Add support for setting the supported EC curves via

SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
author: jsing <> 2017-01-24 09:03:21 +0000
committer: jsing <> 2017-01-24 09:03:21 +0000
commit: 92772a687d70a52ce1692de992312b2971bf5652 (patch)
tree: b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/t1_lib.c
parent: 87cf9501d9c5a4e91606335a53140281b779f2ff (diff)
download: openbsd-92772a687d70a52ce1692de992312b2971bf5652.tar.gz
openbsd-92772a687d70a52ce1692de992312b2971bf5652.tar.bz2
openbsd-92772a687d70a52ce1692de992312b2971bf5652.zip
1 files changed, 96 insertions, 13 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b69e52a85c..be7c5b72a9 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.108 2017/01/24 08:41:53 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.109 2017/01/24 09:03:21 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -245,13 +245,17 @@ static int nid_list[] = {
        NID_X25519,             /* X25519 (29) */
 };
-static const uint8_t ecformats_default[] = {
+static const uint8_t ecformats_list[] = {
        TLSEXT_ECPOINTFORMAT_uncompressed,
        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
 };
-static const uint16_t eccurves_default[] = {
+static const uint8_t ecformats_default[] = {
+        TLSEXT_ECPOINTFORMAT_uncompressed,
+};
+static const uint16_t eccurves_list[] = {
        29,                     /* X25519 (29) */
        14,                     /* sect571r1 (14) */
        13,                     /* sect571k1 (13) */
@@ -283,6 +287,12 @@ static const uint16_t eccurves_default[] = {
        17,                     /* secp160r2 (17) */
 };
+static const uint16_t eccurves_default[] = {
+        29,                     /* X25519 (29) */
+        23,                     /* secp256r1 (23) */
+        24,                     /* secp384r1 (24) */
+};
 int
 tls1_ec_curve_id2nid(const uint16_t curve_id)
 {
@@ -394,19 +404,93 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
    size_t *pcurveslen)
 {
        if (client_curves != 0) {
-                *pcurves = SSI(s)->tlsext_ellipticcurvelist;
+                *pcurves = SSI(s)->tlsext_supportedgroups;
-                *pcurveslen = SSI(s)->tlsext_ellipticcurvelist_length;
+                *pcurveslen = SSI(s)->tlsext_supportedgroups_length;
                return;
        }
-        *pcurves = s->internal->tlsext_ellipticcurvelist;
+        *pcurves = s->internal->tlsext_supportedgroups;
-        *pcurveslen = s->internal->tlsext_ellipticcurvelist_length;
+        *pcurveslen = s->internal->tlsext_supportedgroups_length;
        if (*pcurves == NULL) {
                *pcurves = eccurves_default;
                *pcurveslen = sizeof(eccurves_default) / 2;
        }
 }
+int
+tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
+    const int *groups, size_t ngroups)
+{
+        uint16_t *group_ids;
+        size_t i;
+        group_ids = calloc(ngroups, sizeof(uint16_t));
+        if (group_ids == NULL)
+                return 0;
+        for (i = 0; i < ngroups; i++) {
+                group_ids[i] = tls1_ec_nid2curve_id(groups[i]);
+                if (group_ids[i] == 0) {
+                        free(group_ids);
+                        return 0;
+                }
+        }
+        free(*out_group_ids);
+        *out_group_ids = group_ids;
+        *out_group_ids_len = ngroups;
+        return 1;
+}
+int
+tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
+    const char *groups)
+{
+        uint16_t *new_group_ids, *group_ids = NULL;
+        size_t ngroups = 0;
+        char *gs, *p, *q;
+        int nid;
+        if ((gs = strdup(groups)) == NULL)
+                return 0;
+        q = gs;
+        while ((p = strsep(&q, ":")) != NULL) {
+                nid = OBJ_sn2nid(p);
+                if (nid == NID_undef)
+                        nid = OBJ_ln2nid(p);
+                if (nid == NID_undef)
+                        nid = EC_curve_nist2nid(p);
+                if (nid == NID_undef)
+                        goto err;
+                if ((new_group_ids = reallocarray(group_ids, ngroups + 1,
+                    sizeof(uint16_t))) == NULL)
+                        goto err;
+                group_ids = new_group_ids;
+                group_ids[ngroups] = tls1_ec_nid2curve_id(nid);
+                if (group_ids[ngroups] == 0)
