Reimplement brainpool TLSv1.3 support group support

Create new TLS_GROUP_ENTRY values for these groups.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index cd83f24e8d2d2fb98835b0a79a12d22b1610d115..b97118922cd7d11614f0732fc41512c8c8711e3c 100644 (file)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1154,7 +1154,7 @@ static const unsigned char so[8356] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32,  /* [ 8344] OBJ_id_ct_signedTAL */
 };
 
-#define NUM_NID 1285
+#define NUM_NID 1288
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2441,9 +2441,12 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"oracle-organization", "Oracle organization", NID_oracle, 7, &so[8325]},
     {"oracle-jdk-trustedkeyusage", "Trusted key usage (Oracle)", NID_oracle_jdk_trustedkeyusage, 12, &so[8332]},
     {"id-ct-signedTAL", "id-ct-signedTAL", NID_id_ct_signedTAL, 11, &so[8344]},
+    {"brainpoolP256r1tls13", "brainpoolP256r1tls13", NID_brainpoolP256r1tls13},
+    {"brainpoolP384r1tls13", "brainpoolP384r1tls13", NID_brainpoolP384r1tls13},
+    {"brainpoolP512r1tls13", "brainpoolP512r1tls13", NID_brainpoolP512r1tls13},
 };
 
-#define NUM_SN 1276
+#define NUM_SN 1279
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2781,12 +2784,15 @@ static const unsigned int sn_objs[NUM_SN] = {
      925,    /* "brainpoolP224r1" */
      926,    /* "brainpoolP224t1" */
      927,    /* "brainpoolP256r1" */
+    1285,    /* "brainpoolP256r1tls13" */
      928,    /* "brainpoolP256t1" */
      929,    /* "brainpoolP320r1" */
      930,    /* "brainpoolP320t1" */
      931,    /* "brainpoolP384r1" */
+    1286,    /* "brainpoolP384r1tls13" */
      932,    /* "brainpoolP384t1" */
      933,    /* "brainpoolP512r1" */
+    1287,    /* "brainpoolP512r1tls13" */
      934,    /* "brainpoolP512t1" */
      494,    /* "buildingName" */
      860,    /* "businessCategory" */
@@ -3723,7 +3729,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1276
+#define NUM_LN 1279
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -4057,12 +4063,15 @@ static const unsigned int ln_objs[NUM_LN] = {
      925,    /* "brainpoolP224r1" */
      926,    /* "brainpoolP224t1" */
      927,    /* "brainpoolP256r1" */
+    1285,    /* "brainpoolP256r1tls13" */
      928,    /* "brainpoolP256t1" */
      929,    /* "brainpoolP320r1" */
      930,    /* "brainpoolP320t1" */
      931,    /* "brainpoolP384r1" */
+    1286,    /* "brainpoolP384r1tls13" */
      932,    /* "brainpoolP384t1" */
      933,    /* "brainpoolP512r1" */
+    1287,    /* "brainpoolP512r1tls13" */
      934,    /* "brainpoolP512t1" */
      494,    /* "buildingName" */
      860,    /* "businessCategory" */

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index f4e70da2cd5bcbf52b7e7496fae2f7499284ac6f..64dffcb7c1fe13096267e934bf643b27d1578424 100644 (file)
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1282,3 +1282,6 @@ hmacWithSM3               1281
 oracle         1282
 oracle_jdk_trustedkeyusage             1283
 id_ct_signedTAL                1284
+brainpoolP256r1tls13           1285
+brainpoolP384r1tls13           1286
+brainpoolP512r1tls13           1287

diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index a03f682d5ec5c988f44bbd643dd23830e34355e5..b627cfdfd1097b74889021ccd9735932a38ae843 100644 (file)
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1643,12 +1643,18 @@ ISO-US 10046 2 1        : dhpublicnumber                : X9.42 DH
 1 3 36 3 3 2 8 1 1 5 : brainpoolP224r1
 1 3 36 3 3 2 8 1 1 6 : brainpoolP224t1
 1 3 36 3 3 2 8 1 1 7 : brainpoolP256r1
+# Alternate NID to represent the TLSv1.3 brainpoolP256r1 group
+                     : brainpoolP256r1tls13
 1 3 36 3 3 2 8 1 1 8 : brainpoolP256t1
 1 3 36 3 3 2 8 1 1 9 : brainpoolP320r1
 1 3 36 3 3 2 8 1 1 10 : brainpoolP320t1
 1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
+# Alternate NID to represent the TLSv1.3 brainpoolP384r1 group
+                      : brainpoolP384r1tls13
 1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
 1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
+# Alternate NID to represent the TLSv1.3 brainpoolP512r1 group
+                      : brainpoolP512r1tls13
 1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
 
