Rename the TLS Supported Elliptic Curves extension to Supported Groups.

RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported Groups and redefined it to include finite field DH (FFDH) in addition to elliptic curve DH (ECDH). As such, rename the TLS extension and change the associated code to refer to groups rather than curves. ok beck@ tb@
author: jsing <> 2018-11-05 20:41:30 +0000
committer: jsing <> 2018-11-05 20:41:30 +0000
commit: cc6841304de92627d97efb8864bf697cea3c3c11 (patch)
tree: 0dcb778a3611a7834d75d19cbaf3ab20c8778177
parent: 10fbcf441c789825e293dcdf108f5d3a6066e929 (diff)
download: openbsd-cc6841304de92627d97efb8864bf697cea3c3c11.tar.gz
openbsd-cc6841304de92627d97efb8864bf697cea3c3c11.tar.bz2
openbsd-cc6841304de92627d97efb8864bf697cea3c3c11.zip
6 files changed, 92 insertions, 88 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e1bad1ba1a..1c605613e8 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.172 2018/11/05 06:55:37 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1820,7 +1820,7 @@ SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
 int
 SSL_set1_groups_list(SSL *s, const char *groups)
 {
-        return tls1_set_groups_list(&s->internal->tlsext_supportedgroups,
+        return tls1_set_group_list(&s->internal->tlsext_supportedgroups,
            &s->internal->tlsext_supportedgroups_length, groups);
 }
@@ -2107,7 +2107,7 @@ SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
 int
 SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
 {
-        return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
+        return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups,
            &ctx->internal->tlsext_supportedgroups_length, groups);
 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b11bb4ac61..95858339ea 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.218 2018/11/05 06:55:37 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.219 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1257,14 +1257,19 @@ int ssl_ok(SSL *s);
 int ssl_using_ecc_cipher(SSL *s);
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+void tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
+    size_t *pformatslen);
+void tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
+    size_t *pgroupslen);
 int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const int *groups, size_t ngroups);
-int tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
+int tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const char *groups);
 int tls1_ec_curve_id2nid(const uint16_t curve_id);
 uint16_t tls1_ec_nid2curve_id(const int nid);
-int tls1_check_curve(SSL *s, const uint16_t curve_id);
+int tls1_check_curve(SSL *s, const uint16_t group_id);
 int tls1_get_shared_curve(SSL *s);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
@@ -1314,11 +1319,6 @@ int SSL_state_func_code(int _state);
 #define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)
 void SSL_error_internal(const SSL *s, int r, char *f, int l);
-void tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
-    size_t *pformatslen);
-void tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
-    size_t *pcurveslen);
 #ifndef OPENSSL_NO_SRTP
 int srtp_find_profile_by_name(char *profile_name,
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 1509c7d779..f64d215799 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.23 2018/11/05 20:29:52 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -163,34 +163,33 @@ tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 }
 /*
- * Supported Elliptic Curves - RFC 4492 section 5.1.1
+ * Supported Groups - RFC 7919 section 2
 */
 int
-tlsext_ec_clienthello_needs(SSL *s)
+tlsext_supportedgroups_clienthello_needs(SSL *s)
 {
        return ssl_has_ecc_ciphers(s);
 }
 int
-tlsext_ec_clienthello_build(SSL *s, CBB *cbb)
+tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb)
 {
-        CBB curvelist;
+        const uint16_t *groups;
-        size_t curves_len;
+        size_t groups_len;
+        CBB grouplist;
        int i;
-        const uint16_t *curves;
-        tls1_get_curvelist(s, 0, &curves, &curves_len);
+        tls1_get_group_list(s, 0, &groups, &groups_len);
+        if (groups_len == 0) {
-        if (curves_len == 0) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return 0;
        }
-        if (!CBB_add_u16_length_prefixed(cbb, &curvelist))
+        if (!CBB_add_u16_length_prefixed(cbb, &grouplist))
                return 0;
-        for (i = 0; i < curves_len; i++) {
+        for (i = 0; i < groups_len; i++) {
-                if (!CBB_add_u16(&curvelist, curves[i]))
+                if (!CBB_add_u16(&grouplist, groups[i]))
                        return 0;
        }
@@ -201,48 +200,48 @@ tlsext_ec_clienthello_build(SSL *s, CBB *cbb)
 }
 int
-tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)
+tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert)
 {
-        CBS curvelist;
+        CBS grouplist;
-        size_t curves_len;
+        size_t groups_len;
-        if (!CBS_get_u16_length_prefixed(cbs, &curvelist))
+        if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
                goto err;
        if (CBS_len(cbs) != 0)
