Problem statement: Currently, only internal(ly implemented) groups can be TLS default groups as per this static, "manually prepared" list:
|
/* The default curves */ |
|
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) |
|
static const uint16_t supported_groups_default[] = { |
|
# ifndef OPENSSL_NO_EC |
|
29, /* X25519 (29) */ |
|
23, /* secp256r1 (23) */ |
|
30, /* X448 (30) */ |
|
25, /* secp521r1 (25) */ |
|
24, /* secp384r1 (24) */ |
|
# endif |
|
# ifndef OPENSSL_NO_GOST |
|
34, /* GC256A (34) */ |
|
35, /* GC256B (35) */ |
|
36, /* GC256C (36) */ |
|
37, /* GC256D (37) */ |
|
38, /* GC512A (38) */ |
|
39, /* GC512B (39) */ |
|
40, /* GC512C (40) */ |
|
# endif |
|
# ifndef OPENSSL_NO_DH |
|
0x100, /* ffdhe2048 (0x100) */ |
|
0x101, /* ffdhe3072 (0x101) */ |
|
0x102, /* ffdhe4096 (0x102) */ |
|
0x103, /* ffdhe6144 (0x103) */ |
|
0x104, /* ffdhe8192 (0x104) */ |
|
# endif |
|
}; |
|
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ |
(Runtime) changes to this list require use of
-groups (CLI) or
SSL_set1_groups_list (API) calls.
Changing this way can be tedious (in testing) or error-prone (if working with external provider groups). Also, in case of absence of (these) groups (e.g., if EC+DH are not present as discussed here) this list can turn empty even though providers may have been registered with alternative groups (e.g., tls-provider).
The proposal is to make the currently static data structure supported_groups_default dynamic and populate it with group IDs suitably tagged when loading all providers here. This may be done by adding the flag default_group to this data structure:
|
typedef struct tls_group_info_st { |
|
char *tlsname; /* Curve Name as in TLS specs */ |
|
char *realname; /* Curve Name according to provider */ |
|
char *algorithm; /* Algorithm name to fetch */ |
|
unsigned int secbits; /* Bits of security (from SP800-57) */ |
|
uint16_t group_id; /* Group ID */ |
|
int mintls; /* Minimum TLS version, -1 unsupported */ |
|
int maxtls; /* Maximum TLS version (or 0 for undefined) */ |
|
int mindtls; /* Minimum DTLS version, -1 unsupported */ |
|
int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ |
|
char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ |
and evaluating it when loading the groups from providers.
I'd volunteer adding this logic if this feature is deemed desirable. Effort seems not overly big.
