Rename uses 'curve' to 'group' and rework tls1 group API.

This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
author: tb <> 2022-07-02 16:00:12 +0000
committer: tb <> 2022-07-02 16:00:12 +0000
commit: f7fed9455632a5807e76bd3a28879f5a87857c53 (patch)
tree: 9d374c62eeff973ee0b7721a87b5f66c56832f1e /src/lib/libssl/ssl_clnt.c
parent: c757fe9bb6c16f47a415034b69dda698116160ba (diff)
download: openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.tar.gz
openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.tar.bz2
openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 604b55277c..8fe416b74a 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.149 2022/06/30 11:17:49 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.150 2022/07/02 16:00:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1271,13 +1271,13 @@ static int
 ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
 {
        uint8_t curve_type;
-        uint16_t curve_id;
+        uint16_t group_id;
        int decode_error;
        CBS public;
        if (!CBS_get_u8(cbs, &curve_type))
                goto decode_err;
-        if (!CBS_get_u16(cbs, &curve_id))
+        if (!CBS_get_u16(cbs, &group_id))
                goto decode_err;
        /* Only named curves are supported. */
@@ -1291,17 +1291,17 @@ ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
                goto decode_err;
        /*
-         * Check that the curve is one of our preferences - if it is not,
+         * Check that the group is one of our preferences - if it is not,
-         * the server has sent us an invalid curve.
+         * the server has sent us an invalid group.
         */
-        if (!tls1_check_curve(s, curve_id)) {
+        if (!tls1_check_group(s, group_id)) {
                SSLerror(s, SSL_R_WRONG_CURVE);
                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
                goto err;
        }
        tls_key_share_free(s->s3->hs.key_share);
-        if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL)
+        if ((s->s3->hs.key_share = tls_key_share_new(group_id)) == NULL)
                goto err;
        if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
author	tb <>	2022-07-02 16:00:12 +0000
committer	tb <>	2022-07-02 16:00:12 +0000
commit	f7fed9455632a5807e76bd3a28879f5a87857c53 (patch)
tree	9d374c62eeff973ee0b7721a87b5f66c56832f1e /src/lib/libssl/ssl_clnt.c
parent	c757fe9bb6c16f47a415034b69dda698116160ba (diff)
download	openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.tar.gz openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.tar.bz2 openbsd-f7fed9455632a5807e76bd3a28879f5a87857c53.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 604b55277c..8fe416b74a 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.149 2022/06/30 11:17:49 tb Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.150 2022/07/02 16:00:12 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1271,13 +1271,13 @@ static int
1271	ssl3_get_server_kex_ecdhe(SSL s, CBS cbs)	1271	ssl3_get_server_kex_ecdhe(SSL s, CBS cbs)
1272	{	1272	{
1273	uint8_t curve_type;	1273	uint8_t curve_type;
1274	uint16_t curve_id;	1274	uint16_t group_id;
1275	int decode_error;	1275	int decode_error;
1276	CBS public;	1276	CBS public;
1277		1277
1278	if (!CBS_get_u8(cbs, &curve_type))	1278	if (!CBS_get_u8(cbs, &curve_type))
1279	goto decode_err;	1279	goto decode_err;
1280	if (!CBS_get_u16(cbs, &curve_id))	1280	if (!CBS_get_u16(cbs, &group_id))
1281	goto decode_err;	1281	goto decode_err;
1282		1282
1283	/* Only named curves are supported. */	1283	/* Only named curves are supported. */
@@ -1291,17 +1291,17 @@ ssl3_get_server_kex_ecdhe(SSL s, CBS cbs)
1291	goto decode_err;	1291	goto decode_err;
1292		1292
1293	/*	1293	/*
1294	* Check that the curve is one of our preferences - if it is not,	1294	* Check that the group is one of our preferences - if it is not,
1295	* the server has sent us an invalid curve.	1295	* the server has sent us an invalid group.
1296	*/	1296	*/
1297	if (!tls1_check_curve(s, curve_id)) {	1297	if (!tls1_check_group(s, group_id)) {
1298	SSLerror(s, SSL_R_WRONG_CURVE);	1298	SSLerror(s, SSL_R_WRONG_CURVE);
1299	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);	1299	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
1300	goto err;	1300	goto err;
1301	}	1301	}
1302		1302
1303	tls_key_share_free(s->s3->hs.key_share);	1303	tls_key_share_free(s->s3->hs.key_share);
1304	if ((s->s3->hs.key_share = tls_key_share_new(curve_id)) == NULL)	1304	if ((s->s3->hs.key_share = tls_key_share_new(group_id)) == NULL)
1305	goto err;	1305	goto err;
1306		1306
1307	if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,	1307	if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,