diff options
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_seclevel.c | 25 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 181 |
4 files changed, 179 insertions, 35 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d466b59642..d3e600b6b7 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.408 2022/06/30 11:17:49 tb Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.409 2022/06/30 16:05:07 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1306,6 +1306,7 @@ int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, | |||
| 1306 | int is_peer, int *out_error); | 1306 | int is_peer, int *out_error); |
| 1307 | int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, | 1307 | int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, |
| 1308 | X509 *x509, int *out_error); | 1308 | X509 *x509, int *out_error); |
| 1309 | int ssl_security_supported_group(const SSL *ssl, uint16_t curve_id); | ||
| 1309 | 1310 | ||
| 1310 | int ssl_get_new_session(SSL *s, int session); | 1311 | int ssl_get_new_session(SSL *s, int session); |
| 1311 | int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, | 1312 | int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, |
| @@ -1515,6 +1516,7 @@ int tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len, | |||
| 1515 | const char *groups); | 1516 | const char *groups); |
| 1516 | 1517 | ||
| 1517 | int tls1_ec_curve_id2nid(const uint16_t curve_id); | 1518 | int tls1_ec_curve_id2nid(const uint16_t curve_id); |
| 1519 | int tls1_ec_curve_id2bits(const uint16_t curve_id); | ||
| 1518 | uint16_t tls1_ec_nid2curve_id(const int nid); | 1520 | uint16_t tls1_ec_nid2curve_id(const int nid); |
| 1519 | int tls1_check_curve(SSL *s, const uint16_t group_id); | 1521 | int tls1_check_curve(SSL *s, const uint16_t group_id); |
| 1520 | int tls1_get_shared_curve(SSL *s); | 1522 | int tls1_get_shared_curve(SSL *s); |
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c index 954f27b336..35f8b8891b 100644 --- a/src/lib/libssl/ssl_seclevel.c +++ b/src/lib/libssl/ssl_seclevel.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_seclevel.c,v 1.13 2022/06/30 11:25:52 tb Exp $ */ | 1 | /* $OpenBSD: ssl_seclevel.c,v 1.14 2022/06/30 16:05:07 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -27,6 +27,7 @@ | |||
| 27 | #include <openssl/x509.h> | 27 | #include <openssl/x509.h> |
| 28 | #include <openssl/x509v3.h> | 28 | #include <openssl/x509v3.h> |
| 29 | 29 | ||
| 30 | #include "bytestring.h" | ||
| 30 | #include "ssl_locl.h" | 31 | #include "ssl_locl.h" |
| 31 | 32 | ||
| 32 | static int | 33 | static int |
| @@ -398,3 +399,25 @@ ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509, | |||
| 398 | 399 | ||
| 399 | return 1; | 400 | return 1; |
| 400 | } | 401 | } |
| 402 | |||
| 403 | int | ||
| 404 | ssl_security_supported_group(const SSL *ssl, uint16_t curve_id) | ||
| 405 | { | ||
| 406 | CBB cbb; | ||
| 407 | int bits, nid; | ||
| 408 | uint8_t curve[2]; | ||
| 409 | |||
| 410 | if ((bits = tls1_ec_curve_id2bits(curve_id)) == 0) | ||
| 411 | return 0; | ||
