[openssl] master update
Matt Caswell
matt at openssl.org
Mon Jun 17 10:02:47 UTC 2019
The branch master has been updated
via 65dc5c3cc10af7c6f24ecd922adb7b6d17a9fe65 (commit)
via dbc6268f68e50b2e49d7c5b1157b4f6bcea5d6f9 (commit)
from 8013a933dacc80096e2bfca06c00f9ec29adb35b (commit)
- Log -----------------------------------------------------------------
commit 65dc5c3cc10af7c6f24ecd922adb7b6d17a9fe65
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jun 13 19:34:37 2019 +0100
Fix no-ec with no-dh
Make sure that the combination of no-ec with no-dh builds successfully.
If neither ec or dh are available then TLSv1.3 is not possible.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
commit dbc6268f68e50b2e49d7c5b1157b4f6bcea5d6f9
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jun 13 11:06:12 2019 +0100
Allow TLSv1.3 in a no-ec build
Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happen.
It also fixes no-ec which was previously broken.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)
-----------------------------------------------------------------------
Summary of changes:
Configure | 6 +-
ssl/s3_lib.c | 12 ++-
ssl/ssl_lib.c | 3 +-
ssl/ssl_locl.h | 14 +--
ssl/statem/extensions.c | 14 ++-
ssl/statem/extensions_clnt.c | 48 +++++++--
ssl/statem/extensions_srvr.c | 6 +-
ssl/statem/statem_lib.c | 4 +-
ssl/statem/statem_locl.h | 5 +-
ssl/t1_lib.c | 200 +++++++++++++++++++++--------------
test/recipes/70-test_clienthello.t | 4 +
test/recipes/70-test_key_share.t | 92 ++++++++++++----
test/recipes/70-test_sslextension.t | 5 +-
test/recipes/70-test_tls13cookie.t | 18 +++-
test/recipes/70-test_tls13hrr.t | 12 ++-
test/recipes/70-test_tls13kexmodes.t | 3 +
test/recipes/70-test_tls13messages.t | 3 +
test/recipes/70-test_tls13psk.t | 12 ++-
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/90-test_gost.t | 4 +
test/ssl-tests/protocol_version.pm | 2 +-
test/sslapitest.c | 64 ++++++-----
test/tls13ccstest.c | 7 ++
23 files changed, 363 insertions(+), 177 deletions(-)
diff --git a/Configure b/Configure
index 69a06d6..c3f4f99 100755
--- a/Configure
+++ b/Configure
@@ -482,8 +482,9 @@ my @disable_cascades = (
"ssl3-method" => [ "ssl3" ],
"zlib" => [ "zlib-dynamic" ],
"des" => [ "mdc2" ],
- "ec" => [ "ecdsa", "ecdh" ],
-
+ "ec" => [ "ecdsa", "ecdh", "sm2" ],
+ sub { $disabled{"ec"} && $disabled{"dh"} }
+ => [ "tls1_3" ],
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"dtls" => [ @dtls ],
@@ -526,7 +527,6 @@ my @disable_cascades = (
"apps" => [ "tests" ],
"tests" => [ "external-tests" ],
"comp" => [ "zlib" ],
- "ec" => [ "tls1_3", "sm2" ],
"sm3" => [ "sm2" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 358142e..6c3f04d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3578,7 +3578,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
return ssl_cert_set_current(s->cert, larg);
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_GET_GROUPS:
{
uint16_t *clist;
@@ -3623,7 +3623,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
return id;
}
-#endif
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
@@ -3899,7 +3900,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
break;
#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
case SSL_CTRL_SET_GROUPS:
return tls1_set_groups(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
@@ -3909,7 +3910,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return tls1_set_groups_list(&ctx->ext.supportedgroups,
&ctx->ext.supportedgroups_len,
parg);
-#endif
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
@@ -4680,6 +4682,7 @@ EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
}
/* Generate a private key from a group ID */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
{
const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
@@ -4766,6 +4769,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
EVP_PKEY_CTX_free(pctx);
return pkey;
}
+#endif
/*
* Generate parameters from a group ID
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index cf79ac5..4e4477d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -780,6 +780,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->ext.ecpointformats_len =
ctx->ext.ecpointformats_len;
}
+#endif
if (ctx->ext.supportedgroups) {
s->ext.supportedgroups =
OPENSSL_memdup(ctx->ext.supportedgroups,
@@ -789,7 +790,7 @@ SSL *SSL_new(SSL_CTX *ctx)
goto err;
s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
}
-#endif
+
#ifndef OPENSSL_NO_NEXTPROTONEG
s->ext.npn = NULL;
#endif
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 0e661d0..e521152 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -959,9 +959,10 @@ struct ssl_ctx_st {
/* EC extension values inherited by SSL structure */
size_t ecpointformats_len;
unsigned char *ecpointformats;
+# endif /* OPENSSL_NO_EC */
+
size_t supportedgroups_len;
uint16_t *supportedgroups;
-# endif /* OPENSSL_NO_EC */
/*
* ALPN information (we are in the process of transitioning from NPN to
@@ -2525,8 +2526,6 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-# ifndef OPENSSL_NO_EC
-
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
@@ -2534,15 +2533,16 @@ __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *curves, size_t ncurves);
__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
const char *str);
-void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
- size_t *num_formats);
-__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
__owur int tls_valid_group(SSL *s, uint16_t group_id, int version);
__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
+# ifndef OPENSSL_NO_EC
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+ size_t *num_formats);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
# endif /* OPENSSL_NO_EC */
-__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);
+__owur int tls_group_allowed(SSL *s, uint16_t curve, int op);
