Ensure default supported groups works even with no-ec and no-dh

The default supported groups code was disabled in the event of a build with no-ec and no-dh. However now that providers can add there own groups (which might not fit into either of these categories), this is no longer appropriate. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
2025-02-17 14:32:04 +08:00 · 2021-01-13 15:50:36 +00:00 · 2021-01-13 15:50:36 +00:00 · ddf8f1ce63
commit ddf8f1ce63
parent 5b64ce89b0
6 changed files with 33 additions and 26 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -3396,6 +3396,7 @@ void SSL_CTX_free(SSL_CTX *a)
    OPENSSL_free(a->ext.ecpointformats);
 #endif
    OPENSSL_free(a->ext.supportedgroups);
+    OPENSSL_free(a->ext.supported_groups_default);
    OPENSSL_free(a->ext.alpn);
    OPENSSL_secure_free(a->ext.secure);

--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@ -1060,6 +1060,8 @@ struct ssl_ctx_st {
        size_t supportedgroups_len;
        uint16_t *supportedgroups;

+        uint16_t *supported_groups_default;
+        size_t supported_groups_default_len;
        /*
         * ALPN information (we are in the process of transitioning from NPN to
         * ALPN.)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@ -163,7 +163,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
 #else
    INVALID_EXTENSION,
 #endif
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
    {
        /*
         * "supported_groups" is spread across several specifications.
@ -197,9 +196,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
        tls_construct_stoc_supported_groups,
        tls_construct_ctos_supported_groups, NULL
    },
-#else
-    INVALID_EXTENSION,
-#endif
    {
        TLSEXT_TYPE_session_ticket,
        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@ -184,7 +184,6 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
 }
 #endif

-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
 EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
                                               unsigned int context, X509 *x,
                                               size_t chainidx)
@ -239,7 +238,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,

    return EXT_RETURN_SENT;
 }
-#endif

 EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
                                             unsigned int context, X509 *x,
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@ -893,7 +893,6 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
    return 1;
 }

-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
 int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx)
 {
@ -921,7 +920,6 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,

    return 1;
 }
-#endif

 int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                       size_t chainidx)
@ -1333,7 +1331,6 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
 }
 #endif

-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
 EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
                                               unsigned int context, X509 *x,
                                               size_t chainidx)
@ -1393,7 +1390,6 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,

    return EXT_RETURN_SENT;
 }
-#endif

 EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
                                             unsigned int context, X509 *x,
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -194,16 +194,12 @@ static const unsigned char ecformats_default[] = {
 #endif /* !defined(OPENSSL_NO_EC) */

 /* The default curves */
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
 static const uint16_t supported_groups_default[] = {
-# ifndef OPENSSL_NO_EC
    29,                      /* X25519 (29) */
    23,                      /* secp256r1 (23) */
    30,                      /* X448 (30) */
    25,                      /* secp521r1 (25) */
    24,                      /* secp384r1 (24) */
-# endif
-# ifndef OPENSSL_NO_GOST
    34,                      /* GC256A (34) */
    35,                      /* GC256B (35) */
    36,                      /* GC256C (36) */
@ -211,16 +207,12 @@ static const uint16_t supported_groups_default[] = {
    38,                      /* GC512A (38) */
    39,                      /* GC512B (39) */
    40,                      /* GC512C (40) */
-# endif
-# ifndef OPENSSL_NO_DH
    0x100,                   /* ffdhe2048 (0x100) */
    0x101,                   /* ffdhe3072 (0x101) */
    0x102,                   /* ffdhe4096 (0x102) */
    0x103,                   /* ffdhe6144 (0x103) */
    0x104,                   /* ffdhe8192 (0x104) */
-# endif
 };
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */

 #ifndef OPENSSL_NO_EC
 static const uint16_t suiteb_curves[] = {
@ -398,7 +390,34 @@ static int discover_provider_groups(OSSL_PROVIDER *provider, void *vctx)

 int ssl_load_groups(SSL_CTX *ctx)
 {
-    return OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx);
+    size_t i, j, num_deflt_grps = 0;
+    uint16_t tmp_supp_groups[sizeof(supported_groups_default)];
+
+    if (!OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx))
+        return 0;
+
+    for (i = 0; i < sizeof(supported_groups_default); i++) {
+        for (j = 0; j < ctx->group_list_len; j++) {
+            if (ctx->group_list[j].group_id == supported_groups_default[i])
+                tmp_supp_groups[num_deflt_grps++] = ctx->group_list[j].group_id;
+        }
+    }
+
+    if (num_deflt_grps == 0)
+        return 1;
+
+    ctx->ext.supported_groups_default
+        = OPENSSL_malloc(sizeof(uint16_t) * num_deflt_grps);
+
+    if (ctx->ext.supported_groups_default == NULL) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memcpy(ctx->ext.supported_groups_default, tmp_supp_groups, num_deflt_grps);
+    ctx->ext.supported_groups_default_len = num_deflt_grps;
+
+    return 1;
 }

 static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name)
@ -484,7 +503,6 @@ uint16_t tls1_nid2group_id(int nid)
 void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
                               size_t *pgroupslen)
 {
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
    /* For Suite B mode only include P-256, P-384 */
    switch (tls1_suiteb(s)) {
 # ifndef OPENSSL_NO_EC
@ -506,18 +524,14 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,

    default:
        if (s->ext.supportedgroups == NULL) {
-            *pgroups = supported_groups_default;
-            *pgroupslen = OSSL_NELEM(supported_groups_default);
+            *pgroups = s->ctx->ext.supported_groups_default;
+            *pgroupslen = s->ctx->ext.supported_groups_default_len;
        } else {
            *pgroups = s->ext.supportedgroups;
            *pgroupslen = s->ext.supportedgroups_len;
        }
        break;
    }
-#else
-    *pgroups = NULL;
-    *pgroupslen = 0;
-#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
 }

 int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion)