grpc 1.80.0 → 1.81.0

data/src/core/tsi/ssl_transport_security.cc

@@ -55,6 +55,7 @@
 #include <memory>
 #include <optional>
 #include <string>
+#include <vector>
 
 #include "src/core/credentials/transport/tls/grpc_tls_crl_provider.h"
 #include "src/core/credentials/transport/tls/ssl_utils.h"
@@ -80,6 +81,7 @@
 #include "absl/strings/match.h"
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_cat.h"
+#include "absl/strings/str_join.h"
 #include "absl/strings/string_view.h"
 
 // Name of the environment variable controlling OpenSSL cleanup timeout.
@@ -120,9 +122,6 @@ struct tsi_ssl_root_certs_store {
 struct tsi_ssl_handshaker_factory {
   const tsi_ssl_handshaker_factory_vtable* vtable;
   gpr_refcount refcount;
-#if defined(OPENSSL_IS_BORINGSSL)
-  std::shared_ptr<grpc_core::PrivateKeySigner> key_signer;
-#endif
 };
 
 static void tsi_ssl_handshaker_factory_unref(
@@ -136,6 +135,28 @@ struct tsi_ssl_client_handshaker_factory {
   grpc_core::RefCountedPtr<tsi::SslSessionLRUCache> session_cache;
   grpc_core::RefCountedPtr<TlsSessionKeyLogger> key_logger;
   std::shared_ptr<tsi::RootCertInfo> root_cert_info;
+#if defined(OPENSSL_IS_BORINGSSL)
+  std::shared_ptr<grpc_core::PrivateKeySigner> key_signer;
+#endif
+};
+
+// Wrapper of the SSL_CTX for use on the server side. In addition to the
+// SSL_CTX, it carries extra state that is needed for the server side SSL
+// handshake, e.g. the server name for checking whether this SSL_CTX
+// corresponds to a particular SNI.
+struct SslContext {
+  SSL_CTX* ssl_ctx = nullptr;
+  tsi_peer x509_subject_name;
+#if defined(OPENSSL_IS_BORINGSSL)
+  std::shared_ptr<grpc_core::PrivateKeySigner> key_signer;
+#endif
+
+  ~SslContext() {
+    if (ssl_ctx != nullptr) {
+      SSL_CTX_free(ssl_ctx);
+      tsi_peer_destruct(&x509_subject_name);
+    }
+  }
 };
 
