if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+#ifndef OPENSSL_NO_TLS1_3
+ int ctmp13 = ssl_group_id_internal_to_tls13(ctmp);
+
+ if (ctmp13 != 0 && ctmp13 != ctmp
+ && max_version == TLS1_3_VERSION) {
+ if (!WPACKET_put_bytes_u16(pkt, ctmp13)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+ tls13added++;
+ added++;
+ if (min_version == TLS1_3_VERSION)
+ continue;
+ }
+#endif
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
/* Create KeyShareEntry */
- if (!WPACKET_put_bytes_u16(pkt, curve_id)
+ if (!WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13(curve_id))
|| !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
curve_id = s->s3.group_id;
} else {
for (i = 0; i < num_groups; i++) {
+ if (ssl_group_id_internal_to_tls13(pgroups[i]) == 0)
+ continue;
if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
return 0;
}
+ group_id = ssl_group_id_tls13_to_internal(group_id);
if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
const uint16_t *pgroups = NULL;
size_t i, num_groups;
projects / openssl.git / blobdiff