                goto err;
-        curves_len = CBS_len(&curvelist);
+        groups_len = CBS_len(&grouplist);
-        if (curves_len == 0 || curves_len % 2 != 0)
+        if (groups_len == 0 || groups_len % 2 != 0)
                goto err;
-        curves_len /= 2;
+        groups_len /= 2;
        if (!s->internal->hit) {
+                uint16_t *groups;
                int i;
-                uint16_t *curves;
                if (SSI(s)->tlsext_supportedgroups != NULL)
                        goto err;
-                if ((curves = reallocarray(NULL, curves_len,
+                if ((groups = reallocarray(NULL, groups_len,
                    sizeof(uint16_t))) == NULL) {
                        *alert = TLS1_AD_INTERNAL_ERROR;
                        return 0;
                }
-                for (i = 0; i < curves_len; i++) {
+                for (i = 0; i < groups_len; i++) {
-                        if (!CBS_get_u16(&curvelist, &curves[i])) {
+                        if (!CBS_get_u16(&grouplist, &groups[i])) {
-                                free(curves);
+                                free(groups);
                                goto err;
                        }
                }
-                if (CBS_len(&curvelist) != 0) {
+                if (CBS_len(&grouplist) != 0) {
-                        free(curves);
+                        free(groups);
                        goto err;
                }
-                SSI(s)->tlsext_supportedgroups = curves;
+                SSI(s)->tlsext_supportedgroups = groups;
-                SSI(s)->tlsext_supportedgroups_length = curves_len;
+                SSI(s)->tlsext_supportedgroups_length = groups_len;
        }
        return 1;
@@ -254,19 +253,19 @@ tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)
 /* This extension is never used by the server. */
 int
-tlsext_ec_serverhello_needs(SSL *s)
+tlsext_supportedgroups_serverhello_needs(SSL *s)
 {
        return 0;
 }
 int
-tlsext_ec_serverhello_build(SSL *s, CBB *cbb)
+tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb)
 {
        return 0;
 }
 int
-tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert)
+tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 {
        /*
         * Servers should not send this extension per the RFC.
@@ -1262,16 +1261,16 @@ static struct tls_extension tls_extensions[] = {
                },
        },
        {
-                .type = TLSEXT_TYPE_elliptic_curves,
+                .type = TLSEXT_TYPE_supported_groups,
                .clienthello = {
-                        .needs = tlsext_ec_clienthello_needs,
+                        .needs = tlsext_supportedgroups_clienthello_needs,
-                        .build = tlsext_ec_clienthello_build,
+                        .build = tlsext_supportedgroups_clienthello_build,
-                        .parse = tlsext_ec_clienthello_parse,
+                        .parse = tlsext_supportedgroups_clienthello_parse,
                },
                .serverhello = {
-                        .needs = tlsext_ec_serverhello_needs,
+                        .needs = tlsext_supportedgroups_serverhello_needs,
-                        .build = tlsext_ec_serverhello_build,
+                        .build = tlsext_supportedgroups_serverhello_build,
-                        .parse = tlsext_ec_serverhello_parse,
+                        .parse = tlsext_supportedgroups_serverhello_parse,
                },
        },
        {
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 4248932fb2..974ab929ec 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.12 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.13 2018/11/05 20:41:30 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -44,12 +44,12 @@ int tlsext_sni_serverhello_needs(SSL *s);
 int tlsext_sni_serverhello_build(SSL *s, CBB *cbb);
 int tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ec_clienthello_needs(SSL *s);
+int tlsext_supportedgroups_clienthello_needs(SSL *s);
-int tlsext_ec_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb);
-int tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ec_serverhello_needs(SSL *s);
+int tlsext_supportedgroups_serverhello_needs(SSL *s);
-int tlsext_ec_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb);
-int tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert);
 int tlsext_ecpf_clienthello_needs(SSL *s);
 int tlsext_ecpf_clienthello_build(SSL *s, CBB *cbb);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b06004e88a..758f7b1e11 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.146 2018/11/05 06:55:37 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.147 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -361,25 +361,25 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
 }
 /*
- * Return the appropriate curve list. If client_curves is non-zero, return
+ * Return the appropriate group list. If client_groups is non-zero, return
- * the client/session curves. Otherwise return the custom curve list if one
+ * the client/session groups. Otherwise return the custom group list if one
- * exists, or the default curves if a custom list has not been specified.