 struct tsi_ssl_server_handshaker_factory {
@@ -143,9 +164,7 @@ struct tsi_ssl_server_handshaker_factory {
   // The tsi_peer array contains the subject names of the server certificates
   // associated with the contexts at the same index.
   tsi_ssl_handshaker_factory base;
-  SSL_CTX** ssl_contexts;
-  tsi_peer* ssl_context_x509_subject_names;
-  size_t ssl_context_count;
+  std::vector<SslContext> ssl_contexts;
   unsigned char* alpn_protocol_list;
   size_t alpn_protocol_list_length;
   grpc_core::RefCountedPtr<TlsSessionKeyLogger> key_logger;
@@ -196,6 +215,7 @@ struct tsi_ssl_handshaker : public tsi_handshaker,
     *handshaker_next_args->error_ptr = std::move(error);
   }
 #if defined(OPENSSL_IS_BORINGSSL)
+  std::shared_ptr<grpc_core::PrivateKeySigner> key_signer;
   // The signed_bytes are populated when the signature process is completed if
   // the Private Key offload was successful. If there was an error during the
   // signature, the status will be returned.
@@ -441,15 +461,13 @@ enum ssl_private_key_result_t TlsPrivateKeySignWrapper(
     handshaker->MaybeSetError(algorithm.status().ToString());
     return ssl_private_key_failure;
   }
-  grpc_core::PrivateKeySigner* signer =
-      handshaker->factory_ref->key_signer.get();
-  if (signer == nullptr) {
+  if (handshaker->key_signer == nullptr) {
     handshaker->MaybeSetError("PrivateKeySigner is null");
     return ssl_private_key_failure;
   }
-  auto result =
-      signer->Sign(absl::string_view(reinterpret_cast<const char*>(in), in_len),
-                   *algorithm, done_callback);
+  auto result = handshaker->key_signer->Sign(
+      absl::string_view(reinterpret_cast<const char*>(in), in_len), *algorithm,
+      done_callback);
   // Handle synchronous return.
   return grpc_core::MatchMutable(
       &result,
@@ -474,9 +492,6 @@ const SSL_PRIVATE_KEY_METHOD TlsOffloadPrivateKeyMethod = {
 #if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE)
 static const char kSslEnginePrefix[] = "engine:";
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x30000000
-static const int kSslEcCurveNames[] = {NID_X9_62_prime256v1};
-#endif
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000
 static gpr_mu* g_openssl_mutexes = nullptr;
@@ -1133,7 +1148,8 @@ static tsi_result ssl_ctx_load_verification_certs(SSL_CTX* context,
 // cipher list and the ephemeral ECDH key.
 static tsi_result populate_ssl_context(
     SSL_CTX* context, const tsi_ssl_pem_key_cert_pair* key_cert_pair,
-    const char* cipher_list) {
+    const char* cipher_list,
+    const std::vector<grpc_tls_key_exchange_group>& key_exchange_groups) {
   tsi_result result = TSI_OK;
   if (key_cert_pair != nullptr) {
     if (!key_cert_pair->cert_chain.empty()) {
@@ -1177,7 +1193,30 @@ static tsi_result populate_ssl_context(
     LOG(ERROR) << "Invalid cipher list: " << cipher_list;
     return TSI_INVALID_ARGUMENT;
   }
-  {
+  if (!key_exchange_groups.empty()) {
+    std::vector<absl::string_view> group_names;
+    group_names.reserve(key_exchange_groups.size());
+    for (const auto& group : key_exchange_groups) {
+      auto group_name = tsi::ConvertKeyExchangeGroupToString(group);
+      if (!group_name.ok()) {
+        LOG(ERROR) << "Could not convert key exchange group to string.";
+        return TSI_INVALID_ARGUMENT;
+      }
+      group_names.push_back(*group_name);
+    }
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+    std::string group_list_str = absl::StrJoin(group_names, ":");
+    if (!SSL_CTX_set1_groups_list(context, group_list_str.c_str())) {
+      LOG(ERROR) << "Could not set key exchange groups: " << group_list_str;
+      return TSI_INTERNAL_ERROR;
+    }
+    SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
+#else
+    LOG(ERROR) << "SSL_CTX_set1_groups is not supported in OpenSSL < 1.1.1 "
+                  "version.";
+    return TSI_FAILED_PRECONDITION;
+#endif  // OPENSSL_VERSION_NUMBER >= 0x10100000
+  } else {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
     if (!SSL_CTX_set_tmp_ecdh(context, ecdh)) {
@@ -1187,12 +1226,6 @@ static tsi_result populate_ssl_context(
     }
     SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
     EC_KEY_free(ecdh);
-#else
-    if (!SSL_CTX_set1_groups(context, kSslEcCurveNames, 1)) {
-      LOG(ERROR) << "Could not set ephemeral ECDH key.";
-      return TSI_INTERNAL_ERROR;
-    }
-    SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
 #endif
   }
   return TSI_OK;
@@ -2273,7 +2306,7 @@ static tsi_result ssl_handshaker_next_impl(tsi_ssl_handshaker* self)
       self->handshaker_next_args->received_bytes.clear();
     }
 #if defined(OPENSSL_IS_BORINGSSL)
-  } else if (self->factory_ref->key_signer != nullptr) {
+  } else if (self->key_signer != nullptr) {
     // During the PrivateKeyOffload signature, an empty call to
     // ssl_handshaker_do_handshake needs to be forced  after the async offload
     // has completed.
@@ -2406,8 +2439,7 @@ static void ssl_handshaker_shutdown(tsi_handshaker* self) {
     grpc_core::MutexLock lock(&impl->mu);
     if (impl->ssl == nullptr) return;
     impl->is_shutdown = true;
-    if (impl->factory_ref->key_signer != nullptr &&
-        impl->signing_handle != nullptr) {
+    if (impl->key_signer != nullptr && impl->signing_handle != nullptr) {
       signing_handle = std::move(impl->signing_handle);
     }
     if (impl->handshaker_next_args.has_value()) {
@@ -2416,7 +2448,7 @@ static void ssl_handshaker_shutdown(tsi_handshaker* self) {
     }
   }
   if (signing_handle != nullptr) {
-    impl->factory_ref->key_signer->Cancel(signing_handle);
+    impl->key_signer->Cancel(signing_handle);
   }
   if (next_args.has_value()) {
     grpc_event_engine::experimental::GetDefaultEventEngine()->Run(
@@ -2463,6 +2495,7 @@ static tsi_result create_tsi_ssl_handshaker(
     SSL_CTX* ctx, int is_client, const char* server_name_indication,
     size_t network_bio_buf_size, size_t ssl_bio_buf_size,
     std::optional<std::string> alpn_preferred_protocol_raw_list,
+    std::shared_ptr<grpc_core::PrivateKeySigner> key_signer,
     tsi_ssl_handshaker_factory* factory, tsi_handshaker** handshaker) {
   SSL* ssl = SSL_new(ctx);
   BIO* network_io = nullptr;
@@ -2567,6 +2600,10 @@ static tsi_result create_tsi_ssl_handshaker(
       static_cast<unsigned char*>(gpr_zalloc(impl->outgoing_bytes_buffer_size));
   impl->vtable = &handshaker_vtable;
   impl->factory_ref = tsi_ssl_handshaker_factory_ref(factory);
+#if defined(OPENSSL_IS_BORINGSSL)
+  impl->key_signer = std::move(key_signer);
+#endif
+
   *handshaker = impl;
 