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
size_t *pgroupslen);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 2e51aab..eacc721 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -46,9 +46,7 @@ static int init_etm(SSL *s, unsigned int context);
static int init_ems(SSL *s, unsigned int context);
static int final_ems(SSL *s, unsigned int context, int sent);
static int init_psk_kex_modes(SSL *s, unsigned int context);
-#ifndef OPENSSL_NO_EC
static int final_key_share(SSL *s, unsigned int context, int sent);
-#endif
#ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context);
#endif
@@ -162,6 +160,10 @@ static const EXTENSION_DEFINITION ext_defs[] = {
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
final_ec_pt_formats
},
+#else
+ INVALID_EXTENSION,
+#endif
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
{
/*
* "supported_groups" is spread across several specifications.
@@ -197,7 +199,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
},
#else
INVALID_EXTENSION,
- INVALID_EXTENSION,
#endif
{
TLSEXT_TYPE_session_ticket,
@@ -322,7 +323,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
tls_construct_ctos_psk_kex_modes, NULL
},
-#ifndef OPENSSL_NO_EC
{
/*
* Must be in this list after supported_groups. We need that to have
@@ -336,7 +336,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
tls_construct_stoc_key_share, tls_construct_ctos_key_share,
final_key_share
},
-#endif
{
/* Must be after key_share */
TLSEXT_TYPE_cookie,
@@ -1266,9 +1265,9 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent)
return 1;
}
-#ifndef OPENSSL_NO_EC
static int final_key_share(SSL *s, unsigned int context, int sent)
{
+#if !defined(OPENSSL_NO_TLS1_3)
if (!SSL_IS_TLS13(s))
return 1;
@@ -1426,10 +1425,9 @@ static int final_key_share(SSL *s, unsigned int context, int sent)
return 0;
}
}
-
+#endif /* !defined(OPENSSL_NO_TLS1_3) */
return 1;
}
-#endif
static int init_psk_kex_modes(SSL *s, unsigned int context)
{
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index a29b7c0..b12361f 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -113,11 +113,13 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
#endif
#ifndef OPENSSL_NO_EC
-static int use_ecc(SSL *s)
+static int use_ecc(SSL *s, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+ const uint16_t *pgroups = NULL;
+ size_t num_groups, j;
/* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION)
@@ -137,9 +139,21 @@ static int use_ecc(SSL *s)
break;
}
}
-
sk_SSL_CIPHER_free(cipher_stack);
- return ret;
+ if (!ret)
+ return 0;
+
+ /* Check we have at least one EC supported group */
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
+ for (j = 0; j < num_groups; j++) {
+ uint16_t ctmp = pgroups[j];
+
+ if (tls_valid_group(s, ctmp, max_version)
+ && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
+ return 1;
+ }
+
+ return 0;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
@@ -148,8 +162,15 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
{
const unsigned char *pformats;
size_t num_formats;
+ int reason, min_version, max_version;
- if (!use_ecc(s))
+ reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+ if (reason != 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
+ return EXT_RETURN_FAIL;
+ }
+ if (!use_ecc(s, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
@@ -167,7 +188,9 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
return EXT_RETURN_SENT;
}
+#endif
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
@@ -176,9 +199,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
size_t num_groups = 0, i;
int min_version, max_version, reason;
- if (!use_ecc(s))
- return EXT_RETURN_NOT_SENT;
-
reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
if (reason != 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
@@ -186,6 +206,14 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+#if defined(OPENSSL_NO_EC)
+ if (max_version < TLS1_3_VERSION)
+ return EXT_RETURN_NOT_SENT;
+#else
+ if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
+ return EXT_RETURN_NOT_SENT;
+#endif
+
/*
* Add TLS extension supported_groups to the ClientHello message
*/
@@ -206,7 +234,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
uint16_t ctmp = pgroups[i];
if (tls_valid_group(s, ctmp, max_version)
- && tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+ && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
@@ -683,7 +711,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
} else {
for (i = 0; i < num_groups; i++) {
- if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
+ if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
curve_id = pgroups[i];
@@ -1843,7 +1871,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
break;
}
if (i >= num_groups
- || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+ || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 37f5819..6181f3f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -946,7 +946,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
return 1;
}
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx)
{
@@ -1400,7 +1400,7 @@ EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
}
#endif
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx)
@@ -1425,7 +1425,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
uint16_t group = groups[i];
if (tls_valid_group(s, group, SSL_version(s))
- && tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
+ && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
if (first) {
/*
* Check if the client is already using our preferred group. If
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index e6d2478..292f99c 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2137,7 +2137,6 @@ int ssl_set_client_hello_version(SSL *s)
* used. Returns 1 if the group is in the list (and allowed if |checkallow| is
* 1) or 0 otherwise.
