From 91c6e157c696e8fee7320408ddb959ecf233fbaf Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 7 Mar 2025 01:44:06 +1100 Subject: [PATCH] Make group names case-insensitive MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Tim Hudson Reviewed-by: Paul Dale Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/26991) --- doc/man3/SSL_CONF_cmd.pod | 28 +++++++++++++++++----------- doc/man3/SSL_CTX_set1_curves.pod | 19 +++++++++++++++++-- ssl/t1_lib.c | 6 +++--- 3 files changed, 37 insertions(+), 16 deletions(-) diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index acc8808cca6..bcf30628a4c 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -164,7 +164,7 @@ registry. For some groups, OpenSSL supports additional aliases. Such an alias could be a B name (e.g. B), an OpenSSL OID name (e.g. B), or some other commonly used name. -Group names are case sensitive. +Group names are case-insensitive in OpenSSL 3.5 and later. The list should be in order of preference with the most preferred group first. The first group listed will also be used for the B sent by a client @@ -200,8 +200,17 @@ This is a synonym for the B<-groups> command. =item B<-named_curve> I -This sets the temporary curve used for ephemeral ECDH modes. Only used -by servers. +This sets the temporary curve used for ephemeral ECDH modes. +This is only applicable in TLS 1.0 and 1.1, and should not be used with later +protocol versions. + +The I argument is a curve name or the special value B which +picks an appropriate curve based on client and server preferences. The +curve can be either the B name (e.g. B) or an OpenSSL OID name +(e.g. B). +Even with TLS 1.0 and 1.1, the default value of C is strongly recommended +over choosing a specific curve. +Curve names are case-insensitive in OpenSSL 3.5 and later. =item B<-tx_cert_comp> @@ -221,11 +230,6 @@ Disables support for receiving TLSv1.3 compressed certificates. =item B<-comp> -The B argument is a curve name or the special value B which -picks an appropriate curve based on client and server preferences. The -curve can be either the B name (e.g. B) or an OpenSSL OID name -(e.g. B). Curve names are case sensitive. - =item B<-cipher> I Sets the TLSv1.2 and below ciphersuite list to B. This list will be @@ -461,7 +465,7 @@ registry. For some groups, OpenSSL supports additional aliases. Such an alias could be a B name (e.g. B), an OpenSSL OID name (e.g. B), or some other commonly used name. -Group names are case sensitive. +Group names are case-insensitive in OpenSSL 3.5 and later. The list should be in order of preference with the most preferred group first. The commands below list the available groups for TLS 1.2 and TLS 1.3, @@ -860,8 +864,8 @@ B, B and B TLS groups. These are based on the underlying B, B and B algorithms from FIPS 203. -OpenSSL 3.5 also introduces support for three I ECDH PQ key exchange -TLS I: B, B and +OpenSSL 3.5 also introduces support for three B ECDH PQ key exchange +TLS groups: B, B and B. They offer CPU performance comparable to the associated ECDH group, though at the cost of significantly larger key exchange messages. @@ -871,6 +875,8 @@ group. Also its key exchange messages at close to 1700 bytes are larger than the roughly 1200 bytes for the first two groups. +As of OpenSSL 3.5 key exchange group names are case-insensitive. + =head1 COPYRIGHT Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index 2d4ff67c6d6..a0793437778 100755 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -96,8 +96,10 @@ respectively: Each group can be either the B name (e.g. B), some other commonly used name where applicable (e.g. B, B) or an OpenSSL OID name -(e.g. B). Group names are case sensitive. The preferred group names -are those defined by IANA for TLS parameters. +(e.g. B). +Group names are case-insensitive in OpenSSL 3.5 and later. +The preferred group names are those defined by +L. The I can be used to define several group tuples of comparable security levels, and can specify which key shares should be sent by a client. @@ -325,6 +327,19 @@ SSL_set1_groups_list() was added in OpenSSL 3.3. Support for B was added in OpenSSL 3.5. +OpenSSL 3.5 also introduces support for three I ECDH PQ key exchange +TLS groups: B, B and +B. +They offer CPU performance comparable to the associated ECDH group, though at +the cost of significantly larger key exchange messages. +The third group, B is substantially more CPU-intensive, +largely as a result of the high CPU cost of ECDH for the underlying B +group. +Also its key exchange messages at close to 1700 bytes are larger than the +roughly 1200 bytes for the first two groups. + +As of OpenSSL 3.5 key exchange group names are case-insensitive. + B was first implemented in OpenSSL 3.5. Earlier versions of this document described the list as a preference order. diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d9f24fe7ea4..9d5a7896e30 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -706,8 +706,8 @@ static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name) size_t i; for (i = 0; i < ctx->group_list_len; i++) { - if (strcmp(ctx->group_list[i].tlsname, name) == 0 - || strcmp(ctx->group_list[i].realname, name) == 0) + if (OPENSSL_strcasecmp(ctx->group_list[i].tlsname, name) == 0 + || OPENSSL_strcasecmp(ctx->group_list[i].realname, name) == 0) return ctx->group_list[i].group_id; } @@ -1421,7 +1421,7 @@ static int gid_cb(const char *elem, int len, void *arg) if (gid == 0) { /* Is it one of the GOST groups ? */ for (i = 0; i < OSSL_NELEM(name2id_arr); i++) { - if (strcmp(etmp, name2id_arr[i].group_name) == 0) { + if (OPENSSL_strcasecmp(etmp, name2id_arr[i].group_name) == 0) { gid = name2id_arr[i].groupID; break; } -- 2.47.2