Rename the TLS Supported Elliptic Curves extension to Supported Groups.

RFC 7919 renamed the Supported Elliptic Curves TLS extension to Supported
Groups and redefined it to include finite field DH (FFDH) in addition to
elliptic curve DH (ECDH). As such, rename the TLS extension and change the
associated code to refer to groups rather than curves.

ok beck@ tb@

6 files changed, 92 insertions, 88 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e1bad1ba1a..1c605613e8 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.172 2018/11/05 06:55:37 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1820,7 +1820,7 @@ SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
 int
 SSL_set1_groups_list(SSL *s, const char *groups)
 {
-        return tls1_set_groups_list(&s->internal->tlsext_supportedgroups,
+        return tls1_set_group_list(&s->internal->tlsext_supportedgroups,
             &s->internal->tlsext_supportedgroups_length, groups);
 }
 
@@ -2107,7 +2107,7 @@ SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
 int
 SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
 {
-        return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups,
+        return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups,
             &ctx->internal->tlsext_supportedgroups_length, groups);
 }
 
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index b11bb4ac61..95858339ea 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.218 2018/11/05 06:55:37 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.219 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1257,14 +1257,19 @@ int ssl_ok(SSL *s);
 int ssl_using_ecc_cipher(SSL *s);
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 
+void tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
+    size_t *pformatslen);
+void tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
+    size_t *pgroupslen);
+
 int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
     const int *groups, size_t ngroups);
-int tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
+int tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
     const char *groups);
 
 int tls1_ec_curve_id2nid(const uint16_t curve_id);
 uint16_t tls1_ec_nid2curve_id(const int nid);
-int tls1_check_curve(SSL *s, const uint16_t curve_id);
+int tls1_check_curve(SSL *s, const uint16_t group_id);
 int tls1_get_shared_curve(SSL *s);
 
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
@@ -1314,11 +1319,6 @@ int SSL_state_func_code(int _state);
 #define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)
 void SSL_error_internal(const SSL *s, int r, char *f, int l);
 
-void tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
-    size_t *pformatslen);
-void tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
-    size_t *pcurveslen);
-
 #ifndef OPENSSL_NO_SRTP
 
 int srtp_find_profile_by_name(char *profile_name,
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 1509c7d779..f64d215799 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.23 2018/11/05 20:29:52 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -163,34 +163,33 @@ tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 }
 
 /*
- * Supported Elliptic Curves - RFC 4492 section 5.1.1
+ * Supported Groups - RFC 7919 section 2
  */
 int
-tlsext_ec_clienthello_needs(SSL *s)
+tlsext_supportedgroups_clienthello_needs(SSL *s)
 {
         return ssl_has_ecc_ciphers(s);
 }
 
 int
-tlsext_ec_clienthello_build(SSL *s, CBB *cbb)
+tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb)
 {
-        CBB curvelist;
-        size_t curves_len;
+        const uint16_t *groups;
+        size_t groups_len;
+        CBB grouplist;
         int i;
-        const uint16_t *curves;
 
-        tls1_get_curvelist(s, 0, &curves, &curves_len);
-
-        if (curves_len == 0) {
+        tls1_get_group_list(s, 0, &groups, &groups_len);
+        if (groups_len == 0) {
                 SSLerror(s, ERR_R_INTERNAL_ERROR);
                 return 0;
         }
 
-        if (!CBB_add_u16_length_prefixed(cbb, &curvelist))
+        if (!CBB_add_u16_length_prefixed(cbb, &grouplist))
                 return 0;
 
-        for (i = 0; i < curves_len; i++) {
-                if (!CBB_add_u16(&curvelist, curves[i]))
+        for (i = 0; i < groups_len; i++) {
+                if (!CBB_add_u16(&grouplist, groups[i]))
                         return 0;
         }
 
@@ -201,48 +200,48 @@ tlsext_ec_clienthello_build(SSL *s, CBB *cbb)
 }
 
 int
-tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)
+tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert)
 {
-        CBS curvelist;
-        size_t curves_len;
+        CBS grouplist;
+        size_t groups_len;
 
-        if (!CBS_get_u16_length_prefixed(cbs, &curvelist))
+        if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
                 goto err;
         if (CBS_len(cbs) != 0)
                 goto err;
 
