"ssl3-method" => [ "ssl3" ],
"zlib" => [ "zlib-dynamic" ],
"des" => [ "mdc2" ],
- "ec" => [ "ecdsa", "ecdh" ],
+ "ec" => [ "ecdsa", "ecdh", "sm2" ],
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"apps" => [ "tests" ],
"tests" => [ "external-tests" ],
"comp" => [ "zlib" ],
- "ec" => [ "tls1_3", "sm2" ],
"sm3" => [ "sm2" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
}
return ssl_cert_set_current(s->cert, larg);
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_GROUPS:
{
uint16_t *clist;
}
return id;
}
-#endif
+
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
break;
#endif
-#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_GROUPS:
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
return tls1_set_groups_list(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
-#endif
+
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
s->ext.ecpointformats_len =
ctx->ext.ecpointformats_len;
}
+#endif
if (ctx->ext.supportedgroups) {
s->ext.supportedgroups =
OPENSSL_memdup(ctx->ext.supportedgroups,
goto err;
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
}
-#endif
+
#ifndef OPENSSL_NO_NEXTPROTONEG
s->ext.npn = NULL;
#endif
/* EC extension values inherited by SSL structure */
size_t ecpointformats_len;
unsigned char *ecpointformats;
+# endif /* OPENSSL_NO_EC */
+
size_t supportedgroups_len;
uint16_t *supportedgroups;
-# endif /* OPENSSL_NO_EC */
/*
* ALPN information (we are in the process of transitioning from NPN to
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-# ifndef OPENSSL_NO_EC
-
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
int *curves, size_t ncurves);
__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str);
-void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
- size_t *num_formats);
-__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int version);
__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
+# ifndef OPENSSL_NO_EC
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+ size_t *num_formats);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
# endif /* OPENSSL_NO_EC */
-__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);
+__owur int tls_group_allowed(SSL *s, uint16_t curve, int op);
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
size_t *pgroupslen);
static int init_ems(SSL *s, unsigned int context);
static int final_ems(SSL *s, unsigned int context, int sent);
static int init_psk_kex_modes(SSL *s, unsigned int context);
-#ifndef OPENSSL_NO_EC
static int final_key_share(SSL *s, unsigned int context, int sent);
-#endif
#ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context);
#endif
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
final_ec_pt_formats
},
+#else
+ INVALID_EXTENSION,
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
{
/*
* "supported_groups" is spread across several specifications.
},
#else
INVALID_EXTENSION,
- INVALID_EXTENSION,
#endif
{
TLSEXT_TYPE_session_ticket,
init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
tls_construct_ctos_psk_kex_modes, NULL
},
-#ifndef OPENSSL_NO_EC
{
/*
* Must be in this list after supported_groups. We need that to have
tls_construct_stoc_key_share, tls_construct_ctos_key_share,
final_key_share
},
-#endif
{
/* Must be after key_share */
TLSEXT_TYPE_cookie,
return 1;
}
-#ifndef OPENSSL_NO_EC
static int final_key_share(SSL *s, unsigned int context, int sent)
{
if (!SSL_IS_TLS13(s))
return 1;
}
-#endif
static int init_psk_kex_modes(SSL *s, unsigned int context)
{
#endif
#ifndef OPENSSL_NO_EC
-static int use_ecc(SSL *s)
+static int use_ecc(SSL *s, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+ const uint16_t *pgroups = NULL;
+ size_t num_groups, j;
/* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION)
break;
}
}
-
sk_SSL_CIPHER_free(cipher_stack);
- return ret;
+ if (!ret)
+ return 0;
+
+ /* Check we have at least one EC supported group */
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
+ for (j = 0; j < num_groups; j++) {
+ uint16_t ctmp = pgroups[j];
+
+ if (tls_valid_group(s, ctmp, max_version)
+ && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
+ return 1;
+ }
+
+ return 0;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
{
const unsigned char *pformats;
size_t num_formats;
+ int reason, min_version, max_version;
- if (!use_ecc(s))
+ reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+ if (reason != 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
+ return EXT_RETURN_FAIL;
+ }
+ if (!use_ecc(s, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
return EXT_RETURN_SENT;
}
+#endif
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
size_t num_groups = 0, i;
int min_version, max_version, reason;
- if (!use_ecc(s))
- return EXT_RETURN_NOT_SENT;
-
reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
if (reason != 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
return EXT_RETURN_FAIL;
}
+#if defined(OPENSSL_NO_EC)
+ if (max_version < TLS1_3_VERSION)
+ return EXT_RETURN_NOT_SENT;
+#else
+ if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
+ return EXT_RETURN_NOT_SENT;
+#endif
+
/*
* Add TLS extension supported_groups to the ClientHello message
*/
uint16_t ctmp = pgroups[i];
if (tls_valid_group(s, ctmp, max_version)
- && tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+ && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
} else {
for (i = 0; i < num_groups; i++) {
- if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
+ if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
curve_id = pgroups[i];
break;
}
if (i >= num_groups
- || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+ || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0;
return 1;
}
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
}
#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
uint16_t group = groups[i];
if (tls_valid_group(s, group, SSL_version(s))
- && tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
+ && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
if (first) {
/*
* Check if the client is already using our preferred group. If
* used. Returns 1 if the group is in the list (and allowed if |checkallow| is
* 1) or 0 otherwise.
