Change curves to groups where relevant
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4475)
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 69214c5..f6a200f 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1167,25 +1167,25 @@
&& (!s->hit
|| (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
!= 0)) {
- const uint16_t *pcurves, *clntcurves;
- size_t num_curves, clnt_num_curves, i;
+ const uint16_t *pgroups, *clntgroups;
+ size_t num_groups, clnt_num_groups, i;
unsigned int group_id = 0;
/* Check if a shared group exists */
/* Get the clients list of supported groups. */
- tls1_get_peer_groups(s, &clntcurves, &clnt_num_curves);
- tls1_get_supported_groups(s, &pcurves, &num_curves);
+ tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
/* Find the first group we allow that is also in client's list */
- for (i = 0; i < num_curves; i++) {
- group_id = pcurves[i];
+ for (i = 0; i < num_groups; i++) {
+ group_id = pgroups[i];
- if (check_in_list(s, group_id, clntcurves, clnt_num_curves, 1))
+ if (check_in_list(s, group_id, clntgroups, clnt_num_groups, 1))
break;
}
- if (i < num_curves) {
+ if (i < num_groups) {
/* A shared group exists so send a HelloRetryRequest */
s->s3->group_id = group_id;
s->hello_retry_request = 1;
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index e392ac4..c1f98b4 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -139,8 +139,8 @@
unsigned int context, X509 *x,
size_t chainidx, int *al)
{
- const uint16_t *pcurves = NULL;
- size_t num_curves = 0, i;
+ const uint16_t *pgroups = NULL;
+ size_t num_groups = 0, i;
if (!use_ecc(s))
return EXT_RETURN_NOT_SENT;
@@ -149,7 +149,7 @@
* Add TLS extension supported_groups to the ClientHello message
*/
/* TODO(TLS1.3): Add support for DHE groups */
- tls1_get_supported_groups(s, &pcurves, &num_curves);
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
/* Sub-packet for supported_groups extension */
@@ -160,8 +160,8 @@
return EXT_RETURN_FAIL;
}
/* Copy curve ID if supported */
- for (i = 0; i < num_curves; i++) {
- uint16_t ctmp = pcurves[i];
+ for (i = 0; i < num_groups; i++) {
+ uint16_t ctmp = pgroups[i];
if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
@@ -590,8 +590,8 @@
size_t chainidx, int *al)
{
#ifndef OPENSSL_NO_TLS1_3
- size_t i, num_curves = 0;
- const uint16_t *pcurves = NULL;
+ size_t i, num_groups = 0;
+ const uint16_t *pgroups = NULL;
uint16_t curve_id = 0;
/* key_share extension */
@@ -604,7 +604,7 @@
return EXT_RETURN_FAIL;
}
- tls1_get_supported_groups(s, &pcurves, &num_curves);
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
/*
* TODO(TLS1.3): Make the number of key_shares sent configurable. For
@@ -613,12 +613,12 @@
if (s->s3->group_id != 0) {
curve_id = s->s3->group_id;
} else {
- for (i = 0; i < num_curves; i++) {
+ for (i = 0; i < num_groups; i++) {
- if (!tls_curve_allowed(s, pcurves[i], SSL_SECOP_CURVE_SUPPORTED))
+ if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
- curve_id = pcurves[i];
+ curve_id = pgroups[i];
break;
}
}
@@ -1514,8 +1514,8 @@
}
if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
- const uint16_t *pcurves = NULL;
- size_t i, num_curves;
+ const uint16_t *pgroups = NULL;
+ size_t i, num_groups;
if (PACKET_remaining(pkt) != 0) {
*al = SSL_AD_DECODE_ERROR;
@@ -1534,12 +1534,12 @@
}
/* Validate the selected group is one we support */
- tls1_get_supported_groups(s, &pcurves, &num_curves);
- for (i = 0; i < num_curves; i++) {
- if (group_id == pcurves[i])
+ tls1_get_supported_groups(s, &pgroups, &num_groups);
+ for (i = 0; i < num_groups; i++) {
+ if (group_id == pgroups[i])
break;
}
- if (i >= num_curves
+ if (i >= num_groups
|| !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
*al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 8183ea5..8bf3a76 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -499,8 +499,8 @@
#ifndef OPENSSL_NO_TLS1_3
unsigned int group_id;
PACKET key_share_list, encoded_pt;
- const uint16_t *clntcurves, *srvrcurves;
- size_t clnt_num_curves, srvr_num_curves;
+ const uint16_t *clntgroups, *srvrgroups;
+ size_t clnt_num_groups, srvr_num_groups;
int found = 0;
if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
@@ -519,11 +519,11 @@
return 0;
}
- /* Get our list of supported curves */
- tls1_get_supported_groups(s, &srvrcurves, &srvr_num_curves);
- /* Get the clients list of supported curves. */
- tls1_get_peer_groups(s, &clntcurves, &clnt_num_curves);
- if (clnt_num_curves == 0) {
+ /* Get our list of supported groups */
+ tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups);
+ /* Get the clients list of supported groups. */
+ tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+ if (clnt_num_groups == 0) {
/*
* This can only happen if the supported_groups extension was not sent,
* because we verify that the length is non-zero when we process that
@@ -553,14 +553,14 @@
continue;
/* Check if this share is in supported_groups sent from client */
- if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {
+ if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) {
*al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
return 0;
}
/* Check if this share is for a group we can use */
- if (!check_in_list(s, group_id, srvrcurves, srvr_num_curves, 1)) {
+ if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
/* Share not suitable */
continue;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e002013..9582e21 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -186,12 +186,12 @@
TLSEXT_curve_P_384
};
-const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id)
+const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
{
/* ECC curves from RFC 4492 and RFC 7027 */
- if (curve_id < 1 || curve_id > OSSL_NELEM(nid_list))
+ if (group_id < 1 || group_id > OSSL_NELEM(nid_list))
return NULL;
- return &nid_list[curve_id - 1];
+ return &nid_list[group_id - 1];
}
static uint16_t tls1_nid2group_id(int nid)