-        curves_len = CBS_len(&curvelist);
-        if (curves_len == 0 || curves_len % 2 != 0)
+        groups_len = CBS_len(&grouplist);
+        if (groups_len == 0 || groups_len % 2 != 0)
                 goto err;
-        curves_len /= 2;
+        groups_len /= 2;
 
         if (!s->internal->hit) {
+                uint16_t *groups;
                 int i;
-                uint16_t *curves;
 
                 if (SSI(s)->tlsext_supportedgroups != NULL)
                         goto err;
 
-                if ((curves = reallocarray(NULL, curves_len,
+                if ((groups = reallocarray(NULL, groups_len,
                     sizeof(uint16_t))) == NULL) {
                         *alert = TLS1_AD_INTERNAL_ERROR;
                         return 0;
                 }
 
-                for (i = 0; i < curves_len; i++) {
-                        if (!CBS_get_u16(&curvelist, &curves[i])) {
-                                free(curves);
+                for (i = 0; i < groups_len; i++) {
+                        if (!CBS_get_u16(&grouplist, &groups[i])) {
+                                free(groups);
                                 goto err;
                         }
                 }
 
-                if (CBS_len(&curvelist) != 0) {
-                        free(curves);
+                if (CBS_len(&grouplist) != 0) {
+                        free(groups);
                         goto err;
                 }
 
-                SSI(s)->tlsext_supportedgroups = curves;
-                SSI(s)->tlsext_supportedgroups_length = curves_len;
+                SSI(s)->tlsext_supportedgroups = groups;
+                SSI(s)->tlsext_supportedgroups_length = groups_len;
         }
 
         return 1;
@@ -254,19 +253,19 @@ tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)
 
 /* This extension is never used by the server. */
 int
-tlsext_ec_serverhello_needs(SSL *s)
+tlsext_supportedgroups_serverhello_needs(SSL *s)
 {
         return 0;
 }
 
 int
-tlsext_ec_serverhello_build(SSL *s, CBB *cbb)
+tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb)
 {
         return 0;
 }
 
 int
-tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert)
+tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 {
         /*
          * Servers should not send this extension per the RFC.
@@ -1262,16 +1261,16 @@ static struct tls_extension tls_extensions[] = {
                 },
         },
         {
-                .type = TLSEXT_TYPE_elliptic_curves,
+                .type = TLSEXT_TYPE_supported_groups,
                 .clienthello = {
-                        .needs = tlsext_ec_clienthello_needs,
-                        .build = tlsext_ec_clienthello_build,
-                        .parse = tlsext_ec_clienthello_parse,
+                        .needs = tlsext_supportedgroups_clienthello_needs,
+                        .build = tlsext_supportedgroups_clienthello_build,
+                        .parse = tlsext_supportedgroups_clienthello_parse,
                 },
                 .serverhello = {
-                        .needs = tlsext_ec_serverhello_needs,
-                        .build = tlsext_ec_serverhello_build,
-                        .parse = tlsext_ec_serverhello_parse,
+                        .needs = tlsext_supportedgroups_serverhello_needs,
+                        .build = tlsext_supportedgroups_serverhello_build,
+                        .parse = tlsext_supportedgroups_serverhello_parse,
                 },
         },
         {
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 4248932fb2..974ab929ec 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.12 2018/02/08 11:30:30 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.13 2018/11/05 20:41:30 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -44,12 +44,12 @@ int tlsext_sni_serverhello_needs(SSL *s);
 int tlsext_sni_serverhello_build(SSL *s, CBB *cbb);
 int tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert);
 
-int tlsext_ec_clienthello_needs(SSL *s);
-int tlsext_ec_clienthello_build(SSL *s, CBB *cbb);
-int tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ec_serverhello_needs(SSL *s);
-int tlsext_ec_serverhello_build(SSL *s, CBB *cbb);
-int tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_supportedgroups_clienthello_needs(SSL *s);
+int tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_supportedgroups_serverhello_needs(SSL *s);
+int tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert);
 
 int tlsext_ecpf_clienthello_needs(SSL *s);
 int tlsext_ecpf_clienthello_build(SSL *s, CBB *cbb);
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b06004e88a..758f7b1e11 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.146 2018/11/05 06:55:37 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.147 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -361,25 +361,25 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
 }
 