*/
-#ifndef OPENSSL_NO_EC
int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow)
{
if (group_id == group
&& (!checkallow
- || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
+ || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
return 1;
}
}
return 0;
}
-#endif
/* Replace ClientHello1 in the transcript hash with a synthetic message */
int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
+#endif
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidxl);
-#endif
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
+#endif
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
-#endif
+
EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
return 1;
}
-#ifndef OPENSSL_NO_EC
-
/*
- * Table of curve information.
+ * Table of group information.
*/
static const TLS_GROUP_INFO nid_list[] = {
+#ifndef OPENSSL_NO_EC
{NID_sect163k1, 80, TLS_GROUP_CURVE_CHAR2, 0x0001}, /* sect163k1 (1) */
{NID_sect163r1, 80, TLS_GROUP_CURVE_CHAR2, 0x0002}, /* sect163r1 (2) */
{NID_sect163r2, 80, TLS_GROUP_CURVE_CHAR2, 0x0003}, /* sect163r2 (3) */
{NID_brainpoolP512r1, 256, TLS_GROUP_CURVE_PRIME, 0x001C}, /* brainpool512r1 (28) */
{EVP_PKEY_X25519, 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */
{EVP_PKEY_X448, 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */
+#endif /* OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_DH
/* Security bit values for FFDHE groups are updated as per RFC 7919 */
{NID_ffdhe2048, 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */
{NID_ffdhe3072, 125, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0101}, /* ffdhe3072 (0x0101) */
{NID_ffdhe4096, 150, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0102}, /* ffdhe4096 (0x0102) */
{NID_ffdhe6144, 175, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0103}, /* ffdhe6144 (0x0103) */
{NID_ffdhe8192, 192, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0104}, /* ffdhe8192 (0x0104) */
+#endif /* OPENSSL_NO_DH */
};
+#ifndef OPENSSL_NO_EC
static const unsigned char ecformats_default[] = {
TLSEXT_ECPOINTFORMAT_uncompressed,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
};
+#endif
/* The default curves */
static const uint16_t supported_groups_default[] = {
+#ifndef OPENSSL_NO_EC
29, /* X25519 (29) */
23, /* secp256r1 (23) */
30, /* X448 (30) */
25, /* secp521r1 (25) */
24, /* secp384r1 (24) */
+#endif
+#ifndef OPENSSL_NO_DH
0x100, /* ffdhe2048 (0x100) */
0x101, /* ffdhe3072 (0x101) */
0x102, /* ffdhe4096 (0x102) */
0x103, /* ffdhe6144 (0x103) */
0x104, /* ffdhe8192 (0x104) */
+#endif
};
+#ifndef OPENSSL_NO_EC
static const uint16_t suiteb_curves[] = {
TLSEXT_curve_P_256,
TLSEXT_curve_P_384
};
+#endif
const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
{
/* For Suite B mode only include P-256, P-384 */
switch (tls1_suiteb(s)) {
+#ifndef OPENSSL_NO_EC
case SSL_CERT_FLAG_SUITEB_128_LOS:
*pgroups = suiteb_curves;
*pgroupslen = OSSL_NELEM(suiteb_curves);
*pgroups = suiteb_curves + 1;
*pgroupslen = 1;
break;
+#endif
default:
if (s->ext.supportedgroups == NULL) {
return 1;
}
-/* See if curve is allowed by security callback */
-int tls_curve_allowed(SSL *s, uint16_t curve, int op)
+/* See if group is allowed by security callback */
+int tls_group_allowed(SSL *s, uint16_t group, int op)
{
- const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve);
- unsigned char ctmp[2];
+ const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group);
+ unsigned char gtmp[2];
- if (cinfo == NULL)
+ if (ginfo == NULL)
return 0;
-# ifdef OPENSSL_NO_EC2M
- if (cinfo->flags & TLS_GROUP_CURVE_CHAR2)
+#ifdef OPENSSL_NO_EC2M
+ if (ginfo->flags & TLS_GROUP_CURVE_CHAR2)
return 0;
-# endif
-# ifdef OPENSSL_NO_DH
- if (cinfo->flags & TLS_GROUP_FFDHE)
+#endif
+#ifdef OPENSSL_NO_DH
+ if (ginfo->flags & TLS_GROUP_FFDHE)
return 0;
-# endif
- ctmp[0] = curve >> 8;
- ctmp[1] = curve & 0xff;
