From: Tomas Mraz Date: Thu, 20 Feb 2025 15:25:41 +0000 (+0100) Subject: Have the same default groups list for QUIC and TLS X-Git-Tag: openssl-3.5.0-alpha1~81 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a89c99e04bb9484058b70ff081e7e351044e4cb3;p=thirdparty%2Fopenssl.git Have the same default groups list for QUIC and TLS Reviewed-by: Tim Hudson Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/26801) --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 04c0c99160e..1ec5596550e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -202,8 +202,6 @@ static const unsigned char ecformats_default[] = { #define DEFAULT_GROUP_NAME "DEFAULT" #define TLS_DEFAULT_GROUP_LIST \ "?*X25519MLKEM768 / ?*X25519:?secp256r1 / ?X448:?secp384r1:?secp521r1 / ?ffdhe2048:?ffdhe3072" -#define QUIC_DEFAULT_GROUP_LIST \ - "X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192" static const uint16_t suiteb_curves[] = { OSSL_TLS_GROUP_ID_secp256r1, @@ -365,9 +363,7 @@ int ssl_load_groups(SSL_CTX *ctx) if (!OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx)) return 0; - if (!IS_QUIC_CTX(ctx)) - return SSL_CTX_set1_groups_list(ctx, TLS_DEFAULT_GROUP_LIST); - return SSL_CTX_set1_groups_list(ctx, QUIC_DEFAULT_GROUP_LIST); + return SSL_CTX_set1_groups_list(ctx, TLS_DEFAULT_GROUP_LIST); } #define TLS_SIGALG_LIST_MALLOC_BLOCK_SIZE 10 diff --git a/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt b/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt index d5762e0a34e..d56eb5052a5 100644 --- a/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt +++ b/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt @@ -2,18 +2,18 @@ Sent TLS Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) - Length = 269 - ClientHello, Length=265 + Length = 1485 + ClientHello, Length=1481 client_version=0x303 (TLS 1.2) Random: - gmt_unix_time=0x???????? - random_bytes (len=28): ???????????????????????????????????????????????????????? + gmt_unix_time=0x? + random_bytes (len=28): ? session_id (len=0): cipher_suites (len=2) {0x13, 0x01} TLS_AES_128_GCM_SHA256 compression_methods (len=1) No Compression (0x00) - extensions, length = 222 + extensions, length = 1438 extension_type=UNKNOWN(57), length=49 0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D.. 000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ............... @@ -23,17 +23,15 @@ Header: uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) - extension_type=supported_groups(10), length=22 + extension_type=supported_groups(10), length=18 + X25519MLKEM768 (4588) ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) - secp521r1 (P-521) (25) secp384r1 (P-384) (24) + secp521r1 (P-521) (25) ffdhe2048 (256) ffdhe3072 (257) - ffdhe4096 (258) - ffdhe6144 (259) - ffdhe8192 (260) extension_type=session_ticket(35), length=0 extension_type=application_layer_protocol_negotiation(16), length=11 ossltest @@ -64,105 +62,184 @@ Header: TLS 1.3 (772) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) - extension_type=key_share(51), length=38 + extension_type=key_share(51), length=1258 + NamedGroup: X25519MLKEM768 (4588) + key_exchange: (len=1216): ? NamedGroup: ecdh_x25519 (29) - key_exchange: (len=32): ???????????????????????????????????????????????????????????????? + key_exchange: (len=32): ? extension_type=compress_certificate(27), length=3 zlib (1) Sent Frame: Crypto Offset: 0 - Len: 269 -Sent Frame: Padding + Len: 1158 Sent Packet Packet Type: Initial Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 1178 Token: Packet Number: 0x00000000 +Sent Frame: Crypto + Offset: 1158 + Len: 327 +Sent Frame: Padding +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x? + Source Conn Id: + Payload length: 1178 + Token: + Packet Number: 0x00000001 +Sent Datagram + Length: 1200 Sent Datagram Length: 1200 Received Datagram Length: 91 +Received Datagram + Length: 91 Sent Frame: Crypto Offset: 0 - Len: 269 + Len: 1098 +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x? + Source Conn Id: + Payload length: 1118 + Token: ? + Packet Number: 0x00000002 +Sent Frame: Crypto + Offset: 1098 + Len: 60 Sent Frame: Padding Sent Packet Packet Type: Initial Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 1118 - Token: ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? - Packet Number: 0x00000001 + Token: ? + Packet Number: 0x00000003 Sent Datagram