+ * exists, or the default groups if a custom list has not been specified.
 */
 void
-tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
+tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
-    size_t *pcurveslen)
+    size_t *pgroupslen)
 {
-        if (client_curves != 0) {
+        if (client_groups != 0) {
-                *pcurves = SSI(s)->tlsext_supportedgroups;
+                *pgroups = SSI(s)->tlsext_supportedgroups;
-                *pcurveslen = SSI(s)->tlsext_supportedgroups_length;
+                *pgroupslen = SSI(s)->tlsext_supportedgroups_length;
                return;
        }
-        *pcurves = s->internal->tlsext_supportedgroups;
+        *pgroups = s->internal->tlsext_supportedgroups;
-        *pcurveslen = s->internal->tlsext_supportedgroups_length;
+        *pgroupslen = s->internal->tlsext_supportedgroups_length;
-        if (*pcurves == NULL) {
+        if (*pgroups == NULL) {
-                *pcurves = eccurves_default;
+                *pgroups = eccurves_default;
-                *pcurveslen = sizeof(eccurves_default) / 2;
+                *pgroupslen = sizeof(eccurves_default) / 2;
        }
 }
@@ -410,7 +410,7 @@ tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
 }
 int
-tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
+tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
    const char *groups)
 {
        uint16_t *new_group_ids, *group_ids = NULL;
@@ -461,13 +461,13 @@ tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
 int
 tls1_check_curve(SSL *s, const uint16_t curve_id)
 {
-        const uint16_t *curves;
+        const uint16_t *groups;
-        size_t curveslen, i;
+        size_t groupslen, i;
-        tls1_get_curvelist(s, 0, &curves, &curveslen);
+        tls1_get_group_list(s, 0, &groups, &groupslen);
-        for (i = 0; i < curveslen; i++) {
+        for (i = 0; i < groupslen; i++) {
-                if (curves[i] == curve_id)
+                if (groups[i] == curve_id)
                        return (1);
        }
        return (0);
@@ -486,8 +486,8 @@ tls1_get_shared_curve(SSL *s)
        /* Return first preference shared curve. */
        server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
-        tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
+        tls1_get_group_list(s, (server_pref == 0), &pref, &preflen);
-        tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);
+        tls1_get_group_list(s, (server_pref != 0), &supp, &supplen);
        for (i = 0; i < preflen; i++) {
                for (j = 0; j < supplen; j++) {
@@ -548,8 +548,8 @@ tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
 static int
 tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
 {
-        size_t curveslen, formatslen, i;
+        size_t groupslen, formatslen, i;
-        const uint16_t *curves;
+        const uint16_t *groups;
        const uint8_t *formats;
        /*
@@ -569,13 +569,13 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
        /*
         * Check curve list if present, otherwise everything is supported.