- return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
+#endif
+ gtmp[0] = group >> 8;
+ gtmp[1] = group & 0xff;
+ return ssl_security(s, op, ginfo->secbits, ginfo->nid, (void *)gtmp);
}
/* Return 1 if "id" is in "list" */
uint16_t id = pref[i];
if (!tls1_in_list(id, supp, num_supp)
- || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED))
+ || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED))
continue;
if (nmatch == k)
return id;
return 0;
}
-# define MAX_CURVELIST OSSL_NELEM(nid_list)
+#define MAX_GROUPLIST OSSL_NELEM(nid_list)
typedef struct {
size_t nidcnt;
- int nid_arr[MAX_CURVELIST];
+ int nid_arr[MAX_GROUPLIST];
} nid_cb_st;
static int nid_cb(const char *elem, int len, void *arg)
{
nid_cb_st *narg = arg;
size_t i;
- int nid;
+ int nid = NID_undef;
char etmp[20];
if (elem == NULL)
return 0;
- if (narg->nidcnt == MAX_CURVELIST)
+ if (narg->nidcnt == MAX_GROUPLIST)
return 0;
if (len > (int)(sizeof(etmp) - 1))
return 0;
memcpy(etmp, elem, len);
etmp[len] = 0;
+#ifndef OPENSSL_NO_EC
nid = EC_curve_nist2nid(etmp);
+#endif
if (nid == NID_undef)
nid = OBJ_sn2nid(etmp);
if (nid == NID_undef)
return 1;
return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
}
-/* Return group id of a key */
-static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
-{
- EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
- const EC_GROUP *grp;
-
- if (ec == NULL)
- return 0;
- grp = EC_KEY_get0_group(ec);
- return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
-}
-
-/* Check a key is compatible with compression extension */
-static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
-{
- const EC_KEY *ec;
- const EC_GROUP *grp;
- unsigned char comp_id;
- size_t i;
-
- /* If not an EC key nothing to check */
- if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
- return 1;
- ec = EVP_PKEY_get0_EC_KEY(pkey);
- grp = EC_KEY_get0_group(ec);
-
- /* Get required compression id */
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
- comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
- } else if (SSL_IS_TLS13(s)) {
- /*
- * ec_point_formats extension is not used in TLSv1.3 so we ignore
- * this check.
- */
- return 1;
- } else {
- int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
-
- if (field_type == NID_X9_62_prime_field)
- comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
- else if (field_type == NID_X9_62_characteristic_two_field)
- comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- else
- return 0;
- }
- /*
- * If point formats extension present check it, otherwise everything is
- * supported (see RFC4492).
- */
- if (s->session->ext.ecpointformats == NULL)
- return 1;
-
- for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
- if (s->session->ext.ecpointformats[i] == comp_id)
- return 1;
- }
- return 0;
-}
/* Check a group id matches preferences */
int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
return 0;
}
- if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
+ if (!tls_group_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
return 0;
/* For clients, nothing more to check */
return tls1_in_list(group_id, groups, groups_len);
}
+#ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats)
{
}
}
+/* Check a key is compatible with compression extension */
+static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
+{
+ const EC_KEY *ec;
+ const EC_GROUP *grp;
+ unsigned char comp_id;
+ size_t i;
+
+ /* If not an EC key nothing to check */
+ if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+ return 1;
+ ec = EVP_PKEY_get0_EC_KEY(pkey);
+ grp = EC_KEY_get0_group(ec);
+
+ /* Get required compression id */
+ if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+ comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ } else if (SSL_IS_TLS13(s)) {
+ /*
+ * ec_point_formats extension is not used in TLSv1.3 so we ignore
+ * this check.