*/
-#ifndef OPENSSL_NO_EC
int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
size_t num_groups, int checkallow)
{
@@ -2151,14 +2150,13 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
if (group_id == group
&& (!checkallow
- || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
+ || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
return 1;
}
}
return 0;
}
-#endif
/* Replace ClientHello1 in the transcript hash with a synthetic message */
int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
index 8f27deb..f4242fa 100644
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -199,9 +199,9 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
#ifndef OPENSSL_NO_EC
int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
+#endif
int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidxl);
-#endif
int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx);
int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
@@ -314,10 +314,11 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X5
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
+#endif
EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
-#endif
+
EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x,
size_t chainidx);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 52e6d54..dcae274 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -128,12 +128,12 @@ int tls1_clear(SSL *s)
return 1;
}
-#ifndef OPENSSL_NO_EC
-
/*
- * Table of curve information.
+ * Table of group information.
*/
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
static const TLS_GROUP_INFO nid_list[] = {
+# ifndef OPENSSL_NO_EC
{NID_sect163k1, 80, TLS_GROUP_CURVE_CHAR2, 0x0001}, /* sect163k1 (1) */
{NID_sect163r1, 80, TLS_GROUP_CURVE_CHAR2, 0x0002}, /* sect163r1 (2) */
{NID_sect163r2, 80, TLS_GROUP_CURVE_CHAR2, 0x0003}, /* sect163r2 (3) */
@@ -164,41 +164,56 @@ static const TLS_GROUP_INFO nid_list[] = {
{NID_brainpoolP512r1, 256, TLS_GROUP_CURVE_PRIME, 0x001C}, /* brainpool512r1 (28) */
{EVP_PKEY_X25519, 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */
{EVP_PKEY_X448, 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */
+# endif /* OPENSSL_NO_EC */
+# ifndef OPENSSL_NO_DH
/* Security bit values for FFDHE groups are updated as per RFC 7919 */
{NID_ffdhe2048, 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */
{NID_ffdhe3072, 125, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0101}, /* ffdhe3072 (0x0101) */
{NID_ffdhe4096, 150, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0102}, /* ffdhe4096 (0x0102) */
{NID_ffdhe6144, 175, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0103}, /* ffdhe6144 (0x0103) */
{NID_ffdhe8192, 192, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0104}, /* ffdhe8192 (0x0104) */
+# endif /* OPENSSL_NO_DH */
};
+#endif
+#ifndef OPENSSL_NO_EC
static const unsigned char ecformats_default[] = {
TLSEXT_ECPOINTFORMAT_uncompressed,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
};
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
/* The default curves */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
static const uint16_t supported_groups_default[] = {
+# ifndef OPENSSL_NO_EC
29, /* X25519 (29) */
23, /* secp256r1 (23) */
30, /* X448 (30) */
25, /* secp521r1 (25) */
24, /* secp384r1 (24) */
+# endif
+# ifndef OPENSSL_NO_DH
0x100, /* ffdhe2048 (0x100) */
0x101, /* ffdhe3072 (0x101) */
0x102, /* ffdhe4096 (0x102) */
0x103, /* ffdhe6144 (0x103) */
0x104, /* ffdhe8192 (0x104) */
+# endif
};
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
+#ifndef OPENSSL_NO_EC
static const uint16_t suiteb_curves[] = {
TLSEXT_curve_P_256,
TLSEXT_curve_P_384
};
+#endif
const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
{
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
size_t i;
/* ECC curves from RFC 4492 and RFC 7027 FFDHE group from RFC 8446 */
@@ -206,9 +221,11 @@ const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
if (nid_list[i].group_id == group_id)
return &nid_list[i];
}
+#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
return NULL;
}
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
static uint16_t tls1_nid2group_id(int nid)
{
size_t i;
@@ -219,6 +236,7 @@ static uint16_t tls1_nid2group_id(int nid)
}
return 0;
}
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
/*
* Set *pgroups to the supported groups list and *pgroupslen to
@@ -227,9 +245,10 @@ static uint16_t tls1_nid2group_id(int nid)
void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
size_t *pgroupslen)
{
-
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
/* For Suite B mode only include P-256, P-384 */
switch (tls1_suiteb(s)) {
+# ifndef OPENSSL_NO_EC