+                        goto err;
+                ngroups++;
+        }
+        free(gs);
+        free(*out_group_ids);
+        *out_group_ids = group_ids;
+        *out_group_ids_len = ngroups;
+        return 1;
+ err:
+        free(gs);
+        free(group_ids);
+        return 0;
+}
 /* Check that a curve is one of our preferences. */
 int
 tls1_check_curve(SSL *s, const uint16_t curve_id)
@@ -1378,11 +1462,11 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        curveslen /= 2;
                        if (!s->internal->hit) {
-                                if (SSI(s)->tlsext_ellipticcurvelist) {
+                                if (SSI(s)->tlsext_supportedgroups) {
                                        *al = TLS1_AD_DECODE_ERROR;
                                        return 0;
                                }
-                                SSI(s)->tlsext_ellipticcurvelist_length = 0;
+                                SSI(s)->tlsext_supportedgroups_length = 0;
                                if ((curves = reallocarray(NULL, curveslen,
                                    sizeof(uint16_t))) == NULL) {
                                        *al = TLS1_AD_INTERNAL_ERROR;
@@ -1390,11 +1474,10 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                }
                                for (i = 0; i < curveslen; i++)
                                        n2s(sdata, curves[i]);
-                                SSI(s)->tlsext_ellipticcurvelist = curves;
+                                SSI(s)->tlsext_supportedgroups = curves;
-                                SSI(s)->tlsext_ellipticcurvelist_length = curveslen;
+                                SSI(s)->tlsext_supportedgroups_length = curveslen;
                        }
-                }
+                } else if (type == TLSEXT_TYPE_session_ticket) {
-                else if (type == TLSEXT_TYPE_session_ticket) {
                        if (s->internal->tls_session_ticket_ext_cb &&
                            !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
                                *al = TLS1_AD_INTERNAL_ERROR;
author	jsing <>	2017-01-24 09:03:21 +0000
committer	jsing <>	2017-01-24 09:03:21 +0000
commit	92772a687d70a52ce1692de992312b2971bf5652 (patch)
tree	b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/t1_lib.c
parent	87cf9501d9c5a4e91606335a53140281b779f2ff (diff)
download	openbsd-92772a687d70a52ce1692de992312b2971bf5652.tar.gz openbsd-92772a687d70a52ce1692de992312b2971bf5652.tar.bz2 openbsd-92772a687d70a52ce1692de992312b2971bf5652.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b69e52a85c..be7c5b72a9 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.108 2017/01/24 08:41:53 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.109 2017/01/24 09:03:21 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -245,13 +245,17 @@ static int nid_list[] = {
245	NID_X25519, /* X25519 (29) */	245	NID_X25519, /* X25519 (29) */
246	};	246	};
247		247
248	static const uint8_t ecformats_default[] = {	248	static const uint8_t ecformats_list[] = {
249	TLSEXT_ECPOINTFORMAT_uncompressed,	249	TLSEXT_ECPOINTFORMAT_uncompressed,
250	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,	250	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
251	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2	251	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
252	};	252	};
253		253
254	static const uint16_t eccurves_default[] = {	254	static const uint8_t ecformats_default[] = {
		255	TLSEXT_ECPOINTFORMAT_uncompressed,
		256	};
		257
		258	static const uint16_t eccurves_list[] = {
255	29, /* X25519 (29) */	259	29, /* X25519 (29) */
256	14, /* sect571r1 (14) */	260	14, /* sect571r1 (14) */
257	13, /* sect571k1 (13) */	261	13, /* sect571k1 (13) */
@@ -283,6 +287,12 @@ static const uint16_t eccurves_default[] = {
283	17, /* secp160r2 (17) */	287	17, /* secp160r2 (17) */
284	};	288	};
285		289
		290	static const uint16_t eccurves_default[] = {
		291	29, /* X25519 (29) */
		292	23, /* secp256r1 (23) */
		293	24, /* secp384r1 (24) */
		294	};
		295
286	int	296	int
287	tls1_ec_curve_id2nid(const uint16_t curve_id)	297	tls1_ec_curve_id2nid(const uint16_t curve_id)
288	{	298	{
@@ -394,19 +404,93 @@ tls1_get_curvelist(SSL s, int client_curves, const uint16_t *pcurves,
