diff options
author | Matt Caswell <matt@openssl.org> | 2019-06-13 11:06:12 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-17 10:57:19 +0100 |
commit | dbc6268f68e50b2e49d7c5b1157b4f6bcea5d6f9 (patch) | |
tree | 67a9fa2beac320e8d437c04225cbc377a0145f2d /ssl/statem/extensions_clnt.c | |
parent | 8013a933dacc80096e2bfca06c00f9ec29adb35b (diff) |
Allow TLSv1.3 in a no-ec build
Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happen.
It also fixes no-ec which was previously broken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 48 |
1 files changed, 38 insertions, 10 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index a29b7c021a..b12361f36a 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -113,11 +113,13 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, #endif #ifndef OPENSSL_NO_EC -static int use_ecc(SSL *s) +static int use_ecc(SSL *s, int max_version) { int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -137,9 +139,21 @@ static int use_ecc(SSL *s) break; } } - sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_valid_group(s, ctmp, max_version) + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, @@ -148,8 +162,15 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, { const unsigned char *pformats; size_t num_formats; + int reason, min_version, max_version; - if (!use_ecc(s)) + reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); + if (reason != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason); + return EXT_RETURN_FAIL; + } + if (!use_ecc(s, max_version)) return EXT_RETURN_NOT_SENT; /* Add TLS extension ECPointFormats to the ClientHello message */ @@ -167,7 +188,9 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } +#endif +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -176,9 +199,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, size_t num_groups = 0, i; int min_version, max_version, reason; - if (!use_ecc(s)) - return EXT_RETURN_NOT_SENT; - reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); if (reason != 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -186,6 +206,14 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } +#if defined(OPENSSL_NO_EC) + if (max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; +#else + if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; +#endif + /* * Add TLS extension supported_groups to the ClientHello message */ @@ -206,7 +234,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, uint16_t ctmp = pgroups[i]; if (tls_valid_group(s, ctmp, max_version) - && tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, @@ -683,7 +711,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, } else { for (i = 0; i < num_groups; i++) { - if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) + if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; curve_id = pgroups[i]; @@ -1843,7 +1871,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, break; } if (i >= num_groups - || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); return 0; |