case SSL_CERT_FLAG_SUITEB_128_LOS:
*pgroups = suiteb_curves;
*pgroupslen = OSSL_NELEM(suiteb_curves);
@@ -244,6 +263,7 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
*pgroups = suiteb_curves + 1;
*pgroupslen = 1;
break;
+# endif
default:
if (s->ext.supportedgroups == NULL) {
@@ -255,6 +275,10 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
}
break;
}
+#else
+ *pgroups = NULL;
+ *pgroupslen = 0;
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
}
int tls_valid_group(SSL *s, uint16_t group_id, int version)
@@ -268,25 +292,25 @@ int tls_valid_group(SSL *s, uint16_t group_id, int version)
return 1;
}
-/* See if curve is allowed by security callback */
-int tls_curve_allowed(SSL *s, uint16_t curve, int op)
+/* See if group is allowed by security callback */
+int tls_group_allowed(SSL *s, uint16_t group, int op)
{
- const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve);
- unsigned char ctmp[2];
+ const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group);
+ unsigned char gtmp[2];
- if (cinfo == NULL)
+ if (ginfo == NULL)
return 0;
-# ifdef OPENSSL_NO_EC2M
- if (cinfo->flags & TLS_GROUP_CURVE_CHAR2)
+#ifdef OPENSSL_NO_EC2M
+ if (ginfo->flags & TLS_GROUP_CURVE_CHAR2)
return 0;
-# endif
-# ifdef OPENSSL_NO_DH
- if (cinfo->flags & TLS_GROUP_FFDHE)
+#endif
+#ifdef OPENSSL_NO_DH
+ if (ginfo->flags & TLS_GROUP_FFDHE)
return 0;
-# endif
- ctmp[0] = curve >> 8;
- ctmp[1] = curve & 0xff;
- return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
+#endif
+ gtmp[0] = group >> 8;
+ gtmp[1] = group & 0xff;
+ return ssl_security(s, op, ginfo->secbits, ginfo->nid, (void *)gtmp);
}
/* Return 1 if "id" is in "list" */
@@ -349,7 +373,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch)
uint16_t id = pref[i];
if (!tls1_in_list(id, supp, num_supp)
- || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED))
+ || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED))
continue;
if (nmatch == k)
return id;
@@ -364,6 +388,7 @@ uint16_t tls1_shared_group(SSL *s, int nmatch)
int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *groups, size_t ngroups)
{
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
uint16_t *glist;
size_t i;
/*
@@ -402,30 +427,36 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen,
err:
OPENSSL_free(glist);
return 0;
+#else
+ return 0;
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
}
-# define MAX_CURVELIST OSSL_NELEM(nid_list)
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+# define MAX_GROUPLIST OSSL_NELEM(nid_list)
typedef struct {
size_t nidcnt;
- int nid_arr[MAX_CURVELIST];
+ int nid_arr[MAX_GROUPLIST];
} nid_cb_st;
static int nid_cb(const char *elem, int len, void *arg)
{
nid_cb_st *narg = arg;
size_t i;
- int nid;
+ int nid = NID_undef;
char etmp[20];
if (elem == NULL)
return 0;
- if (narg->nidcnt == MAX_CURVELIST)
+ if (narg->nidcnt == MAX_GROUPLIST)
return 0;
if (len > (int)(sizeof(etmp) - 1))
return 0;
memcpy(etmp, elem, len);
etmp[len] = 0;
+# ifndef OPENSSL_NO_EC
nid = EC_curve_nist2nid(etmp);
+# endif
if (nid == NID_undef)
nid = OBJ_sn2nid(etmp);
if (nid == NID_undef)
@@ -438,10 +469,12 @@ static int nid_cb(const char *elem, int len, void *arg)
narg->nid_arr[narg->nidcnt++] = nid;
return 1;
}
+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
/* Set groups based on a colon separate list */
int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str)
{
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
nid_cb_st ncb;
ncb.nidcnt = 0;
if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
@@ -449,64 +482,9 @@ int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str)
if (pext == NULL)
return 1;
return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
-}
-/* Return group id of a key */
-static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
-{
- EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
- const EC_GROUP *grp;
-
- if (ec == NULL)
- return 0;
- grp = EC_KEY_get0_group(ec);
- return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
-}
-
-/* Check a key is compatible with compression extension */
-static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
-{
- const EC_KEY *ec;
- const EC_GROUP *grp;
- unsigned char comp_id;
- size_t i;
-
- /* If not an EC key nothing to check */
- if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
- return 1;
- ec = EVP_PKEY_get0_EC_KEY(pkey);
- grp = EC_KEY_get0_group(ec);
-
- /* Get required compression id */
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
- comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
- } else if (SSL_IS_TLS13(s)) {
- /*
- * ec_point_formats extension is not used in TLSv1.3 so we ignore
- * this check.