394	size_t *pcurveslen)	404	size_t *pcurveslen)
395	{	405	{
396	if (client_curves != 0) {	406	if (client_curves != 0) {
397	*pcurves = SSI(s)->tlsext_ellipticcurvelist;	407	*pcurves = SSI(s)->tlsext_supportedgroups;
398	*pcurveslen = SSI(s)->tlsext_ellipticcurvelist_length;	408	*pcurveslen = SSI(s)->tlsext_supportedgroups_length;
399	return;	409	return;
400	}	410	}
401		411
402	*pcurves = s->internal->tlsext_ellipticcurvelist;	412	*pcurves = s->internal->tlsext_supportedgroups;
403	*pcurveslen = s->internal->tlsext_ellipticcurvelist_length;	413	*pcurveslen = s->internal->tlsext_supportedgroups_length;
404	if (*pcurves == NULL) {	414	if (*pcurves == NULL) {
405	*pcurves = eccurves_default;	415	*pcurves = eccurves_default;
406	*pcurveslen = sizeof(eccurves_default) / 2;	416	*pcurveslen = sizeof(eccurves_default) / 2;
407	}	417	}
408	}	418	}
409		419
		420	int
		421	tls1_set_groups(uint16_t *out_group_ids, size_t out_group_ids_len,
		422	const int *groups, size_t ngroups)
		423	{
		424	uint16_t *group_ids;
		425	size_t i;
		426
		427	group_ids = calloc(ngroups, sizeof(uint16_t));
		428	if (group_ids == NULL)
		429	return 0;
		430
		431	for (i = 0; i < ngroups; i++) {
		432	group_ids[i] = tls1_ec_nid2curve_id(groups[i]);
		433	if (group_ids[i] == 0) {
		434	free(group_ids);
		435	return 0;
		436	}
		437	}
		438
		439	free(*out_group_ids);
		440	*out_group_ids = group_ids;
		441	*out_group_ids_len = ngroups;
		442
		443	return 1;
		444	}
		445
		446	int
		447	tls1_set_groups_list(uint16_t *out_group_ids, size_t out_group_ids_len,
		448	const char *groups)
		449	{
		450	uint16_t new_group_ids, group_ids = NULL;
		451	size_t ngroups = 0;
		452	char gs, p, *q;
		453	int nid;
		454
		455	if ((gs = strdup(groups)) == NULL)
		456	return 0;
		457
		458	q = gs;
		459	while ((p = strsep(&q, ":")) != NULL) {
		460	nid = OBJ_sn2nid(p);
		461	if (nid == NID_undef)
		462	nid = OBJ_ln2nid(p);
		463	if (nid == NID_undef)
		464	nid = EC_curve_nist2nid(p);
		465	if (nid == NID_undef)
		466	goto err;
		467
		468	if ((new_group_ids = reallocarray(group_ids, ngroups + 1,
		469	sizeof(uint16_t))) == NULL)
		470	goto err;
		471	group_ids = new_group_ids;
		472
		473	group_ids[ngroups] = tls1_ec_nid2curve_id(nid);
		474	if (group_ids[ngroups] == 0)
		475	goto err;
		476
		477	ngroups++;
		478	}
		479
		480	free(gs);
		481	free(*out_group_ids);
		482	*out_group_ids = group_ids;
		483	*out_group_ids_len = ngroups;
		484
		485	return 1;
		486
		487	err:
		488	free(gs);
		489	free(group_ids);
		490
		491	return 0;
		492	}
		493
410	/* Check that a curve is one of our preferences. */	494	/* Check that a curve is one of our preferences. */
411	int	495	int
412	tls1_check_curve(SSL *s, const uint16_t curve_id)	496	tls1_check_curve(SSL *s, const uint16_t curve_id)
@@ -1378,11 +1462,11 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1378	curveslen /= 2;	1462	curveslen /= 2;
1379		1463
1380	if (!s->internal->hit) {	1464	if (!s->internal->hit) {
1381	if (SSI(s)->tlsext_ellipticcurvelist) {	1465	if (SSI(s)->tlsext_supportedgroups) {
1382	*al = TLS1_AD_DECODE_ERROR;	1466	*al = TLS1_AD_DECODE_ERROR;
1383	return 0;	1467	return 0;
1384	}	1468	}
1385	SSI(s)->tlsext_ellipticcurvelist_length = 0;	1469	SSI(s)->tlsext_supportedgroups_length = 0;
1386	if ((curves = reallocarray(NULL, curveslen,	1470	if ((curves = reallocarray(NULL, curveslen,
1387	sizeof(uint16_t))) == NULL) {	1471	sizeof(uint16_t))) == NULL) {
1388	*al = TLS1_AD_INTERNAL_ERROR;	1472	*al = TLS1_AD_INTERNAL_ERROR;
@@ -1390,11 +1474,10 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1390	}	1474	}
1391	for (i = 0; i < curveslen; i++)	1475	for (i = 0; i < curveslen; i++)
1392	n2s(sdata, curves[i]);	1476	n2s(sdata, curves[i]);
1393	SSI(s)->tlsext_ellipticcurvelist = curves;	1477	SSI(s)->tlsext_supportedgroups = curves;
1394	SSI(s)->tlsext_ellipticcurvelist_length = curveslen;	1478	SSI(s)->tlsext_supportedgroups_length = curveslen;
1395	}	1479	}
1396	}	1480	} else if (type == TLSEXT_TYPE_session_ticket) {
1397	else if (type == TLSEXT_TYPE_session_ticket) {
1398	if (s->internal->tls_session_ticket_ext_cb &&	1481	if (s->internal->tls_session_ticket_ext_cb &&
1399	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {	1482	!s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
1400	*al = TLS1_AD_INTERNAL_ERROR;	1483	*al = TLS1_AD_INTERNAL_ERROR;