+ */
+ return 1;
+ } else {
+ int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
+
+ if (field_type == NID_X9_62_prime_field)
+ comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+ else if (field_type == NID_X9_62_characteristic_two_field)
+ comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+ else
+ return 0;
+ }
+ /*
+ * If point formats extension present check it, otherwise everything is
+ * supported (see RFC4492).
+ */
+ if (s->session->ext.ecpointformats == NULL)
+ return 1;
+
+ for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
+ if (s->session->ext.ecpointformats[i] == comp_id)
+ return 1;
+ }
+ return 0;
+}
+
+/* Return group id of a key */
+static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
+{
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ const EC_GROUP *grp;
+
+ if (ec == NULL)
+ return 0;
+ grp = EC_KEY_get0_group(ec);
+ return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
+}
+
/*
* Check cert parameters compatible with extensions: currently just checks EC
* certificates have compatible curves and compression.
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+#No EC with TLSv1.3 confuses the padding calculations in this test
+plan skip_all => "No EC with TLSv1.3 is not supported by this test"
+ if disabled("ec") && !disabled("tls1_3");
+
plan tests => 1;
ok(run(test(["clienthellotest", srctop_file("test", "session.pem")])),
use constant {
X25519 => 0x1d,
- P_256 => 0x17
+ P_256 => 0x17,
+ FFDHE2048 => 0x0100,
+ FFDHE3072 => 0x0101
};
my $testtype;
$testtype = EMPTY_EXTENSION;
$direction = CLIENT_TO_SERVER;
$proxy->filter(\&modify_key_shares_filter);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe3072");
+} else {
+ $proxy->serverflags("-groups P-256");
+}
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 22;
ok(TLSProxy::Message->success(), "Success after HRR");
# HelloRetryRequest
$proxy->clear();
$proxy->filter(undef);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe3072");
+} else {
+ $proxy->serverflags("-groups P-256");
+}
$proxy->start();
ok(TLSProxy::Message->success(), "No initial acceptable key_shares");
#Test 5: No acceptable key_shares and no shared groups should fail
$proxy->clear();
$proxy->filter(undef);
-$proxy->serverflags("-curves P-256");
-$proxy->clientflags("-curves P-384");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe2048");
+} else {
+ $proxy->serverflags("-groups P-256");
+}
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072");
+} else {
+ $proxy->clientflags("-groups P-384");
+}
$proxy->start();
ok(TLSProxy::Message->fail(), "No acceptable key_shares");
#Test 6: A non preferred but acceptable key_share should succeed
$proxy->clear();
$proxy->clientflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072");
+} else {
+ $proxy->clientflags("-groups P-256");
+}
$proxy->start();
ok(TLSProxy::Message->success(), "Non preferred key_share");
$proxy->filter(\&modify_key_shares_filter);
-#Test 7: An acceptable key_share after a list of non-acceptable ones should
-#succeed
-$proxy->clear();
-$testtype = ACCEPTABLE_AT_END;
-$proxy->start();
-ok(TLSProxy::Message->success(), "Acceptable key_share at end of list");
+SKIP: {
+ skip "No ec support in this OpenSSL build", 1 if disabled("ec");
+
+ #Test 7: An acceptable key_share after a list of non-acceptable ones should
+ #succeed
+ $proxy->clear();
+ $testtype = ACCEPTABLE_AT_END;
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Acceptable key_share at end of list");
+}
#Test 8: An acceptable key_share but for a group not in supported_groups should
#fail
$proxy->clear();
$direction = SERVER_TO_CLIENT;
$testtype = LOOK_ONLY;
-$proxy->clientflags("-curves P-256:X25519");
+$selectedgroupid = 0;
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072:ffdhe2048");
+} else {
+ $proxy->clientflags("-groups P-256:X25519");
+}
$proxy->start();
-ok(TLSProxy::Message->success() && ($selectedgroupid == P_256),
- "Multiple acceptable key_shares");
+if (disabled("ec")) {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == FFDHE3072),
+ "Multiple acceptable key_shares");
+} else {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == P_256),
+ "Multiple acceptable key_shares");
+}
#Test 14: Multiple acceptable key_shares - we choose the first one (part 2)
$proxy->clear();
-$proxy->clientflags("-curves X25519:P-256");
+if (disabled("ec")) {
+ $proxy->clientflags("-curves ffdhe2048:ffdhe3072");
