mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Have the same default groups list for QUIC and TLS

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26801)
This commit is contained in:
Tomas Mraz 2025-02-20 16:25:41 +01:00
parent b665a13ac0
commit a89c99e04b
3 changed files with 275 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/t1_lib.c
View File

@ -202,8 +202,6 @@ static const unsigned char ecformats_default[] = {
#define DEFAULT_GROUP_NAME "DEFAULT"
#define TLS_DEFAULT_GROUP_LIST \
"?*X25519MLKEM768 / ?*X25519:?secp256r1 / ?X448:?secp384r1:?secp521r1 / ?ffdhe2048:?ffdhe3072"
#define QUIC_DEFAULT_GROUP_LIST \
"X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192"
static const uint16_t suiteb_curves[] = {
OSSL_TLS_GROUP_ID_secp256r1,
@ -365,9 +363,7 @@ int ssl_load_groups(SSL_CTX *ctx)
if (!OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx))
return 0;
if (!IS_QUIC_CTX(ctx))
return SSL_CTX_set1_groups_list(ctx, TLS_DEFAULT_GROUP_LIST);
return SSL_CTX_set1_groups_list(ctx, QUIC_DEFAULT_GROUP_LIST);
return SSL_CTX_set1_groups_list(ctx, TLS_DEFAULT_GROUP_LIST);
}
#define TLS_SIGALG_LIST_MALLOC_BLOCK_SIZE 10

195
test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt
View File

@ -2,18 +2,18 @@ Sent TLS Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 269
ClientHello, Length=265
Length = 1485
ClientHello, Length=1481
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x????????
random_bytes (len=28): ????????????????????????????????????????????????????????
gmt_unix_time=0x?
random_bytes (len=28): ?
session_id (len=0):
cipher_suites (len=2)
{0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_methods (len=1)
No Compression (0x00)
extensions, length = 222
extensions, length = 1438
extension_type=UNKNOWN(57), length=49
0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D..
000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ...............
@ -23,17 +23,15 @@ Header:
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=22
extension_type=supported_groups(10), length=18
X25519MLKEM768 (4588)
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
secp521r1 (P-521) (25)
ffdhe2048 (256)
ffdhe3072 (257)
ffdhe4096 (258)
ffdhe6144 (259)
ffdhe8192 (260)
extension_type=session_ticket(35), length=0
extension_type=application_layer_protocol_negotiation(16), length=11
ossltest
@ -64,105 +62,184 @@ Header:
TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
extension_type=key_share(51), length=1258
NamedGroup: X25519MLKEM768 (4588)
key_exchange: (len=1216): ?
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): ????????????????????????????????????????????????????????????????
key_exchange: (len=32): ?
extension_type=compress_certificate(27), length=3
zlib (1)
Sent Frame: Crypto
Offset: 0
Len: 269
Sent Frame: Padding
Len: 1158
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000000
Sent Datagram
Length: 1200
Received Datagram
Length: 91
Sent Frame: Crypto
Offset: 0
Len: 269
Offset: 1158
Len: 327
Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000001
Sent Datagram
Length: 1200
Sent Datagram
Length: 1200
Received Datagram
Length: 91
Received Datagram
Length: 91
Sent Frame: Crypto
Offset: 0
Len: 1098
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1118
Token: ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Packet Number: 0x00000001
Token: ?
Packet Number: 0x00000002
Sent Frame: Crypto
Offset: 1098
Len: 60
Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1118
Token: ?
Packet Number: 0x00000003
Sent Datagram
Length: 1200
Sent Datagram
Length: 1200
Received Datagram
Length: 1200
Received Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x?
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000000
Received Frame: Ack (without ECN)
Largest acked: 3
Ack delay (raw) 0
Ack range count: 0
First ack range: 1
Received Frame: Padding
Sent Frame: Crypto
Offset: 1158
Len: 327
Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1118
Token: ?