Length: 1200 -Received Datagram +Sent Datagram Length: 1200 Received Datagram - Length: 244 + Length: 1200 Received Packet Packet Type: Initial Version: 0x00000001 Destination Conn Id: - Source Conn Id: 0x???????????????? - Payload length: 115 + Source Conn Id: 0x? + Payload length: 1178 Token: Packet Number: 0x00000000 Received Frame: Ack (without ECN) - Largest acked: 1 + Largest acked: 3 Ack delay (raw) 0 Ack range count: 0 - First ack range: 0 + First ack range: 1 +Received Frame: Padding +Sent Frame: Crypto + Offset: 1158 + Len: 327 +Sent Frame: Padding +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x? + Source Conn Id: + Payload length: 1118 + Token: ? + Packet Number: 0x00000004 +Sent Datagram + Length: 1200 +Received Datagram + Length: 1200 +Received Datagram + Length: 1199 +Received Datagram + Length: 174 +Received Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x? + Payload length: 1178 + Token: + Packet Number: 0x00000001 +Received Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x? + Payload length: 45 + Token: + Packet Number: 0x00000002 +Received Frame: Ack (without ECN) + Largest acked: 4 + Ack delay (raw) 0 + Ack range count: 0 + First ack range: 2 Received Frame: Crypto Offset: 0 - Len: 90 + Len: 1153 Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) - Length = 90 + Length = 1153 Inner Content Type = Handshake (22) - ServerHello, Length=86 +Received Frame: Crypto + Offset: 1153 + Len: 25 +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 25 + Inner Content Type = Handshake (22) + ServerHello, Length=1174 server_version=0x303 (TLS 1.2) Random: - gmt_unix_time=0x???????? - random_bytes (len=28): ???????????????????????????????????????????????????????? + gmt_unix_time=0x? + random_bytes (len=28): ? session_id (len=0): cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 compression_method: No Compression (0x00) - extensions, length = 46 + extensions, length = 1134 extension_type=supported_versions(43), length=2 TLS 1.3 (772) - extension_type=key_share(51), length=36 - NamedGroup: ecdh_x25519 (29) - key_exchange: (len=32): ???????????????????????????????????????????????????????????????? + extension_type=key_share(51), length=1124 + NamedGroup: X25519MLKEM768 (4588) + key_exchange: (len=1120): ? Received Packet Packet Type: Handshake Version: 0x00000001 Destination Conn Id: - Source Conn Id: 0x???????????????? - Payload length: 1042 + Source Conn Id: 0x? + Payload length: 1112 Packet Number: 0x00000000 Received Packet Packet Type: Handshake Version: 0x00000001 Destination Conn Id: - Source Conn Id: 0x???????????????? - Payload length: 223 + Source Conn Id: 0x? + Payload length: 153 Packet Number: 0x00000001 Received Frame: Crypto Offset: 0 - Len: 1022 + Len: 1092 Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) - Length = 1022 + Length = 1092 Inner Content Type = Handshake (22) EncryptedExtensions, Length=98 extensions, length = 96 @@ -171,8 +248,8 @@ Header: 000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ?? ??????????????? 001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02 ??????????????? 002d - 04 04 80 0c 00 00 05 04-80 08 00 00 06 04 80 ............... - 003c - 08 00 00 07 04 80 08 00-00 08 02 40 64 09 02 ??????????????? - 004b - 40 64 ?? + 003c - ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??????????????? + 004b - ?? ?? ?? extension_type=application_layer_protocol_negotiation(16), length=11 ossltest @@ -265,20 +342,20 @@ YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= No extensions Received Frame: Crypto - Offset: 1022 - Len: 202 + Offset: 1092 + Len: 132 Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) - Length = 202 + Length = 132 Inner Content Type = Handshake (22) CertificateVerify, Length=260 Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) - Signature (len=256): ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? + Signature (len=256): ? Finished, Length=32 - verify_data (len=32): ???????????????????????????????????????????????????????????????? + verify_data (len=32): ? Sent TLS Record Header: @@ -287,13 +364,13 @@ Header: Length = 36 Inner Content Type = Handshake (22) Finished, Length=32 - verify_data (len=32): ???????????????????????????????????????????????????????????????? + verify_data (len=32): ? Sent Frame: Ack (without ECN) - Largest acked: 0 + Largest acked: 