Rename uses 'curve' to 'group' and rework tls1 group API.

This reworks various tls1_ curve APIs to indicate success via a boolean return value and move the output to an out parameter. This makes the caller code easier and more consistent. Based on a suggestion by jsing ok jsing
author: tb <> 2022-07-02 16:00:12 +0000
committer: tb <> 2022-07-02 16:00:12 +0000
commit: 9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8 (patch)
tree: 9d374c62eeff973ee0b7721a87b5f66c56832f1e /src/lib/libssl/t1_lib.c
parent: 8b061e817cabe6e968a7c7ea1cf49a6f3c877db5 (diff)
download: openbsd-9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8.tar.gz
openbsd-9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8.tar.bz2
openbsd-9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8.zip
1 files changed, 158 insertions, 116 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 9748901268..beaaae1eb0 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.190 2022/07/02 15:53:37 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.191 2022/07/02 16:00:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -150,12 +150,16 @@ tls1_clear(SSL *s)
        s->version = s->method->version;
 }
-struct curve {
+struct supported_group {
        int nid;
        int bits;
 };
-static const struct curve nid_list[] = {
+/*
+ * Supported groups (formerly known as named curves)
+ * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
+ */
+static const struct supported_group nid_list[] = {
        [1] = {
                .nid = NID_sect163k1,
                .bits = 80,
@@ -274,6 +278,8 @@ static const struct curve nid_list[] = {
        },
 };
+#define NID_LIST_LEN (sizeof(nid_list) / sizeof(nid_list[0]))
 #if 0
 static const uint8_t ecformats_list[] = {
        TLSEXT_ECPOINTFORMAT_uncompressed,
@@ -287,7 +293,7 @@ static const uint8_t ecformats_default[] = {
 };
 #if 0
-static const uint16_t eccurves_list[] = {
+static const uint16_t ecgroups_list[] = {
        29,                     /* X25519 (29) */
        14,                     /* sect571r1 (14) */
        13,                     /* sect571k1 (13) */
@@ -320,116 +326,155 @@ static const uint16_t eccurves_list[] = {
 };
 #endif
-static const uint16_t eccurves_client_default[] = {
+static const uint16_t ecgroups_client_default[] = {
        29,                     /* X25519 (29) */
        23,                     /* secp256r1 (23) */
        24,                     /* secp384r1 (24) */
        25,                     /* secp521r1 (25) */
 };
-static const uint16_t eccurves_server_default[] = {
+static const uint16_t ecgroups_server_default[] = {
        29,                     /* X25519 (29) */
        23,                     /* secp256r1 (23) */
        24,                     /* secp384r1 (24) */
 };
 int
-tls1_ec_curve_id2nid(const uint16_t curve_id)
+tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
 {
-        const struct curve *curve;
+        const struct supported_group *group;
-        /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+        if (group_id < 1 || group_id >= NID_LIST_LEN)
-        if ((curve_id < 1) ||
+                return 0;
-            ((unsigned int)curve_id >= sizeof(nid_list) / sizeof(nid_list[0])))
-                return NID_undef;
+        if ((group = &nid_list[group_id]) == NULL)
+                return 0;
-        if ((curve = &nid_list[curve_id]) == NULL)
+        *out_nid = group->nid;
-                return NID_undef;
-        return curve->nid;
+        return 1;
 }
 int
-tls1_ec_curve_id2bits(const uint16_t curve_id)
+tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
 {
-        const struct curve *curve;
