diff --git a/apps/s_apps.h b/apps/s_apps.h index c47932bfb6..4c24b2eb28 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -59,7 +59,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); -int ssl_print_curves(BIO *out, SSL *s, int noshared); +int ssl_print_groups(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, diff --git a/apps/s_cb.c b/apps/s_cb.c index c37b9a1cda..d5c308ee13 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -307,50 +307,52 @@ int ssl_print_point_formats(BIO *out, SSL *s) return 1; } -int ssl_print_curves(BIO *out, SSL *s, int noshared) +int ssl_print_groups(BIO *out, SSL *s, int noshared) { - int i, ncurves, *curves, nid; - const char *cname; + int i, ngroups, *groups, nid; + const char *gname; - ncurves = SSL_get1_curves(s, NULL); - if (ncurves <= 0) + ngroups = SSL_get1_groups(s, NULL); + if (ngroups <= 0) return 1; - curves = app_malloc(ncurves * sizeof(int), "curves to print"); - SSL_get1_curves(s, curves); + groups = app_malloc(ngroups * sizeof(int), "groups to print"); + SSL_get1_groups(s, groups); - BIO_puts(out, "Supported Elliptic Curves: "); - for (i = 0; i < ncurves; i++) { + BIO_puts(out, "Supported Elliptic Groups: "); + for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); - nid = curves[i]; + nid = groups[i]; /* If unrecognised print out hex version */ if (nid & TLSEXT_nid_unknown) BIO_printf(out, "0x%04X", nid & 0xFFFF); else { + /* TODO(TLS1.3): Get group name here */ /* Use NIST name for curve if it exists */ - cname = EC_curve_nid2nist(nid); - if (!cname) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "%s", cname); + gname = EC_curve_nid2nist(nid); + if (!gname) + gname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", gname); } } - OPENSSL_free(curves); + OPENSSL_free(groups); if (noshared) { BIO_puts(out, "\n"); return 1; } - BIO_puts(out, "\nShared Elliptic curves: "); - ncurves = SSL_get_shared_curve(s, -1); - for (i = 0; i < ncurves; i++) { + BIO_puts(out, "\nShared Elliptic groups: "); + ngroups = SSL_get_shared_group(s, -1); + for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); - nid = SSL_get_shared_curve(s, i); - cname = EC_curve_nid2nist(nid); - if (!cname) - cname = OBJ_nid2sn(nid); - BIO_printf(out, "%s", cname); + nid = SSL_get_shared_group(s, i); + /* TODO(TLS1.3): Convert for DH groups */ + gname = EC_curve_nid2nist(nid); + if (!gname) + gname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", gname); } - if (ncurves == 0) + if (ngroups == 0) BIO_puts(out, "NONE"); BIO_puts(out, "\n"); return 1; @@ -604,7 +606,7 @@ static STRINT_PAIR tlsext_types[] = { {"client authz", TLSEXT_TYPE_client_authz}, {"server authz", TLSEXT_TYPE_server_authz}, {"cert type", TLSEXT_TYPE_cert_type}, - {"elliptic curves", TLSEXT_TYPE_elliptic_curves}, + {"supported_groups", TLSEXT_TYPE_supported_groups}, {"EC point formats", TLSEXT_TYPE_ec_point_formats}, {"SRP", TLSEXT_TYPE_srp}, {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, @@ -1093,7 +1095,7 @@ void print_ssl_summary(SSL *s) #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_err, s); if (SSL_is_server(s)) - ssl_print_curves(bio_err, s, 1); + ssl_print_groups(bio_err, s, 1); else ssl_print_tmp_key(bio_err, s); #else diff --git a/apps/s_server.c b/apps/s_server.c index 24841c528e..985841352d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2560,7 +2560,7 @@ static int init_ssl_connection(SSL *con) ssl_print_sigalgs(bio_s_out, con); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_s_out, con); - ssl_print_curves(bio_s_out, con, 0); + ssl_print_groups(bio_s_out, con, 0); #endif BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); @@ -2847,7 +2847,7 @@ static int www_body(int s, int stype, unsigned char *context) } ssl_print_sigalgs(io, con); #ifndef OPENSSL_NO_EC - ssl_print_curves(io, con, 0); + ssl_print_groups(io, con, 0); #endif BIO_printf(io, (SSL_session_reused(con) ? "---\nReused, " : "---\nNew, ")); diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index b0276c80f3..a250f20c22 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -2,13 +2,25 @@ =head1 NAME +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, +SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, -SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions +SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve +- EC supported curve functions =head1 SYNOPSIS #include + int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); + int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); + + int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); + int SSL_set1_groups_list(SSL *ssl, char *list); + + int SSL_get1_groups(SSL *ssl, int *groups); + int SSL_get_shared_group(SSL *s, int n); + int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); @@ -20,36 +32,42 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve =head1 DESCRIPTION -SSL_CTX_set1_curves() sets the supported curves for B to B -curves in the array B. The array consist of all NIDs of curves in -preference