2 Ack delay (raw) 0 Ack range count: 0 - First ack range: 0 + First ack range: 2 Sent Frame: Ack (without ECN) Largest acked: 1 Ack delay (raw) 0 @@ -306,15 +383,15 @@ Sent Frame: Padding Sent Packet Packet Type: Initial Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 1037 - Token: ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? - Packet Number: 0x00000002 + Token: ? + Packet Number: 0x00000005 Sent Packet Packet Type: Handshake Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 60 Packet Number: 0x00000000 diff --git a/test/recipes/75-test_quicapi_data/ssltraceref.txt b/test/recipes/75-test_quicapi_data/ssltraceref.txt index 2b3a9a943e9..def4695a364 100644 --- a/test/recipes/75-test_quicapi_data/ssltraceref.txt +++ b/test/recipes/75-test_quicapi_data/ssltraceref.txt @@ -2,18 +2,18 @@ Sent TLS Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) - Length = 262 - ClientHello, Length=258 + Length = 1478 + ClientHello, Length=1474 client_version=0x303 (TLS 1.2) Random: - gmt_unix_time=0x???????? - random_bytes (len=28): ???????????????????????????????????????????????????????? + gmt_unix_time=0x? + random_bytes (len=28): ? session_id (len=0): cipher_suites (len=2) {0x13, 0x01} TLS_AES_128_GCM_SHA256 compression_methods (len=1) No Compression (0x00) - extensions, length = 215 + extensions, length = 1431 extension_type=UNKNOWN(57), length=49 0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D.. 000f - 01 02 04 04 80 0c 00 00-05 04 80 08 00 00 06 ............... @@ -23,17 +23,15 @@ Header: uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) - extension_type=supported_groups(10), length=22 + extension_type=supported_groups(10), length=18 + X25519MLKEM768 (4588) ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) - secp521r1 (P-521) (25) secp384r1 (P-384) (24) + secp521r1 (P-521) (25) ffdhe2048 (256) ffdhe3072 (257) - ffdhe4096 (258) - ffdhe6144 (259) - ffdhe8192 (260) extension_type=session_ticket(35), length=0 extension_type=application_layer_protocol_negotiation(16), length=11 ossltest @@ -64,113 +62,192 @@ Header: TLS 1.3 (772) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) - extension_type=key_share(51), length=38 + extension_type=key_share(51), length=1258 + NamedGroup: X25519MLKEM768 (4588) + key_exchange: (len=1216): ? NamedGroup: ecdh_x25519 (29) - key_exchange: (len=32): ???????????????????????????????????????????????????????????????? + key_exchange: (len=32): ? Sent Frame: Crypto Offset: 0 - Len: 262 -Sent Frame: Padding + Len: 1158 Sent Packet Packet Type: Initial Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 1178 Token: Packet Number: 0x00000000 +Sent Frame: Crypto + Offset: 1158 + Len: 320 +Sent Frame: Padding +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x? + Source Conn Id: + Payload length: 1178 + Token: + Packet Number: 0x00000001 +Sent Datagram + Length: 1200 Sent Datagram Length: 1200 Received Datagram Length: 91 +Received Datagram + Length: 91 Sent Frame: Crypto Offset: 0 - Len: 262 + Len: 1098 +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x? + Source Conn Id: + Payload length: 1118 + Token: ? + Packet Number: 0x00000002 +Sent Frame: Crypto + Offset: 1098 + Len: 60 Sent Frame: Padding Sent Packet Packet Type: Initial Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 1118 - Token: ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? - Packet Number: 0x00000001 + Token: ? + Packet Number: 0x00000003 Sent Datagram Length: 1200 -Received Datagram +Sent Datagram Length: 1200 Received Datagram - Length: 244 + Length: 1200 Received Packet Packet Type: Initial Version: 0x00000001 Destination Conn Id: - Source Conn Id: 0x???????????????? - Payload length: 115 + Source Conn Id: 0x? + Payload length: 1178 Token: Packet Number: 0x00000000 Received Frame: Ack (without ECN) - Largest acked: 1 + Largest acked: 3 Ack delay (raw) 0 Ack range count: 0 - First ack range: 0 + First ack range: 1 +Received Frame: Padding +Sent Frame: Crypto + Offset: 1158 + Len: 320 +Sent Frame: Padding +Sent Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: 0x? + Source Conn Id: + Payload length: 1118 + Token: ? + Packet Number: 0x00000004 +Sent Datagram + Length: 1200 +Received Datagram + Length: 1200 +Received Datagram + Length: 1199 +Received Datagram + Length: 174 +Received Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x? + Payload