| 412 | if ((nid = tls1_ec_curve_id2nid(curve_id)) == NID_undef) | ||
| 413 | return 0; | ||
| 414 | |||
| 415 | if (!CBB_init_fixed(&cbb, curve, sizeof(curve))) | ||
| 416 | return 0; | ||
| 417 | if (!CBB_add_u16(&cbb, curve_id)) | ||
| 418 | return 0; | ||
| 419 | if (!CBB_finish(&cbb, NULL, NULL)) | ||
| 420 | return 0; | ||
| 421 | |||
| 422 | return ssl_security(ssl, SSL_SECOP_CURVE_SUPPORTED, bits, nid, curve); | ||
| 423 | } | ||
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index f103c2253e..88d26fd326 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.116 2022/06/30 11:18:38 tb Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.117 2022/06/30 16:05:07 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -216,6 +216,8 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) | |||
| 216 | return 0; | 216 | return 0; |
| 217 | 217 | ||
| 218 | for (i = 0; i < groups_len; i++) { | 218 | for (i = 0; i < groups_len; i++) { |
| 219 | if (!ssl_security_supported_group(s, groups[i])) | ||
| 220 | continue; | ||
| 219 | if (!CBB_add_u16(&grouplist, groups[i])) | 221 | if (!CBB_add_u16(&grouplist, groups[i])) |
| 220 | return 0; | 222 | return 0; |
| 221 | } | 223 | } |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index fc1ccca5b9..c4c58e6675 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.186 2022/01/24 13:47:53 tb Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.187 2022/06/30 16:05:07 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -150,36 +150,128 @@ tls1_clear(SSL *s) | |||
| 150 | s->version = s->method->version; | 150 | s->version = s->method->version; |
| 151 | } | 151 | } |
| 152 | 152 | ||
| 153 | static const int nid_list[] = { | 153 | struct curve { |
| 154 | NID_sect163k1, /* sect163k1 (1) */ | 154 | int nid; |
| 155 | NID_sect163r1, /* sect163r1 (2) */ | 155 | int bits; |
| 156 | NID_sect163r2, /* sect163r2 (3) */ | 156 | }; |
| 157 | NID_sect193r1, /* sect193r1 (4) */ | 157 | |
| 158 | NID_sect193r2, /* sect193r2 (5) */ | 158 | static const struct curve nid_list[] = { |
| 159 | NID_sect233k1, /* sect233k1 (6) */ | 159 | [1] = { |
| 160 | NID_sect233r1, /* sect233r1 (7) */ | 160 | .nid = NID_sect163k1, /* sect163k1 (1) */ |
| 161 | NID_sect239k1, /* sect239k1 (8) */ | 161 | .bits = 80, |
| 162 | NID_sect283k1, /* sect283k1 (9) */ | 162 | }, |
| 163 | NID_sect283r1, /* sect283r1 (10) */ | 163 | [2] = { |
| 164 | NID_sect409k1, /* sect409k1 (11) */ | 164 | .nid = NID_sect163r1, /* sect163r1 (2) */ |
| 165 | NID_sect409r1, /* sect409r1 (12) */ | 165 | .bits = 80, |
| 166 | NID_sect571k1, /* sect571k1 (13) */ | 166 | }, |
| 167 | NID_sect571r1, /* sect571r1 (14) */ | 167 | [3] = { |
| 168 | NID_secp160k1, /* secp160k1 (15) */ | 168 | .nid = NID_sect163r2, /* sect163r2 (3) */ |
| 169 | NID_secp160r1, /* secp160r1 (16) */ | 169 | .bits = 80, |
| 170 | NID_secp160r2, /* secp160r2 (17) */ | 170 | }, |
| 171 | NID_secp192k1, /* secp192k1 (18) */ | 171 | [4] = { |
| 172 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | 172 | .nid = NID_sect193r1, /* sect193r1 (4) */ |
