diff options
| author | beck <> | 2024-03-26 01:21:34 +0000 |
|---|---|---|
| committer | beck <> | 2024-03-26 01:21:34 +0000 |
| commit | 445e5d71910656f3b05e76de680c2c867db9e9df (patch) | |
| tree | 3604b3256ce3f62b5df88c486e050806a985fa00 | |
| parent | 483f2ababb7664c4227286f5c97b8c801dd2c725 (diff) | |
| download | openbsd-445e5d71910656f3b05e76de680c2c867db9e9df.tar.gz openbsd-445e5d71910656f3b05e76de680c2c867db9e9df.tar.bz2 openbsd-445e5d71910656f3b05e76de680c2c867db9e9df.zip | |
Process supported groups before key share.
This will allow us to know the client preferences for an upcoming
change to key share processing.
ok jsing@
| -rw-r--r-- | src/lib/libssl/ssl_tlsext.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 26bd0c5f3e..3883aa6cec 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_tlsext.c,v 1.141 2024/03/25 10:18:13 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_tlsext.c,v 1.142 2024/03/26 01:21:34 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1999,6 +1999,20 @@ static const struct tls_extension tls_extensions[] = { | |||
| 1999 | }, | 1999 | }, |
| 2000 | }, | 2000 | }, |
| 2001 | { | 2001 | { |
| 2002 | .type = TLSEXT_TYPE_supported_groups, | ||
| 2003 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, | ||
| 2004 | .client = { | ||
| 2005 | .needs = tlsext_supportedgroups_client_needs, | ||
| 2006 | .build = tlsext_supportedgroups_client_build, | ||
| 2007 | .process = tlsext_supportedgroups_client_process, | ||
| 2008 | }, | ||
| 2009 | .server = { | ||
| 2010 | .needs = tlsext_supportedgroups_server_needs, | ||
| 2011 | .build = tlsext_supportedgroups_server_build, | ||
| 2012 | .process = tlsext_supportedgroups_server_process, | ||
| 2013 | }, | ||
| 2014 | }, | ||
| 2015 | { | ||
| 2002 | .type = TLSEXT_TYPE_key_share, | 2016 | .type = TLSEXT_TYPE_key_share, |
| 2003 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | | 2017 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | |
| 2004 | SSL_TLSEXT_MSG_HRR, | 2018 | SSL_TLSEXT_MSG_HRR, |
| @@ -2071,20 +2085,6 @@ static const struct tls_extension tls_extensions[] = { | |||
| 2071 | }, | 2085 | }, |
| 2072 | }, | 2086 | }, |
| 2073 | { | 2087 | { |
| 2074 | .type = TLSEXT_TYPE_supported_groups, | ||
| 2075 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, | ||
| 2076 | .client = { | ||
| 2077 | .needs = tlsext_supportedgroups_client_needs, | ||
| 2078 | .build = tlsext_supportedgroups_client_build, | ||
| 2079 | .process = tlsext_supportedgroups_client_process, | ||
| 2080 | }, | ||
| 2081 | .server = { | ||
| 2082 | .needs = tlsext_supportedgroups_server_needs, | ||
| 2083 | .build = tlsext_supportedgroups_server_build, | ||
| 2084 | .process = tlsext_supportedgroups_server_process, | ||
| 2085 | }, | ||
| 2086 | }, | ||
| 2087 | { | ||
| 2088 | .type = TLSEXT_TYPE_session_ticket, | 2088 | .type = TLSEXT_TYPE_session_ticket, |
| 2089 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, | 2089 | .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, |
| 2090 | .client = { | 2090 | .client = { |