length: 1178 + Token: + Packet Number: 0x00000001 +Received Packet + Packet Type: Initial + Version: 0x00000001 + Destination Conn Id: + Source Conn Id: 0x? + Payload length: 45 + Token: + Packet Number: 0x00000002 +Received Frame: Ack (without ECN) + Largest acked: 4 + Ack delay (raw) 0 + Ack range count: 0 + First ack range: 2 Received Frame: Crypto Offset: 0 - Len: 90 + Len: 1153 Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) - Length = 90 + Length = 1153 Inner Content Type = Handshake (22) - ServerHello, Length=86 +Received Frame: Crypto + Offset: 1153 + Len: 25 +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 25 + Inner Content Type = Handshake (22) + ServerHello, Length=1174 server_version=0x303 (TLS 1.2) Random: - gmt_unix_time=0x???????? - random_bytes (len=28): ???????????????????????????????????????????????????????? + gmt_unix_time=0x? + random_bytes (len=28): ? session_id (len=0): cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 compression_method: No Compression (0x00) - extensions, length = 46 + extensions, length = 1134 extension_type=supported_versions(43), length=2 TLS 1.3 (772) - extension_type=key_share(51), length=36 - NamedGroup: ecdh_x25519 (29) - key_exchange: (len=32): ???????????????????????????????????????????????????????????????? + extension_type=key_share(51), length=1124 + NamedGroup: X25519MLKEM768 (4588) + key_exchange: (len=1120): ? Received Packet Packet Type: Handshake Version: 0x00000001 Destination Conn Id: - Source Conn Id: 0x???????????????? - Payload length: 1042 + Source Conn Id: 0x? + Payload length: 1112 Packet Number: 0x00000000 Received Packet Packet Type: Handshake Version: 0x00000001 Destination Conn Id: - Source Conn Id: 0x???????????????? - Payload length: 223 + Source Conn Id: 0x? + Payload length: 153 Packet Number: 0x00000001 Received Frame: Crypto Offset: 0 - Len: 1022 + Len: 1092 Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) - Length = 1022 + Length = 1092 Inner Content Type = Handshake (22) EncryptedExtensions, Length=98 extensions, length = 96 extension_type=UNKNOWN(57), length=77 0000 - 0c 00 00 08 ?? ?? ?? ??-?? ?? ?? ?? 0f 08 ?? ....????????..? - 000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ?? ???????..?????? - 001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02 ??....??..?.... + 000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ?? ??????????????? + 001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02 ??????????????? 002d - 04 04 80 0c 00 00 05 04-80 08 00 00 06 04 80 ............... - 003c - 08 00 00 07 04 80 08 00-00 08 02 40 64 09 02 ...........@d.. - 004b - 40 64 @d + 003c - ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??????????????? + 004b - ?? ?? ?? extension_type=application_layer_protocol_negotiation(16), length=11 ossltest @@ -263,20 +340,20 @@ YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= No extensions Received Frame: Crypto - Offset: 1022 - Len: 202 + Offset: 1092 + Len: 132 Received TLS Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) - Length = 202 + Length = 132 Inner Content Type = Handshake (22) CertificateVerify, Length=260 Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) - Signature (len=256): ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? + Signature (len=256): ? Finished, Length=32 - verify_data (len=32): ???????????????????????????????????????????????????????????????? + verify_data (len=32): ? Sent TLS Record Header: @@ -285,13 +362,13 @@ Header: Length = 36 Inner Content Type = Handshake (22) Finished, Length=32 - verify_data (len=32): ???????????????????????????????????????????????????????????????? + verify_data (len=32): ? Sent Frame: Ack (without ECN) - Largest acked: 0 + Largest acked: 2 Ack delay (raw) 0 Ack range count: 0 - First ack range: 0 + First ack range: 2 Sent Frame: Ack (without ECN) Largest acked: 1 Ack delay (raw) 0 @@ -304,15 +381,15 @@ Sent Frame: Padding Sent Packet Packet Type: Initial Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 1037 - Token: ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? - Packet Number: 0x00000002 + Token: ? + Packet Number: 0x00000005 Sent Packet Packet Type: Handshake Version: 0x00000001 - Destination Conn Id: 0x???????????????? + Destination Conn Id: 0x? Source Conn Id: Payload length: 60 Packet Number: 0x00000000