+        const struct supported_group *group;
-        if ((curve_id < 1) ||
+        if (group_id < 1 || group_id >= NID_LIST_LEN)
-            ((unsigned int)curve_id >= sizeof(nid_list) / sizeof(nid_list[0])))
                return 0;
-        if ((curve = &nid_list[curve_id]) == NULL)
+        if ((group = &nid_list[group_id]) == NULL)
                return 0;
-        return curve->bits;
+        *out_bits = group->bits;
+        return 1;
 }
-uint16_t
+int
-tls1_ec_nid2curve_id(const int nid)
+tls1_ec_nid2group_id(const int nid, uint16_t *out_group_id)
 {
-        /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+        uint16_t group_id;
        switch (nid) {
-        case NID_sect163k1: /* sect163k1 (1) */
+        case NID_sect163k1:
-                return 1;
+                group_id = 1;
-        case NID_sect163r1: /* sect163r1 (2) */
+                break;
-                return 2;
+        case NID_sect163r1:
-        case NID_sect163r2: /* sect163r2 (3) */
+                group_id = 2;
-                return 3;
+                break;
-        case NID_sect193r1: /* sect193r1 (4) */
+        case NID_sect163r2:
-                return 4;
+                group_id = 3;
-        case NID_sect193r2: /* sect193r2 (5) */
+                break;
-                return 5;
+        case NID_sect193r1:
-        case NID_sect233k1: /* sect233k1 (6) */
+                group_id = 4;
-                return 6;
+                break;
-        case NID_sect233r1: /* sect233r1 (7) */
+        case NID_sect193r2:
-                return 7;
+                group_id = 5;
-        case NID_sect239k1: /* sect239k1 (8) */
+                break;
-                return 8;
+        case NID_sect233k1:
-        case NID_sect283k1: /* sect283k1 (9) */
+                group_id = 6;
-                return 9;
+                break;
-        case NID_sect283r1: /* sect283r1 (10) */
+        case NID_sect233r1:
-                return 10;
+                group_id = 7;
-        case NID_sect409k1: /* sect409k1 (11) */
+                break;
-                return 11;
+        case NID_sect239k1:
-        case NID_sect409r1: /* sect409r1 (12) */
+                group_id = 8;
-                return 12;
+                break;
-        case NID_sect571k1: /* sect571k1 (13) */
+        case NID_sect283k1:
-                return 13;
+                group_id = 9;
-        case NID_sect571r1: /* sect571r1 (14) */
+                break;
-                return 14;
+        case NID_sect283r1:
-        case NID_secp160k1: /* secp160k1 (15) */
+                group_id = 10;
-                return 15;
+                break;
-        case NID_secp160r1: /* secp160r1 (16) */
+        case NID_sect409k1:
-                return 16;
+                group_id = 11;
-        case NID_secp160r2: /* secp160r2 (17) */
+                break;
-                return 17;
+        case NID_sect409r1:
-        case NID_secp192k1: /* secp192k1 (18) */
+                group_id = 12;
-                return 18;
+                break;
-        case NID_X9_62_prime192v1: /* secp192r1 (19) */
+        case NID_sect571k1:
-                return 19;
+                group_id = 13;
-        case NID_secp224k1: /* secp224k1 (20) */
+                break;
-                return 20;
+        case NID_sect571r1:
-        case NID_secp224r1: /* secp224r1 (21) */
+                group_id = 14;
-                return 21;
+                break;
-        case NID_secp256k1: /* secp256k1 (22) */
+        case NID_secp160k1:
-                return 22;
+                group_id = 15;