+} else {
+ $proxy->clientflags("-curves X25519:P-256");
+}
$proxy->start();
-ok(TLSProxy::Message->success() && ($selectedgroupid == X25519),
- "Multiple acceptable key_shares (part 2)");
+if (disabled("ec")) {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == FFDHE2048),
+ "Multiple acceptable key_shares (part 2)");
+} else {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == X25519),
+ "Multiple acceptable key_shares (part 2)");
+}
#Test 15: Server sends key_share that wasn't offered should fail
$proxy->clear();
$testtype = SELECT_X25519;
-$proxy->clientflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072");
+} else {
+ $proxy->clientflags("-groups P-256");
+}
$proxy->start();
ok(TLSProxy::Message->fail(), "Non offered key_share");
$proxy->clear();
$direction = SERVER_TO_CLIENT;
$testtype = NO_KEY_SHARES_IN_HRR;
-$proxy->serverflags("-curves X25519");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe2048");
+} else {
+ $proxy->serverflags("-groups X25519");
+}
$proxy->start();
ok(TLSProxy::Message->fail(), "Server sends HRR with no key_shares");
$proxy->clientflags("-no_tls1_3 -noservername");
$proxy->start();
ok($fatal_alert, "Unsolicited server name extension");
-
+}
+SKIP: {
+ skip "TLS <= 1.2 disabled or EC disabled", 1
+ if $no_below_tls13 || disabled("ec");
#Test 5: Inject a noncompliant supported_groups extension (<= TLSv1.2)
$proxy->clear();
$proxy->filter(\&inject_unsolicited_extension);
#Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello
$testtype = COOKIE_ONLY;
$proxy->filter(\&cookie_filter);
-$proxy->serverflags("-curves X25519");
+$proxy->serverflags("-curves X25519") if !disabled("ec");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 2;
-ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");
+SKIP: {
+ skip "EC disabled", 1, if disabled("ec");
+ ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");
+}
+
+
#Test 2: Same as test 1 but should also work where a new key_share is also
# required
$testtype = COOKIE_AND_KEY_SHARE;
$proxy->clear();
-$proxy->clientflags("-curves P-256:X25519");
-$proxy->serverflags("-curves X25519");
+if (disabled("ec")) {
+ $proxy->clientflags("-curves ffdhe3072:ffdhe2048");
+ $proxy->serverflags("-curves ffdhe2048");
+} else {
+ $proxy->clientflags("-curves P-256:X25519");
+ $proxy->serverflags("-curves X25519");
+}
$proxy->start();
ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");
#Test 1: A client should fail if the server changes the ciphersuite between the
# HRR and the SH
$proxy->filter(\&hrr_filter);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
my $testtype = CHANGE_HRR_CIPHERSUITE;
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 2;
#Test 2: It is an error if the client changes the offered ciphersuites so that
# we end up selecting a different ciphersuite between HRR and the SH
$proxy->clear();
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
$proxy->ciphersuitess("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
$testtype = CHANGE_CH1_CIPHERSUITE;
$proxy->start();
plan skip_all => "$test_name needs TLSv1.3 enabled"
if disabled("tls1_3");
+plan skip_all => "$test_name needs EC enabled"
+ if disabled("ec");
+
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
plan skip_all => "$test_name needs TLSv1.3 enabled"
if disabled("tls1_3");
+plan skip_all => "$test_name needs EC enabled"
+ if disabled("ec");
+
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
# ciphersuite. Should see PSK on second ClientHello
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
$proxy->filter(undef);
$proxy->start();
#Check if the PSK is present in the second ClientHello
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->filter(\&modify_psk_filter);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
$proxy->ciphersuitesc("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
$proxy->ciphersuitess("TLS_AES_256_GCM_SHA384");
#We force an early failure because TLS Proxy doesn't actually support
|| !disabled("sctp"),
"05-sni.conf" => disabled("tls1_1"),
"07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),
- "10-resumption.conf" => !$is_default_tls,
+ "10-resumption.conf" => !$is_default_tls || $no_ec,
"11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"),
"16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"),
"17-renegotiate.conf" => disabled("tls1_2"),
plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