order. For a TLS client the curves are used directly in the -supported curves extension. For a TLS server the curves are used to -determine the set of shared curves. +SSL_CTX_set1_groups() sets the supported groups for B to B +groups in the array B. The array consist of all NIDs of groups in +preference order. For a TLS client the groups are used directly in the +supported groups extension. For a TLS server the groups are used to +determine the set of shared groups. -SSL_CTX_set1_curves_list() sets the supported curves for B to -string B. The string is a colon separated list of curve NIDs or +SSL_CTX_set1_groups_list() sets the supported groups for B to +string B. The string is a colon separated list of group NIDs or names, for example "P-521:P-384:P-256". -SSL_set1_curves() and SSL_set1_curves_list() are similar except they set -supported curves for the SSL structure B. +SSL_set1_groups() and SSL_set1_groups_list() are similar except they set +supported groups for the SSL structure B. -SSL_get1_curves() returns the set of supported curves sent by a client -in the supported curves extension. It returns the total number of -supported curves. The B parameter can be B to simply -return the number of curves for memory allocation purposes. The -B array is in the form of a set of curve NIDs in preference -order. It can return zero if the client did not send a supported curves +SSL_get1_groups() returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The B parameter can be B to simply +return the number of groups for memory allocation purposes. The +B array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups extension. -SSL_get_shared_curve() returns shared curve B for a server-side -SSL B. If B is -1 then the total number of shared curves is +SSL_get_shared_group() returns shared group B for a server-side +SSL B. If B is -1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, -most applications will only be interested in the first shared curve +most applications will only be interested in the first shared group so B is normally set to zero. If the value B is out of range, NID_undef is returned. All these functions are implemented as macros. +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to TLS1.3, there was +only the concept of supported curves. In TLS1.3 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. + =head1 NOTES If an application wishes to make use of several of these functions for @@ -58,16 +76,16 @@ consider using the SSL_CONF interface instead of manually parsing options. =head1 RETURN VALUES -SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves() and -SSL_set1_curves_list(), return 1 for success and 0 for failure. +SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups() and +SSL_set1_groups_list(), return 1 for success and 0 for failure. -SSL_get1_curves() returns the number of curves, which may be zero. +SSL_get1_groups() returns the number of groups, which may be zero. -SSL_get_shared_curve() returns the NID of shared curve B or NID_undef if there -is no shared curve B; or the total number of shared curves if B +SSL_get_shared_group() returns the NID of shared group B or NID_undef if there +is no shared group B; or the total number of shared groups if B is -1. -When called on a client B, SSL_get_shared_curve() has no meaning and +When called on a client B, SSL_get_shared_group() has no meaning and returns -1. =head1 SEE ALSO @@ -76,7 +94,8 @@ L =head1 HISTORY -These functions were first added to OpenSSL 1.0.2. +The curve functions were first added to OpenSSL 1.0.2. The equivalent group +functions were first added to OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1bb93fef70..b61a992e16 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1109,10 +1109,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 # define SSL_CTRL_CHAIN 88 # define SSL_CTRL_CHAIN_CERT 89 -# define SSL_CTRL_GET_CURVES 90 -# define SSL_CTRL_SET_CURVES 91 -# define SSL_CTRL_SET_CURVES_LIST 92 -# define SSL_CTRL_GET_SHARED_CURVE 93 +# define SSL_CTRL_GET_GROUPS 90 +# define SSL_CTRL_SET_GROUPS 91 +# define SSL_CTRL_SET_GROUPS_LIST 92 +# define SSL_CTRL_GET_SHARED_GROUP 93 # define SSL_CTRL_SET_SIGALGS 97 # define SSL_CTRL_SET_SIGALGS_LIST 98 # define SSL_CTRL_CERT_FLAGS 99 @@ -1227,18 +1227,30 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) # define SSL_set1_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) +# define SSL_get1_groups(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)s) # define SSL_get1_curves(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) + SSL_get1_groups((ctx), (s)) +# define SSL_CTX_set1_groups(ctx, glist, glistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist) +# define SSL_CTX_set1_groups_list(ctx, s) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s) # define SSL_CTX_set1_curves(ctx, clist, clistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) + SSL_CTX_set1_groups((ctx), (clist), (clistlen)) # define