-        case NID_X9_62_prime256v1: /* secp256r1 (23) */
+                break;
-                return 23;
+        case NID_secp160r1:
-        case NID_secp384r1: /* secp384r1 (24) */
+                group_id = 16;
-                return 24;
+                break;
-        case NID_secp521r1: /* secp521r1 (25) */
+        case NID_secp160r2:
-                return 25;
+                group_id = 17;
-        case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
+                break;
-                return 26;
+        case NID_secp192k1:
-        case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
+                group_id = 18;
-                return 27;
+                break;
-        case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */
+        case NID_X9_62_prime192v1: /* aka secp192r1 */
-                return 28;
+                group_id = 19;
-        case NID_X25519:                /* X25519 (29) */
+                break;
-                return 29;
+        case NID_secp224k1:
+                group_id = 20;
+                break;
+        case NID_secp224r1:
+                group_id = 21;
+                break;
+        case NID_secp256k1:
+                group_id = 22;
+                break;
+        case NID_X9_62_prime256v1: /* aka secp256r1 */
+                group_id = 23;
+                break;
+        case NID_secp384r1:
+                group_id = 24;
+                break;
+        case NID_secp521r1:
+                group_id = 25;
+                break;
+        case NID_brainpoolP256r1:
+                group_id = 26;
+                break;
+        case NID_brainpoolP384r1:
+                group_id = 27;
+                break;
+        case NID_brainpoolP512r1:
+                group_id = 28;
+                break;
+        case NID_X25519:
+                group_id = 29;
+                break;
        default:
-                return 0;
+                group_id = 0;
+                break;
        }
+        if (group_id == 0)
+                return 0;
+        *out_group_id = group_id;
+        return 1;
 }
 /*
@@ -476,11 +521,11 @@ tls1_get_group_list(SSL *s, int client_groups, const uint16_t **pgroups,
                return;
        if (!s->server) {
-                *pgroups = eccurves_client_default;
+                *pgroups = ecgroups_client_default;
-                *pgroupslen = sizeof(eccurves_client_default) / 2;
+                *pgroupslen = sizeof(ecgroups_client_default) / 2;
        } else {
-                *pgroups = eccurves_server_default;
+                *pgroups = ecgroups_server_default;
-                *pgroupslen = sizeof(eccurves_server_default) / 2;
+                *pgroupslen = sizeof(ecgroups_server_default) / 2;
        }
 }
@@ -491,13 +536,11 @@ tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
        uint16_t *group_ids;
        size_t i;
-        group_ids = calloc(ngroups, sizeof(uint16_t));
+        if ((group_ids = calloc(ngroups, sizeof(uint16_t))) == NULL)
-        if (group_ids == NULL)
                return 0;
        for (i = 0; i < ngroups; i++) {
-                group_ids[i] = tls1_ec_nid2curve_id(groups[i]);
+                if (!tls1_ec_nid2group_id(groups[i], &group_ids[i])) {
-                if (group_ids[i] == 0) {
                        free(group_ids);
                        return 0;
                }
@@ -537,8 +580,7 @@ tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
                        goto err;
                group_ids = new_group_ids;
-                group_ids[ngroups] = tls1_ec_nid2curve_id(nid);
+                if (!tls1_ec_nid2group_id(nid, &group_ids[ngroups]))
