From dbc6268f68e50b2e49d7c5b1157b4f6bcea5d6f9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 13 Jun 2019 11:06:12 +0100 Subject: Allow TLSv1.3 in a no-ec build Now that we have TLSv1.3 FFDHE support there is no reason why we should not allow TLSv1.3 to be used in a no-ec build. This commit enables that to happen. It also fixes no-ec which was previously broken. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9156) --- ssl/s3_lib.c | 6 +- ssl/ssl_lib.c | 3 +- ssl/ssl_locl.h | 14 ++-- ssl/statem/extensions.c | 11 +-- ssl/statem/extensions_clnt.c | 48 +++++++++--- ssl/statem/extensions_srvr.c | 6 +- ssl/statem/statem_lib.c | 4 +- ssl/statem/statem_locl.h | 5 +- ssl/t1_lib.c | 178 +++++++++++++++++++++++-------------------- 9 files changed, 157 insertions(+), 118 deletions(-) (limited to 'ssl') diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 358142e935..2e041d5887 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3578,7 +3578,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } return ssl_cert_set_current(s->cert, larg); -#ifndef OPENSSL_NO_EC case SSL_CTRL_GET_GROUPS: { uint16_t *clist; @@ -3623,7 +3622,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } return id; } -#endif + case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -3899,7 +3898,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; #endif -#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_GROUPS: return tls1_set_groups(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, @@ -3909,7 +3907,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_groups_list(&ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg); -#endif + case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cf79ac50af..4e4477d2e1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -780,6 +780,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->ext.ecpointformats_len = ctx->ext.ecpointformats_len; } +#endif if (ctx->ext.supportedgroups) { s->ext.supportedgroups = OPENSSL_memdup(ctx->ext.supportedgroups, @@ -789,7 +790,7 @@ SSL *SSL_new(SSL_CTX *ctx) goto err; s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } -#endif + #ifndef OPENSSL_NO_NEXTPROTONEG s->ext.npn = NULL; #endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0e661d00d7..e521152da3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -959,9 +959,10 @@ struct ssl_ctx_st { /* EC extension values inherited by SSL structure */ size_t ecpointformats_len; unsigned char *ecpointformats; +# endif /* OPENSSL_NO_EC */ + size_t supportedgroups_len; uint16_t *supportedgroups; -# endif /* OPENSSL_NO_EC */ /* * ALPN information (we are in the process of transitioning from NPN to @@ -2525,8 +2526,6 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); -# ifndef OPENSSL_NO_EC - __owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); __owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); @@ -2534,15 +2533,16 @@ __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *curves, size_t ncurves); __owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str); -void tls1_get_formatlist(SSL *s, const unsigned char **pformats, - size_t *num_formats); -__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); __owur int tls_valid_group(SSL *s, uint16_t group_id, int version); __owur EVP_PKEY *ssl_generate_param_group(uint16_t id); +# ifndef OPENSSL_NO_EC +void tls1_get_formatlist(SSL *s, const unsigned char **pformats, + size_t *num_formats); +__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); # endif /* OPENSSL_NO_EC */ -__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op); +__owur int tls_group_allowed(SSL *s, uint16_t curve, int op); void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, size_t *pgroupslen); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 2e51aab4af..9023e47599 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -46,9 +46,7 @@ static int init_etm(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context); static int final_ems(SSL *s, unsigned int context, int sent); static int init_psk_kex_modes(SSL *s, unsigned int context); -#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent); -#endif #ifndef OPENSSL_NO_SRTP static int init_srtp(SSL *s, unsigned int context); #endif @@ -162,6 +160,10 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, +#else + INVALID_EXTENSION, +#endif +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) { /* * "supported_groups" is spread across several specifications. @@ -197,7 +199,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { }, #else INVALID_EXTENSION, - INVALID_EXTENSION, #endif { TLSEXT_TYPE_session_ticket, @@ -322,7 +323,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL, tls_construct_ctos_psk_kex_modes, NULL }, -#ifndef OPENSSL_NO_EC { /* * Must be in this list after supported_groups. We need that to have @@ -336,7 +336,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, -#endif { /* Must be after key_share */ TLSEXT_TYPE_cookie, @@ -1266,7 +1265,6 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent) return 1; } -#ifndef OPENSSL_NO_EC static int final_key_share(SSL *s, unsigned int context, int sent) { if (!SSL_IS_TLS13(s)) @@ -1429,7 +1427,6 @@ static int final_key_share(SSL *s, unsigned int context, int sent) return 1; } -#endif static int init_psk_kex_modes(SSL *s, unsigned int context) { diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index a29b7c021a..b12361f36a 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -113,11 +113,13 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, #endif #ifndef OPENSSL_NO_EC -static int use_ecc(SSL *s) +static int use_ecc(SSL *s, int max_version) { int i, end, ret = 0; unsigned long alg_k, alg_a; STACK_OF(SSL_CIPHER) *cipher_stack = NULL; + const uint16_t *pgroups = NULL; + size_t num_groups, j; /* See if we support any ECC ciphersuites */ if (s->version == SSL3_VERSION) @@ -137,9 +139,21 @@ static int use_ecc(SSL *s) break; } } - sk_SSL_CIPHER_free(cipher_stack); - return ret; + if (!ret) + return 0; + + /* Check we have at least one EC supported group */ + tls1_get_supported_groups(s, &pgroups, &num_groups); + for (j = 0; j < num_groups; j++) { + uint16_t ctmp = pgroups[j]; + + if (tls_valid_group(s, ctmp, max_version) + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) + return 1; + } + + return 0; } EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, @@ -148,8 +162,15 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, { const unsigned char *pformats; size_t num_formats; + int reason, min_version, max_version; - if (!use_ecc(s)) + reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); + if (reason != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason); + return EXT_RETURN_FAIL; + } + if (!use_ecc(s, max_version)) return EXT_RETURN_NOT_SENT; /* Add TLS extension ECPointFormats to the ClientHello message */ @@ -167,7 +188,9 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, return EXT_RETURN_SENT; } +#endif +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -176,9 +199,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, size_t num_groups = 0, i; int min_version, max_version, reason; - if (!use_ecc(s)) - return EXT_RETURN_NOT_SENT; - reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); if (reason != 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -186,6 +206,14 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } +#if defined(OPENSSL_NO_EC) + if (max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; +#else + if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION) + return EXT_RETURN_NOT_SENT; +#endif + /* * Add TLS extension supported_groups to the ClientHello message */ @@ -206,7 +234,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, uint16_t ctmp = pgroups[i]; if (tls_valid_group(s, ctmp, max_version) - && tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, @@ -683,7 +711,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, } else { for (i = 0; i < num_groups; i++) { - if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) + if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; curve_id = pgroups[i]; @@ -1843,7 +1871,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, break; } if (i >= num_groups - || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE); return 0; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 37f5819346..6181f3f268 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -946,7 +946,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1400,7 +1400,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, } #endif -#ifndef OPENSSL_NO_EC +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -1425,7 +1425,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, uint16_t group = groups[i]; if (tls_valid_group(s, group, SSL_version(s)) - && tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { + && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { if (first) { /* * Check if the client is already using our preferred group. If diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index e6d2478dcb..292f99c88f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2137,7 +2137,6 @@ int ssl_set_client_hello_version(SSL *s) * used. Returns 1 if the group is in the list (and allowed if |checkallow| is * 1) or 0 otherwise. */ -#ifndef OPENSSL_NO_EC int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, size_t num_groups, int checkallow) { @@ -2151,14 +2150,13 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, if (group_id == group && (!checkallow - || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { + || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { return 1; } } return 0; } -#endif /* Replace ClientHello1 in the transcript hash with a synthetic message */ int