         */
-        tls1_get_curvelist(s, 1, &curves, &curveslen);
+        tls1_get_group_list(s, 1, &groups, &groupslen);
-        if (curve_id != NULL && curves != NULL) {
+        if (curve_id != NULL && groups != NULL) {
-                for (i = 0; i < curveslen; i++) {
+                for (i = 0; i < groupslen; i++) {
-                        if (curves[i] == *curve_id)
+                        if (groups[i] == *curve_id)
                                break;
                }
-                if (i == curveslen)
+                if (i == groupslen)
                        return (0);
        }
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 0474bb73ae..7ad9a387c9 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.32 2018/02/17 15:08:21 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.33 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -230,8 +230,13 @@ extern "C" {
 /* ExtensionType values from RFC 6091. */
 #define TLSEXT_TYPE_cert_type           9
+/* ExtensionType values from RFC 7919. */
+#define TLSEXT_TYPE_supported_groups            10
 /* ExtensionType values from RFC 4492. */
-#define TLSEXT_TYPE_elliptic_curves             10
+#ifndef LIBRESSL_INTERNAL
+#define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
+#endif
 #define TLSEXT_TYPE_ec_point_formats            11
 /* ExtensionType value from RFC 5054. */
author	jsing <>	2018-11-05 20:41:30 +0000
committer	jsing <>	2018-11-05 20:41:30 +0000
commit	cc6841304de92627d97efb8864bf697cea3c3c11 (patch)
tree	0dcb778a3611a7834d75d19cbaf3ab20c8778177
parent	10fbcf441c789825e293dcdf108f5d3a6066e929 (diff)
download	openbsd-cc6841304de92627d97efb8864bf697cea3c3c11.tar.gz openbsd-cc6841304de92627d97efb8864bf697cea3c3c11.tar.bz2 openbsd-cc6841304de92627d97efb8864bf697cea3c3c11.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e1bad1ba1a..1c605613e8 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.172 2018/11/05 06:55:37 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1820,7 +1820,7 @@ SSL_set1_groups(SSL s, const int groups, size_t groups_len)
1820	int	1820	int
1821	SSL_set1_groups_list(SSL s, const char groups)	1821	SSL_set1_groups_list(SSL s, const char groups)
1822	{	1822	{
1823	return tls1_set_groups_list(&s->internal->tlsext_supportedgroups,	1823	return tls1_set_group_list(&s->internal->tlsext_supportedgroups,
1824	&s->internal->tlsext_supportedgroups_length, groups);	1824	&s->internal->tlsext_supportedgroups_length, groups);
1825	}	1825	}
1826		1826
@@ -2107,7 +2107,7 @@ SSL_CTX_set1_groups(SSL_CTX ctx, const int groups, size_t groups_len)
2107	int	2107	int
2108	SSL_CTX_set1_groups_list(SSL_CTX ctx, const char groups)	2108	SSL_CTX_set1_groups_list(SSL_CTX ctx, const char groups)
2109	{	2109	{
2110	return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,	2110	return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups,
2111	&ctx->internal->tlsext_supportedgroups_length, groups);	2111	&ctx->internal->tlsext_supportedgroups_length, groups);
2112	}	2112	}
2113		2113


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index b11bb4ac61..95858339ea 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.218 2018/11/05 06:55:37 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.219 2018/11/05 20:41:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1257,14 +1257,19 @@ int ssl_ok(SSL *s);
1257	int ssl_using_ecc_cipher(SSL *s);	1257	int ssl_using_ecc_cipher(SSL *s);
1258	int ssl_check_srvr_ecc_cert_and_alg(X509 x, SSL s);	1258	int ssl_check_srvr_ecc_cert_and_alg(X509 x, SSL s);
1259		1259
		1260	void tls1_get_formatlist(SSL s, int client_formats, const uint8_t *pformats,
		1261	size_t *pformatslen);