-                if (group_ids[ngroups] == 0)
                        goto err;
                ngroups++;
@@ -558,9 +600,9 @@ tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
        return 0;
 }
-/* Check that a curve is one of our preferences. */
+/* Check that a group is one of our preferences. */
 int
-tls1_check_curve(SSL *s, const uint16_t curve_id)
+tls1_check_group(SSL *s, uint16_t group_id)
 {
        const uint16_t *groups;
        size_t groupslen, i;
@@ -570,14 +612,14 @@ tls1_check_curve(SSL *s, const uint16_t curve_id)
        for (i = 0; i < groupslen; i++) {
                if (!ssl_security_supported_group(s, groups[i]))
                        continue;
-                if (groups[i] == curve_id)
+                if (groups[i] == group_id)
-                        return (1);
+                        return 1;
        }
-        return (0);
+        return 0;
 }
 int
-tls1_get_shared_curve(SSL *s)
+tls1_get_supported_group(SSL *s, int *out_nid)
 {
        size_t preflen, supplen, i, j;
        const uint16_t *pref, *supp;
@@ -585,9 +627,9 @@ tls1_get_shared_curve(SSL *s)
        /* Cannot do anything on the client side. */
        if (s->server == 0)
-                return (NID_undef);
+                return 0;
-        /* Return first preference shared curve. */
+        /* Return first preference supported group. */
        server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
        tls1_get_group_list(s, (server_pref == 0), &pref, &preflen);
        tls1_get_group_list(s, (server_pref != 0), &supp, &supplen);
@@ -597,15 +639,15 @@ tls1_get_shared_curve(SSL *s)
                        continue;
                for (j = 0; j < supplen; j++) {
                        if (pref[i] == supp[j])
-                                return (tls1_ec_curve_id2nid(pref[i]));
+                                return tls1_ec_group_id2nid(pref[i], out_nid);
                }
        }
-        return (NID_undef);
+        return 0;
 }
 /* For an EC key set TLS ID and required compression based on parameters. */
 static int
-tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
+tls1_set_ec_id(uint16_t *group_id, uint8_t *comp_id, EC_KEY *ec)
 {
        const EC_GROUP *grp;
        const EC_METHOD *meth;
@@ -615,18 +657,18 @@ tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
        if (ec == NULL)
                return (0);
-        /* Determine whether the curve is defined over a prime field. */
+        /* Determine whether the group is defined over a prime field. */
        if ((grp = EC_KEY_get0_group(ec)) == NULL)
                return (0);
        if ((meth = EC_GROUP_method_of(grp)) == NULL)
                return (0);
        prime_field = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
-        /* Determine curve ID - NID_undef results in a curve ID of zero. */
+        /* Determine group ID. */
        nid = EC_GROUP_get_curve_name(grp);
-        /* If we have an ID set it, otherwise set arbitrary explicit curve. */
+        /* If we have an ID set it, otherwise set arbitrary explicit group. */
-        if ((*curve_id = tls1_ec_nid2curve_id(nid)) == 0)
+        if (!tls1_ec_nid2group_id(nid, group_id))
-                *curve_id = prime_field ? 0xff01 : 0xff02;
+                *group_id = prime_field ? 0xff01 : 0xff02;
        if (comp_id == NULL)
                return (1);
@@ -646,7 +688,7 @@ tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
 /* Check that an EC key is compatible with extensions. */
 static int
-tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
+tls1_check_ec_key(SSL *s, const uint16_t *group_id, const uint8_t *comp_id)
