From de4d764e3271ce09d28c0d6d7bce3dc9d8b85ab9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 9 Nov 2016 14:51:06 +0000 Subject: [PATCH] Rename the Elliptic Curves extension to supported_groups This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: Rich Salz --- apps/s_apps.h | 2 +- apps/s_cb.c | 54 ++++++++++++------------ apps/s_server.c | 4 +- doc/man3/SSL_CTX_set1_curves.pod | 71 +++++++++++++++++++------------ include/openssl/ssl.h | 32 +++++++++----- include/openssl/tls1.h | 8 +++- ssl/s3_lib.c | 43 +++++++++---------- ssl/ssl_conf.c | 13 ++++-- ssl/ssl_lib.c | 22 +++++----- ssl/ssl_locl.h | 18 ++++---- ssl/ssl_sess.c | 16 +++---- ssl/statem/statem_srvr.c | 2 +- ssl/t1_ext.c | 2 +- ssl/t1_lib.c | 72 ++++++++++++++++---------------- ssl/t1_trce.c | 10 ++--- 15 files changed, 209 insertions(+), 160 deletions(-) diff --git a/apps/s_apps.h b/apps/s_apps.h index c47932bfb6..4c24b2eb28 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -59,7 +59,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); -int ssl_print_curves(BIO *out, SSL *s, int noshared); +int ssl_print_groups(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, diff --git a/apps/s_cb.c b/apps/s_cb.c index c37b9a1cda..d5c308ee13 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -307,50 +307,52 @@ int ssl_print_point_formats(BIO *out, SSL *s) return 1; } -int ssl_print_curves(BIO *out, SSL *s, int noshared) +int ssl_print_groups(BIO *out, SSL *s, int noshared) { - int i, ncurves, *curves, nid; - const char *cname; + int i, ngroups, *groups, nid; + const char *gname; - ncurves = SSL_get1_curves(s, NULL); - if (ncurves <= 0) + ngroups = SSL_get1_groups(s, NULL); + if (ngroups <= 0) return 1; - curves = app_malloc(ncurves * sizeof(int), "curves to print"); - SSL_get1_curves(s, curves); + groups = app_malloc(ngroups * sizeof(int), "groups to print"); + SSL_get1_groups(s, groups); - BIO_puts(out, "Supported Elliptic Curves: "); - for (i = 0; i < ncurves; i++) { + BIO_puts(out, "Supported Elliptic Groups: "); + for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); - nid = curves[i]; + nid = groups[i]; /* If unrecognised print out hex version */ if (nid & TLSEXT_nid_unknown) BIO_printf(out, "0x%04X", nid & 0xFFFF); else { + /* TODO(TLS1.3): Get group name here */ /* Use NIST name for curve if it exists */ - cname = EC_curve_nid2nist(nid); - if (!cname) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "%s", cname); + gname = EC_curve_nid2nist(nid); + if (!gname) + gname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", gname); } } - OPENSSL_free(curves); + OPENSSL_free(groups); if (noshared) { BIO_puts(out, "\n"); return 1; } - BIO_puts(out, "\nShared Elliptic curves: "); - ncurves = SSL_get_shared_curve(s, -1); - for (i = 0; i < ncurves; i++) { + BIO_puts(out, "\nShared Elliptic groups: "); + ngroups = SSL_get_shared_group(s, -1); + for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); - nid = SSL_get_shared_curve(s, i); - cname = EC_curve_nid2nist(nid); - if (!cname) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "%s", cname); + nid = SSL_get_shared_group(s, i); + /* TODO(TLS1.3): Convert for DH groups */ + gname = EC_curve_nid2nist(nid); + if (!gname) + gname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", gname); } - if (ncurves == 0) + if (ngroups == 0) BIO_puts(out, "NONE"); BIO_puts(out, "\n"); return 1; @@ -604,7 +606,7 @@ static STRINT_PAIR tlsext_types[] = { {"client authz", TLSEXT_TYPE_client_authz}, {"server authz", TLSEXT_TYPE_server_authz}, {"cert type", TLSEXT_TYPE_cert_type}, - {"elliptic curves", TLSEXT_TYPE_elliptic_curves}, + {"supported_groups", TLSEXT_TYPE_supported_groups}, {"EC point formats", TLSEXT_TYPE_ec_point_formats}, {"SRP", TLSEXT_TYPE_srp}, {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, @@ -1093,7 +1095,7 @@ void print_ssl_summary(SSL *s) #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) - ssl_print_curves(bio_err, s, 1); + ssl_print_groups(bio_err, s, 1); else ssl_print_tmp_key(bio_err, s); #else diff --git a/apps/s_server.c b/apps/s_server.c index 24841c528e..985841352d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2560,7 +2560,7 @@ static int init_ssl_connection(SSL *con) ssl_print_sigalgs(bio_s_out, con); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_s_out, con); - ssl_print_curves(bio_s_out, con, 0); + ssl_print_groups(bio_s_out, con, 0); #endif BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); @@ -2847,7 +2847,7 @@ static int www_body(int s, int stype, unsigned char *context) } ssl_print_sigalgs(io, con); #ifndef OPENSSL_NO_EC - ssl_print_curves(io, con, 0); + ssl_print_groups(io, con, 0); #endif BIO_printf(io, (SSL_session_reused(con) ? "---\nReused, " : "---\nNew, ")); diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index b0276c80f3..a250f20c22 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -2,13 +2,25 @@ =head1 NAME +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, -SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions +SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +- EC