Packet Number: 0x00000004
Sent Datagram
Length: 1200
Received Datagram
Length: 1200
Received Datagram
Length: 244
Length: 1199
Received Datagram
Length: 174
Received Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x????????????????
Payload length: 115
Source Conn Id: 0x?
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000000
Packet Number: 0x00000001
Received Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x?
Payload length: 45
Token: <zero length token>
Packet Number: 0x00000002
Received Frame: Ack (without ECN)
Largest acked: 1
Largest acked: 4
Ack delay (raw) 0
Ack range count: 0
First ack range: 0
First ack range: 2
Received Frame: Crypto
Offset: 0
Len: 90
Len: 1153
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 90
Length = 1153
Inner Content Type = Handshake (22)
ServerHello, Length=86
Received Frame: Crypto
Offset: 1153
Len: 25
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 25
Inner Content Type = Handshake (22)
ServerHello, Length=1174
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x????????
random_bytes (len=28): ????????????????????????????????????????????????????????
gmt_unix_time=0x?
random_bytes (len=28): ?
session_id (len=0):
cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_method: No Compression (0x00)
extensions, length = 46
extensions, length = 1134
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): ????????????????????????????????????????????????????????????????
extension_type=key_share(51), length=1124
NamedGroup: X25519MLKEM768 (4588)
key_exchange: (len=1120): ?
Received Packet
Packet Type: Handshake
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x????????????????
Payload length: 1042
Source Conn Id: 0x?
Payload length: 1112
Packet Number: 0x00000000
Received Packet
Packet Type: Handshake
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x????????????????
Payload length: 223
Source Conn Id: 0x?
Payload length: 153
Packet Number: 0x00000001
Received Frame: Crypto
Offset: 0
Len: 1022
Len: 1092
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 1022
Length = 1092
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=98
extensions, length = 96
@ -171,8 +248,8 @@ Header:
000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ?? ???????????????
001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02 ???????????????
002d - 04 04 80 0c 00 00 05 04-80 08 00 00 06 04 80 ...............
003c - 08 00 00 07 04 80 08 00-00 08 02 40 64 09 02 ???????????????
004b - 40 64 ??
003c - ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ???????????????
004b - ?? ?? ??
extension_type=application_layer_protocol_negotiation(16), length=11
ossltest
@ -265,20 +342,20 @@ YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
No extensions
Received Frame: Crypto
Offset: 1022
Len: 202
Offset: 1092
Len: 132
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 202
Length = 132
Inner Content Type = Handshake (22)
CertificateVerify, Length=260
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
Signature (len=256): ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Signature (len=256): ?
Finished, Length=32
verify_data (len=32): ????????????????????????????????????????????????????????????????
verify_data (len=32): ?
Sent TLS Record
Header:
@ -287,13 +364,13 @@ Header:
Length = 36
Inner Content Type = Handshake (22)
Finished, Length=32
verify_data (len=32): ????????????????????????????????????????????????????????????????
verify_data (len=32): ?
Sent Frame: Ack (without ECN)
Largest acked: 0
Largest acked: 2
Ack delay (raw) 0
Ack range count: 0
First ack range: 0
First ack range: 2
Sent Frame: Ack (without ECN)
Largest acked: 1
Ack delay (raw) 0
@ -306,15 +383,15 @@ Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1037
Token: ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Packet Number: 0x00000002
Token: ?
Packet Number: 0x00000005
Sent Packet
Packet Type: Handshake
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 60
Packet Number: 0x00000000

199
test/recipes/75-test_quicapi_data/ssltraceref.txt
View File

@ -2,18 +2,18 @@ Sent TLS Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 262
ClientHello, Length=258
Length = 1478
ClientHello, Length=1474
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x????????
random_bytes (len=28): ????????????????????????????????????????????????????????
gmt_unix_time=0x?
random_bytes (len=28): ?
session_id (len=0):
cipher_suites (len=2)
{0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_methods (len=1)
No Compression (0x00)
extensions, length = 215
extensions, length = 1431
extension_type=UNKNOWN(57), length=49
0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D..
000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ...............
@ -23,17 +23,15 @@ Header:
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=22
extension_type=supported_groups(10), length=18
X25519MLKEM768 (4588)
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
secp521r1 (P-521) (25)
ffdhe2048 (256)
ffdhe3072 (257)
ffdhe4096 (258)
ffdhe6144 (259)
ffdhe8192 (260)
extension_type=session_ticket(35), length=0
extension_type=application_layer_protocol_negotiation(16), length=11
ossltest
@ -64,113 +62,192 @@ Header:
TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
extension_type=key_share(51), length=1258
NamedGroup: X25519MLKEM768 (4588)
key_exchange: (len=1216): ?
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): ????????????????????????????????????????????????????????????????
key_exchange: (len=32): ?
Sent Frame: Crypto
Offset: 0
Len: 262
Sent Frame: Padding
Len: 1158
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000000
Sent Datagram
Length: 1200
Received Datagram
Length: 91
Sent Frame: Crypto
Offset: 0
Len: 262
Offset: 1158
Len: 320
Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000001
Sent Datagram
Length: 1200
Sent Datagram
Length: 1200
Received Datagram
Length: 91
Received Datagram
Length: 91
Sent Frame: Crypto
Offset: 0
Len: 1098
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1118
Token: ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Packet Number: 0x00000001
Token: ?
Packet Number: 0x00000002
Sent Frame: Crypto
Offset: 1098
Len: 60
Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1118
Token: ?
Packet Number: 0x00000003
Sent Datagram
Length: 1200
Sent Datagram
Length: 1200
Received Datagram
Length: 1200
Received Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x?
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000000
Received Frame: Ack (without ECN)
Largest acked: 3
Ack delay (raw) 0
Ack range count: 0
First ack range: 1
Received Frame: Padding
Sent Frame: Crypto
Offset: 1158
Len: 320
Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1118
Token: ?
Packet Number: 0x00000004
Sent Datagram
Length: 1200
Received Datagram
Length: 1200
Received Datagram
Length: 244
Length: 1199
Received Datagram
Length: 174
Received Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x????????????????
Payload length: 115
Source Conn Id: 0x?
Payload length: 1178
Token: <zero length token>
Packet Number: 0x00000000
Packet Number: 0x00000001
Received Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x?
Payload length: 45
Token: <zero length token>
Packet Number: 0x00000002
Received Frame: Ack (without ECN)
Largest acked: 1
Largest acked: 4
Ack delay (raw) 0
Ack range count: 0
First ack range: 0
First ack range: 2
Received Frame: Crypto
Offset: 0
Len: 90
Len: 1153
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 90
Length = 1153
Inner Content Type = Handshake (22)
ServerHello, Length=86
Received Frame: Crypto
Offset: 1153
Len: 25
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 25
Inner Content Type = Handshake (22)
ServerHello, Length=1174
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x????????
random_bytes (len=28): ????????????????????????????????????????????????????????
gmt_unix_time=0x?
random_bytes (len=28): ?
session_id (len=0):
cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_method: No Compression (0x00)
extensions, length = 46
extensions, length = 1134
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): ????????????????????????????????????????????????????????????????
extension_type=key_share(51), length=1124
NamedGroup: X25519MLKEM768 (4588)
key_exchange: (len=1120): ?
Received Packet
Packet Type: Handshake
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x????????????????
Payload length: 1042
Source Conn Id: 0x?
Payload length: 1112
Packet Number: 0x00000000
Received Packet
Packet Type: Handshake
Version: 0x00000001
Destination Conn Id: <zero length id>
Source Conn Id: 0x????????????????
Payload length: 223
Source Conn Id: 0x?
Payload length: 153
Packet Number: 0x00000001
Received Frame: Crypto
Offset: 0
Len: 1022
Len: 1092
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 1022
Length = 1092
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=98
extensions, length = 96
extension_type=UNKNOWN(57), length=77
0000 - 0c 00 00 08 ?? ?? ?? ??-?? ?? ?? ?? 0f 08 ?? ....????????..?
000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ?? ???????..??????
001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02 ??....??..?....
000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ?? ???????????????
001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02 ???????????????
002d - 04 04 80 0c 00 00 05 04-80 08 00 00 06 04 80 ...............
003c - 08 00 00 07 04 80 08 00-00 08 02 40 64 09 02 ...........@d..
004b - 40 64 @d
003c - ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ???????????????
004b - ?? ?? ??
extension_type=application_layer_protocol_negotiation(16), length=11
ossltest
@ -263,20 +340,20 @@ YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
No extensions
Received Frame: Crypto
Offset: 1022
Len: 202
Offset: 1092
Len: 132
Received TLS Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 202
Length = 132
Inner Content Type = Handshake (22)
CertificateVerify, Length=260
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
Signature (len=256): ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Signature (len=256): ?
Finished, Length=32
verify_data (len=32): ????????????????????????????????????????????????????????????????
verify_data (len=32): ?
Sent TLS Record
Header:
@ -285,13 +362,13 @@ Header:
Length = 36
Inner Content Type = Handshake (22)
Finished, Length=32
verify_data (len=32): ????????????????????????????????????????????????????????????????
verify_data (len=32): ?
Sent Frame: Ack (without ECN)
Largest acked: 0
Largest acked: 2
Ack delay (raw) 0
Ack range count: 0
First ack range: 0
First ack range: 2
Sent Frame: Ack (without ECN)
Largest acked: 1
Ack delay (raw) 0
@ -304,15 +381,15 @@ Sent Frame: Padding
Sent Packet
Packet Type: Initial
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 1037
Token: ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Packet Number: 0x00000002
Token: ?
Packet Number: 0x00000005
Sent Packet
Packet Type: Handshake
Version: 0x00000001
Destination Conn Id: 0x????????????????
Destination Conn Id: 0x?
Source Conn Id: <zero length id>
Payload length: 60
Packet Number: 0x00000000