		1262	void tls1_get_group_list(SSL s, int client_groups, const uint16_t *pgroups,
		1263	size_t *pgroupslen);
		1264
1260	int tls1_set_groups(uint16_t *out_group_ids, size_t out_group_ids_len,	1265	int tls1_set_groups(uint16_t *out_group_ids, size_t out_group_ids_len,
1261	const int *groups, size_t ngroups);	1266	const int *groups, size_t ngroups);
1262	int tls1_set_groups_list(uint16_t *out_group_ids, size_t out_group_ids_len,	1267	int tls1_set_group_list(uint16_t *out_group_ids, size_t out_group_ids_len,
1263	const char *groups);	1268	const char *groups);
1264		1269
1265	int tls1_ec_curve_id2nid(const uint16_t curve_id);	1270	int tls1_ec_curve_id2nid(const uint16_t curve_id);
1266	uint16_t tls1_ec_nid2curve_id(const int nid);	1271	uint16_t tls1_ec_nid2curve_id(const int nid);
1267	int tls1_check_curve(SSL *s, const uint16_t curve_id);	1272	int tls1_check_curve(SSL *s, const uint16_t group_id);
1268	int tls1_get_shared_curve(SSL *s);	1273	int tls1_get_shared_curve(SSL *s);
1269		1274
1270	int ssl_parse_serverhello_tlsext(SSL s, unsigned char *data,	1275	int ssl_parse_serverhello_tlsext(SSL s, unsigned char *data,
@@ -1314,11 +1319,6 @@ int SSL_state_func_code(int _state);
1314	#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)	1319	#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)
1315	void SSL_error_internal(const SSL s, int r, char f, int l);	1320	void SSL_error_internal(const SSL s, int r, char f, int l);
1316		1321
1317	void tls1_get_formatlist(SSL s, int client_formats, const uint8_t *pformats,
1318	size_t *pformatslen);
1319	void tls1_get_curvelist(SSL s, int client_curves, const uint16_t *pcurves,
1320	size_t *pcurveslen);
1321
1322	#ifndef OPENSSL_NO_SRTP	1322	#ifndef OPENSSL_NO_SRTP
1323		1323
1324	int srtp_find_profile_by_name(char *profile_name,	1324	int srtp_find_profile_by_name(char *profile_name,


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 1509c7d779..f64d215799 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.23 2018/11/05 20:29:52 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -163,34 +163,33 @@ tlsext_alpn_serverhello_parse(SSL s, CBS cbs, int *alert)
163	}	163	}
164		164
165	/*	165	/*
166	* Supported Elliptic Curves - RFC 4492 section 5.1.1	166	* Supported Groups - RFC 7919 section 2
167	*/	167	*/
168	int	168	int
169	tlsext_ec_clienthello_needs(SSL *s)	169	tlsext_supportedgroups_clienthello_needs(SSL *s)
170	{	170	{
171	return ssl_has_ecc_ciphers(s);	171	return ssl_has_ecc_ciphers(s);
172	}	172	}
173		173
174	int	174	int
175	tlsext_ec_clienthello_build(SSL s, CBB cbb)	175	tlsext_supportedgroups_clienthello_build(SSL s, CBB cbb)
176	{	176	{
177	CBB curvelist;	177	const uint16_t *groups;
178	size_t curves_len;	178	size_t groups_len;
		179	CBB grouplist;
179	int i;	180	int i;
180	const uint16_t *curves;
181		181
182	tls1_get_curvelist(s, 0, &curves, &curves_len);	182	tls1_get_group_list(s, 0, &groups, &groups_len);
183		183	if (groups_len == 0) {
184	if (curves_len == 0) {
185	SSLerror(s, ERR_R_INTERNAL_ERROR);	184	SSLerror(s, ERR_R_INTERNAL_ERROR);
186	return 0;	185	return 0;
187	}	186	}
188		187
189	if (!CBB_add_u16_length_prefixed(cbb, &curvelist))	188	if (!CBB_add_u16_length_prefixed(cbb, &grouplist))
190	return 0;	189	return 0;
191		190
192	for (i = 0; i < curves_len; i++) {	191	for (i = 0; i < groups_len; i++) {
193	if (!CBB_add_u16(&curvelist, curves[i]))	192	if (!CBB_add_u16(&grouplist, groups[i]))
194	return 0;	193	return 0;
195	}	194	}
196		195
@@ -201,48 +200,48 @@ tlsext_ec_clienthello_build(SSL s, CBB cbb)
201	}	200	}
202		201
203	int	202	int
204	tlsext_ec_clienthello_parse(SSL s, CBS cbs, int *alert)	203	tlsext_supportedgroups_clienthello_parse(SSL s, CBS cbs, int *alert)