supported curve functions =head1 SYNOPSIS #include + int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); + int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); + + int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); + int SSL_set1_groups_list(SSL *ssl, char *list); + + int SSL_get1_groups(SSL *ssl, int *groups); + int SSL_get_shared_group(SSL *s, int n); + int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); @@ -20,36 +32,42 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve =head1 DESCRIPTION -SSL_CTX_set1_curves() sets the supported curves for B to B -curves in the array B. The array consist of all NIDs of curves in -preference order. For a TLS client the curves are used directly in the -supported curves extension. For a TLS server the curves are used to -determine the set of shared curves. +SSL_CTX_set1_groups() sets the supported groups for B to B +groups in the array B. The array consist of all NIDs of groups in +preference order. For a TLS client the groups are used directly in the +supported groups extension. For a TLS server the groups are used to +determine the set of shared groups. -SSL_CTX_set1_curves_list() sets the supported curves for B to -string B. The string is a colon separated list of curve NIDs or +SSL_CTX_set1_groups_list() sets the supported groups for B to +string B. The string is a colon separated list of group NIDs or names, for example "P-521:P-384:P-256". -SSL_set1_curves() and SSL_set1_curves_list() are similar except they set -supported curves for the SSL structure B. +SSL_set1_groups() and SSL_set1_groups_list() are similar except they set +supported groups for the SSL structure B. -SSL_get1_curves() returns the set of supported curves sent by a client -in the supported curves extension. It returns the total number of -supported curves. The B parameter can be B to simply -return the number of curves for memory allocation purposes. The -B array is in the form of a set of curve NIDs in preference -order. It can return zero if the client did not send a supported curves +SSL_get1_groups() returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The B parameter can be B to simply +return the number of groups for memory allocation purposes. The +B array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups extension. -SSL_get_shared_curve() returns shared curve B for a server-side -SSL B. If B is -1 then the total number of shared curves is +SSL_get_shared_group() returns shared group B for a server-side +SSL B. If B is -1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, -most applications will only be interested in the first shared curve +most applications will only be interested in the first shared group so B is normally set to zero. If the value B is out of range, NID_undef is returned. All these functions are implemented as macros. +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to TLS1.3, there was +only the concept of supported curves. In TLS1.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. + =head1 NOTES If an application wishes to make use of several of these functions for @@ -58,16 +76,16 @@ consider using the SSL_CONF interface instead of manually parsing options. =head1 RETURN VALUES -SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves() and -SSL_set1_curves_list(), return 1 for success and 0 for failure. +SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and +SSL_set1_groups_list(), return 1 for success and 0 for failure. -SSL_get1_curves() returns the number of curves, which may be zero. +SSL_get1_groups() returns the number of groups, which may be zero. -SSL_get_shared_curve() returns the NID of shared curve B or NID_undef if there -is no shared curve B; or the total number of shared curves if B +SSL_get_shared_group() returns the NID of shared group B or NID_undef if there +is no shared group B; or the total number of shared groups if B is -1. -When called on a client B, SSL_get_shared_curve() has no meaning and +When called on a client B, SSL_get_shared_group() has no meaning and returns -1. =head1 SEE ALSO @@ -76,7 +94,8 @@ L =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +The curve functions were first added to OpenSSL 1.0.2. The equivalent group +functions were first added to OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1bb93fef70..b61a992e16 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1109,10 +1109,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 # define SSL_CTRL_CHAIN 88 # define SSL_CTRL_CHAIN_CERT 89 -# define SSL_CTRL_GET_CURVES 90 -# define SSL_CTRL_SET_CURVES 91 -# define SSL_CTRL_SET_CURVES_LIST 92 -# define SSL_CTRL_GET_SHARED_CURVE 93 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 # define SSL_CTRL_SET_SIGALGS 97 # define SSL_CTRL_SET_SIGALGS_LIST 98 # define SSL_CTRL_CERT_FLAGS 99 @@ -1227,18 +1227,30 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) # define SSL_set1_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) +# define SSL_get1_groups(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)s) # define