diff options
author | Matt Caswell <matt@openssl.org> | 2021-01-13 17:27:10 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-05 15:20:37 +0000 |
commit | 8b1db5d329740bd5363fd1763d4030d0e015b521 (patch) | |
tree | 2bc4baa1f7ebf82da6fb5278c808f2d22e08115a /ssl/statem/extensions_clnt.c | |
parent | ddf8f1ce634b9a3bd30603d9e0eaec1990a0d586 (diff) | |
download | openssl-8b1db5d329740bd5363fd1763d4030d0e015b521.tar.gz |
Make supported_groups code independent of EC and DH
The supported groups code was checking the OPENSSL_NO_EC and
OPENSSL_NO_DH guards in order to work, and the list of default groups was
based on those guards. However we now need it to work even in a no-ec
and no-dh build, because new groups might be added from providers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 89e1422bbd..cc958aa1b0 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -108,7 +108,6 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, } #endif -#ifndef OPENSSL_NO_EC static int use_ecc(SSL *s, int min_version, int max_version) { int i, end, ret = 0; @@ -144,7 +143,7 @@ static int use_ecc(SSL *s, int min_version, int max_version) for (j = 0; j < num_groups; j++) { uint16_t ctmp = pgroups[j]; - if (tls_valid_group(s, ctmp, min_version, max_version) + if (tls_valid_group(s, ctmp, min_version, max_version, 1, NULL) && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) return 1; } @@ -152,6 +151,7 @@ static int use_ecc(SSL *s, int min_version, int max_version) return 0; } +#ifndef OPENSSL_NO_EC EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) @@ -189,7 +189,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, size_t chainidx) { const uint16_t *pgroups = NULL; - size_t num_groups = 0, i; + size_t num_groups = 0, i, tls13added = 0, added = 0; int min_version, max_version, reason; reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL); @@ -198,13 +198,13 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } -#if defined(OPENSSL_NO_EC) - if (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION) - return EXT_RETURN_NOT_SENT; -#else - if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION) + /* + * We only support EC groups in TLSv1.2 or below, and in DTLS. Therefore + * if we don't have EC support then we don't send this extension. + */ + if (!use_ecc(s, min_version, max_version) + && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)) return EXT_RETURN_NOT_SENT; -#endif /* * Add TLS extension supported_groups to the ClientHello message @@ -222,17 +222,25 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, /* Copy group ID if supported */ for (i = 0; i < num_groups; i++) { uint16_t ctmp = pgroups[i]; + int okfortls13; - if (tls_valid_group(s, ctmp, min_version, max_version) + if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } + if (okfortls13 && max_version == TLS1_3_VERSION) + tls13added++; + added++; } } if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + if (added == 0 || (tls13added == 0 && max_version == TLS1_3_VERSION)) + SSLfatal_data(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_GROUPS, + "No groups enabled for max supported SSL/TLS version"); + else + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } |