diff --git a/src/ssl.c b/src/ssl.c index d2e45894fd..eabd5ec6fa 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -412,50 +412,6 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local) #include -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -const WOLF_EC_NIST_NAME kNistCurves[] = { - {XSTR_SIZEOF("P-192"), "P-192", NID_X9_62_prime192v1}, - {XSTR_SIZEOF("P-256"), "P-256", NID_X9_62_prime256v1}, - {XSTR_SIZEOF("P-112"), "P-112", NID_secp112r1}, - {XSTR_SIZEOF("P-112-2"), "P-112-2", NID_secp112r2}, - {XSTR_SIZEOF("P-128"), "P-128", NID_secp128r1}, - {XSTR_SIZEOF("P-128-2"), "P-128-2", NID_secp128r2}, - {XSTR_SIZEOF("P-160"), "P-160", NID_secp160r1}, - {XSTR_SIZEOF("P-160-2"), "P-160-2", NID_secp160r2}, - {XSTR_SIZEOF("P-224"), "P-224", NID_secp224r1}, - {XSTR_SIZEOF("P-384"), "P-384", NID_secp384r1}, - {XSTR_SIZEOF("P-521"), "P-521", NID_secp521r1}, - {XSTR_SIZEOF("K-160"), "K-160", NID_secp160k1}, - {XSTR_SIZEOF("K-192"), "K-192", NID_secp192k1}, - {XSTR_SIZEOF("K-224"), "K-224", NID_secp224k1}, - {XSTR_SIZEOF("K-256"), "K-256", NID_secp256k1}, - {XSTR_SIZEOF("B-160"), "B-160", NID_brainpoolP160r1}, - {XSTR_SIZEOF("B-192"), "B-192", NID_brainpoolP192r1}, - {XSTR_SIZEOF("B-224"), "B-224", NID_brainpoolP224r1}, - {XSTR_SIZEOF("B-256"), "B-256", NID_brainpoolP256r1}, - {XSTR_SIZEOF("B-320"), "B-320", NID_brainpoolP320r1}, - {XSTR_SIZEOF("B-384"), "B-384", NID_brainpoolP384r1}, - {XSTR_SIZEOF("B-512"), "B-512", NID_brainpoolP512r1}, -#ifdef HAVE_PQC - {XSTR_SIZEOF("KYBER_LEVEL1"), "KYBER_LEVEL1", WOLFSSL_KYBER_LEVEL1}, - {XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3}, - {XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5}, -#ifdef HAVE_LIBOQS - {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", - WOLFSSL_P256_KYBER_LEVEL1}, - {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", - WOLFSSL_P384_KYBER_LEVEL3}, - {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", - WOLFSSL_P521_KYBER_LEVEL5}, -#endif -#endif -#ifdef WOLFSSL_SM2 - {XSTR_SIZEOF("SM2"), "SM2", NID_sm2}, -#endif - {0, NULL, 0}, -}; -#endif - #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) /* create the hpke key and ech config to send to clients */ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, @@ -17599,80 +17555,22 @@ int wolfSSL_get_peer_signature_type_nid(const WOLFSSL* ssl, int* nid) #ifdef HAVE_ECC #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) -static int populate_groups(int* groups, int max_count, const char *list) -{ - const char *end; - int count = 0; - const WOLF_EC_NIST_NAME* nist_name; - - if (!groups || !list) { - return -1; - } - - for (end = list; ; list = ++end) { - int len; - - if (count > max_count) { - WOLFSSL_MSG("Too many curves in list"); - return -1; - } - while (*end != ':' && *end != '\0') end++; - len = (int)(end - list); /* end points to char after end - * of curve name so no need for -1 */ - if ((len < kNistCurves_MIN_NAME_LEN) || - (len > kNistCurves_MAX_NAME_LEN)) { - WOLFSSL_MSG("Unrecognized curve name in list"); - return -1; - } - for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { - if (len == nist_name->name_len && - XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) { - break; - } - } - if (!nist_name->name) { - WOLFSSL_MSG("Unrecognized curve name in list"); - return -1; - } - groups[count++] = nist_name->nid; - if (*end == '\0') break; - } - - return count; -} - int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list) { - int groups[WOLFSSL_MAX_GROUP_COUNT]; - int count = 0; - if (!ctx || !list) { return WOLFSSL_FAILURE; } - if ((count = populate_groups(groups, - WOLFSSL_MAX_GROUP_COUNT, list)) == -1) { - return WOLFSSL_FAILURE; - } - - return wolfSSL_CTX_set1_groups(ctx, groups, count); + return set_curves_list(NULL, ctx, list, 0); } int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list) { - int groups[WOLFSSL_MAX_GROUP_COUNT]; - int count = 0; - if (!ssl || !list) { return WOLFSSL_FAILURE; } - if ((count = populate_groups(groups, - WOLFSSL_MAX_GROUP_COUNT, list)) == -1) { - return WOLFSSL_FAILURE; - } - - return wolfSSL_set1_groups(ssl, groups, count); + return set_curves_list(ssl, NULL, list, 0); } #endif /* WOLFSSL_TLS13 */ @@ -21388,7 +21286,55 @@ int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id) #if (defined(HAVE_ECC) || \ defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) -static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names) +#define CURVE_NAME(c) XSTR_SIZEOF((c)), (c) + +const WOLF_EC_NIST_NAME kNistCurves[] = { + {CURVE_NAME("P-160"), NID_secp160r1, WOLFSSL_ECC_SECP160R1}, + {CURVE_NAME("P-160-2"), NID_secp160r2, WOLFSSL_ECC_SECP160R2}, + {CURVE_NAME("P-192"), NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1}, + {CURVE_NAME("P-224"), NID_secp224r1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("P-256"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("P-384"), NID_secp384r1, WOLFSSL_ECC_SECP384R1}, + {CURVE_NAME("P-521"), NID_secp521r1, WOLFSSL_ECC_SECP521R1}, + {CURVE_NAME("K-160"), NID_secp160k1, WOLFSSL_ECC_SECP160K1}, + {CURVE_NAME("K-192"), NID_secp192k1, WOLFSSL_ECC_SECP192K1}, + {CURVE_NAME("K-224"), NID_secp224k1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("K-256"), NID_secp256k1, WOLFSSL_ECC_SECP256K1}, + {CURVE_NAME("B-256"), NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1}, + {CURVE_NAME("B-384"), NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1}, + {CURVE_NAME("B-512"), NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1}, +#ifdef HAVE_CURVE25519 + {CURVE_NAME("X25519"), NID_X25519, WOLFSSL_ECC_X25519}, +#endif +#ifdef HAVE_CURVE448 + {CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448}, +#endif +#ifdef HAVE_PQC + {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1}, +#ifdef HAVE_LIBOQS + {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1}, +#endif +#endif +#ifdef WOLFSSL_SM2 + {CURVE_NAME("SM2"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, +#endif + /* Alternative curve names */ + {CURVE_NAME("prime256v1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("secp256r1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("secp384r1"), NID_secp384r1, WOLFSSL_ECC_SECP384R1}, + {CURVE_NAME("secp521r1"), NID_secp521r1, WOLFSSL_ECC_SECP521R1}, +#ifdef WOLFSSL_SM2 + {CURVE_NAME("sm2p256v1"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, +#endif + {0, NULL, 0, 0}, +}; + +int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, + byte curves_only) { int idx, start = 0, len, i, ret = WOLFSSL_FAILURE; word16 curve; @@ -21401,6 +21347,7 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names) #else int groups[WOLFSSL_MAX_GROUP_COUNT]; #endif + const WOLF_EC_NIST_NAME* nist_name; #ifdef WOLFSSL_SMALL_STACK groups = (int*)XMALLOC(sizeof(int)*WOLFSSL_MAX_GROUP_COUNT, @@ -21420,45 +21367,18 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names) goto leave; XMEMCPY(name, names + start, len); - name[len++] = 0; + name[len] = 0; + curve = WOLFSSL_NAMED_GROUP_INVALID; - /* Use XSTRNCMP to avoid valgrind error. */ - if ((XSTRNCMP(name, "prime256v1", len) == 0) || - (XSTRNCMP(name, "secp256r1", len) == 0) || - (XSTRNCMP(name, "P-256", len) == 0)) - { - curve = WOLFSSL_ECC_SECP256R1; - } - else if ((XSTRNCMP(name, "secp384r1", len) == 0) || - (XSTRNCMP(name, "P-384", len) == 0)) - { - curve = WOLFSSL_ECC_SECP384R1; - } - else if ((XSTRNCMP(name, "secp521r1", len) == 0) || - (XSTRNCMP(name, "P-521", len) == 0)) - { - curve = WOLFSSL_ECC_SECP521R1; - } - #ifdef WOLFSSL_SM2 - else if ((XSTRNCMP(name, "sm2p256v1", len) == 0) || - (XSTRNCMP(name, "SM2", len) == 0)) - { - curve = WOLFSSL_ECC_SM2P256V1; - } - #endif - #ifdef HAVE_CURVE25519 - else if (XSTRNCMP(name, "X25519", len) == 0) - { - curve = WOLFSSL_ECC_X25519; - } - #endif - #ifdef HAVE_CURVE448 - else if (XSTRNCMP(name, "X448", len) == 0) - { - curve = WOLFSSL_ECC_X448; + for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { + if (len == nist_name->name_len && + XSTRNCMP(name, nist_name->name, len) == 0) { + curve = nist_name->curve; + break; + } } - #endif - else { + + if (curve == WOLFSSL_NAMED_GROUP_INVALID) { #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(HAVE_ECC) int nret; const ecc_set_type *eccSet; @@ -21482,7 +21402,8 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names) #endif } - if (curve >= WOLFSSL_ECC_MAX_AVAIL) { + if ((curves_only && curve >= WOLFSSL_ECC_MAX_AVAIL) || + curve == WOLFSSL_NAMED_GROUP_INVALID) { WOLFSSL_MSG("curve value is not supported"); goto leave; } @@ -21564,7 +21485,7 @@ int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) WOLFSSL_MSG("ctx or names was NULL"); return WOLFSSL_FAILURE; } - return set_curves_list(NULL, ctx, names); + return set_curves_list(NULL, ctx, names, 1); } int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) @@ -21574,7 +21495,7 @@ int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) WOLFSSL_MSG("ssl or names was NULL"); return WOLFSSL_FAILURE; } - return set_curves_list(ssl, NULL, names); + return set_curves_list(ssl, NULL, names, 1); } #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */ #endif /* OPENSSL_EXTRA || HAVE_CURL */ diff --git a/tests/api.c b/tests/api.c index ae82325c21..aa0e3ea529 100644 --- a/tests/api.c +++ b/tests/api.c @@ -55214,15 +55214,21 @@ static int test_tls13_apis(void) #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) char groupList[] = +#ifdef HAVE_CURVE25519 + "X25519:" +#endif +#ifdef HAVE_CURVE448 + "X448:" +#endif #ifndef NO_ECC_SECP #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 - "P-521:" + "P-521:secp521r1:" #endif #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 - "P-384:" + "P-384:secp384r1:" #endif #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 - "P-256" + "P-256:secp256r1" #if defined(HAVE_PQC) && defined(HAVE_LIBOQS) ":P256_KYBER_LEVEL1" #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a7780768ba..f269959b1b 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1768,7 +1768,7 @@ enum Misc { ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ #endif MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */ - MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */ + MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ @@ -6117,16 +6117,11 @@ typedef struct { int name_len; const char *name; int nid; + word16 curve; } WOLF_EC_NIST_NAME; extern const WOLF_EC_NIST_NAME kNistCurves[]; -/* This is the longest and shortest curve name in the kNistCurves list. Note we - * also have quantum-safe group names as well. */ -#define kNistCurves_MIN_NAME_LEN 5 -#ifdef HAVE_PQC -#define kNistCurves_MAX_NAME_LEN 32 -#else -#define kNistCurves_MAX_NAME_LEN 7 -#endif +WOLFSSL_LOCAL int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, + const char* names, byte curves_only); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ /* internal functions */ diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 23ef5e9a29..dfd754f0d7 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -74,9 +74,15 @@ enum { #ifdef HAVE_ED448 NID_ED448 = ED448k, #endif +#ifdef HAVE_CURVE448 + NID_X448 = X448k, +#endif #ifdef HAVE_ED25519 NID_ED25519 = ED25519k, #endif +#ifdef HAVE_CURVE25519 + NID_X25519 = X25519k, +#endif OPENSSL_EC_EXPLICIT_CURVE = 0x000, OPENSSL_EC_NAMED_CURVE = 0x001,