 /*
- * Return the appropriate curve list. If client_curves is non-zero, return
- * the client/session curves. Otherwise return the custom curve list if one
- * exists, or the default curves if a custom list has not been specified.
+ * Return the appropriate group list. If client_groups is non-zero, return
+ * the client/session groups. Otherwise return the custom group list if one
+ * exists, or the default groups if a custom list has not been specified.
  */
 void
-tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
-    size_t *pcurveslen)
+tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
+    size_t *pgroupslen)
 {
-        if (client_curves != 0) {
-                *pcurves = SSI(s)->tlsext_supportedgroups;
-                *pcurveslen = SSI(s)->tlsext_supportedgroups_length;
+        if (client_groups != 0) {
+                *pgroups = SSI(s)->tlsext_supportedgroups;
+                *pgroupslen = SSI(s)->tlsext_supportedgroups_length;
                 return;
         }
 
-        *pcurves = s->internal->tlsext_supportedgroups;
-        *pcurveslen = s->internal->tlsext_supportedgroups_length;
-        if (*pcurves == NULL) {
-                *pcurves = eccurves_default;
-                *pcurveslen = sizeof(eccurves_default) / 2;
+        *pgroups = s->internal->tlsext_supportedgroups;
+        *pgroupslen = s->internal->tlsext_supportedgroups_length;
+        if (*pgroups == NULL) {
+                *pgroups = eccurves_default;
+                *pgroupslen = sizeof(eccurves_default) / 2;
         }
 }
 
@@ -410,7 +410,7 @@ tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
 }
 
 int
-tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
+tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
     const char *groups)
 {
         uint16_t *new_group_ids, *group_ids = NULL;
@@ -461,13 +461,13 @@ tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
 int
 tls1_check_curve(SSL *s, const uint16_t curve_id)
 {
-        const uint16_t *curves;
-        size_t curveslen, i;
+        const uint16_t *groups;
+        size_t groupslen, i;
 
-        tls1_get_curvelist(s, 0, &curves, &curveslen);
+        tls1_get_group_list(s, 0, &groups, &groupslen);
 
-        for (i = 0; i < curveslen; i++) {
-                if (curves[i] == curve_id)
+        for (i = 0; i < groupslen; i++) {
+                if (groups[i] == curve_id)
                         return (1);
         }
         return (0);
@@ -486,8 +486,8 @@ tls1_get_shared_curve(SSL *s)
 
         /* Return first preference shared curve. */
         server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
-        tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
-        tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);
+        tls1_get_group_list(s, (server_pref == 0), &pref, &preflen);
+        tls1_get_group_list(s, (server_pref != 0), &supp, &supplen);
 
         for (i = 0; i < preflen; i++) {
                 for (j = 0; j < supplen; j++) {
@@ -548,8 +548,8 @@ tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
 static int
 tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
 {
-        size_t curveslen, formatslen, i;
-        const uint16_t *curves;
+        size_t groupslen, formatslen, i;
+        const uint16_t *groups;
         const uint8_t *formats;
 
         /*
@@ -569,13 +569,13 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
         /*
          * Check curve list if present, otherwise everything is supported.
          */
-        tls1_get_curvelist(s, 1, &curves, &curveslen);
-        if (curve_id != NULL && curves != NULL) {
-                for (i = 0; i < curveslen; i++) {
-                        if (curves[i] == *curve_id)
+        tls1_get_group_list(s, 1, &groups, &groupslen);
+        if (curve_id != NULL && groups != NULL) {
+                for (i = 0; i < groupslen; i++) {
+                        if (groups[i] == *curve_id)
                                 break;
                 }
-                if (i == curveslen)
+                if (i == groupslen)
                         return (0);
         }
 
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 0474bb73ae..7ad9a387c9 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.32 2018/02/17 15:08:21 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.33 2018/11/05 20:41:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -230,8 +230,13 @@ extern "C" {
 /* ExtensionType values from RFC 6091. */
 #define TLSEXT_TYPE_cert_type           9
 
+/* ExtensionType values from RFC 7919. */
+#define TLSEXT_TYPE_supported_groups            10
+
 /* ExtensionType values from RFC 4492. */
-#define TLSEXT_TYPE_elliptic_curves             10
+#ifndef LIBRESSL_INTERNAL
+#define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
+#endif
 #define TLSEXT_TYPE_ec_point_formats            11
 
 /* ExtensionType value from RFC 5054. */