- */
- return 1;
- } else {
- int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
-
- if (field_type == NID_X9_62_prime_field)
- comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
- else if (field_type == NID_X9_62_characteristic_two_field)
- comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- else
- return 0;
- }
- /*
- * If point formats extension present check it, otherwise everything is
- * supported (see RFC4492).
- */
- if (s->session->ext.ecpointformats == NULL)
- return 1;
-
- for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
- if (s->session->ext.ecpointformats[i] == comp_id)
- return 1;
- }
+#else
return 0;
+#endif
}
/* Check a group id matches preferences */
@@ -541,7 +519,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
return 0;
}
- if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
+ if (!tls_group_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
return 0;
/* For clients, nothing more to check */
@@ -562,6 +540,7 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
return tls1_in_list(group_id, groups, groups_len);
}
+#ifndef OPENSSL_NO_EC
void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
size_t *num_formats)
{
@@ -581,6 +560,65 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
}
}
+/* Check a key is compatible with compression extension */
+static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
+{
+ const EC_KEY *ec;
+ const EC_GROUP *grp;
+ unsigned char comp_id;
+ size_t i;
+
+ /* If not an EC key nothing to check */
+ if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+ return 1;
+ ec = EVP_PKEY_get0_EC_KEY(pkey);
+ grp = EC_KEY_get0_group(ec);
+
+ /* Get required compression id */
+ if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+ comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+ } else if (SSL_IS_TLS13(s)) {
+ /*
+ * ec_point_formats extension is not used in TLSv1.3 so we ignore
+ * this check.
+ */
+ return 1;
+ } else {
+ int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
+
+ if (field_type == NID_X9_62_prime_field)
+ comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+ else if (field_type == NID_X9_62_characteristic_two_field)
+ comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+ else
+ return 0;
+ }
+ /*
+ * If point formats extension present check it, otherwise everything is
+ * supported (see RFC4492).
+ */
+ if (s->session->ext.ecpointformats == NULL)
+ return 1;
+
+ for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
+ if (s->session->ext.ecpointformats[i] == comp_id)
+ return 1;
+ }
+ return 0;
+}
+
+/* Return group id of a key */
+static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
+{
+ EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+ const EC_GROUP *grp;
+
+ if (ec == NULL)
+ return 0;
+ grp = EC_KEY_get0_group(ec);
+ return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
+}
+
/*
* Check cert parameters compatible with extensions: currently just checks EC
* certificates have compatible curves and compression.
diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t
index a6b812a..0ccbc8e 100644
--- a/test/recipes/70-test_clienthello.t
+++ b/test/recipes/70-test_clienthello.t
@@ -15,6 +15,10 @@ setup("test_clienthello");
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
+#No EC with TLSv1.3 confuses the padding calculations in this test
+plan skip_all => "No EC with TLSv1.3 is not supported by this test"
+ if disabled("ec") && !disabled("tls1_3");
+
plan tests => 1;
ok(run(test(["clienthellotest", srctop_file("test", "session.pem")])),
diff --git a/test/recipes/70-test_key_share.t b/test/recipes/70-test_key_share.t
index eeec055..b5b0190 100644
--- a/test/recipes/70-test_key_share.t
+++ b/test/recipes/70-test_key_share.t
@@ -36,7 +36,9 @@ use constant {
use constant {
X25519 => 0x1d,
- P_256 => 0x17
+ P_256 => 0x17,
+ FFDHE2048 => 0x0100,
+ FFDHE3072 => 0x0101
};
my $testtype;
@@ -74,7 +76,11 @@ my $proxy = TLSProxy::Proxy->new(
$testtype = EMPTY_EXTENSION;
$direction = CLIENT_TO_SERVER;
$proxy->filter(\&modify_key_shares_filter);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe3072");
+} else {
+ $proxy->serverflags("-groups P-256");
+}
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 22;
ok(TLSProxy::Message->success(), "Success after HRR");
@@ -95,31 +101,52 @@ ok(TLSProxy::Message->fail(), "Missing key_shares extension");
# HelloRetryRequest
$proxy->clear();
$proxy->filter(undef);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe3072");
+} else {
+ $proxy->serverflags("-groups P-256");
+}
$proxy->start();
ok(TLSProxy::Message->success(), "No initial acceptable key_shares");
#Test 5: No acceptable key_shares and no shared groups should fail