 {
        size_t groupslen, formatslen, i;
        const uint16_t *groups;
@@ -667,12 +709,12 @@ tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
        }
        /*
-         * Check curve list if present, otherwise everything is supported.
+         * Check group list if present, otherwise everything is supported.
         */
        tls1_get_group_list(s, 1, &groups, &groupslen);
-        if (curve_id != NULL && groups != NULL) {
+        if (group_id != NULL && groups != NULL) {
                for (i = 0; i < groupslen; i++) {
-                        if (groups[i] == *curve_id)
+                        if (groups[i] == *group_id)
                                break;
                }
                if (i == groupslen)
@@ -687,7 +729,7 @@ int
 tls1_check_ec_server_key(SSL *s)
 {
        SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
-        uint16_t curve_id;
+        uint16_t group_id;
        uint8_t comp_id;
        EC_KEY *eckey;
        EVP_PKEY *pkey;
@@ -698,10 +740,10 @@ tls1_check_ec_server_key(SSL *s)
                return (0);
        if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
                return (0);
-        if (!tls1_set_ec_id(&curve_id, &comp_id, eckey))
+        if (!tls1_set_ec_id(&group_id, &comp_id, eckey))
                return (0);
-        return tls1_check_ec_key(s, &curve_id, &comp_id);
+        return tls1_check_ec_key(s, &group_id, &comp_id);
 }
 int
author	tb <>	2022-07-02 16:00:12 +0000
committer	tb <>	2022-07-02 16:00:12 +0000
commit	9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8 (patch)
tree	9d374c62eeff973ee0b7721a87b5f66c56832f1e /src/lib/libssl/t1_lib.c
parent	8b061e817cabe6e968a7c7ea1cf49a6f3c877db5 (diff)
download	openbsd-9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8.tar.gz openbsd-9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8.tar.bz2 openbsd-9c3b0c8dc2d9f6d2b9cb9cb675e49a1a04d021b8.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 9748901268..beaaae1eb0 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.190 2022/07/02 15:53:37 tb Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.191 2022/07/02 16:00:12 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -150,12 +150,16 @@ tls1_clear(SSL *s)
150	s->version = s->method->version;	150	s->version = s->method->version;
151	}	151	}
152		152
153	struct curve {	153	struct supported_group {
154	int nid;	154	int nid;
155	int bits;	155	int bits;
156	};	156	};
157		157
158	static const struct curve nid_list[] = {	158	/*
		159	* Supported groups (formerly known as named curves)
		160	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
		161	*/
		162	static const struct supported_group nid_list[] = {
159	[1] = {	163	[1] = {
160	.nid = NID_sect163k1,	164	.nid = NID_sect163k1,
161	.bits = 80,	165	.bits = 80,
@@ -274,6 +278,8 @@ static const struct curve nid_list[] = {
274	},	278	},
275	};	279	};
276		280
		281	#define NID_LIST_LEN (sizeof(nid_list) / sizeof(nid_list[0]))
		282
277	#if 0	283	#if 0
278	static const uint8_t ecformats_list[] = {	284	static const uint8_t ecformats_list[] = {
279	TLSEXT_ECPOINTFORMAT_uncompressed,	285	TLSEXT_ECPOINTFORMAT_uncompressed,
@@ -287,7 +293,7 @@ static const uint8_t ecformats_default[] = {
287	};	293	};
288		294
289	#if 0	295	#if 0
290	static const uint16_t eccurves_list[] = {	296	static const uint16_t ecgroups_list[] = {
291	29, /* X25519 (29) */	297	29, /* X25519 (29) */
292	14, /* sect571r1 (14) */	298	14, /* sect571r1 (14) */
293	13, /* sect571k1 (13) */	299	13, /* sect571k1 (13) */
@@ -320,116 +326,155 @@ static const uint16_t eccurves_list[] = {
320	};	326	};