SSL_get1_curves(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) + SSL_get1_groups((ctx), (s)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s) # define SSL_CTX_set1_curves(ctx, clist, clistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) + SSL_CTX_set1_groups((ctx), (clist), (clistlen)) # define SSL_CTX_set1_curves_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) + SSL_CTX_set1_groups_list((ctx), (s)) +# define SSL_set1_groups(ctx, glist, glistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist) +# define SSL_set1_groups_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s) # define SSL_set1_curves(ctx, clist, clistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) + SSL_set1_groups((ctx), (clist), (clistlen)) # define SSL_set1_curves_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) + SSL_set1_groups_list((ctx), (s)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) # define SSL_get_shared_curve(s, n) \ - SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) + SSL_get_shared_group((s), (n)) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index d0cce09263..1fd5788936 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -128,9 +128,15 @@ extern "C" { # define TLSEXT_TYPE_cert_type 9 /* ExtensionType values from RFC4492 */ -# define TLSEXT_TYPE_elliptic_curves 10 +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups # define TLSEXT_TYPE_ec_point_formats 11 + /* ExtensionType value from RFC5054 */ # define TLSEXT_TYPE_srp 12 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 90c1c66744..dad43753dd 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, &nid, 1); } break; @@ -3112,20 +3112,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC - case SSL_CTRL_GET_CURVES: + case SSL_CTRL_GET_GROUPS: { unsigned char *clist; size_t clistlen; if (!s->session) return 0; - clist = s->session->tlsext_ellipticcurvelist; - clistlen = s->session->tlsext_ellipticcurvelist_length / 2; + clist = s->session->tlsext_supportedgroupslist; + clistlen = s->session->tlsext_supportedgroupslist_length / 2; if (parg) { size_t i; int *cptr = parg; unsigned int cid, nid; for (i = 0; i < clistlen; i++) { n2s(clist, cid); + /* TODO(TLS1.3): Handle DH groups here */ nid = tls1_ec_curve_id2nid(cid, NULL); if (nid != 0) cptr[i] = nid; @@ -3136,16 +3137,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg, larg); + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg); - case SSL_CTRL_GET_SHARED_CURVE: - return tls1_shared_curve(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: + return tls1_shared_group(s, larg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3320,8 +3321,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, &nid, 1); } /* break; */ @@ -3417,14 +3418,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg); #endif case SSL_CTRL_SET_SIGALGS: diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 63687b5ba1..2382030f34 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -202,17 +202,23 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) { int rv; if (cctx->ssl) - rv = SSL_set1_curves_list(cctx->ssl, value); + rv = SSL_set1_groups_list(cctx->ssl, value); /* NB: ctx == NULL performs syntax checking only */ else - rv = SSL_CTX_set1_curves_list(cctx->ctx, value); + rv = SSL_CTX_set1_groups_list(cctx->ctx, value); return rv > 0; } +/* This is the old name for cmd_Groups - retained for backwards compatibility */ +static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_Groups(cctx, value); +} + #ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) @@ -543,6 +549,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), SSL_CONF_CMD_STRING(Curves, "curves", 0), + SSL_CONF_CMD_STRING(Groups, "groups", 0), #ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 363b4f4ab8..a6360accea 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -610,14 +610,14 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ecpointformatlist_length = ctx->tlsext_ecpointformatlist_length; } - if (ctx->tlsext_ellipticcurvelist) { - s->tlsext_ellipticcurvelist = - OPENSSL_memdup(ctx->tlsext_ellipticcurvelist, - ctx->tlsext_ellipticcurvelist_length); - if (!s->tlsext_ellipticcurvelist) + if (ctx->tlsext_supportedgroupslist) { + s->tlsext_supportedgroupslist = + OPENSSL_memdup(ctx->tlsext_supportedgroupslist, + ctx->tlsext_supportedgroupslist_length); + if (!s->tlsext_supportedgroupslist) goto err; - s->tlsext_ellipticcurvelist_length = - ctx->tlsext_ellipticcurvelist_length; + s->tlsext_supportedgroupslist_length = + ctx->tlsext_supportedgroupslist_length; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG @@ -1001,7 +1001,7 @@ void SSL_free(SSL *s) SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC OPENSSL_free(s->tlsext_ecpointformatlist); - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->tlsext_supportedgroupslist); #endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP @@ -1857,8 +1857,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (ctx == NULL) { switch (cmd) { #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(NULL, NULL, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(NULL, NULL, parg); #endif case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: @@ -2630,7 +2630,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_EC OPENSSL_free(a->tlsext_ecpointformatlist); - OPENSSL_free(a->tlsext_ellipticcurvelist); + OPENSSL_free(a->tlsext_supportedgroupslist); #endif OPENSSL_free(a->alpn_client_proto_list); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 63b001ffee..dbe8813acf 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -554,8 +554,8 @@ struct ssl_session_st { # ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; /* peer's list */ # endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ @@ -868,8 +868,8 @@ struct ssl_ctx_st { /* EC extension values inherited by SSL structure */ size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* ext status type used for CSR extension (OCSP Stapling) */ @@ -1078,9 +1078,9 @@ struct ssl_st { size_t tlsext_ecpointformatlist_length; /* our list */ unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; + size_t tlsext_supportedgroupslist_length; /* our list */ - unsigned char *tlsext_ellipticcurvelist; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; @@ -2053,10 +2053,10 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); __owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags); __owur int tls1_ec_nid2curve_id(int nid); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); -__owur int tls1_shared_curve(SSL *s, int nmatch); -__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, +__owur int tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, +__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_curve(int id); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 291796e8ad..825e706561 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -132,7 +132,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_hostname = NULL; #ifndef OPENSSL_NO_EC dest->tlsext_ecpointformatlist = NULL; - dest->tlsext_ellipticcurvelist = NULL; + dest->tlsext_supportedgroupslist = NULL; #endif dest->tlsext_tick = NULL; #ifndef OPENSSL_NO_SRP @@ -198,11 +198,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->tlsext_ecpointformatlist == NULL) goto err; } - if (src->tlsext_ellipticcurvelist) { - dest->tlsext_ellipticcurvelist = - OPENSSL_memdup(src->tlsext_ellipticcurvelist, - src->tlsext_ellipticcurvelist_length); - if (dest->tlsext_ellipticcurvelist == NULL) + if (src->tlsext_supportedgroupslist) { + dest->tlsext_supportedgroupslist = + OPENSSL_memdup(src->tlsext_supportedgroupslist, + src->tlsext_supportedgroupslist_length); + if (dest->tlsext_supportedgroupslist == NULL) goto err; } #endif @@ -753,8 +753,8 @@ void SSL_SESSION_free(SSL_SESSION *ss) #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; OPENSSL_free(ss->tlsext_ecpointformatlist); - ss->tlsext_ellipticcurvelist_length = 0; - OPENSSL_free(ss->tlsext_ellipticcurvelist); + ss->tlsext_supportedgroupslist_length = 0; + OPENSSL_free(ss->tlsext_supportedgroupslist); #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index ba3457d2e0..142c637dc9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1736,7 +1736,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } /* Get NID of appropriate shared curve */ - nid = tls1_shared_curve(s, -2); + nid = tls1_shared_group(s, -2); curve_id = tls1_ec_nid2curve_id(nid); if (curve_id == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 30b304669f..bbec1359ca 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -242,7 +242,7 @@ int SSL_extension_supported(unsigned int ext_type) /* Internally supported extensions. */ case TLSEXT_TYPE_application_layer_protocol_negotiation: case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: case TLSEXT_TYPE_heartbeat: #ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e79c37eee0..a7aa955223 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -268,8 +268,8 @@ static int tls1_get_curvelist(SSL *s, int sess, { size_t pcurveslen = 0; if (sess) { - *pcurves = s->session->tlsext_ellipticcurvelist; - pcurveslen = s->session->tlsext_ellipticcurvelist_length; + *pcurves = s->session->tlsext_supportedgroupslist; + pcurveslen = s->session->tlsext_supportedgroupslist_length; } else { /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { @@ -288,8 +288,8 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = 2; break; default: - *pcurves = s->tlsext_ellipticcurvelist; - pcurveslen = s->tlsext_ellipticcurvelist_length; + *pcurves = s->tlsext_supportedgroupslist; + pcurveslen = s->tlsext_supportedgroupslist_length; } if (!