$proxy->clear();
$proxy->filter(undef);
-$proxy->serverflags("-curves P-256");
-$proxy->clientflags("-curves P-384");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe2048");
+} else {
+ $proxy->serverflags("-groups P-256");
+}
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072");
+} else {
+ $proxy->clientflags("-groups P-384");
+}
$proxy->start();
ok(TLSProxy::Message->fail(), "No acceptable key_shares");
#Test 6: A non preferred but acceptable key_share should succeed
$proxy->clear();
$proxy->clientflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072");
+} else {
+ $proxy->clientflags("-groups P-256");
+}
$proxy->start();
ok(TLSProxy::Message->success(), "Non preferred key_share");
$proxy->filter(\&modify_key_shares_filter);
-#Test 7: An acceptable key_share after a list of non-acceptable ones should
-#succeed
-$proxy->clear();
-$testtype = ACCEPTABLE_AT_END;
-$proxy->start();
-ok(TLSProxy::Message->success(), "Acceptable key_share at end of list");
+SKIP: {
+ skip "No ec support in this OpenSSL build", 1 if disabled("ec");
+
+ #Test 7: An acceptable key_share after a list of non-acceptable ones should
+ #succeed
+ $proxy->clear();
+ $testtype = ACCEPTABLE_AT_END;
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Acceptable key_share at end of list");
+}
#Test 8: An acceptable key_share but for a group not in supported_groups should
#fail
@@ -156,22 +183,45 @@ ok(TLSProxy::Message->fail(), "key_share list trailing data");
$proxy->clear();
$direction = SERVER_TO_CLIENT;
$testtype = LOOK_ONLY;
-$proxy->clientflags("-curves P-256:X25519");
+$selectedgroupid = 0;
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072:ffdhe2048");
+} else {
+ $proxy->clientflags("-groups P-256:X25519");
+}
$proxy->start();
-ok(TLSProxy::Message->success() && ($selectedgroupid == P_256),
- "Multiple acceptable key_shares");
+if (disabled("ec")) {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == FFDHE3072),
+ "Multiple acceptable key_shares");
+} else {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == P_256),
+ "Multiple acceptable key_shares");
+}
#Test 14: Multiple acceptable key_shares - we choose the first one (part 2)
$proxy->clear();
-$proxy->clientflags("-curves X25519:P-256");
+if (disabled("ec")) {
+ $proxy->clientflags("-curves ffdhe2048:ffdhe3072");
+} else {
+ $proxy->clientflags("-curves X25519:P-256");
+}
$proxy->start();
-ok(TLSProxy::Message->success() && ($selectedgroupid == X25519),
- "Multiple acceptable key_shares (part 2)");
+if (disabled("ec")) {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == FFDHE2048),
+ "Multiple acceptable key_shares (part 2)");
+} else {
+ ok(TLSProxy::Message->success() && ($selectedgroupid == X25519),
+ "Multiple acceptable key_shares (part 2)");
+}
#Test 15: Server sends key_share that wasn't offered should fail
$proxy->clear();
$testtype = SELECT_X25519;
-$proxy->clientflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->clientflags("-groups ffdhe3072");
+} else {
+ $proxy->clientflags("-groups P-256");
+}
$proxy->start();
ok(TLSProxy::Message->fail(), "Non offered key_share");
@@ -229,7 +279,11 @@ SKIP: {
$proxy->clear();
$direction = SERVER_TO_CLIENT;
$testtype = NO_KEY_SHARES_IN_HRR;
-$proxy->serverflags("-curves X25519");
+if (disabled("ec")) {
+ $proxy->serverflags("-groups ffdhe2048");
+} else {
+ $proxy->serverflags("-groups X25519");
+}
$proxy->start();
ok(TLSProxy::Message->fail(), "Server sends HRR with no key_shares");
diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t
index e725b44..93d7f47 100644
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -217,7 +217,10 @@ SKIP: {
$proxy->clientflags("-no_tls1_3 -noservername");
$proxy->start();
ok($fatal_alert, "Unsolicited server name extension");
-
+}
+SKIP: {
+ skip "TLS <= 1.2 disabled or EC disabled", 1
+ if $no_below_tls13 || disabled("ec");
#Test 5: Inject a noncompliant supported_groups extension (<= TLSv1.2)
$proxy->clear();
$proxy->filter(\&inject_unsolicited_extension);
diff --git a/test/recipes/70-test_tls13cookie.t b/test/recipes/70-test_tls13cookie.t
index 3f324e3..aef2cf8 100644
--- a/test/recipes/70-test_tls13cookie.t
+++ b/test/recipes/70-test_tls13cookie.t
@@ -46,17 +46,27 @@ my $testtype;
#Test 1: Inserting a cookie into an HRR should see it echoed in the ClientHello
$testtype = COOKIE_ONLY;
$proxy->filter(\&cookie_filter);
-$proxy->serverflags("-curves X25519");
+$proxy->serverflags("-curves X25519") if !disabled("ec");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 2;
-ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");
+SKIP: {
+ skip "EC disabled", 1, if disabled("ec");
+ ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");
+}
+
+