321	#endif	327	#endif
322		328
323	static const uint16_t eccurves_client_default[] = {	329	static const uint16_t ecgroups_client_default[] = {
324	29, /* X25519 (29) */	330	29, /* X25519 (29) */
325	23, /* secp256r1 (23) */	331	23, /* secp256r1 (23) */
326	24, /* secp384r1 (24) */	332	24, /* secp384r1 (24) */
327	25, /* secp521r1 (25) */	333	25, /* secp521r1 (25) */
328	};	334	};
329		335
330	static const uint16_t eccurves_server_default[] = {	336	static const uint16_t ecgroups_server_default[] = {
331	29, /* X25519 (29) */	337	29, /* X25519 (29) */
332	23, /* secp256r1 (23) */	338	23, /* secp256r1 (23) */
333	24, /* secp384r1 (24) */	339	24, /* secp384r1 (24) */
334	};	340	};
335		341
336	int	342	int
337	tls1_ec_curve_id2nid(const uint16_t curve_id)	343	tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
338	{	344	{
339	const struct curve *curve;	345	const struct supported_group *group;
340		346
341	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */	347	if (group_id < 1 \|\| group_id >= NID_LIST_LEN)
342	if ((curve_id < 1) \|\|	348	return 0;
343	((unsigned int)curve_id >= sizeof(nid_list) / sizeof(nid_list[0])))	349
344	return NID_undef;	350	if ((group = &nid_list[group_id]) == NULL)
		351	return 0;
345		352
346	if ((curve = &nid_list[curve_id]) == NULL)	353	*out_nid = group->nid;
347	return NID_undef;
348		354
349	return curve->nid;	355	return 1;
350	}	356	}
351		357
352	int	358	int
353	tls1_ec_curve_id2bits(const uint16_t curve_id)	359	tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
354	{	360	{
355	const struct curve *curve;	361	const struct supported_group *group;
356		362
357	if ((curve_id < 1) \|\|	363	if (group_id < 1 \|\| group_id >= NID_LIST_LEN)
358	((unsigned int)curve_id >= sizeof(nid_list) / sizeof(nid_list[0])))
359	return 0;	364	return 0;
360		365
361	if ((curve = &nid_list[curve_id]) == NULL)	366	if ((group = &nid_list[group_id]) == NULL)
362	return 0;	367	return 0;
363		368
364	return curve->bits;	369	*out_bits = group->bits;
		370
		371	return 1;
365	}	372	}
366		373
367	uint16_t	374	int
368	tls1_ec_nid2curve_id(const int nid)	375	tls1_ec_nid2group_id(const int nid, uint16_t *out_group_id)
369	{	376	{
370	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */	377	uint16_t group_id;
		378
371	switch (nid) {	379	switch (nid) {
372	case NID_sect163k1: /* sect163k1 (1) */	380	case NID_sect163k1:
373	return 1;	381	group_id = 1;
374	case NID_sect163r1: /* sect163r1 (2) */	382	break;
375	return 2;	383	case NID_sect163r1:
376	case NID_sect163r2: /* sect163r2 (3) */	384	group_id = 2;
377	return 3;	385	break;
378	case NID_sect193r1: /* sect193r1 (4) */	386	case NID_sect163r2:
379	return 4;	387	group_id = 3;
380	case NID_sect193r2: /* sect193r2 (5) */	388	break;
381	return 5;	389	case NID_sect193r1:
382	case NID_sect233k1: /* sect233k1 (6) */	390	group_id = 4;
383	return 6;	391	break;
384	case NID_sect233r1: /* sect233r1 (7) */	392	case NID_sect193r2:
385	return 7;	393	group_id = 5;
386	case NID_sect239k1: /* sect239k1 (8) */	394	break;
387	return 8;	395	case NID_sect233k1:
388	case NID_sect283k1: /* sect283k1 (9) */	396	group_id = 6;
389	return 9;	397	break;
390	case NID_sect283r1: /* sect283r1 (10) */	398	case NID_sect233r1:
391	return 10;	399	group_id = 7;
392	case NID_sect409k1: /* sect409k1 (11) */	400	break;
393	return 11;	401	case NID_sect239k1:
394	case NID_sect409r1: /* sect409r1 (12) */	402	group_id = 8;
395	return 12;	403	break;
396	case NID_sect571k1: /* sect571k1 (13) */	404	case NID_sect283k1:
397	return 13;	405	group_id = 9;
398	case NID_sect571r1: /* sect571r1 (14) */	406	break;
399	return 14;	407	case NID_sect283r1:
400	case NID_secp160k1: /* secp160k1 (15) */	408	group_id = 10;
