*Adrian Stanciu*
+ * Change default EC point formats configuration to support only 'uncompressed'
+ format, and add SSL_OP_LEGACY_EC_POINT_FORMATS flag and options to re-enable
+ previous default if required.
+
+ *Tim Perry*
+
OpenSSL 3.5
-----------
Allow legacy insecure renegotiation between OpenSSL and unpatched servers
B<only>. See the B<SECURE RENEGOTIATION> section for more details.
+=item SSL_OP_LEGACY_EC_POINT_FORMATS
+
+Enable use of the legacy point formats for elliptic curves. This option enables
+support for the deprecated ANSI X9.62 prime and char2 compressed point formats,
+in addition to the uncompressed format that is enabled by default.
+
=item SSL_OP_NO_ANTI_REPLAY
By default, when a server is configured for early data (i.e., max_early_data > 0),
# define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33)
/* Enable KTLS TX zerocopy on Linux */
# define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34)
-
-#define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35)
+# define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35)
+# define SSL_OP_LEGACY_EC_POINT_FORMATS SSL_OP_BIT(36)
/*
* Option "collections."
SSL_FLAG_TBL_INV("RxCertificateCompression", SSL_OP_NO_RX_CERTIFICATE_COMPRESSION),
SSL_FLAG_TBL("KTLSTxZerocopySendfile", SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE),
SSL_FLAG_TBL("IgnoreUnexpectedEOF", SSL_OP_IGNORE_UNEXPECTED_EOF),
+ SSL_FLAG_TBL("LegacyECPointFormats", SSL_OP_LEGACY_EC_POINT_FORMATS),
};
if (value == NULL)
return -3;
SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER),
SSL_CONF_CMD_SWITCH("no_etm", 0),
SSL_CONF_CMD_SWITCH("no_ems", 0),
+ SSL_CONF_CMD_SWITCH("legacy_ec_point_formats", 0),
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
SSL_CONF_CMD_STRING(Curves, "curves", 0),
{SSL_OP_NO_ENCRYPT_THEN_MAC, 0},
/* no Extended master secret */
{SSL_OP_NO_EXTENDED_MASTER_SECRET, 0},
+ /* enable legacy EC point formats */
+ {SSL_OP_LEGACY_EC_POINT_FORMATS, 0}
};
static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
};
static const unsigned char ecformats_default[] = {
+ TLSEXT_ECPOINTFORMAT_uncompressed
+};
+
+static const unsigned char ecformats_all[] = {
TLSEXT_ECPOINTFORMAT_uncompressed,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
if (s->ext.ecpointformats) {
*pformats = s->ext.ecpointformats;
*num_formats = s->ext.ecpointformats_len;
- } else {
- *pformats = ecformats_default;
+ } else if ((s->options & SSL_OP_LEGACY_EC_POINT_FORMATS) != 0) {
+ *pformats = ecformats_all;
/* For Suite B we don't support char2 fields */
if (tls1_suiteb(s))
- *num_formats = sizeof(ecformats_default) - 1;
+ *num_formats = sizeof(ecformats_all) - 1;
else
- *num_formats = sizeof(ecformats_default);
+ *num_formats = sizeof(ecformats_all);
+ } else {
+ *pformats = ecformats_default;
+ *num_formats = sizeof(ecformats_default);
}
}
000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ...............
001e - 04 80 08 00 00 07 04 80-08 00 00 08 02 40 64 .............@d
002d - 09 02 40 64 ..@d
- extension_type=ec_point_formats(11), length=4
+ extension_type=ec_point_formats(11), length=2
uncompressed (0)
- ansiX962_compressed_prime (1)
- ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=18
X25519MLKEM768 (4588)
ecdh_x25519 (29)
000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ...............
001e - 04 80 08 00 00 07 04 80-08 00 00 08 02 40 64 .............@d
002d - 09 02 40 64 ..@d
- extension_type=ec_point_formats(11), length=4
+ extension_type=ec_point_formats(11), length=2
uncompressed (0)
- ansiX962_compressed_prime (1)
- ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=18
X25519MLKEM768 (4588)
ecdh_x25519 (29)
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
MaxProtocol = TLSv1.2
+Options = LegacyECPointFormats
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-ECDSA Signature Algorithm Selection compressed point-client]
CipherString = DEFAULT
+Options = LegacyECPointFormats
SignatureAlgorithms = EcDsA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
server => {
"ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
"ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
- "MaxProtocol" => "TLSv1.2"
+ "MaxProtocol" => "TLSv1.2",
+ "Options" => "LegacyECPointFormats"
},
client => {
"SignatureAlgorithms" => randcase("ECDSA+SHA256"),
+ "Options" => "LegacyECPointFormats"
},
test => {
"ExpectedServerCertType" => "P-256",
return testresult;
}
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLS1_2)
+/*
+ * Complete a connection with legacy EC point format configuration
+ */
+static int test_legacy_ec_point_formats(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ const char *pformats = NULL;
+ int nformats;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(),
+ TLS1_2_VERSION, TLS1_2_VERSION, &sctx, &cctx, cert,
+ privkey)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_options(sctx, SSL_OP_LEGACY_EC_POINT_FORMATS)))
+ goto end;
+
+ if (!TEST_true(SSL_CTX_set_options(cctx, SSL_OP_LEGACY_EC_POINT_FORMATS)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ /* Check server received all 3 point formats */
+ nformats = SSL_get0_ec_point_formats(serverssl, &pformats);
+ if (!TEST_int_eq(nformats, 3))
+ goto end;
+ if (!TEST_int_eq(pformats[0], TLSEXT_ECPOINTFORMAT_uncompressed) ||
+ !TEST_int_eq(pformats[1], TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) ||
+ !TEST_int_eq(pformats[2], TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2))
+ goto end;
+
+ testresult = 1;
+
+end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+#endif
+
/*
* Test SSL_CTX_set1_verify/chain_cert_store and SSL_CTX_get_verify/chain_cert_store.
*/
#endif
ADD_TEST(test_inherit_verify_param);
ADD_TEST(test_set_alpn);
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLS1_2)
+ ADD_TEST(test_legacy_ec_point_formats);
+#endif
ADD_TEST(test_set_verify_cert_store_ssl_ctx);
ADD_TEST(test_set_verify_cert_store_ssl);
ADD_ALL_TESTS(test_session_timeout, 1);
projects / thirdparty / openssl.git / commitdiff