   if (!SSL_set_ex_data(ssl, g_ssl_ex_handshaker_index, impl)) {
@@ -2614,10 +2651,17 @@ tsi_result tsi_ssl_client_handshaker_factory_create_handshaker(
     tsi_handshaker** handshaker) {
   GRPC_TRACE_LOG(tsi, INFO)
       << "Creating SSL handshaker with SNI " << server_name_indication;
+#if defined(OPENSSL_IS_BORINGSSL)
+  return create_tsi_ssl_handshaker(
+      factory->ssl_context, 1, server_name_indication, network_bio_buf_size,
+      ssl_bio_buf_size, alpn_preferred_protocol_list, factory->key_signer,
+      &factory->base, handshaker);
+#else
   return create_tsi_ssl_handshaker(
       factory->ssl_context, 1, server_name_indication, network_bio_buf_size,
-      ssl_bio_buf_size, alpn_preferred_protocol_list, &factory->base,
-      handshaker);
+      ssl_bio_buf_size, alpn_preferred_protocol_list, /*key_signer=*/nullptr,
+      &factory->base, handshaker);
+#endif
 }
 
 void tsi_ssl_client_handshaker_factory_unref(
@@ -2658,12 +2702,22 @@ static int client_handshaker_factory_npn_callback(
 tsi_result tsi_ssl_server_handshaker_factory_create_handshaker(
     tsi_ssl_server_handshaker_factory* factory, size_t network_bio_buf_size,
     size_t ssl_bio_buf_size, tsi_handshaker** handshaker) {
-  if (factory->ssl_context_count == 0) return TSI_INVALID_ARGUMENT;
+  if (factory->ssl_contexts.empty()) return TSI_INVALID_ARGUMENT;
+#if defined(OPENSSL_IS_BORINGSSL)
   // Create the handshaker with the first context. We will switch if needed
   // because of SNI in ssl_server_handshaker_factory_servername_callback.
-  return create_tsi_ssl_handshaker(factory->ssl_contexts[0], 0, nullptr,
+  // Likewise, we pass the private key signer corresponding to the first
+  // context.
+  return create_tsi_ssl_handshaker(
+      factory->ssl_contexts[0].ssl_ctx, 0, nullptr, network_bio_buf_size,
+      ssl_bio_buf_size, std::nullopt, factory->ssl_contexts[0].key_signer,
+      &factory->base, handshaker);
+#else
+  return create_tsi_ssl_handshaker(factory->ssl_contexts[0].ssl_ctx, 0, nullptr,
                                    network_bio_buf_size, ssl_bio_buf_size,
-                                   std::nullopt, &factory->base, handshaker);
+                                   std::nullopt, /*key_signer=*/nullptr,
+                                   &factory->base, handshaker);
+#endif
 }
 
