diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-24 09:03:22 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-24 09:03:22 +0000 |
| commit | 502620772be44027e941c491198c173fbec80124 (patch) | |
| tree | 552eefdb23b6f681b9d5eeaa03495165a4e48d1f | |
| parent | 54d63b68966f5b64d866db582a00ef51619a2c78 (diff) | |
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and
P-384. If you want others (such a brainpool) you need to configure this
yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
| -rw-r--r-- | lib/libssl/Symbols.list | 4 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 31 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 15 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 35 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 21 | ||||
| -rw-r--r-- | lib/libssl/ssl_sess.c | 8 | ||||
| -rw-r--r-- | lib/libssl/t1_lib.c | 109 |
7 files changed, 197 insertions, 26 deletions
diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index 1938c215096..042f5539590 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -78,6 +78,8 @@ SSL_CTX_sess_set_get_cb SSL_CTX_sess_set_new_cb SSL_CTX_sess_set_remove_cb SSL_CTX_sessions +SSL_CTX_set1_groups +SSL_CTX_set1_groups_list SSL_CTX_set1_param SSL_CTX_set_alpn_protos SSL_CTX_set_alpn_select_cb @@ -212,6 +214,8 @@ SSL_renegotiate_pending SSL_rstate_string SSL_rstate_string_long SSL_select_next_proto +SSL_set1_groups +SSL_set1_groups_list SSL_set1_param SSL_set_SSL_CTX SSL_set_accept_state diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 1b0ddc702fb..9d0217e95f4 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.129 2017/01/24 03:00:54 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.130 2017/01/24 09:03:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2154,9 +2154,24 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) default: break; } + return (ret); } +int +SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) +{ + return tls1_set_groups(&s->internal->tlsext_supportedgroups, + &s->internal->tlsext_supportedgroups_length, groups, groups_len); +} + +int +SSL_set1_groups_list(SSL *s, const char *groups) +{ + return tls1_set_groups_list(&s->internal->tlsext_supportedgroups, + &s->internal->tlsext_supportedgroups_length, groups); +} + long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { @@ -2327,6 +2342,20 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (1); } +int +SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) +{ + return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, + &ctx->internal->tlsext_supportedgroups_length, groups, groups_len); +} + +int +SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) +{ + return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups, + &ctx->internal->tlsext_supportedgroups_length, groups); +} + long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 80e7558a2a0..cf75130faf7 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.121 2017/01/24 02:56:17 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.122 2017/01/24 09:03:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1169,6 +1169,19 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); #define SSL_set_ecdh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) +int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len); +int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups); + +int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len); +int SSL_set1_groups_list(SSL *ssl, const char *groups); + +#ifndef LIBRESSL_INTERNAL +#define SSL_CTX_set1_curves SSL_CTX_set1_groups +#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +#define SSL_set1_curves SSL_set1_groups +#define SSL_set1_curves_list SSL_set1_groups_list +#endif + #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index b9bfd7e24df..bc04ea7f9c1 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.144 2017/01/24 01:47:22 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.145 2017/01/24 09:03:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -336,6 +336,34 @@ SSL_new(SSL_CTX *ctx) s->internal->tlsext_ocsp_resplen = -1; CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->initial_ctx = ctx; + + if (ctx->internal->tlsext_ecpointformatlist != NULL) { + s->internal->tlsext_ecpointformatlist = + calloc(ctx->internal->tlsext_ecpointformatlist_length, + sizeof(ctx->internal->tlsext_ecpointformatlist[0])); + if (s->internal->tlsext_ecpointformatlist == NULL) + goto err; + memcpy(s->internal->tlsext_ecpointformatlist, + ctx->internal->tlsext_ecpointformatlist, + ctx->internal->tlsext_ecpointformatlist_length * + sizeof(ctx->internal->tlsext_ecpointformatlist[0])); + s->internal->tlsext_ecpointformatlist_length = + ctx->internal->tlsext_ecpointformatlist_length; + } + if (ctx->internal->tlsext_supportedgroups != NULL) { + s->internal->tlsext_supportedgroups = + calloc(ctx->internal->tlsext_supportedgroups_length, + sizeof(ctx->internal->tlsext_supportedgroups)); + if (s->internal->tlsext_supportedgroups == NULL) + goto err; + memcpy(s->internal->tlsext_supportedgroups, + ctx->internal->tlsext_supportedgroups, + ctx->internal->tlsext_supportedgroups_length * + sizeof(ctx->internal->tlsext_supportedgroups[0])); + s->internal->tlsext_supportedgroups_length = + ctx->internal->tlsext_supportedgroups_length; + } + s->internal->next_proto_negotiated = NULL; if (s->ctx->internal->alpn_client_proto_list != NULL) { @@ -534,7 +562,7 @@ SSL_free(SSL *s) free(s->tlsext_hostname); SSL_CTX_free(s->initial_ctx); free(s->internal->tlsext_ecpointformatlist); - free(s->internal->tlsext_ellipticcurvelist); + free(s->internal->tlsext_supportedgroups); if (s->internal->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, X509_EXTENSION_free); @@ -1998,6 +2026,9 @@ SSL_CTX_free(SSL_CTX *a) ENGINE_finish(a->internal->client_cert_engine); #endif + free(a->internal->tlsext_ecpointformatlist); + free(a->internal->tlsext_supportedgroups); + free(a->internal->alpn_client_proto_list); free(a->internal); diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 231e0ba3333..0cda709da60 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.163 2017/01/23 22:34:38 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.164 2017/01/24 09:03:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -425,8 +425,8 @@ typedef struct ssl_session_internal_st { size_t tlsext_ecpointformatlist_length; uint8_t *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - uint16_t *tlsext_ellipticcurvelist; /* peer's list */ + size_t tlsext_supportedgroups_length; + uint16_t *tlsext_supportedgroups; /* peer's list */ } SSL_SESSION_INTERNAL; #define SSI(s) (s->session->internal) @@ -603,6 +603,11 @@ typedef struct ssl_ctx_internal_st { /* Client list of supported protocols in wire format. */ unsigned char *alpn_client_proto_list; unsigned int alpn_client_proto_list_len; + + size_t tlsext_ecpointformatlist_length; + uint8_t *tlsext_ecpointformatlist; /* our list */ + size_t tlsext_supportedgroups_length; + uint16_t *tlsext_supportedgroups; /* our list */ } SSL_CTX_INTERNAL; typedef struct ssl_internal_st { @@ -745,10 +750,11 @@ typedef struct ssl_internal_st { /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; + size_t tlsext_ecpointformatlist_length; uint8_t *tlsext_ecpointformatlist; /* our list */ - size_t tlsext_ellipticcurvelist_length; - uint16_t *tlsext_ellipticcurvelist; /* our list */ + size_t tlsext_supportedgroups_length; + uint16_t *tlsext_supportedgroups; /* our list */ /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; @@ -1304,6 +1310,11 @@ int ssl_ok(SSL *s); int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); +int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, + const int *groups, size_t ngroups); +int tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len, + const char *groups); + int tls1_ec_curve_id2nid(const uint16_t curve_id); uint16_t tls1_ec_nid2curve_id(const int nid); int tls1_check_curve(SSL *s, const uint16_t curve_id); diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 307c730e3f3..8c802b170e3 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.66 2017/01/24 01:44:00 jsing Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.67 2017/01/24 09:03:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -219,8 +219,8 @@ SSL_SESSION_new(void) ss->internal->tlsext_ecpointformatlist_length = 0; ss->internal->tlsext_ecpointformatlist = NULL; - ss->internal->tlsext_ellipticcurvelist_length = 0; - ss->internal->tlsext_ellipticcurvelist = NULL; + ss->internal->tlsext_supportedgroups_length = 0; + ss->internal->tlsext_supportedgroups = NULL; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); @@ -709,7 +709,7 @@ SSL_SESSION_free(SSL_SESSION *ss) free(ss->tlsext_hostname); free(ss->tlsext_tick); free(ss->internal->tlsext_ecpointformatlist); - free(ss->internal->tlsext_ellipticcurvelist); + free(ss->internal->tlsext_supportedgroups); explicit_bzero(ss->internal, sizeof(*ss->internal)); free(ss->internal); diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index b69e52a85c6..be7c5b72a92 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.108 2017/01/24 08:41:53 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.109 2017/01/24 09:03:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -245,13 +245,17 @@ static int nid_list[] = { NID_X25519, /* X25519 (29) */ }; -static const uint8_t ecformats_default[] = { +static const uint8_t ecformats_list[] = { TLSEXT_ECPOINTFORMAT_uncompressed, TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime, TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; -static const uint16_t eccurves_default[] = { +static const uint8_t ecformats_default[] = { + TLSEXT_ECPOINTFORMAT_uncompressed, +}; + +static const uint16_t eccurves_list[] = { 29, /* X25519 (29) */ 14, /* sect571r1 (14) */ 13, /* sect571k1 (13) */ @@ -283,6 +287,12 @@ static const uint16_t eccurves_default[] = { 17, /* secp160r2 (17) */ }; +static const uint16_t eccurves_default[] = { + 29, /* X25519 (29) */ + 23, /* secp256r1 (23) */ + 24, /* secp384r1 (24) */ +}; + int tls1_ec_curve_id2nid(const uint16_t curve_id) { @@ -394,19 +404,93 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves, size_t *pcurveslen) { if (client_curves != 0) { - *pcurves = SSI(s)->tlsext_ellipticcurvelist; - *pcurveslen = SSI(s)->tlsext_ellipticcurvelist_length; + *pcurves = SSI(s)->tlsext_supportedgroups; + *pcurveslen = SSI(s)->tlsext_supportedgroups_length; return; } - *pcurves = s->internal->tlsext_ellipticcurvelist; - *pcurveslen = s->internal->tlsext_ellipticcurvelist_length; + *pcurves = s->internal->tlsext_supportedgroups; + *pcurveslen = s->internal->tlsext_supportedgroups_length; if (*pcurves == NULL) { *pcurves = eccurves_default; *pcurveslen = sizeof(eccurves_default) / 2; } } +int +tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, + const int *groups, size_t ngroups) +{ + uint16_t *group_ids; + size_t i; + + group_ids = calloc(ngroups, sizeof(uint16_t)); + if (group_ids == NULL) + return 0; + + for (i = 0; i < ngroups; i++) { + group_ids[i] = tls1_ec_nid2curve_id(groups[i]); + if (group_ids[i] == 0) { + free(group_ids); + return 0; + } + } + + free(*out_group_ids); + *out_group_ids = group_ids; + *out_group_ids_len = ngroups; + + return 1; +} + +int +tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len, + const char *groups) +{ + uint16_t *new_group_ids, *group_ids = NULL; + size_t ngroups = 0; + char *gs, *p, *q; + int nid; + + if ((gs = strdup(groups)) == NULL) + return 0; + + q = gs; + while ((p = strsep(&q, ":")) != NULL) { + nid = OBJ_sn2nid(p); + if (nid == NID_undef) + nid = OBJ_ln2nid(p); + if (nid == NID_undef) + nid = EC_curve_nist2nid(p); + if (nid == NID_undef) + goto err; + + if ((new_group_ids = reallocarray(group_ids, ngroups + 1, + sizeof(uint16_t))) == NULL) + goto err; + group_ids = new_group_ids; + + group_ids[ngroups] = tls1_ec_nid2curve_id(nid); + if (group_ids[ngroups] == 0) + goto err; + + ngroups++; + } + + free(gs); + free(*out_group_ids); + *out_group_ids = group_ids; + *out_group_ids_len = ngroups; + + return 1; + + err: + free(gs); + free(group_ids); + + return 0; +} + /* Check that a curve is one of our preferences. */ int tls1_check_curve(SSL *s, const uint16_t curve_id) @@ -1378,11 +1462,11 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, curveslen /= 2; if (!s->internal->hit) { - if (SSI(s)->tlsext_ellipticcurvelist) { + if (SSI(s)->tlsext_supportedgroups) { *al = TLS1_AD_DECODE_ERROR; return 0; } - SSI(s)->tlsext_ellipticcurvelist_length = 0; + SSI(s)->tlsext_supportedgroups_length = 0; if ((curves = reallocarray(NULL, curveslen, sizeof(uint16_t))) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; @@ -1390,11 +1474,10 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } for (i = 0; i < curveslen; i++) n2s(sdata, curves[i]); - SSI(s)->tlsext_ellipticcurvelist = curves; - SSI(s)->tlsext_ellipticcurvelist_length = curveslen; + SSI(s)->tlsext_supportedgroups = curves; + SSI(s)->tlsext_supportedgroups_length = curveslen; } - } - else if (type == TLSEXT_TYPE_session_ticket) { + } else if (type == TLSEXT_TYPE_session_ticket) { if (s->internal->tls_session_ticket_ext_cb && !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) { *al = TLS1_AD_INTERNAL_ERROR; |