if disabled("tls1_3") || disabled("tls1_2");
+plan skip_all => "EC is disabled in this OpenSSL build"
+ if disabled("ec");
+
+
plan skip_all => "No test GOST engine found"
if !$ENV{OPENSSL_GOST_ENGINE_SO};
"client" => {
},
"server" => {
- "Curves" => "P-256"
+ "Curves" => disabled("ec") ? "ffdhe3072" : "P-256"
},
"resume_client" => {
},
if (testtype == 1 || testtype == 2) {
/* Force an HRR to occur */
+#if defined(OPENSSL_NO_EC)
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
+ goto end;
+#else
if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
goto end;
+#endif
} else if (idx == 2) {
/*
* We force early_data rejection by ensuring the PSK identity is
/*
* Test TLSv1.3 Key exchange
* Test 0 = Test ECDHE Key exchange
- * Test 1 = Test FFDHE Key exchange
- * Test 2 = Test ECDHE with TLSv1.2 client and TLSv1.2 server
+ * Test 1 = Test ECDHE with TLSv1.2 client and TLSv1.2 server
+ * Test 2 = Test FFDHE Key exchange
* Test 3 = Test FFDHE with TLSv1.2 client and TLSv1.2 server
*/
static int test_tls13_key_exchange(int idx)
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
+#ifndef OPENSSL_NO_EC
int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
NID_X25519, NID_X448};
+#endif
#ifndef OPENSSL_NO_DH
int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
NID_ffdhe6144, NID_ffdhe8192};
int expected_err_reason = 0;
switch (idx) {
- case 0:
- kexch_groups = ecdhe_kexch_groups;
- kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
- break;
#ifndef OPENSSL_NO_DH
- case 1:
+ case 3:
+ max_version = TLS1_2_VERSION;
+ /* Fall through */
+ case 2:
kexch_groups = ffdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
break;
#endif
- case 2:
+#ifndef OPENSSL_NO_EC
+ case 1:
+ max_version = TLS1_2_VERSION;
+ /* Fall through */
+ case 0:
kexch_groups = ecdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
- max_version = TLS1_2_VERSION;
- expected_err_func = SSL_F_TLS_POST_PROCESS_CLIENT_HELLO;
- expected_err_reason = SSL_R_NO_SHARED_CIPHER;
- want_err = SSL_ERROR_SSL;
- break;
-#ifndef OPENSSL_NO_DH
- case 3:
- kexch_groups = ffdhe_kexch_groups;
- kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
- max_version = TLS1_2_VERSION;
- want_err = SSL_ERROR_SSL;
- expected_err_func = SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS;
- expected_err_reason = ERR_R_INTERNAL_ERROR;
break;
#endif
default:
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, TLS1_3_RFC_AES_128_GCM_SHA256)))
goto end;
- if (!TEST_true(SSL_CTX_set_cipher_list(sctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM)))
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, TLS1_TXT_RSA_WITH_AES_128_SHA)))
goto end;
- if (!TEST_true(SSL_CTX_set_cipher_list(cctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM)))
+ /*
+ * Must include an EC ciphersuite so that we send supported groups in
+ * TLSv1.2
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM ":"
+ TLS1_TXT_RSA_WITH_AES_128_SHA)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
/* Fail if expected error is not happening for failure testcases */
if (expected_err_func) {
unsigned long err_code = ERR_get_error();
+ ERR_print_errors_fp(stdout);
if (TEST_int_eq(ERR_GET_FUNC(err_code), expected_err_func)
&& TEST_int_eq(ERR_GET_REASON(err_code), expected_err_reason))
testresult = 1;
goto end;
}
- /* If Handshake succeeds the negotiated kexch alg should the first one in configured */
- if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0), kexch_groups[0]))
+ /*
+ * If Handshake succeeds the negotiated kexch alg should the first one in
+ * configured, except in the case of FFDHE groups which are TLSv1.3 only
+ * so we expect no shared group to exist.
+ */
+ if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0),
+ idx == 3 ? 0 : kexch_groups[0]))
goto end;
testresult = 1;
goto end;
/* Force an HRR */
+#if defined(OPENSSL_NO_EC)
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
+ goto end;
+#else
if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
goto end;
+#endif
/*
* Check we can create a connection, the PSK is used and the callbacks are
if ((tst >= 3 && tst <= 5) || tst >= 9) {
/* HRR handshake */
+#if defined(OPENSSL_NO_EC)
+ if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "ffdhe3072")))
+ goto err;
+#else
if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "P-256")))
goto err;
+#endif
}
s_to_c_fbio = BIO_new(bio_f_watchccs_filter());
projects / thirdparty / openssl.git / commitdiff