 void tsi_ssl_server_handshaker_factory_unref(
@@ -2677,17 +2731,6 @@ static void tsi_ssl_server_handshaker_factory_destroy(
   if (factory == nullptr) return;
   tsi_ssl_server_handshaker_factory* self =
       reinterpret_cast<tsi_ssl_server_handshaker_factory*>(factory);
-  size_t i;
-  for (i = 0; i < self->ssl_context_count; i++) {
-    if (self->ssl_contexts[i] != nullptr) {
-      SSL_CTX_free(self->ssl_contexts[i]);
-      tsi_peer_destruct(&self->ssl_context_x509_subject_names[i]);
-    }
-  }
-  if (self->ssl_contexts != nullptr) gpr_free(self->ssl_contexts);
-  if (self->ssl_context_x509_subject_names != nullptr) {
-    gpr_free(self->ssl_context_x509_subject_names);
-  }
   if (self->alpn_protocol_list != nullptr) gpr_free(self->alpn_protocol_list);
   delete self;
 }
@@ -2737,16 +2780,19 @@ static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
                                                              void* arg) {
   tsi_ssl_server_handshaker_factory* impl =
       static_cast<tsi_ssl_server_handshaker_factory*>(arg);
-  size_t i = 0;
   const char* servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
   if (servername == nullptr || strlen(servername) == 0) {
     return SSL_TLSEXT_ERR_NOACK;
   }
 
-  for (i = 0; i < impl->ssl_context_count; i++) {
-    if (tsi_ssl_peer_matches_name(&impl->ssl_context_x509_subject_names[i],
-                                  servername)) {
-      SSL_set_SSL_CTX(ssl, impl->ssl_contexts[i]);
+  for (const auto& ssl_context : impl->ssl_contexts) {
+    if (tsi_ssl_peer_matches_name(&ssl_context.x509_subject_name, servername)) {
+      SSL_set_SSL_CTX(ssl, ssl_context.ssl_ctx);
+#if defined(OPENSSL_IS_BORINGSSL)
+      if (ssl_context.key_signer != nullptr) {
+        GetHandshaker(ssl)->key_signer = ssl_context.key_signer;
+      }
+#endif
       return SSL_TLSEXT_ERR_OK;
     }
   }
@@ -2892,7 +2938,8 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
 
   do {
     result = populate_ssl_context(ssl_context, options->pem_key_cert_pair,
-                                  options->cipher_suites);
+                                  options->cipher_suites,
+                                  options->key_exchange_groups);
     if (result != TSI_OK) break;
 
 #if defined(OPENSSL_IS_BORINGSSL)
@@ -2902,7 +2949,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
           [&](const std::shared_ptr<grpc_core::PrivateKeySigner>& key_signer) {
             // The Handshaker Factory will own a shared copy of the reference
             // passed through the options.
-            impl->base.key_signer = key_signer;
+            impl->key_signer = key_signer;
           });
     }
 #endif
@@ -3027,7 +3074,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
     const char* cipher_suites, const char** alpn_protocols,
     uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory** factory) {
   tsi_ssl_server_handshaker_options options;
-  options.pem_key_cert_pairs = pem_key_cert_pairs;
+  options.pem_key_cert_pairs = std::move(pem_key_cert_pairs);
   if (pem_client_root_certs != nullptr) {
     options.root_cert_info =
         std::make_shared<tsi::RootCertInfo>(pem_client_root_certs);
@@ -3059,16 +3106,6 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
   tsi_ssl_handshaker_factory_init(&impl->base);
   impl->base.vtable = &server_handshaker_factory_vtable;
 
-  impl->ssl_contexts = static_cast<SSL_CTX**>(
-      gpr_zalloc(options->pem_key_cert_pairs.size() * sizeof(SSL_CTX*)));
-  impl->ssl_context_x509_subject_names = static_cast<tsi_peer*>(
-      gpr_zalloc(options->pem_key_cert_pairs.size() * sizeof(tsi_peer)));
-  if (impl->ssl_contexts == nullptr ||
-      impl->ssl_context_x509_subject_names == nullptr) {
-    tsi_ssl_handshaker_factory_unref(&impl->base);
-    return TSI_OUT_OF_RESOURCES;
-  }
-  impl->ssl_context_count = options->pem_key_cert_pairs.size();
   if (options->root_cert_info != nullptr) {
     impl->root_cert_info = options->root_cert_info;
   }
@@ -3087,48 +3124,48 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
     impl->key_logger = options->key_logger->Ref();
   }
 