create_synthetic_message_hash(SSL *s, const unsigned char *hashval, diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h index 8f27deb9c5..f4242fa2a4 100644 --- a/ssl/statem/statem_locl.h +++ b/ssl/statem/statem_locl.h @@ -199,9 +199,9 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, #ifndef OPENSSL_NO_EC int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); +#endif int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidxl); -#endif int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, @@ -314,10 +314,11 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X5 EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); +#endif EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#endif + EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 52e6d5426a..373f1c58d6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -128,12 +128,11 @@ int tls1_clear(SSL *s) return 1; } -#ifndef OPENSSL_NO_EC - /* - * Table of curve information. + * Table of group information. */ static const TLS_GROUP_INFO nid_list[] = { +#ifndef OPENSSL_NO_EC {NID_sect163k1, 80, TLS_GROUP_CURVE_CHAR2, 0x0001}, /* sect163k1 (1) */ {NID_sect163r1, 80, TLS_GROUP_CURVE_CHAR2, 0x0002}, /* sect163r1 (2) */ {NID_sect163r2, 80, TLS_GROUP_CURVE_CHAR2, 0x0003}, /* sect163r2 (3) */ @@ -164,38 +163,49 @@ static const TLS_GROUP_INFO nid_list[] = { {NID_brainpoolP512r1, 256, TLS_GROUP_CURVE_PRIME, 0x001C}, /* brainpool512r1 (28) */ {EVP_PKEY_X25519, 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */ {EVP_PKEY_X448, 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */ +#endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_DH /* Security bit values for FFDHE groups are updated as per RFC 7919 */ {NID_ffdhe2048, 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */ {NID_ffdhe3072, 125, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0101}, /* ffdhe3072 (0x0101) */ {NID_ffdhe4096, 150, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0102}, /* ffdhe4096 (0x0102) */ {NID_ffdhe6144, 175, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0103}, /* ffdhe6144 (0x0103) */ {NID_ffdhe8192, 192, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0104}, /* ffdhe8192 (0x0104) */ +#endif /* OPENSSL_NO_DH */ }; +#ifndef OPENSSL_NO_EC static const unsigned char ecformats_default[] = { TLSEXT_ECPOINTFORMAT_uncompressed, TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime, TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; +#endif /* The default curves */ static const uint16_t supported_groups_default[] = { +#ifndef OPENSSL_NO_EC 29, /* X25519 (29) */ 23, /* secp256r1 (23) */ 30, /* X448 (30) */ 25, /* secp521r1 (25) */ 24, /* secp384r1 (24) */ +#endif +#ifndef OPENSSL_NO_DH 0x100, /* ffdhe2048 (0x100) */ 0x101, /* ffdhe3072 (0x101) */ 0x102, /* ffdhe4096 (0x102) */ 0x103, /* ffdhe6144 (0x103) */ 0x104, /* ffdhe8192 (0x104) */ +#endif }; +#ifndef OPENSSL_NO_EC static const uint16_t suiteb_curves[] = { TLSEXT_curve_P_256, TLSEXT_curve_P_384 }; +#endif const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id) { @@ -230,6 +240,7 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { +#ifndef OPENSSL_NO_EC case SSL_CERT_FLAG_SUITEB_128_LOS: *pgroups = suiteb_curves; *pgroupslen = OSSL_NELEM(suiteb_curves); @@ -244,6 +255,7 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, *pgroups = suiteb_curves + 1; *pgroupslen = 1; break; +#endif default: if (s->ext.supportedgroups == NULL) { @@ -268,25 +280,25 @@ int tls_valid_group(SSL *s, uint16_t group_id, int version) return 1; } -/* See if curve is allowed by security callback */ -int tls_curve_allowed(SSL *s, uint16_t curve, int op) +/* See if group is allowed by security callback */ +int tls_group_allowed(SSL *s, uint16_t group, int op) { - const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve); - unsigned char ctmp[2]; + const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group); + unsigned char gtmp[2]; - if (cinfo == NULL) + if (ginfo == NULL) return 0; -# ifdef OPENSSL_NO_EC2M - if (cinfo->flags & TLS_GROUP_CURVE_CHAR2) +#ifdef OPENSSL_NO_EC2M + if (ginfo->flags & TLS_GROUP_CURVE_CHAR2) return 0; -# endif -# ifdef OPENSSL_NO_DH - if (cinfo->flags & TLS_GROUP_FFDHE) +#endif +#ifdef OPENSSL_NO_DH + if (ginfo->flags & TLS_GROUP_FFDHE) return 0; -# endif - ctmp[0] = curve >> 8; - ctmp[1] = curve & 0xff; - return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp); +#endif + gtmp[0] = group >> 8; + gtmp[1] = group & 0xff; + return ssl_security(s, op, ginfo->secbits, ginfo->nid, (void *)gtmp); } /* Return 1 if "id" is in "list" */ @@ -349,7 +361,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) uint16_t id = pref[i]; if (!tls1_in_list(id, supp, num_supp) - || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED)) + || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) continue; if (nmatch == k) return id; @@ -404,28 +416,30 @@ err: return 0; } -# define MAX_CURVELIST OSSL_NELEM(nid_list) +#define MAX_GROUPLIST OSSL_NELEM(nid_list) typedef struct { size_t nidcnt; - int nid_arr[MAX_CURVELIST]; + int nid_arr[MAX_GROUPLIST]; } nid_cb_st; static int nid_cb(const char *elem, int len, void *arg) { nid_cb_st *narg = arg; size_t i; - int nid; + int nid = NID_undef; char etmp[20]; if (elem == NULL) return 0; - if (narg->nidcnt == MAX_CURVELIST) + if (narg->nidcnt == MAX_GROUPLIST) return 0; if (len > (int)(sizeof(etmp) - 1)) return 0; memcpy(etmp, elem, len); etmp[len] = 0; +#ifndef OPENSSL_NO_EC nid = EC_curve_nist2nid(etmp); +#endif if (nid == NID_undef) nid = OBJ_sn2nid(etmp); if (nid == NID_undef) @@ -450,64 +464,6 @@ int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str) return 1; return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt); } -/* Return group id of a key */ -static uint16_t tls1_get_group_id(EVP_PKEY *pkey) -{ - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - const EC_GROUP *grp; - - if (ec == NULL) - return 0; - grp = EC_KEY_get0_group(ec); - return tls1_nid2group_id(EC_GROUP_get_curve_name(grp)); -} - -/* Check a key is compatible with compression extension */ -static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) -{ - const EC_KEY *ec; - const EC_GROUP *grp; - unsigned char comp_id; - size_t i; - - /* If not an EC key nothing to check */ - if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) - return 1; - ec = EVP_PKEY_get0_EC_KEY(pkey); - grp = EC_KEY_get0_group(ec); - - /* Get required compression id */ - if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { - comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; - } else if (SSL_IS_TLS13(s)) { - /* - * ec_point_formats extension is not used in TLSv1.3 so we ignore - * this check. - */ - return 1; - } else { - int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); - - if (field_type == NID_X9_62_prime_field) - comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; - else if (field_type == NID_X9_62_characteristic_two_field) - comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; - else - return 0; - } - /* - * If point formats extension present check it, otherwise everything is - * supported (see RFC4492). - */ - if (s->session->ext.ecpointformats == NULL) - return 1; - - for (i = 0; i < s->session->ext.ecpointformats_len; i++) { - if (s->session->ext.ecpointformats[i] == comp_id) - return 1; - } - return 0; -} /* Check a group id matches preferences */ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) @@ -541,7 +497,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) return 0; } - if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK)) + if (!tls_group_allowed(s, group_id, SSL_SECOP_CURVE_CHECK)) return 0; /* For clients, nothing more to check */ @@ -562,6 +518,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) return tls1_in_list(group_id, groups, groups_len); } +#ifndef OPENSSL_NO_EC void tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *num_formats) { @@ -581,6 +538,65 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats, } } +/* Check a key is compatible with compression extension */ +static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) +{ + const EC_KEY *ec; + const EC_GROUP *grp; + unsigned char comp_id; + size_t i; + + /* If not an EC key nothing to check */ + if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) + return 1; + ec = EVP_PKEY_get0_EC_KEY(pkey); + grp = EC_KEY_get0_group(ec); + + /* Get required compression id */ + if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { + comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; + } else if (SSL_IS_TLS13(s)) { + /* + * ec_point_formats extension is not used in TLSv1.3 so we ignore + * this check. + */ + return 1; + } else { + int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); + + if (field_type == NID_X9_62_prime_field) + comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; + else if (field_type == NID_X9_62_characteristic_two_field) + comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; + else + return 0; + } + /* + * If point formats extension present check it, otherwise everything is + * supported (see RFC4492). + */ + if (s->session->ext.ecpointformats == NULL) + return 1; + + for (i = 0; i < s->session->ext.ecpointformats_len; i++) { + if (s->session->ext.ecpointformats[i] == comp_id) + return 1; + } + return 0; +} + +/* Return group id of a key */ +static uint16_t tls1_get_group_id(EVP_PKEY *pkey) +{ + EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_GROUP *grp; + + if (ec == NULL) + return 0; + grp = EC_KEY_get0_group(ec); + return tls1_nid2group_id(EC_GROUP_get_curve_name(grp)); +} + /* * Check cert parameters compatible with extensions: currently just checks EC * certificates have compatible curves and compression. -- cgit v1.2.3