#Test 2: Same as test 1 but should also work where a new key_share is also
# required
$testtype = COOKIE_AND_KEY_SHARE;
$proxy->clear();
-$proxy->clientflags("-curves P-256:X25519");
-$proxy->serverflags("-curves X25519");
+if (disabled("ec")) {
+ $proxy->clientflags("-curves ffdhe3072:ffdhe2048");
+ $proxy->serverflags("-curves ffdhe2048");
+} else {
+ $proxy->clientflags("-curves P-256:X25519");
+ $proxy->serverflags("-curves X25519");
+}
$proxy->start();
ok(TLSProxy::Message->success() && $cookieseen == 1, "Cookie seen");
diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t
index 44ca041..8f6e54e 100644
--- a/test/recipes/70-test_tls13hrr.t
+++ b/test/recipes/70-test_tls13hrr.t
@@ -43,7 +43,11 @@ use constant {
#Test 1: A client should fail if the server changes the ciphersuite between the
# HRR and the SH
$proxy->filter(\&hrr_filter);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
my $testtype = CHANGE_HRR_CIPHERSUITE;
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 2;
@@ -52,7 +56,11 @@ ok(TLSProxy::Message->fail(), "Server ciphersuite changes");
#Test 2: It is an error if the client changes the offered ciphersuites so that
# we end up selecting a different ciphersuite between HRR and the SH
$proxy->clear();
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
$proxy->ciphersuitess("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
$testtype = CHANGE_CH1_CIPHERSUITE;
$proxy->start();
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t
index 3650601..069d614 100644
--- a/test/recipes/70-test_tls13kexmodes.t
+++ b/test/recipes/70-test_tls13kexmodes.t
@@ -28,6 +28,9 @@ plan skip_all => "$test_name needs the sock feature enabled"
plan skip_all => "$test_name needs TLSv1.3 enabled"
if disabled("tls1_3");
+plan skip_all => "$test_name needs EC enabled"
+ if disabled("ec");
+
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t
index e961528..a3fc35e4 100644
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -28,6 +28,9 @@ plan skip_all => "$test_name needs the sock feature enabled"
plan skip_all => "$test_name needs TLSv1.3 enabled"
if disabled("tls1_3");
+plan skip_all => "$test_name needs EC enabled"
+ if disabled("ec");
+
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t
index 40e6ed1..11031f3f 100644
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -66,7 +66,11 @@ ok(TLSProxy::Message->fail(), "PSK not last");
# ciphersuite. Should see PSK on second ClientHello
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
$proxy->filter(undef);
$proxy->start();
#Check if the PSK is present in the second ClientHello
@@ -81,7 +85,11 @@ ok($pskseen, "PSK hash matches");
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->filter(\&modify_psk_filter);
-$proxy->serverflags("-curves P-256");
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
$proxy->ciphersuitesc("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384");
$proxy->ciphersuitess("TLS_AES_256_GCM_SHA384");
#We force an early failure because TLS Proxy doesn't actually support
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 31c4399..04a0c13 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -59,7 +59,7 @@ my %conf_dependent_tests = (
|| !disabled("sctp"),
"05-sni.conf" => disabled("tls1_1"),
"07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),
- "10-resumption.conf" => !$is_default_tls,
+ "10-resumption.conf" => !$is_default_tls || $no_ec,
"11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"),
"16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"),
"17-renegotiate.conf" => disabled("tls1_2"),
diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t
index d4f27b8..b01243f 100644
--- a/test/recipes/90-test_gost.t
+++ b/test/recipes/90-test_gost.t
@@ -21,6 +21,10 @@ plan skip_all => "GOST support is disabled in this OpenSSL build"
plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
if disabled("tls1_3") || disabled("tls1_2");
+plan skip_all => "EC is disabled in this OpenSSL build"
+ if disabled("ec");
+
+
plan skip_all => "No test GOST engine found"
if !$ENV{OPENSSL_GOST_ENGINE_SO};
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index 6c2e778..6923e21 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -252,7 +252,7 @@ sub generate_resumption_tests {
"client" => {
},
"server" => {
- "Curves" => "P-256"
+ "Curves" => disabled("ec") ? "ffdhe3072" : "P-256"
},
"resume_client" => {
},
diff --git a/test/sslapitest.c b/test/sslapitest.c
index efa42a0..9a993f7 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -2960,8 +2960,13 @@ static int early_data_skip_helper(int testtype, int idx)
if (testtype == 1 || testtype == 2) {
/* Force an HRR to occur */
+#if defined(OPENSSL_NO_EC)