+  impl->ssl_contexts.reserve(options->pem_key_cert_pairs.size());
   for (i = 0; i < options->pem_key_cert_pairs.size(); i++) {
+    SslContext& ssl_context = impl->ssl_contexts.emplace_back();
     do {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
-      impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
+      ssl_context.ssl_ctx = SSL_CTX_new(TLS_method());
 #else
-      impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
+      ssl_context.ssl_ctx = SSL_CTX_new(TLSv1_2_method());
 #endif
 #if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
-      SSL_CTX_set_options(impl->ssl_contexts[i], SSL_OP_NO_RENEGOTIATION);
+      SSL_CTX_set_options(ssl_context.ssl_ctx, SSL_OP_NO_RENEGOTIATION);
 #endif
-      if (impl->ssl_contexts[i] == nullptr) {
+      if (ssl_context.ssl_ctx == nullptr) {
         tsi::LogSslErrorStack();
         LOG(ERROR) << "Could not create ssl context.";
         result = TSI_OUT_OF_RESOURCES;
         break;
       }
 
-      result = tsi_set_min_and_max_tls_versions(impl->ssl_contexts[i],
+      result = tsi_set_min_and_max_tls_versions(ssl_context.ssl_ctx,
                                                 options->min_tls_version,
                                                 options->max_tls_version);
       if (result != TSI_OK) return result;
 
-      result = populate_ssl_context(impl->ssl_contexts[i],
-                                    &options->pem_key_cert_pairs[i],
-                                    options->cipher_suites);
+      result = populate_ssl_context(
+          ssl_context.ssl_ctx, &options->pem_key_cert_pairs[i],
+          options->cipher_suites, options->key_exchange_groups);
       if (result != TSI_OK) break;
 
 #if defined(OPENSSL_IS_BORINGSSL)
-      if (impl->base.key_signer == nullptr) {
-        grpc_core::Match(
-            options->pem_key_cert_pairs[i].private_key,
-            [](const std::string&) {},
-            [&](const std::shared_ptr<grpc_core::PrivateKeySigner>&
-                    key_signer) { impl->base.key_signer = key_signer; });
-      }
+      grpc_core::Match(
+          options->pem_key_cert_pairs[i].private_key, [](const std::string&) {},
+          [&](const std::shared_ptr<grpc_core::PrivateKeySigner>& key_signer) {
+            ssl_context.key_signer = key_signer;
+          });
 #endif
 
       // TODO(elessar): Provide ability to disable session ticket keys.
 
       // Allow client cache sessions (it's needed for OpenSSL only).
       int set_sid_ctx_result = SSL_CTX_set_session_id_context(
-          impl->ssl_contexts[i], kSslSessionIdContext,
+          ssl_context.ssl_ctx, kSslSessionIdContext,
           GPR_ARRAY_SIZE(kSslSessionIdContext));
       if (set_sid_ctx_result == 0) {
         LOG(ERROR) << "Failed to set session id context.";
@@ -3138,7 +3175,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
 