SSL_CTX_set1_curves_list(ctx, s) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) + SSL_CTX_set1_groups_list((ctx), (s)) +# define SSL_set1_groups(ctx, glist, glistlen) \ + SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist) +# define SSL_set1_groups_list(ctx, s) \ + SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s) # define SSL_set1_curves(ctx, clist, clistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) + SSL_set1_groups((ctx), (clist), (clistlen)) # define SSL_set1_curves_list(ctx, s) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) + SSL_set1_groups_list((ctx), (s)) +# define SSL_get_shared_group(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) # define SSL_get_shared_curve(s, n) \ - SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) + SSL_get_shared_group((s), (n)) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index d0cce09263..1fd5788936 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -128,9 +128,15 @@ extern "C" { # define TLSEXT_TYPE_cert_type 9 /* ExtensionType values from RFC4492 */ -# define TLSEXT_TYPE_elliptic_curves 10 +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups # define TLSEXT_TYPE_ec_point_formats 11 + /* ExtensionType value from RFC5054 */ # define TLSEXT_TYPE_srp 12 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 90c1c66744..dad43753dd 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, &nid, 1); } break; @@ -3112,20 +3112,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC - case SSL_CTRL_GET_CURVES: + case SSL_CTRL_GET_GROUPS: { unsigned char *clist; size_t clistlen; if (!s->session) return 0; - clist = s->session->tlsext_ellipticcurvelist; - clistlen = s->session->tlsext_ellipticcurvelist_length / 2; + clist = s->session->tlsext_supportedgroupslist; + clistlen = s->session->tlsext_supportedgroupslist_length / 2; if (parg) { size_t i; int *cptr = parg; unsigned int cid, nid; for (i = 0; i < clistlen; i++) { n2s(clist, cid); + /* TODO(TLS1.3): Handle DH groups here */ nid = tls1_ec_curve_id2nid(cid, NULL); if (nid != 0) cptr[i] = nid; @@ -3136,16 +3137,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg, larg); + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg); - case SSL_CTRL_GET_SHARED_CURVE: - return tls1_shared_curve(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: + return tls1_shared_group(s, larg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3320,8 +3321,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, &nid, 1); } /* break; */ @@ -3417,14 +3418,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg); #endif case SSL_CTRL_SET_SIGALGS: diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 63687b5ba1..2382030f34 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -202,17 +202,23 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) { int rv; if (cctx->ssl) - rv = SSL_set1_curves_list(cctx->ssl, value); + rv = SSL_set1_groups_list(cctx->ssl, value); /* NB: ctx == NULL performs syntax checking only */ else - rv = SSL_CTX_set1_curves_list(cctx->ctx, value); + rv = SSL_CTX_set1_groups_list(cctx->ctx, value); return rv > 0; } +/* This is the old name for cmd_Groups - retained for backwards compatibility */ +static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_Groups(cctx, value); +} + #ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) @@ -543,6 +549,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), SSL_CONF_CMD_STRING(Curves, "curves", 0), + SSL_CONF_CMD_STRING(Groups, "groups", 0), #ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 363b4f4ab8..a6360accea 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -610,14 +610,14 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ecpointformatlist_length = ctx->tlsext_ecpointformatlist_length; } - if (ctx->tlsext_ellipticcurvelist) { - s->tlsext_ellipticcurvelist = - OPENSSL_memdup(ctx->tlsext_ellipticcurvelist, - ctx->tlsext_ellipticcurvelist_length); - if (!s->tlsext_ellipticcurvelist) + if (ctx->tlsext_supportedgroupslist) { + s->tlsext_supportedgroupslist = + OPENSSL_memdup(ctx->tlsext_supportedgroupslist, + ctx->tlsext_supportedgroupslist_length); + if (!s->tlsext_supportedgroupslist) goto err; - s->tlsext_ellipticcurvelist_length = - ctx->tlsext_ellipticcurvelist_length; + s->tlsext_supportedgroupslist_length = + ctx->tlsext_supportedgroupslist_length; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG @@ -1001,7 +1001,7 @@ void SSL_free(SSL *s) SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC OPENSSL_free(s->tlsext_ecpointformatlist); - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->tlsext_supportedgroupslist); #endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP @@ -1857,8 +1857,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (ctx == NULL) { switch (cmd) { #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(NULL, NULL, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(NULL, NULL, parg); #endif case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: @@ -2630,7 +2630,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_EC OPENSSL_free(a->tlsext_ecpointformatlist); - OPENSSL_free(a->tlsext_ellipticcurvelist); + OPENSSL_free(a->tlsext_supportedgroupslist); #endif OPENSSL_free(a->alpn_client_proto_list); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 63b001ffee..dbe8813acf 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -554,8 +554,8 @@ struct ssl_session_st { # ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; /* peer's list */ # endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ @@ -868,8 +868,8 @@ struct ssl_ctx_st { /* EC extension values inherited by SSL structure */ size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* ext status type used for CSR extension (OCSP Stapling) */ @@ -1078,9 +1078,9 @@ struct ssl_st { size_t tlsext_ecpointformatlist_length; /* our list */ unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; + size_t tlsext_supportedgroupslist_length; /* our list */ - unsigned char *tlsext_ellipticcurvelist; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; @@ -2053,10 +2053,10 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); __owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags); __owur int tls1_ec_nid2curve_id(int nid); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); -__owur int tls1_shared_curve(SSL *s, int nmatch); -__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, +__owur int tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, +__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_curve(int id); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 291796e8ad..825e706561 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -132,7 +132,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_hostname = NULL; #ifndef OPENSSL_NO_EC dest->tlsext_ecpointformatlist = NULL; - dest->tlsext_ellipticcurvelist = NULL; + dest->tlsext_supportedgroupslist = NULL; #endif dest->tlsext_tick = NULL; #ifndef OPENSSL_NO_SRP @@ -198,11 +198,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->tlsext_ecpointformatlist == NULL) goto err; } - if (src->tlsext_ellipticcurvelist) { - dest->tlsext_ellipticcurvelist = - OPENSSL_memdup(src->tlsext_ellipticcurvelist, - src->tlsext_ellipticcurvelist_length); - if (dest->tlsext_ellipticcurvelist == NULL) + if (src->tlsext_supportedgroupslist) { + dest->tlsext_supportedgroupslist = + OPENSSL_memdup(src->tlsext_supportedgroupslist, + src->tlsext_supportedgroupslist_length); + if (dest->tlsext_supportedgroupslist == NULL) goto err; } #endif @@ -753,8 +753,8 @@ void SSL_SESSION_free(SSL_SESSION *ss) #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; OPENSSL_free(ss->tlsext_ecpointformatlist); - ss->tlsext_ellipticcurvelist_length = 0; - OPENSSL_free(ss->tlsext_ellipticcurvelist); + ss->tlsext_supportedgroupslist_length = 0; + OPENSSL_free(ss->tlsext_supportedgroupslist); #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index ba3457d2e0..142c637dc9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1736,7 +1736,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } /* Get NID of appropriate shared curve */ - nid = tls1_shared_curve(s, -2); + nid = tls1_shared_group(s, -2); curve_id = tls1_ec_nid2curve_id(nid); if (curve_id == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 30b304669f..bbec1359ca 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -242,7 +242,7 @@ int SSL_extension_supported(unsigned int ext_type) /* Internally supported extensions. */ case TLSEXT_TYPE_application_layer_protocol_negotiation: case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: case TLSEXT_TYPE_heartbeat: #ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e79c37eee0..a7aa955223 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -268,8 +268,8 @@ static int tls1_get_curvelist(SSL *s, int sess, { size_t pcurveslen = 0; if (sess) { - *pcurves = s->session->tlsext_ellipticcurvelist; - pcurveslen = s->session->tlsext_ellipticcurvelist_length; + *pcurves = s->session->tlsext_supportedgroupslist; + pcurveslen = s->session->tlsext_supportedgroupslist_length; } else { /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { @@ -288,8 +288,8 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = 2; break; default: - *pcurves = s->tlsext_ellipticcurvelist; - pcurveslen = s->tlsext_ellipticcurvelist_length; + *pcurves = s->tlsext_supportedgroupslist; + pcurveslen = s->tlsext_supportedgroupslist_length; } if (!