
if (ginfo->mintls < 0 || ginfo->maxtls < 0)
return 0;
if (ginfo->maxtls == 0)
ret = 1;
else
ret = (minversion <= ginfo->maxtls);
if (ginfo->mintls > 0)
ret &= (maxversion >= ginfo->mintls);
}
return 1;
return ret;
}
/* See if group is allowed by security callback */
int tls_group_allowed(SSL *s, uint16_t group, int op)
{
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group);
const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group);
unsigned char gtmp[2];
if (ginfo == NULL)
return 0;
#ifdef OPENSSL_NO_EC2M
if (ginfo->flags & TLS_GROUP_CURVE_CHAR2)
return 0;
#endif
#ifdef OPENSSL_NO_DH
if (ginfo->flags & TLS_GROUP_FFDHE)
return 0;
#endif
gtmp[0] = group >> 8;
gtmp[1] = group & 0xff;
return ssl_security(s, op, ginfo->secbits, ginfo->nid, (void *)gtmp);
return ssl_security(s, op, ginfo->secbits,
tls1_group_id2nid(ginfo->group_id), (void *)gtmp);
}
/* Return 1 if "id" is in "list" */
@ -470,7 +656,8 @@ err:
}
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
# define MAX_GROUPLIST OSSL_NELEM(nid_list)
/* TODO(3.0): An arbitrary amount for now. Take another look at this */
# define MAX_GROUPLIST 40
typedef struct {
size_t nidcnt;

9
test/filterprov.c
View File

@ -66,6 +66,14 @@ static int filter_get_params(void *provctx, OSSL_PARAM params[])
return OSSL_PROVIDER_get_params(globs->deflt, params);
}
static int filter_get_capabilities(void *provctx, const char *capability,
OSSL_CALLBACK *cb, void *arg)
{
struct filter_prov_globals_st *globs = get_globals();
return OSSL_PROVIDER_get_capabilities(globs->deflt, capability, cb, arg);
}
static const OSSL_ALGORITHM *filter_query(void *provctx,
int operation_id,
int *no_cache)
@ -97,6 +105,7 @@ static const OSSL_DISPATCH filter_dispatch_table[] = {
{ OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))filter_gettable_params },
{ OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))filter_get_params },
{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))filter_query },
{ OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))filter_get_capabilities },
{ OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))filter_teardown },
{ 0, NULL }
};

2
test/ssl-tests/20-cert-select.cnf
View File

@ -1715,12 +1715,10 @@ client = 52-TLS 1.3 ECDSA with brainpool-client
[52-TLS 1.3 ECDSA with brainpool-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
CipherString = DEFAULT
Groups = brainpoolP256r1
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
[52-TLS 1.3 ECDSA with brainpool-client]
CipherString = DEFAULT
Groups = brainpoolP256r1
MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

2
test/ssl-tests/20-cert-select.cnf.in
View File

@ -890,11 +890,9 @@ my @tests_tls_1_3_non_fips = (
server => {
"Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
"PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
"Groups" => "brainpoolP256r1",
},
client => {
"RequestCAFile" => test_pem("root-cert.pem"),
"Groups" => "brainpoolP256r1",
"MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3"
},

2
test/sslapitest.c
View File

@ -8039,6 +8039,8 @@ static int test_sigalgs_available(int idx)
cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method());
sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method());
if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
goto end;
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),