diff options
| author | Matt Caswell <matt@openssl.org> | 2019-06-13 11:06:12 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-06-17 10:57:19 +0100 |
| commit | dbc6268f68e50b2e49d7c5b1157b4f6bcea5d6f9 (patch) | |
| tree | 67a9fa2beac320e8d437c04225cbc377a0145f2d /ssl/statem | |
| parent | 8013a933dacc80096e2bfca06c00f9ec29adb35b (diff) | |
Allow TLSv1.3 in a no-ec build
Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happen.
It also fixes no-ec which was previously broken.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions.c | 11 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 48 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 6 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 4 | ||||
| -rw-r--r-- | ssl/statem/statem_locl.h | 5 |
5 files changed, 49 insertions, 25 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 2e51aab4af..9023e47599 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -46,9 +46,7 @@ static int init_etm(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context); static int final_ems(SSL *s, unsigned int context, int sent); static int init_psk_kex_modes(SSL *s, unsigned int context); -#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent); -#endif #ifndef OPENSSL_NO_SRTP static int init_srtp(SSL *s, unsigned int context); #endif @@ -162,6 +160,10 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, +#else + INVALID_EXTENSION, +#endif +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) { /* * "supported_groups" is spread across several specifications. @@ -197,7 +199,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { }, #else INVALID_EXTENSION, - INVALID_EXTENSION, #endif { TLSEXT_TYPE_session_ticket, @@ -322,7 +323,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, tls_construct_ctos_psk_kex_modes, NULL }, -#ifndef OPENSSL_NO_EC { /* * Must be in this list after supported_groups. We need that to have @@ -336,7 +336,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, -#endif { /* Must be after key_share */ TLSEXT_TYPE_cookie, @@ -1266,7 +1265,6 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent) return 1; } -#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent) { if (!SSL_IS_TLS13(s)) @@ -1429,7 +1427,6 @@ static int final_key_share(SSL *s, unsigned int context, int sent) return 1; } -#endif static int init_psk_kex_modes(SSL *s, unsigned int context) { diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index a29b7c021a..b12361f36a 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -113,11 +113,13 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, #endif #ifndef OPENSSL_NO_EC -static int use_ecc(SSL *s) +static int use_ecc(SSL *s, int max_version) { int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -137,9 +139,21 @@ static int use_ecc(SSL *s) break; } } - sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_valid_group(s, ctmp, max_version) + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, @@ -148,8 +162,15 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, { const unsigned char *pformats; size_t num_formats; + int reason, min_version, max_version; - if (!use_ecc(s)) + reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); + if (reason != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason); + return EXT_RETURN_FAIL; + } + if (!use_ecc(s, max_version)) return EXT_RETURN_NOT_SENT; /* Add TLS extension ECPointFormats to the ClientHello message */ @@ -167,7 +188,9 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } +#endif +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -176,9 +199,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, size_t num_groups = 0, i; int min_version, max_version, reason; - if (!use_ecc(s)) - return EXT_RETURN_NOT_SENT; - reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); if (reason != 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -186,6 +206,14 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } +#if defined(OPENSSL_NO_EC) + if (max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; +#else + if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; +#endif + /* * Add TLS extension supported_groups to the ClientHello message */ @@ -206,7 +234,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, uint16_t ctmp = pgroups[i]; if (tls_valid_group(s, ctmp, max_version) - && tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, @@ -683,7 +711,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, } else { for (i = 0; i < num_groups; i++) { - if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) + if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; curve_id = pgroups[i]; @@ -1843,7 +1871,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, break; } if (i >= num_groups - || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); return 0; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 37f5819346..6181f3f268 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -946,7 +946,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1400,7 +1400,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, } #endif -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1425,7 +1425,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, uint16_t group = groups[i]; if (tls_valid_group(s, group, SSL_version(s)) - && tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { if (first) { /* * Check if the client is already using our preferred group. If diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e6d2478dcb..292f99c88f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2137,7 +2137,6 @@ int ssl_set_client_hello_version(SSL *s) * used. Returns 1 if the group is in the list (and allowed if |checkallow| is * 1) or 0 otherwise. */ -#ifndef OPENSSL_NO_EC int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, size_t num_groups, int checkallow) { @@ -2151,14 +2150,13 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, if (group_id == group && (!checkallow - || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { + || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { return 1; } } return 0; } -#endif /* Replace ClientHello1 in the transcript hash with a synthetic message */ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 8f27deb9c5..f4242fa2a4 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -199,9 +199,9 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_EC int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); +#endif int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidxl); -#endif int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, @@ -314,10 +314,11 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X5 EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); +#endif EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#endif + EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); |