       if (options->session_ticket_key != nullptr) {
         if (SSL_CTX_set_tlsext_ticket_keys(
-                impl->ssl_contexts[i],
+                ssl_context.ssl_ctx,
                 const_cast<char*>(options->session_ticket_key),
                 options->session_ticket_key_size) == 0) {
           LOG(ERROR) << "Invalid STEK size.";
@@ -3152,23 +3189,23 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
             [&](const std::string& pem_root_certs) {
               STACK_OF(X509_NAME)* root_names = nullptr;
               result = ssl_ctx_load_verification_certs(
-                  impl->ssl_contexts[i], pem_root_certs.c_str(),
+                  ssl_context.ssl_ctx, pem_root_certs.c_str(),
                   pem_root_certs.size(), nullptr);
               if (result != TSI_OK) {
                 LOG(ERROR) << "Invalid verification certs.";
               }
               if (options->send_client_ca_list) {
-                SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
+                SSL_CTX_set_client_CA_list(ssl_context.ssl_ctx, root_names);
               }
             },
             [&](const grpc_core::SpiffeBundleMap& spiffe_bundle_map) {
               X509_STORE* cert_store =
-                  SSL_CTX_get_cert_store(impl->ssl_contexts[i]);
+                  SSL_CTX_get_cert_store(ssl_context.ssl_ctx);
               X509_STORE_set_flags(cert_store, X509_V_FLAG_PARTIAL_CHAIN |
                                                    X509_V_FLAG_TRUSTED_FIRST);
               const void* p = &spiffe_bundle_map;
               void* map = const_cast<void*>(p);
-              SSL_CTX_set_ex_data(impl->ssl_contexts[i],
+              SSL_CTX_set_ex_data(ssl_context.ssl_ctx,
                                   g_ssl_ctx_ex_spiffe_bundle_map_index, map);
             });
         if (result != TSI_OK) {
@@ -3177,42 +3214,42 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
       }
       switch (options->client_certificate_request) {
         case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
-          SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, nullptr);
+          SSL_CTX_set_verify(ssl_context.ssl_ctx, SSL_VERIFY_NONE, nullptr);
           break;
         case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
-          SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
-          SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
+          SSL_CTX_set_verify(ssl_context.ssl_ctx, SSL_VERIFY_PEER, nullptr);
+          SSL_CTX_set_cert_verify_callback(ssl_context.ssl_ctx,
                                            NullVerifyCallback, nullptr);
           break;
         case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
-          SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
-          SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
+          SSL_CTX_set_verify(ssl_context.ssl_ctx, SSL_VERIFY_PEER, nullptr);
+          SSL_CTX_set_cert_verify_callback(ssl_context.ssl_ctx,
                                            CustomVerificationFunction, nullptr);
           break;
         case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
-          SSL_CTX_set_verify(impl->ssl_contexts[i],
+          SSL_CTX_set_verify(ssl_context.ssl_ctx,
                              SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                              nullptr);
-          SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
+          SSL_CTX_set_cert_verify_callback(ssl_context.ssl_ctx,
                                            NullVerifyCallback, nullptr);
           break;
         case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
-          SSL_CTX_set_verify(impl->ssl_contexts[i],
+          SSL_CTX_set_verify(ssl_context.ssl_ctx,
                              SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                              nullptr);
-          SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
+          SSL_CTX_set_cert_verify_callback(ssl_context.ssl_ctx,
                                            CustomVerificationFunction, nullptr);
           break;
       }
 
 #if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
       if (options->crl_provider != nullptr) {
-        SSL_CTX_set_ex_data(impl->ssl_contexts[i],
+        SSL_CTX_set_ex_data(ssl_context.ssl_ctx,
                             g_ssl_ctx_ex_crl_provider_index,
                             options->crl_provider.get());
       } else if (options->crl_directory != nullptr &&
                  strcmp(options->crl_directory, "") != 0) {
-        X509_STORE* cert_store = SSL_CTX_get_cert_store(impl->ssl_contexts[i]);
+        X509_STORE* cert_store = SSL_CTX_get_cert_store(ssl_context.ssl_ctx);
         X509_STORE_set_verify_cb(cert_store, verify_cb);
         if (!X509_STORE_load_locations(cert_store, nullptr,
                                        options->crl_directory)) {
@@ -3227,31 +3264,31 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
 
       result = tsi_ssl_extract_x509_subject_names_from_pem_cert(
           options->pem_key_cert_pairs[i].cert_chain.c_str(),
-          &impl->ssl_context_x509_subject_names[i]);
+          &ssl_context.x509_subject_name);
       if (result != TSI_OK) break;
 
       SSL_CTX_set_tlsext_servername_callback(
-          impl->ssl_contexts[i],
+          ssl_context.ssl_ctx,
           ssl_server_handshaker_factory_servername_callback);
-      SSL_CTX_set_tlsext_servername_arg(impl->ssl_contexts[i], impl);
+      SSL_CTX_set_tlsext_servername_arg(ssl_context.ssl_ctx, impl);
 #if TSI_OPENSSL_ALPN_SUPPORT
-      SSL_CTX_set_alpn_select_cb(impl->ssl_contexts[i],
+      SSL_CTX_set_alpn_select_cb(ssl_context.ssl_ctx,
                                  ServerHandshakerFactoryAlpnCallback, impl);
 #endif  // TSI_OPENSSL_ALPN_SUPPORT
       SSL_CTX_set_next_protos_advertised_cb(
-          impl->ssl_contexts[i],
+          ssl_context.ssl_ctx,
           server_handshaker_factory_npn_advertised_callback, impl);
 