205	{	204	{
206	CBS curvelist;	205	CBS grouplist;
207	size_t curves_len;	206	size_t groups_len;
208		207
209	if (!CBS_get_u16_length_prefixed(cbs, &curvelist))	208	if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
210	goto err;	209	goto err;
211	if (CBS_len(cbs) != 0)	210	if (CBS_len(cbs) != 0)
212	goto err;	211	goto err;
213		212
214	curves_len = CBS_len(&curvelist);	213	groups_len = CBS_len(&grouplist);
215	if (curves_len == 0 \|\| curves_len % 2 != 0)	214	if (groups_len == 0 \|\| groups_len % 2 != 0)
216	goto err;	215	goto err;
217	curves_len /= 2;	216	groups_len /= 2;
218		217
219	if (!s->internal->hit) {	218	if (!s->internal->hit) {
		219	uint16_t *groups;
220	int i;	220	int i;
221	uint16_t *curves;
222		221
223	if (SSI(s)->tlsext_supportedgroups != NULL)	222	if (SSI(s)->tlsext_supportedgroups != NULL)
224	goto err;	223	goto err;
225		224
226	if ((curves = reallocarray(NULL, curves_len,	225	if ((groups = reallocarray(NULL, groups_len,
227	sizeof(uint16_t))) == NULL) {	226	sizeof(uint16_t))) == NULL) {
228	*alert = TLS1_AD_INTERNAL_ERROR;	227	*alert = TLS1_AD_INTERNAL_ERROR;
229	return 0;	228	return 0;
230	}	229	}
231		230
232	for (i = 0; i < curves_len; i++) {	231	for (i = 0; i < groups_len; i++) {
233	if (!CBS_get_u16(&curvelist, &curves[i])) {	232	if (!CBS_get_u16(&grouplist, &groups[i])) {
234	free(curves);	233	free(groups);
235	goto err;	234	goto err;
236	}	235	}
237	}	236	}
238		237
239	if (CBS_len(&curvelist) != 0) {	238	if (CBS_len(&grouplist) != 0) {
240	free(curves);	239	free(groups);
241	goto err;	240	goto err;
242	}	241	}
243		242
244	SSI(s)->tlsext_supportedgroups = curves;	243	SSI(s)->tlsext_supportedgroups = groups;
245	SSI(s)->tlsext_supportedgroups_length = curves_len;	244	SSI(s)->tlsext_supportedgroups_length = groups_len;
246	}	245	}
247		246
248	return 1;	247	return 1;
@@ -254,19 +253,19 @@ tlsext_ec_clienthello_parse(SSL s, CBS cbs, int *alert)
254		253
255	/* This extension is never used by the server. */	254	/* This extension is never used by the server. */
256	int	255	int
257	tlsext_ec_serverhello_needs(SSL *s)	256	tlsext_supportedgroups_serverhello_needs(SSL *s)
258	{	257	{
259	return 0;	258	return 0;
260	}	259	}
261		260
262	int	261	int
263	tlsext_ec_serverhello_build(SSL s, CBB cbb)	262	tlsext_supportedgroups_serverhello_build(SSL s, CBB cbb)
264	{	263	{
265	return 0;	264	return 0;
266	}	265	}
267		266
268	int	267	int
269	tlsext_ec_serverhello_parse(SSL s, CBS cbs, int *alert)	268	tlsext_supportedgroups_serverhello_parse(SSL s, CBS cbs, int *alert)
270	{	269	{
271	/*	270	/*
272	* Servers should not send this extension per the RFC.	271	* Servers should not send this extension per the RFC.
@@ -1262,16 +1261,16 @@ static struct tls_extension tls_extensions[] = {
1262	},	1261	},
1263	},	1262	},
1264	{	1263	{
1265	.type = TLSEXT_TYPE_elliptic_curves,	1264	.type = TLSEXT_TYPE_supported_groups,
1266	.clienthello = {	1265	.clienthello = {
1267	.needs = tlsext_ec_clienthello_needs,	1266	.needs = tlsext_supportedgroups_clienthello_needs,
1268	.build = tlsext_ec_clienthello_build,	1267	.build = tlsext_supportedgroups_clienthello_build,
1269	.parse = tlsext_ec_clienthello_parse,	1268	.parse = tlsext_supportedgroups_clienthello_parse,
1270	},	1269	},
1271	.serverhello = {	1270	.serverhello = {
1272	.needs = tlsext_ec_serverhello_needs,	1271	.needs = tlsext_supportedgroups_serverhello_needs,
1273	.build = tlsext_ec_serverhello_build,	1272	.build = tlsext_supportedgroups_serverhello_build,
1274	.parse = tlsext_ec_serverhello_parse,	1273	.parse = tlsext_supportedgroups_serverhello_parse,
1275	},	1274	},
1276	},	1275	},
1277	{	1276	{