*pcurves) { *pcurves = eccurves_default; @@ -356,13 +356,13 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) } /*- - * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef + * For nmatch >= 0, return the NID of the |nmatch|th shared group or NID_undef * if there is no match. * For nmatch == -1, return number of matches - * For nmatch == -2, return the NID of the curve to use for + * For nmatch == -2, return the NID of the group to use for * an EC tmp key, or NID_undef if there is no match. */ -int tls1_shared_curve(SSL *s, int nmatch) +int tls1_shared_group(SSL *s, int nmatch) { const unsigned char *pref, *supp; size_t num_pref, num_supp, i, j; @@ -434,34 +434,35 @@ int tls1_shared_curve(SSL *s, int nmatch) return NID_undef; } -int tls1_set_curves(unsigned char **pext, size_t *pextlen, - int *curves, size_t ncurves) +int tls1_set_groups(unsigned char **pext, size_t *pextlen, + int *groups, size_t ngroups) { - unsigned char *clist, *p; + unsigned char *glist, *p; size_t i; /* - * Bitmap of curves included to detect duplicates: only works while curve + * Bitmap of groups included to detect duplicates: only works while group * ids < 32 */ unsigned long dup_list = 0; - clist = OPENSSL_malloc(ncurves * 2); - if (clist == NULL) + glist = OPENSSL_malloc(ngroups * 2); + if (glist == NULL) return 0; - for (i = 0, p = clist; i < ncurves; i++) { + for (i = 0, p = glist; i < ngroups; i++) { unsigned long idmask; int id; - id = tls1_ec_nid2curve_id(curves[i]); + /* TODO(TLS1.3): Convert for DH groups */ + id = tls1_ec_nid2curve_id(groups[i]); idmask = 1L << id; if (!id || (dup_list & idmask)) { - OPENSSL_free(clist); + OPENSSL_free(glist); return 0; } dup_list |= idmask; s2n(id, p); } OPENSSL_free(*pext); - *pext = clist; - *pextlen = ncurves * 2; + *pext = glist; + *pextlen = ngroups * 2; return 1; } @@ -500,8 +501,8 @@ static int nid_cb(const char *elem, int len, void *arg) return 1; } -/* Set curves based on a colon separate list */ -int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) +/* Set groups based on a colon separate list */ +int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str) { nid_cb_st ncb; ncb.nidcnt = 0; @@ -509,7 +510,7 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) return 0; if (pext == NULL) return 1; - return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt); + return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt); } /* For an EC key set TLS id and required compression based on parameters */ @@ -706,7 +707,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return 1; } /* Need a shared curve */ - if (tls1_shared_curve(s, 0)) + if (tls1_shared_group(s, 0)) return 1; return 0; } @@ -1117,16 +1118,17 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) } /* - * Add TLS extension EllipticCurves to the ClientHello message + * Add TLS extension supported_groups to the ClientHello message */ - pcurves = s->tlsext_ellipticcurvelist; + /* TODO(TLS1.3): Add support for DHE groups */ + pcurves = s->tlsext_supportedgroupslist; if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves) - /* Sub-packet for curves extension */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) + /* Sub-packet for supported_groups extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); @@ -1982,22 +1984,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) return 0; } } - } else if (currext->type == TLSEXT_TYPE_elliptic_curves) { - PACKET elliptic_curve_list; + } else if (currext->type == TLSEXT_TYPE_supported_groups) { + PACKET supported_groups_list; - /* Each NamedCurve is 2 bytes and we must have at least 1. */ + /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(&currext->data, - &elliptic_curve_list) - || PACKET_remaining(&elliptic_curve_list) == 0 - || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) { + &supported_groups_list) + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { return 0; } if (!s->hit) { - if (!PACKET_memdup(&elliptic_curve_list, - &s->session->tlsext_ellipticcurvelist, + if (!PACKET_memdup(&supported_groups_list, + &s->session->tlsext_supportedgroupslist, &s-> - session->tlsext_ellipticcurvelist_length)) { + session->tlsext_supportedgroupslist_length)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index c8d00532d8..52c72b2450 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -448,7 +448,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_client_authz, "client_authz"}, {TLSEXT_TYPE_server_authz, "server_authz"}, {TLSEXT_TYPE_cert_type, "cert_type"}, - {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"}, + {TLSEXT_TYPE_supported_groups, "supported_groups"}, {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, {TLSEXT_TYPE_srp, "srp"}, {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, @@ -466,7 +466,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} }; -static ssl_trace_tbl ssl_curve_tbl[] = { +static ssl_trace_tbl ssl_groups_tbl[] = { {1, "sect163k1 (K-163)"}, {2, "sect163r1"}, {3, "sect163r2 (B-163)"}, @@ -665,13 +665,13 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; - return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl); + return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); case TLSEXT_TYPE_signature_algorithms: @@ -1009,7 +1009,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, return 0; curve = (msg[1] << 8) | msg[2]; BIO_printf(bio, "named_curve: %s (%d)\n", - ssl_trace_str(curve, ssl_curve_tbl), curve); + ssl_trace_str(curve, ssl_groups_tbl), curve); msg += 3; msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) -- 2.25.1