 #if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
       // Register factory at index
       if (options->key_logger != nullptr) {
         // Need to set factory at g_ssl_ctx_ex_factory_index
-        SSL_CTX_set_ex_data(impl->ssl_contexts[i], g_ssl_ctx_ex_factory_index,
+        SSL_CTX_set_ex_data(ssl_context.ssl_ctx, g_ssl_ctx_ex_factory_index,
                             impl);
         // SSL_CTX_set_keylog_callback is set here to register callback
         // when ssl/tls handshakes complete.
         SSL_CTX_set_keylog_callback(
-            impl->ssl_contexts[i],
+            ssl_context.ssl_ctx,
             ssl_keylogging_callback<tsi_ssl_server_handshaker_factory>);
       }
 #endif

data/src/core/tsi/ssl_transport_security.h

@@ -205,6 +205,10 @@ struct tsi_ssl_client_handshaker_options {
   // client root certificates or a SPIFFE bundle map.
   std::shared_ptr<tsi::RootCertInfo> root_cert_info;
 
+  // The list of key exchange groups (TLS curves) that will be negotiated by
+  // the handshaker, in order of preference.
+  std::vector<grpc_tls_key_exchange_group> key_exchange_groups;
+
   // TODO(gtcooke94) this ctor is not needed
   // https://github.com/grpc/grpc/pull/39708/files#r2143735662
   tsi_ssl_client_handshaker_options()
@@ -372,6 +376,10 @@ struct tsi_ssl_server_handshaker_options {
   // if the server does not want the client to be authenticated with SSL.
   std::shared_ptr<tsi::RootCertInfo> root_cert_info;
 
+  // The list of key exchange groups (TLS curves) that will be negotiated by
+  // the handshaker, in order of preference.
+  std::vector<grpc_tls_key_exchange_group> key_exchange_groups;
+
   // TODO(gtcooke94) this ctor is not needed
   // https://github.com/grpc/grpc/pull/39708/files#r2143735662
   tsi_ssl_server_handshaker_options()

data/src/core/tsi/ssl_transport_security_utils.cc

@@ -24,6 +24,7 @@
 #include <openssl/ec.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/obj_mac.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/ssl.h>
@@ -282,7 +283,7 @@ bool VerifyCrlCertIssuerNamesMatch(X509_CRL* crl, X509* cert) {
     return false;
   }
   X509_NAME* cert_issuer_name = X509_get_issuer_name(cert);
-  if (cert == nullptr) {
+  if (cert_issuer_name == nullptr) {
     return false;
   }
   X509_NAME* crl_issuer_name = X509_CRL_get_issuer(crl);
@@ -449,4 +450,27 @@ absl::StatusOr<std::string> ParseUriString(GENERAL_NAME* subject_alt_name) {
   OPENSSL_free(name);
   return ret;
 }
+
+absl::StatusOr<absl::string_view> ConvertKeyExchangeGroupToString(
+    grpc_tls_key_exchange_group group) {
+  switch (group) {
+    case GRPC_TLS_GROUP_SECP256R1:
+      return "P-256";
+    case GRPC_TLS_GROUP_X25519:
+      return "X25519";
+    case GRPC_TLS_GROUP_X25519_MLKEM768:
+#if defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x30500000L
+      return "X25519MLKEM768";
+#else
+      return absl::InvalidArgumentError(
+          "X25519_MLKEM768 is not supported in this OpenSSL version with "
+          "SSL_CTX_set1_groups_list.");
+#endif
+    case GRPC_TLS_GROUP_UNSPECIFIED:
+      return absl::InvalidArgumentError("Unspecified key exchange group.");
+    default:
+      return absl::InvalidArgumentError("Unknown key exchange group.");
+  }
+}
+
 }  // namespace tsi

data/src/core/tsi/ssl_transport_security_utils.h

@@ -181,6 +181,10 @@ absl::StatusOr<EVP_PKEY*> ParsePemPrivateKey(absl::string_view private_key_pem);
 
 // Safely parses a URI from OpenSSL's GENERAL_NAME to a string representation.
 absl::StatusOr<std::string> ParseUriString(GENERAL_NAME* subject_alt_name);
+
+// Map grpc_tls_key_exchange_group to string.
+absl::StatusOr<absl::string_view> ConvertKeyExchangeGroupToString(
+    grpc_tls_key_exchange_group group);
 }  // namespace tsi
 
 #endif  // GRPC_SRC_CORE_TSI_SSL_TRANSPORT_SECURITY_UTILS_H