int *cptr = parg;
for (i = 0; i < clistlen; i++) {
- uint16_t cid = SSL_CONNECTION_IS_TLS13(sc)
- ? ssl_group_id_tls13_to_internal(clist[i])
- : clist[i];
const TLS_GROUP_INFO *cinf
- = tls1_group_id_lookup(s->ctx, cid);
+ = tls1_group_id_lookup(s->ctx, clist[i]);
if (cinf != NULL)
cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-__owur uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id);
-__owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id);
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id);
__owur int tls1_group_id2nid(uint16_t group_id, int include_unknown);
__owur uint16_t tls1_nid2group_id(int nid);
group_id = pgroups[i];
if (check_in_list(s, group_id, clntgroups, clnt_num_groups,
- 2))
+ 1))
break;
}
if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
-#ifndef OPENSSL_NO_TLS1_3
- int ctmp13 = ssl_group_id_internal_to_tls13(ctmp);
-
- if (ctmp13 != 0 && ctmp13 != ctmp
- && max_version == TLS1_3_VERSION) {
- if (!WPACKET_put_bytes_u16(pkt, ctmp13)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
- return EXT_RETURN_FAIL;
- }
- tls13added++;
- added++;
- if (min_version == TLS1_3_VERSION)
- continue;
- }
-#endif
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
}
/* Create KeyShareEntry */
- if (!WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13(curve_id))
+ if (!WPACKET_put_bytes_u16(pkt, curve_id)
|| !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
curve_id = s->s3.group_id;
} else {
for (i = 0; i < num_groups; i++) {
- if (ssl_group_id_internal_to_tls13(pgroups[i]) == 0)
- continue;
-
if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
return 0;
}
- group_id = ssl_group_id_tls13_to_internal(group_id);
if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
const uint16_t *pgroups = NULL;
size_t i, num_groups;
* we requested, and must be the only key_share sent.
*/
if (s->s3.group_id != 0
- && (ssl_group_id_tls13_to_internal(group_id) != s->s3.group_id
+ && (group_id != s->s3.group_id
|| PACKET_remaining(&key_share_list) != 0)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
return 0;
/* Cache the selected group ID in the SSL_SESSION */
s->session->kex_group = group_id;
- group_id = ssl_group_id_tls13_to_internal(group_id);
-
if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
}
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13(
- s->s3.group_id))
+ || !WPACKET_put_bytes_u16(pkt, s->s3.group_id)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return EXT_RETURN_FAIL;
if (groups == NULL || num_groups == 0)
return 0;
- if (checkallow == 1)
- group_id = ssl_group_id_tls13_to_internal(group_id);
-
for (i = 0; i < num_groups; i++) {
uint16_t group = groups[i];
- if (checkallow == 2)
- group = ssl_group_id_tls13_to_internal(group);
-
if (group_id == group
&& (!checkallow
|| tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
return 0;
}
-uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id)
-{
- switch(curve_id) {
- case OSSL_TLS_GROUP_ID_brainpoolP256r1:
- return OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13;
- case OSSL_TLS_GROUP_ID_brainpoolP384r1:
- return OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13;
- case OSSL_TLS_GROUP_ID_brainpoolP512r1:
- return OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13;
- case OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13:
- case OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13:
- case OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13:
- return 0;
- default:
- return curve_id;
- }
-}
-
-uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id)
-{
- switch(curve_id) {
- case OSSL_TLS_GROUP_ID_brainpoolP256r1:
- case OSSL_TLS_GROUP_ID_brainpoolP384r1:
- case OSSL_TLS_GROUP_ID_brainpoolP512r1:
- return 0;
- case OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13:
- return OSSL_TLS_GROUP_ID_brainpoolP256r1;
- case OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13:
- return OSSL_TLS_GROUP_ID_brainpoolP384r1;
- case OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13:
- return OSSL_TLS_GROUP_ID_brainpoolP512r1;
- default:
- return curve_id;
- }
-}
-
const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t group_id)
{
size_t i;
for (k = 0, i = 0; i < num_pref; i++) {
uint16_t id = pref[i];
- uint16_t cid = id;
- if (SSL_CONNECTION_IS_TLS13(s)) {
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- cid = ssl_group_id_internal_to_tls13(id);
- else
- cid = id = ssl_group_id_tls13_to_internal(id);
- }
- if (!tls1_in_list(cid, supp, num_supp)
+ if (!tls1_in_list(id, supp, num_supp)
|| !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED))
continue;
if (nmatch == k)
projects / openssl.git / commitdiff