*pcurves) { *pcurves = eccurves_default; @@ -356,13 +356,13 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) } /*- - * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef + * For nmatch >= 0, return the NID of the |nmatch|th shared group or NID_undef * if there is no match. * For nmatch == -1, return number of matches - * For nmatch == -2, return the NID of the curve to use for + * For nmatch == -2, return the NID of the group to use for * an EC tmp key, or NID_undef if there is no match. */ -int tls1_shared_curve(SSL *s, int nmatch) +int tls1_shared_group(SSL *s, int nmatch) { const unsigned char *pref, *supp; size_t num_pref, num_supp, i, j; @@ -434,34 +434,35 @@ int tls1_shared_curve(SSL *s, int nmatch) return NID_undef; } -int tls1_set_curves(unsigned char **pext, size_t *pextlen, - int *curves, size_t ncurves) +int tls1_set_groups(unsigned char **pext, size_t *pextlen, + int *groups, size_t ngroups) { - unsigned char *clist, *p; + unsigned char *glist, *p; size_t i; /* - * Bitmap of curves included to detect duplicates: only works while curve + * Bitmap of groups included to detect duplicates: only works while group * ids < 32 */ unsigned long dup_list = 0; - clist = OPENSSL_malloc(ncurves * 2); - if (clist == NULL) + glist = OPENSSL_malloc(ngroups * 2); + if (glist == NULL) return 0; - for (i = 0, p = clist; i < ncurves; i++) { + for (i = 0, p = glist; i < ngroups; i++) { unsigned long idmask; int id; - id = tls1_ec_nid2curve_id(curves[i]); + /* TODO(TLS1.3): Convert for DH groups */ + id = tls1_ec_nid2curve_id(groups[i]); idmask = 1L << id; if (!id || (dup_list & idmask)) { - OPENSSL_free(clist); + OPENSSL_free(glist); return 0; } dup_list |= idmask; s2n(id, p); } OPENSSL_free(*pext); - *pext = clist; - *pextlen = ncurves * 2; + *pext = glist; + *pextlen = ngroups * 2; return 1; } @@ -500,8 +501,8 @@ static int nid_cb(const char *elem, int len, void *arg) return 1; } -/* Set curves based on a colon separate list */ -int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) +/* Set groups based on a colon separate list */ +int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str) { nid_cb_st ncb; ncb.nidcnt = 0; @@ -509,7 +510,7 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) return 0; if (pext == NULL) return 1; - return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt); + return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt); } /* For an EC key set TLS id and required compression based on parameters */ @@ -706,7 +707,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return 1; } /* Need a shared curve */ - if (tls1_shared_curve(s, 0)) + if (tls1_shared_group(s, 0)) return 1; return 0; } @@ -1117,16 +1118,17 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) } /* - * Add TLS extension EllipticCurves to the ClientHello message + * Add TLS extension supported_groups to the ClientHello message */ - pcurves = s->tlsext_ellipticcurvelist; + /* TODO(TLS1.3): Add support for DHE groups */ + pcurves = s->tlsext_supportedgroupslist; if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves) - /* Sub-packet for curves extension */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) + /* Sub-packet for supported_groups extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); @@ -1982,22 +1984,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) return 0; } } - } else if (currext->type == TLSEXT_TYPE_elliptic_curves) { - PACKET elliptic_curve_list; + } else if (currext->type == TLSEXT_TYPE_supported_groups) { + PACKET supported_groups_list; - /* Each NamedCurve is 2 bytes and we must have at least 1. */ + /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(&currext->data, - &elliptic_curve_list) - || PACKET_remaining(&elliptic_curve_list) == 0 - || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) { + &supported_groups_list) + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { return 0; } if (!s->hit) { - if (!PACKET_memdup(&elliptic_curve_list, - &s->session->tlsext_ellipticcurvelist, + if (!PACKET_memdup(&supported_groups_list, + &s->session->tlsext_supportedgroupslist, &s-> - session->tlsext_ellipticcurvelist_length)) { + session->tlsext_supportedgroupslist_length)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index c8d00532d8..52c72b2450 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -448,7 +448,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_client_authz, "client_authz"}, {TLSEXT_TYPE_server_authz, "server_authz"}, {TLSEXT_TYPE_cert_type, "cert_type"}, - {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"}, + {TLSEXT_TYPE_supported_groups, "supported_groups"}, {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, {TLSEXT_TYPE_srp, "srp"}, {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, @@ -466,7 +466,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} }; -static ssl_trace_tbl ssl_curve_tbl[] = { +static ssl_trace_tbl ssl_groups_tbl[] = { {1, "sect163k1 (K-163)"}, {2, "sect163r1"}, {3, "sect163r2 (B-163)"}, @@ -665,13 +665,13 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; - return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl); + return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); case TLSEXT_TYPE_signature_algorithms: @@ -1009,7 +1009,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, return 0; curve = (msg[1] << 8) | msg[2]; BIO_printf(bio, "named_curve: %s (%d)\n", - ssl_trace_str(curve, ssl_curve_tbl), curve); + ssl_trace_str(curve, ssl_groups_tbl), curve); msg += 3; msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))