| 173 | NID_secp224k1, /* secp224k1 (20) */ | 173 | .bits = 80, |
| 174 | NID_secp224r1, /* secp224r1 (21) */ | 174 | }, |
| 175 | NID_secp256k1, /* secp256k1 (22) */ | 175 | [5] = { |
| 176 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | 176 | .nid = NID_sect193r2, /* sect193r2 (5) */ |
| 177 | NID_secp384r1, /* secp384r1 (24) */ | 177 | .bits = 80, |
| 178 | NID_secp521r1, /* secp521r1 (25) */ | 178 | }, |
| 179 | NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ | 179 | [6] = { |
| 180 | NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ | 180 | .nid = NID_sect233k1, /* sect233k1 (6) */ |
| 181 | NID_brainpoolP512r1, /* brainpoolP512r1 (28) */ | 181 | .bits = 112, |
| 182 | NID_X25519, /* X25519 (29) */ | 182 | }, |
| 183 | [7] = { | ||
| 184 | .nid = NID_sect233r1, /* sect233r1 (7) */ | ||
| 185 | .bits = 112, | ||
| 186 | }, | ||
| 187 | [8] = { | ||
| 188 | .nid = NID_sect239k1, /* sect239k1 (8) */ | ||
| 189 | .bits = 112, | ||
| 190 | }, | ||
| 191 | [9] = { | ||
| 192 | .nid = NID_sect283k1, /* sect283k1 (9) */ | ||
| 193 | .bits = 128, | ||
| 194 | }, | ||
| 195 | [10] = { | ||
| 196 | .nid = NID_sect283r1, /* sect283r1 (10) */ | ||
| 197 | .bits = 128, | ||
| 198 | }, | ||
| 199 | [11] = { | ||
| 200 | .nid = NID_sect409k1, /* sect409k1 (11) */ | ||
| 201 | .bits = 192, | ||
| 202 | }, | ||
| 203 | [12] = { | ||
| 204 | .nid = NID_sect409r1, /* sect409r1 (12) */ | ||
| 205 | .bits = 192, | ||
| 206 | }, | ||
| 207 | [13] = { | ||
| 208 | .nid = NID_sect571k1, /* sect571k1 (13) */ | ||
| 209 | .bits = 256, | ||
| 210 | }, | ||
| 211 | [14] = { | ||
| 212 | .nid = NID_sect571r1, /* sect571r1 (14) */ | ||
| 213 | .bits = 256, | ||
| 214 | }, | ||
| 215 | [15] = { | ||
| 216 | .nid = NID_secp160k1, /* secp160k1 (15) */ | ||
| 217 | .bits = 80, | ||
| 218 | }, | ||
| 219 | [16] = { | ||
| 220 | .nid = NID_secp160r1, /* secp160r1 (16) */ | ||
| 221 | .bits = 80, | ||
| 222 | }, | ||
| 223 | [17] = { | ||
| 224 | .nid = NID_secp160r2, /* secp160r2 (17) */ | ||
| 225 | .bits = 80, | ||
| 226 | }, | ||
| 227 | [18] = { | ||
| 228 | .nid = NID_secp192k1, /* secp192k1 (18) */ | ||
| 229 | .bits = 80, | ||
| 230 | }, | ||
| 231 | [19] = { | ||
| 232 | .nid = NID_X9_62_prime192v1, /* secp192r1 (19) */ | ||
| 233 | .bits = 80, | ||
| 234 | }, | ||
| 235 | [20] = { | ||
| 236 | .nid = NID_secp224k1, /* secp224k1 (20) */ | ||
| 237 | .bits = 112, | ||
| 238 | }, | ||
| 239 | [21] = { | ||
| 240 | .nid = NID_secp224r1, /* secp224r1 (21) */ | ||
| 241 | .bits = 112, | ||
| 242 | }, | ||
| 243 | [22] = { | ||
| 244 | .nid = NID_secp256k1, /* secp256k1 (22) */ | ||
| 245 | .bits = 128, | ||
| 246 | }, | ||
| 247 | [23] = { | ||
| 248 | .nid = NID_X9_62_prime256v1, /* secp256r1 (23) */ | ||
| 249 | .bits = 128, | ||
| 250 | }, | ||
| 251 | [24] = { | ||
| 252 | .nid = NID_secp384r1, /* secp384r1 (24) */ | ||
| 253 | .bits = 192, | ||
| 254 | }, | ||
| 255 | [25] = { | ||
| 256 | .nid = NID_secp521r1, /* secp521r1 (25) */ | ||
| 257 | .bits = 256, | ||
| 258 | }, | ||