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 4248932fb2..974ab929ec 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.12 2018/02/08 11:30:30 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.13 2018/11/05 20:41:30 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -44,12 +44,12 @@ int tlsext_sni_serverhello_needs(SSL *s);
44	int tlsext_sni_serverhello_build(SSL s, CBB cbb);	44	int tlsext_sni_serverhello_build(SSL s, CBB cbb);
45	int tlsext_sni_serverhello_parse(SSL s, CBS cbs, int *alert);	45	int tlsext_sni_serverhello_parse(SSL s, CBS cbs, int *alert);
46		46
47	int tlsext_ec_clienthello_needs(SSL *s);	47	int tlsext_supportedgroups_clienthello_needs(SSL *s);
48	int tlsext_ec_clienthello_build(SSL s, CBB cbb);	48	int tlsext_supportedgroups_clienthello_build(SSL s, CBB cbb);
49	int tlsext_ec_clienthello_parse(SSL s, CBS cbs, int *alert);	49	int tlsext_supportedgroups_clienthello_parse(SSL s, CBS cbs, int *alert);
50	int tlsext_ec_serverhello_needs(SSL *s);	50	int tlsext_supportedgroups_serverhello_needs(SSL *s);
51	int tlsext_ec_serverhello_build(SSL s, CBB cbb);	51	int tlsext_supportedgroups_serverhello_build(SSL s, CBB cbb);
52	int tlsext_ec_serverhello_parse(SSL s, CBS cbs, int *alert);	52	int tlsext_supportedgroups_serverhello_parse(SSL s, CBS cbs, int *alert);
53		53
54	int tlsext_ecpf_clienthello_needs(SSL *s);	54	int tlsext_ecpf_clienthello_needs(SSL *s);
55	int tlsext_ecpf_clienthello_build(SSL s, CBB cbb);	55	int tlsext_ecpf_clienthello_build(SSL s, CBB cbb);


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b06004e88a..758f7b1e11 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.146 2018/11/05 06:55:37 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.147 2018/11/05 20:41:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -361,25 +361,25 @@ tls1_get_formatlist(SSL s, int client_formats, const uint8_t *pformats,
361	}	361	}
362		362
363	/*	363	/*
364	* Return the appropriate curve list. If client_curves is non-zero, return	364	* Return the appropriate group list. If client_groups is non-zero, return
365	* the client/session curves. Otherwise return the custom curve list if one	365	* the client/session groups. Otherwise return the custom group list if one
366	* exists, or the default curves if a custom list has not been specified.	366	* exists, or the default groups if a custom list has not been specified.
367	*/	367	*/
368	void	368	void
369	tls1_get_curvelist(SSL s, int client_curves, const uint16_t *pcurves,	369	tls1_get_group_list(SSL s, int client_groups, const uint16_t *pgroups,
370	size_t *pcurveslen)	370	size_t *pgroupslen)
371	{	371	{
372	if (client_curves != 0) {	372	if (client_groups != 0) {
373	*pcurves = SSI(s)->tlsext_supportedgroups;	373	*pgroups = SSI(s)->tlsext_supportedgroups;
374	*pcurveslen = SSI(s)->tlsext_supportedgroups_length;	374	*pgroupslen = SSI(s)->tlsext_supportedgroups_length;
375	return;	375	return;
376	}	376	}
377		377
378	*pcurves = s->internal->tlsext_supportedgroups;	378	*pgroups = s->internal->tlsext_supportedgroups;
379	*pcurveslen = s->internal->tlsext_supportedgroups_length;	379	*pgroupslen = s->internal->tlsext_supportedgroups_length;
380	if (*pcurves == NULL) {	380	if (*pgroups == NULL) {
381	*pcurves = eccurves_default;	381	*pgroups = eccurves_default;
382	*pcurveslen = sizeof(eccurves_default) / 2;	382	*pgroupslen = sizeof(eccurves_default) / 2;
383	}	383	}
384	}	384	}
385		385
@@ -410,7 +410,7 @@ tls1_set_groups(uint16_t *out_group_ids, size_t out_group_ids_len,
410	}	410	}
411		411
412	int	412	int
413	tls1_set_groups_list(uint16_t *out_group_ids, size_t out_group_ids_len,	413	tls1_set_group_list(uint16_t *out_group_ids, size_t out_group_ids_len,
414	const char *groups)	414	const char *groups)
415	{	415	{
