Ensure default supported groups works even with no-ec and no-dh

The default supported groups code was disabled in the event of a build
with no-ec and no-dh. However now that providers can add there own
groups (which might not fit into either of these categories), this is
no longer appropriate.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)

6 files changed, 33 insertions, 26 deletions

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a87da32c62..daba82ebfe 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3396,6 +3396,7 @@ void SSL_CTX_free(SSL_CTX *a)
     OPENSSL_free(a->ext.ecpointformats);
 #endif
     OPENSSL_free(a->ext.supportedgroups);
+    OPENSSL_free(a->ext.supported_groups_default);
     OPENSSL_free(a->ext.alpn);
     OPENSSL_secure_free(a->ext.secure);
 
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index fa1130e59d..4138f4eaa3 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1060,6 +1060,8 @@ struct ssl_ctx_st {
         size_t supportedgroups_len;
         uint16_t *supportedgroups;
 
+        uint16_t *supported_groups_default;
+        size_t supported_groups_default_len;
         /*
          * ALPN information (we are in the process of transitioning from NPN to
          * ALPN.)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 1a3435a949..6bd7a69364 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -163,7 +163,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
 #else
     INVALID_EXTENSION,
 #endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
     {
         /*
          * "supported_groups" is spread across several specifications.
@@ -197,9 +196,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         tls_construct_stoc_supported_groups,
         tls_construct_ctos_supported_groups, NULL
     },
-#else
-    INVALID_EXTENSION,
-#endif
     {
         TLSEXT_TYPE_session_ticket,
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 14dd7cfc76..89e1422bbd 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -184,7 +184,6 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
 }
 #endif
 
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
 EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
                                                unsigned int context, X509 *x,
                                                size_t chainidx)
@@ -239,7 +238,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
 
     return EXT_RETURN_SENT;
 }
-#endif
 
 EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
                                              unsigned int context, X509 *x,
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 2a6d89558b..99cd515386 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -893,7 +893,6 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
     return 1;
 }
 
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
 int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
                                     X509 *x, size_t chainidx)
 {
@@ -921,7 +920,6 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
 
     return 1;
 }
-#endif
 
 int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx)
@@ -1333,7 +1331,6 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
 }
 #endif
 
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
 EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
                                                unsigned int context, X509 *x,
                                                size_t chainidx)
@@ -1393,7 +1390,6 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
 
     return EXT_RETURN_SENT;
 }
-#endif
 
 EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
                                              unsigned int context, X509 *x,
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1438244d32..24bfa96382 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -194,16 +194,12 @@ static const unsigned char ecformats_default[] = {
 #endif /* !defined(OPENSSL_NO_EC) */
 
 /* The default curves */
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
 static const uint16_t supported_groups_default[] = {
-# ifndef OPENSSL_NO_EC
     29,                      /* X25519 (29) */
     23,                      /* secp256r1 (23) */
     30,                      /* X448 (30) */
     25,                      /* secp521r1 (25) */
     24,                      /* secp384r1 (24) */
-# endif
-# ifndef OPENSSL_NO_GOST
     34,                      /* GC256A (34) */
     35,                      /* GC256B (35) */
     36,                      /* GC256C (36) */
@@ -211,16 +207,12 @@ static const uint16_t supported_groups_default[] = {
     38,                      /* GC512A (38) */
     39,                      /* GC512B (39) */
     40,                      /* GC512C (40) */
-# endif
-# ifndef OPENSSL_NO_DH
     0x100,                   /* ffdhe2048 (0x100) */
     0x101,                   /* ffdhe3072 (0x101) */
     0x102,                   /* ffdhe4096 (0x102) */
     0x103,                   /* ffdhe6144 (0x103) */
     0x104,                   /* ffdhe8192 (0x104) */
-# endif
 };
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
 
 #ifndef OPENSSL_NO_EC
 static const uint16_t suiteb_curves[] = {
@@ -398,7 +390,34 @@ static int discover_provider_groups(OSSL_PROVIDER *provider, void *vctx)
 
 int ssl_load_groups(SSL_CTX *ctx)
 {
-    return OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx);
+    size_t i, j, num_deflt_grps = 0;
+    uint16_t tmp_supp_groups[sizeof(supported_groups_default)];
+
+    if (!OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx))
+        return 0;
+
+    for (i = 0; i < sizeof(supported_groups_default); i++) {
+        for (j = 0; j < ctx->group_list_len; j++) {
+            if (ctx->group_list[j].group_id == supported_groups_default[i])
+                tmp_supp_groups[num_deflt_grps++] = ctx->group_list[j].group_id;
+        }
+    }
+
+    if (num_deflt_grps == 0)
+        return 1;
+
+    ctx->ext.supported_groups_default
+        = OPENSSL_malloc(sizeof(uint16_t) * num_deflt_grps);
+
+    if (ctx->ext.supported_groups_default == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memcpy(ctx->ext.supported_groups_default, tmp_supp_groups, num_deflt_grps);
+    ctx->ext.supported_groups_default_len = num_deflt_grps;
+
+    return 1;
 }
 
 static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name)
@@ -484,7 +503,6 @@ uint16_t tls1_nid2group_id(int nid)
 void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
                                size_t *pgroupslen)
 {
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
     /* For Suite B mode only include P-256, P-384 */
     switch (tls1_suiteb(s)) {
 # ifndef OPENSSL_NO_EC
@@ -506,18 +524,14 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
 
     default:
         if (s->ext.supportedgroups == NULL) {
-            *pgroups = supported_groups_default;
-            *pgroupslen = OSSL_NELEM(supported_groups_default);
+            *pgroups = s->ctx->ext.supported_groups_default;
+            *pgroupslen = s->ctx->ext.supported_groups_default_len;
         } else {
             *pgroups = s->ext.supportedgroups;
             *pgroupslen = s->ext.supportedgroups_len;
         }
         break;
     }
-#else
-    *pgroups = NULL;
-    *pgroupslen = 0;
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
 }
 
 int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion)