Change curves to groups where relevant (f48d826e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

ssl/statem/extensions.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -1167,25 +1167,25 @@ static int final_key_share(SSL s, unsigned int context, int sent, int al)
		&& (!s->hit
		\|\| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
		!= 0)) {
		const uint16_t pcurves, clntcurves;
		size_t num_curves, clnt_num_curves, i;
		const uint16_t pgroups, clntgroups;
		size_t num_groups, clnt_num_groups, i;
		unsigned int group_id = 0;

		/* Check if a shared group exists */

		/* Get the clients list of supported groups. */
		tls1_get_peer_groups(s, &clntcurves, &clnt_num_curves);
		tls1_get_supported_groups(s, &pcurves, &num_curves);
		tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
		tls1_get_supported_groups(s, &pgroups, &num_groups);

		/* Find the first group we allow that is also in client's list */
		for (i = 0; i < num_curves; i++) {
		group_id = pcurves[i];
		for (i = 0; i < num_groups; i++) {
		group_id = pgroups[i];

		if (check_in_list(s, group_id, clntcurves, clnt_num_curves, 1))
		if (check_in_list(s, group_id, clntgroups, clnt_num_groups, 1))
		break;
		}

		if (i < num_curves) {
		if (i < num_groups) {
		/* A shared group exists so send a HelloRetryRequest */
		s->s3->group_id = group_id;
		s->hello_retry_request = 1;

ssl/statem/extensions_clnt.c

+17 −17

Original line number	Diff line number	Diff line
		@@ -139,8 +139,8 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL s, WPACKET pkt,
		unsigned int context, X509 *x,
		size_t chainidx, int *al)
		{
		const uint16_t *pcurves = NULL;
		size_t num_curves = 0, i;
		const uint16_t *pgroups = NULL;
		size_t num_groups = 0, i;

		if (!use_ecc(s))
		return EXT_RETURN_NOT_SENT;
		@@ -149,7 +149,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL s, WPACKET pkt,
		* Add TLS extension supported_groups to the ClientHello message
		*/
		/* TODO(TLS1.3): Add support for DHE groups */
		tls1_get_supported_groups(s, &pcurves, &num_curves);
		tls1_get_supported_groups(s, &pgroups, &num_groups);

		if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
		/* Sub-packet for supported_groups extension */
		@@ -160,8 +160,8 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL s, WPACKET pkt,
		return EXT_RETURN_FAIL;
		}
		/* Copy curve ID if supported */
		for (i = 0; i < num_curves; i++) {
		uint16_t ctmp = pcurves[i];
		for (i = 0; i < num_groups; i++) {
		uint16_t ctmp = pgroups[i];

		if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
		if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
		@@ -590,8 +590,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL s, WPACKET pkt,
		size_t chainidx, int *al)
		{
		#ifndef OPENSSL_NO_TLS1_3
		size_t i, num_curves = 0;
		const uint16_t *pcurves = NULL;
		size_t i, num_groups = 0;
		const uint16_t *pgroups = NULL;
		uint16_t curve_id = 0;

		/* key_share extension */
		@@ -604,7 +604,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL s, WPACKET pkt,
		return EXT_RETURN_FAIL;
		}

		tls1_get_supported_groups(s, &pcurves, &num_curves);
		tls1_get_supported_groups(s, &pgroups, &num_groups);

		/*
		* TODO(TLS1.3): Make the number of key_shares sent configurable. For
		@@ -613,12 +613,12 @@ EXT_RETURN tls_construct_ctos_key_share(SSL s, WPACKET pkt,
		if (s->s3->group_id != 0) {
		curve_id = s->s3->group_id;
		} else {
		for (i = 0; i < num_curves; i++) {
		for (i = 0; i < num_groups; i++) {

		if (!tls_curve_allowed(s, pcurves[i], SSL_SECOP_CURVE_SUPPORTED))
		if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
		continue;

		curve_id = pcurves[i];
		curve_id = pgroups[i];
		break;
		}
		}
		@@ -1514,8 +1514,8 @@ int tls_parse_stoc_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		}

		if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
		const uint16_t *pcurves = NULL;
		size_t i, num_curves;
		const uint16_t *pgroups = NULL;
		size_t i, num_groups;

		if (PACKET_remaining(pkt) != 0) {
		*al = SSL_AD_DECODE_ERROR;
		@@ -1534,12 +1534,12 @@ int tls_parse_stoc_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		}

		/* Validate the selected group is one we support */
		tls1_get_supported_groups(s, &pcurves, &num_curves);
		for (i = 0; i < num_curves; i++) {
		if (group_id == pcurves[i])
		tls1_get_supported_groups(s, &pgroups, &num_groups);
		for (i = 0; i < num_groups; i++) {
		if (group_id == pgroups[i])
		break;
		}
		if (i >= num_curves
		if (i >= num_groups
		\|\| !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
		*al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);

ssl/statem/extensions_srvr.c

+9 −9

Original line number	Diff line number	Diff line
		@@ -499,8 +499,8 @@ int tls_parse_ctos_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		#ifndef OPENSSL_NO_TLS1_3
		unsigned int group_id;
		PACKET key_share_list, encoded_pt;
		const uint16_t clntcurves, srvrcurves;
		size_t clnt_num_curves, srvr_num_curves;
		const uint16_t clntgroups, srvrgroups;
		size_t clnt_num_groups, srvr_num_groups;
		int found = 0;

		if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
		@@ -519,11 +519,11 @@ int tls_parse_ctos_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		return 0;
		}

		/* Get our list of supported curves */
		tls1_get_supported_groups(s, &srvrcurves, &srvr_num_curves);
		/* Get the clients list of supported curves. */
		tls1_get_peer_groups(s, &clntcurves, &clnt_num_curves);
		if (clnt_num_curves == 0) {
		/* Get our list of supported groups */
		tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups);
		/* Get the clients list of supported groups. */
		tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
		if (clnt_num_groups == 0) {
		/*
		* This can only happen if the supported_groups extension was not sent,
		* because we verify that the length is non-zero when we process that
		@@ -553,14 +553,14 @@ int tls_parse_ctos_key_share(SSL s, PACKET pkt, unsigned int context, X509 *x,
		continue;

		/* Check if this share is in supported_groups sent from client */
		if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {
		if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) {
		*al = SSL_AD_ILLEGAL_PARAMETER;
		SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
		return 0;
		}

		/* Check if this share is for a group we can use */
		if (!check_in_list(s, group_id, srvrcurves, srvr_num_curves, 1)) {
		if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
		/* Share not suitable */
		continue;
		}

ssl/t1_lib.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -186,12 +186,12 @@ static const uint16_t suiteb_curves[] = {
		TLSEXT_curve_P_384
		};

		const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id)
		const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
		{
		/* ECC curves from RFC 4492 and RFC 7027 */
		if (curve_id < 1 \|\| curve_id > OSSL_NELEM(nid_list))
		if (group_id < 1 \|\| group_id > OSSL_NELEM(nid_list))
		return NULL;
		return &nid_list[curve_id - 1];
		return &nid_list[group_id - 1];
		}

		static uint16_t tls1_nid2group_id(int nid)