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
+ goto end;
+#else
if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
goto end;
+#endif
} else if (idx == 2) {
/*
* We force early_data rejection by ensuring the PSK identity is
@@ -3738,8 +3743,8 @@ static int test_ciphersuite_change(void)
/*
* Test TLSv1.3 Key exchange
* Test 0 = Test ECDHE Key exchange
- * Test 1 = Test FFDHE Key exchange
- * Test 2 = Test ECDHE with TLSv1.2 client and TLSv1.2 server
+ * Test 1 = Test ECDHE with TLSv1.2 client and TLSv1.2 server
+ * Test 2 = Test FFDHE Key exchange
* Test 3 = Test FFDHE with TLSv1.2 client and TLSv1.2 server
*/
static int test_tls13_key_exchange(int idx)
@@ -3747,8 +3752,10 @@ static int test_tls13_key_exchange(int idx)
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
+#ifndef OPENSSL_NO_EC
int ecdhe_kexch_groups[] = {NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
NID_X25519, NID_X448};
+#endif
#ifndef OPENSSL_NO_DH
int ffdhe_kexch_groups[] = {NID_ffdhe2048, NID_ffdhe3072, NID_ffdhe4096,
NID_ffdhe6144, NID_ffdhe8192};
@@ -3761,32 +3768,22 @@ static int test_tls13_key_exchange(int idx)
int expected_err_reason = 0;
switch (idx) {
- case 0:
- kexch_groups = ecdhe_kexch_groups;
- kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
- break;
#ifndef OPENSSL_NO_DH
- case 1:
+ case 3:
+ max_version = TLS1_2_VERSION;
+ /* Fall through */
+ case 2:
kexch_groups = ffdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
break;
#endif
- case 2:
+#ifndef OPENSSL_NO_EC
+ case 1:
+ max_version = TLS1_2_VERSION;
+ /* Fall through */
+ case 0:
kexch_groups = ecdhe_kexch_groups;
kexch_groups_size = OSSL_NELEM(ecdhe_kexch_groups);
- max_version = TLS1_2_VERSION;
- expected_err_func = SSL_F_TLS_POST_PROCESS_CLIENT_HELLO;
- expected_err_reason = SSL_R_NO_SHARED_CIPHER;
- want_err = SSL_ERROR_SSL;
- break;
-#ifndef OPENSSL_NO_DH
- case 3:
- kexch_groups = ffdhe_kexch_groups;
- kexch_groups_size = OSSL_NELEM(ffdhe_kexch_groups);
- max_version = TLS1_2_VERSION;
- want_err = SSL_ERROR_SSL;
- expected_err_func = SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS;
- expected_err_reason = ERR_R_INTERNAL_ERROR;
break;
#endif
default:
@@ -3805,10 +3802,16 @@ static int test_tls13_key_exchange(int idx)
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, TLS1_3_RFC_AES_128_GCM_SHA256)))
goto end;
- if (!TEST_true(SSL_CTX_set_cipher_list(sctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM)))
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, TLS1_TXT_RSA_WITH_AES_128_SHA)))
goto end;
- if (!TEST_true(SSL_CTX_set_cipher_list(cctx, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM)))
+ /*
+ * Must include an EC ciphersuite so that we send supported groups in
+ * TLSv1.2
+ */
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM ":"
+ TLS1_TXT_RSA_WITH_AES_128_SHA)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
@@ -3828,14 +3831,20 @@ static int test_tls13_key_exchange(int idx)
/* Fail if expected error is not happening for failure testcases */
if (expected_err_func) {
unsigned long err_code = ERR_get_error();
+ ERR_print_errors_fp(stdout);
if (TEST_int_eq(ERR_GET_FUNC(err_code), expected_err_func)
&& TEST_int_eq(ERR_GET_REASON(err_code), expected_err_reason))
testresult = 1;
goto end;
}
- /* If Handshake succeeds the negotiated kexch alg should the first one in configured */
- if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0), kexch_groups[0]))
+ /*
+ * If Handshake succeeds the negotiated kexch alg should the first one in
+ * configured, except in the case of FFDHE groups which are TLSv1.3 only
+ * so we expect no shared group to exist.
+ */
+ if (!TEST_int_eq(SSL_get_shared_group(serverssl, 0),
+ idx == 3 ? 0 : kexch_groups[0]))
goto end;
testresult = 1;
@@ -3990,8 +3999,13 @@ static int test_tls13_psk(int idx)
goto end;
/* Force an HRR */
+#if defined(OPENSSL_NO_EC)
+ if (!TEST_true(SSL_set1_groups_list(serverssl, "ffdhe3072")))
+ goto end;
+#else
if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
goto end;
+#endif
/*
* Check we can create a connection, the PSK is used and the callbacks are
diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c
index d89354c..1d0a268 100644
--- a/test/tls13ccstest.c
+++ b/test/tls13ccstest.c
@@ -315,8 +315,15 @@ static int test_tls13ccs(int tst)
if ((tst >= 3 && tst <= 5) || tst >= 9) {
/* HRR handshake */
+#if defined(OPENSSL_NO_EC)
+# if !defined(OPENSSL_NO_DH)
+ if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "ffdhe3072")))
+ goto err;
+# endif
+#else
if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "P-256")))
goto err;
+#endif
}
s_to_c_fbio = BIO_new(bio_f_watchccs_filter());
More information about the openssl-commits
mailing list