 # ECDH schemes from RFC5753

diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index e1cafb01091ee6c555a1bb3e501eaff4b1abbfbc..8ad445259d57e0d8311453b3e7b3662d931b2cb4 100644 (file)
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -5171,6 +5171,9 @@
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 
+#define SN_brainpoolP256r1tls13         "brainpoolP256r1tls13"
+#define NID_brainpoolP256r1tls13                1285
+
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
@@ -5187,6 +5190,9 @@
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 
+#define SN_brainpoolP384r1tls13         "brainpoolP384r1tls13"
+#define NID_brainpoolP384r1tls13                1286
+
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
@@ -5195,6 +5201,9 @@
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 
+#define SN_brainpoolP512r1tls13         "brainpoolP512r1tls13"
+#define NID_brainpoolP512r1tls13                1287
+
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L

diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index ed37e7696989ce4d3963c67e04648ce422c226dd..f7234615e4ca00e465e05fb7042b1f98633e9975 100644 (file)
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -30,7 +30,7 @@ typedef struct tls_group_constants_st {
     int maxdtls;             /* Maximum DTLS version (or 0 for undefined) */
 } TLS_GROUP_CONSTANTS;
 
-static const TLS_GROUP_CONSTANTS group_list[35] = {
+static const TLS_GROUP_CONSTANTS group_list[] = {
     { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, TLS1_2_VERSION,
       DTLS1_VERSION, DTLS1_2_VERSION },
     { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, TLS1_2_VERSION,
@@ -86,6 +86,9 @@ static const TLS_GROUP_CONSTANTS group_list[35] = {
       DTLS1_VERSION, DTLS1_2_VERSION },
     { OSSL_TLS_GROUP_ID_x25519, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
     { OSSL_TLS_GROUP_ID_x448, 224, TLS1_VERSION, 0, DTLS1_VERSION, 0 },
+    { OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13, 128, TLS1_3_VERSION, 0, -1, -1 },
+    { OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13, 192, TLS1_3_VERSION, 0, -1, -1 },
+    { OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13, 256, TLS1_3_VERSION, 0, -1, -1 },
     /* Security bit values as given by BN_security_bits() */
     { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_3_VERSION, 0, -1, -1 },
     { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_3_VERSION, 0, -1, -1 },
@@ -189,14 +192,19 @@ static const OSSL_PARAM param_group_list[][10] = {
 #  endif
     TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28),
     TLS_GROUP_ENTRY("x448", "X448", "X448", 29),
+#  ifndef FIPS_MODULE
+    TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30),
+    TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31),
+    TLS_GROUP_ENTRY("brainpoolP512r1tls13", "brainpoolP512r1", "EC", 32),
+#  endif
 # endif /* OPENSSL_NO_EC */
 # ifndef OPENSSL_NO_DH
     /* Security bit values for FFDHE groups are as per RFC 7919 */
-    TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 30),
-    TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 31),
-    TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 32),
-    TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 33),
-    TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 34),
+    TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 33),
+    TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 34),
+    TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 35),
+    TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 36),
+    TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 37),
 # endif
 };
 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dcd7b294a030a0cffc629d1d30a20cff834a4a8d..166b4f837e653c85ade9fcb9f6201e84bd45ca24 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -181,6 +181,9 @@ static struct {
     {NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1},
     {EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519},
     {EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448},
+    {NID_brainpoolP256r1tls13, OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13},
+    {NID_brainpoolP384r1tls13, OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13},
+    {NID_brainpoolP512r1tls13, OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13},
     {NID_id_tc26_gost_3410_2012_256_paramSetA, OSSL_TLS_GROUP_ID_gc256A},
     {NID_id_tc26_gost_3410_2012_256_paramSetB, OSSL_TLS_GROUP_ID_gc256B},
     {NID_id_tc26_gost_3410_2012_256_paramSetC, OSSL_TLS_GROUP_ID_gc256C},

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index edeb926e22f0959c6f591f866f76117c6f65e1c5..802958c38370a1cdd0387be05c27f61c071bb498 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -525,6 +525,9 @@ static const ssl_trace_tbl ssl_groups_tbl[] = {
     {28, "brainpoolP512r1"},
     {29, "ecdh_x25519"},
     {30, "ecdh_x448"},
+    {31, "brainpoolP256r1tls13"},
+    {32, "brainpoolP384r1tls13"},
+    {33, "brainpoolP512r1tls13"},
     {34, "GC256A"},
     {35, "GC256B"},
     {36, "GC256C"},

diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf
index 5cb7aca3ea0138d34183358d7a6ab156636ab3f8..51d38b9b61932d6eae5e5290aded70b0112927f9 100644 (file)
--- a/test/ssl-tests/20-cert-select.cnf
+++ b/test/ssl-tests/20-cert-select.cnf
@@ -1728,7 +1728,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-52]
-ExpectedResult = ServerFail
+ExpectedResult = ClientFail
 
 
 # ===========================================================

diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in
index d0cc5cfd5cfb9aa9682994ad40b7162fb6792e72..b8e689d565ceec3b5b69b284fa69c79e42d02a27 100644 (file)
--- a/test/ssl-tests/20-cert-select.cnf.in
+++ b/test/ssl-tests/20-cert-select.cnf.in
@@ -914,7 +914,7 @@ my @tests_tls_1_3_non_fips = (
             #We only configured brainpoolP256r1 on the client side, but TLSv1.3
             #is enabled and this group is not allowed in TLSv1.3. Therefore this
             #should fail
-            "ExpectedResult" => "ServerFail"
+            "ExpectedResult" => "ClientFail"
         },
     },
     {