401	return 15;	409	break;
402	case NID_secp160r1: /* secp160r1 (16) */	410	case NID_sect409k1:
403	return 16;	411	group_id = 11;
404	case NID_secp160r2: /* secp160r2 (17) */	412	break;
405	return 17;	413	case NID_sect409r1:
406	case NID_secp192k1: /* secp192k1 (18) */	414	group_id = 12;
407	return 18;	415	break;
408	case NID_X9_62_prime192v1: /* secp192r1 (19) */	416	case NID_sect571k1:
409	return 19;	417	group_id = 13;
410	case NID_secp224k1: /* secp224k1 (20) */	418	break;
411	return 20;	419	case NID_sect571r1:
412	case NID_secp224r1: /* secp224r1 (21) */	420	group_id = 14;
413	return 21;	421	break;
414	case NID_secp256k1: /* secp256k1 (22) */	422	case NID_secp160k1:
415	return 22;	423	group_id = 15;
416	case NID_X9_62_prime256v1: /* secp256r1 (23) */	424	break;
417	return 23;	425	case NID_secp160r1:
418	case NID_secp384r1: /* secp384r1 (24) */	426	group_id = 16;
419	return 24;	427	break;
420	case NID_secp521r1: /* secp521r1 (25) */	428	case NID_secp160r2:
421	return 25;	429	group_id = 17;
422	case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */	430	break;
423	return 26;	431	case NID_secp192k1:
424	case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */	432	group_id = 18;
425	return 27;	433	break;
426	case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */	434	case NID_X9_62_prime192v1: /* aka secp192r1 */
427	return 28;	435	group_id = 19;
428	case NID_X25519: /* X25519 (29) */	436	break;
429	return 29;	437	case NID_secp224k1:
		438	group_id = 20;
		439	break;
		440	case NID_secp224r1:
		441	group_id = 21;
		442	break;
		443	case NID_secp256k1:
		444	group_id = 22;
		445	break;
		446	case NID_X9_62_prime256v1: /* aka secp256r1 */
		447	group_id = 23;
		448	break;
		449	case NID_secp384r1:
		450	group_id = 24;
		451	break;
		452	case NID_secp521r1:
		453	group_id = 25;
		454	break;
		455	case NID_brainpoolP256r1:
		456	group_id = 26;
		457	break;
		458	case NID_brainpoolP384r1:
		459	group_id = 27;
		460	break;
		461	case NID_brainpoolP512r1:
		462	group_id = 28;
		463	break;
		464	case NID_X25519:
		465	group_id = 29;
		466	break;
430	default:	467	default:
431	return 0;	468	group_id = 0;
		469	break;
432	}	470	}
		471
		472	if (group_id == 0)
		473	return 0;
		474
		475	*out_group_id = group_id;
		476
		477	return 1;
433	}	478	}
434		479
435	/*	480	/*
@@ -476,11 +521,11 @@ tls1_get_group_list(SSL s, int client_groups, const uint16_t *pgroups,
476	return;	521	return;
477		522
478	if (!s->server) {	523	if (!s->server) {
479	*pgroups = eccurves_client_default;	524	*pgroups = ecgroups_client_default;
480	*pgroupslen = sizeof(eccurves_client_default) / 2;	525	*pgroupslen = sizeof(ecgroups_client_default) / 2;
481	} else {	526	} else {
482	*pgroups = eccurves_server_default;	527	*pgroups = ecgroups_server_default;
483	*pgroupslen = sizeof(eccurves_server_default) / 2;	528	*pgroupslen = sizeof(ecgroups_server_default) / 2;
484	}	529	}
485	}	530	}
486		531
@@ -491,13 +536,11 @@ tls1_set_groups(uint16_t *out_group_ids, size_t out_group_ids_len,
491	uint16_t *group_ids;	536	uint16_t *group_ids;
492	size_t i;	537	size_t i;
493		538
494	group_ids = calloc(ngroups, sizeof(uint16_t));	539	if ((group_ids = calloc(ngroups, sizeof(uint16_t))) == NULL)
495	if (group_ids == NULL)
496	return 0;	540	return 0;
497		541
498	for (i = 0; i < ngroups; i++) {	542	for (i = 0; i < ngroups; i++) {
499	group_ids[i] = tls1_ec_nid2curve_id(groups[i]);	543	if (!tls1_ec_nid2group_id(groups[i], &group_ids[i])) {
500	if (group_ids[i] == 0) {
501	free(group_ids);	544	free(group_ids);
502	return 0;	545	return 0;
503	}	546	}
@@ -537,8 +580,7 @@ tls1_set_group_list(uint16_t *out_group_ids, size_t out_group_ids_len,