416	uint16_t new_group_ids, group_ids = NULL;	416	uint16_t new_group_ids, group_ids = NULL;
@@ -461,13 +461,13 @@ tls1_set_groups_list(uint16_t *out_group_ids, size_t out_group_ids_len,
461	int	461	int
462	tls1_check_curve(SSL *s, const uint16_t curve_id)	462	tls1_check_curve(SSL *s, const uint16_t curve_id)
463	{	463	{
464	const uint16_t *curves;	464	const uint16_t *groups;
465	size_t curveslen, i;	465	size_t groupslen, i;
466		466
467	tls1_get_curvelist(s, 0, &curves, &curveslen);	467	tls1_get_group_list(s, 0, &groups, &groupslen);
468		468
469	for (i = 0; i < curveslen; i++) {	469	for (i = 0; i < groupslen; i++) {
470	if (curves[i] == curve_id)	470	if (groups[i] == curve_id)
471	return (1);	471	return (1);
472	}	472	}
473	return (0);	473	return (0);
@@ -486,8 +486,8 @@ tls1_get_shared_curve(SSL *s)
486		486
487	/* Return first preference shared curve. */	487	/* Return first preference shared curve. */
488	server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);	488	server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
489	tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);	489	tls1_get_group_list(s, (server_pref == 0), &pref, &preflen);
490	tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);	490	tls1_get_group_list(s, (server_pref != 0), &supp, &supplen);
491		491
492	for (i = 0; i < preflen; i++) {	492	for (i = 0; i < preflen; i++) {
493	for (j = 0; j < supplen; j++) {	493	for (j = 0; j < supplen; j++) {
@@ -548,8 +548,8 @@ tls1_set_ec_id(uint16_t curve_id, uint8_t comp_id, EC_KEY *ec)
548	static int	548	static int
549	tls1_check_ec_key(SSL s, const uint16_t curve_id, const uint8_t *comp_id)	549	tls1_check_ec_key(SSL s, const uint16_t curve_id, const uint8_t *comp_id)
550	{	550	{
551	size_t curveslen, formatslen, i;	551	size_t groupslen, formatslen, i;
552	const uint16_t *curves;	552	const uint16_t *groups;
553	const uint8_t *formats;	553	const uint8_t *formats;
554		554
555	/*	555	/*
@@ -569,13 +569,13 @@ tls1_check_ec_key(SSL s, const uint16_t curve_id, const uint8_t *comp_id)
569	/*	569	/*
570	* Check curve list if present, otherwise everything is supported.	570	* Check curve list if present, otherwise everything is supported.
571	*/	571	*/
572	tls1_get_curvelist(s, 1, &curves, &curveslen);	572	tls1_get_group_list(s, 1, &groups, &groupslen);
573	if (curve_id != NULL && curves != NULL) {	573	if (curve_id != NULL && groups != NULL) {
574	for (i = 0; i < curveslen; i++) {	574	for (i = 0; i < groupslen; i++) {
575	if (curves[i] == *curve_id)	575	if (groups[i] == *curve_id)
576	break;	576	break;
577	}	577	}
578	if (i == curveslen)	578	if (i == groupslen)
579	return (0);	579	return (0);
580	}	580	}
581		581


diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 0474bb73ae..7ad9a387c9 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1.h,v 1.32 2018/02/17 15:08:21 jsing Exp $ */	1	/* $OpenBSD: tls1.h,v 1.33 2018/11/05 20:41:30 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -230,8 +230,13 @@ extern "C" {
230	/* ExtensionType values from RFC 6091. */	230	/* ExtensionType values from RFC 6091. */
231	#define TLSEXT_TYPE_cert_type 9	231	#define TLSEXT_TYPE_cert_type 9
232		232
		233	/* ExtensionType values from RFC 7919. */
		234	#define TLSEXT_TYPE_supported_groups 10
		235
233	/* ExtensionType values from RFC 4492. */	236	/* ExtensionType values from RFC 4492. */
234	#define TLSEXT_TYPE_elliptic_curves 10	237	#ifndef LIBRESSL_INTERNAL
		238	#define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups
		239	#endif
235	#define TLSEXT_TYPE_ec_point_formats 11	240	#define TLSEXT_TYPE_ec_point_formats 11
236		241
237	/* ExtensionType value from RFC 5054. */	242	/* ExtensionType value from RFC 5054. */