| 259 | [26] = { | ||
| 260 | .nid = NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ | ||
| 261 | .bits = 128, | ||
| 262 | }, | ||
| 263 | [27] = { | ||
| 264 | .nid = NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ | ||
| 265 | .bits = 192, | ||
| 266 | }, | ||
| 267 | [28] = { | ||
| 268 | .nid = NID_brainpoolP512r1, /* brainpoolP512r1 (28) */ | ||
| 269 | .bits = 256, | ||
| 270 | }, | ||
| 271 | [29] = { | ||
| 272 | .nid = NID_X25519, /* X25519 (29) */ | ||
| 273 | .bits = 128, | ||
| 274 | }, | ||
| 183 | }; | 275 | }; |
| 184 | 276 | ||
| 185 | #if 0 | 277 | #if 0 |
| @@ -244,11 +336,32 @@ static const uint16_t eccurves_server_default[] = { | |||
| 244 | int | 336 | int |
| 245 | tls1_ec_curve_id2nid(const uint16_t curve_id) | 337 | tls1_ec_curve_id2nid(const uint16_t curve_id) |
| 246 | { | 338 | { |
| 339 | const struct curve *curve; | ||
| 340 | |||
| 247 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | 341 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ |
| 248 | if ((curve_id < 1) || | 342 | if ((curve_id < 1) || |
| 249 | ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) | 343 | ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) |
| 250 | return 0; | 344 | return 0; |
| 251 | return nid_list[curve_id - 1]; | 345 | |
| 346 | if ((curve = &nid_list[curve_id]) == NULL) | ||
| 347 | return 0; | ||
| 348 | |||
| 349 | return curve->nid; | ||
| 350 | } | ||
| 351 | |||
| 352 | int | ||
| 353 | tls1_ec_curve_id2bits(const uint16_t curve_id) | ||
| 354 | { | ||
| 355 | const struct curve *curve; | ||
| 356 | |||
| 357 | if ((curve_id < 1) || | ||
| 358 | ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) | ||
| 359 | return 0; | ||
| 360 | |||
| 361 | if ((curve = &nid_list[curve_id]) == NULL) | ||
| 362 | return 0; | ||
| 363 | |||
| 364 | return curve->bits; | ||
| 252 | } | 365 | } |
| 253 | 366 | ||
| 254 | uint16_t | 367 | uint16_t |
| @@ -455,6 +568,8 @@ tls1_check_curve(SSL *s, const uint16_t curve_id) | |||
| 455 | tls1_get_group_list(s, 0, &groups, &groupslen); | 568 | tls1_get_group_list(s, 0, &groups, &groupslen); |
| 456 | 569 | ||
| 457 | for (i = 0; i < groupslen; i++) { | 570 | for (i = 0; i < groupslen; i++) { |
| 571 | if (!ssl_security_supported_group(s, groups[i])) | ||
| 572 | continue; | ||
| 458 | if (groups[i] == curve_id) | 573 | if (groups[i] == curve_id) |
| 459 | return (1); | 574 | return (1); |
| 460 | } | 575 | } |
| @@ -478,6 +593,8 @@ tls1_get_shared_curve(SSL *s) | |||
| 478 | tls1_get_group_list(s, (server_pref != 0), &supp, &supplen); | 593 | tls1_get_group_list(s, (server_pref != 0), &supp, &supplen); |
| 479 | 594 | ||
| 480 | for (i = 0; i < preflen; i++) { | 595 | for (i = 0; i < preflen; i++) { |
| 596 | if (!ssl_security_supported_group(s, pref[i])) | ||
| 597 | continue; | ||
| 481 | for (j = 0; j < supplen; j++) { | 598 | for (j = 0; j < supplen; j++) { |
| 482 | if (pref[i] == supp[j]) | 599 | if (pref[i] == supp[j]) |
| 483 | return (tls1_ec_curve_id2nid(pref[i])); | 600 | return (tls1_ec_curve_id2nid(pref[i])); |