537	goto err;	580	goto err;
538	group_ids = new_group_ids;	581	group_ids = new_group_ids;
539		582
540	group_ids[ngroups] = tls1_ec_nid2curve_id(nid);	583	if (!tls1_ec_nid2group_id(nid, &group_ids[ngroups]))
541	if (group_ids[ngroups] == 0)
542	goto err;	584	goto err;
543		585
544	ngroups++;	586	ngroups++;
@@ -558,9 +600,9 @@ tls1_set_group_list(uint16_t *out_group_ids, size_t out_group_ids_len,
558	return 0;	600	return 0;
559	}	601	}
560		602
561	/* Check that a curve is one of our preferences. */	603	/* Check that a group is one of our preferences. */
562	int	604	int
563	tls1_check_curve(SSL *s, const uint16_t curve_id)	605	tls1_check_group(SSL *s, uint16_t group_id)
564	{	606	{
565	const uint16_t *groups;	607	const uint16_t *groups;
566	size_t groupslen, i;	608	size_t groupslen, i;
@@ -570,14 +612,14 @@ tls1_check_curve(SSL *s, const uint16_t curve_id)
570	for (i = 0; i < groupslen; i++) {	612	for (i = 0; i < groupslen; i++) {
571	if (!ssl_security_supported_group(s, groups[i]))	613	if (!ssl_security_supported_group(s, groups[i]))
572	continue;	614	continue;
573	if (groups[i] == curve_id)	615	if (groups[i] == group_id)
574	return (1);	616	return 1;
575	}	617	}
576	return (0);	618	return 0;
577	}	619	}
578		620
579	int	621	int
580	tls1_get_shared_curve(SSL *s)	622	tls1_get_supported_group(SSL s, int out_nid)
581	{	623	{
582	size_t preflen, supplen, i, j;	624	size_t preflen, supplen, i, j;
583	const uint16_t pref, supp;	625	const uint16_t pref, supp;
@@ -585,9 +627,9 @@ tls1_get_shared_curve(SSL *s)
585		627
586	/* Cannot do anything on the client side. */	628	/* Cannot do anything on the client side. */
587	if (s->server == 0)	629	if (s->server == 0)
588	return (NID_undef);	630	return 0;
589		631
590	/* Return first preference shared curve. */	632	/* Return first preference supported group. */
591	server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);	633	server_pref = (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
592	tls1_get_group_list(s, (server_pref == 0), &pref, &preflen);	634	tls1_get_group_list(s, (server_pref == 0), &pref, &preflen);
593	tls1_get_group_list(s, (server_pref != 0), &supp, &supplen);	635	tls1_get_group_list(s, (server_pref != 0), &supp, &supplen);
@@ -597,15 +639,15 @@ tls1_get_shared_curve(SSL *s)
597	continue;	639	continue;
598	for (j = 0; j < supplen; j++) {	640	for (j = 0; j < supplen; j++) {
599	if (pref[i] == supp[j])	641	if (pref[i] == supp[j])
600	return (tls1_ec_curve_id2nid(pref[i]));	642	return tls1_ec_group_id2nid(pref[i], out_nid);
601	}	643	}
602	}	644	}
603	return (NID_undef);	645	return 0;
604	}	646	}
605		647
606	/* For an EC key set TLS ID and required compression based on parameters. */	648	/* For an EC key set TLS ID and required compression based on parameters. */
607	static int	649	static int
608	tls1_set_ec_id(uint16_t curve_id, uint8_t comp_id, EC_KEY *ec)	650	tls1_set_ec_id(uint16_t group_id, uint8_t comp_id, EC_KEY *ec)
609	{	651	{
610	const EC_GROUP *grp;	652	const EC_GROUP *grp;
611	const EC_METHOD *meth;	653	const EC_METHOD *meth;
@@ -615,18 +657,18 @@ tls1_set_ec_id(uint16_t curve_id, uint8_t comp_id, EC_KEY *ec)
615	if (ec == NULL)	657	if (ec == NULL)
616	return (0);	658	return (0);
617		659
618	/* Determine whether the curve is defined over a prime field. */	660	/* Determine whether the group is defined over a prime field. */
619	if ((grp = EC_KEY_get0_group(ec)) == NULL)	661	if ((grp = EC_KEY_get0_group(ec)) == NULL)
620	return (0);	662	return (0);
621	if ((meth = EC_GROUP_method_of(grp)) == NULL)	663	if ((meth = EC_GROUP_method_of(grp)) == NULL)
622	return (0);	664	return (0);
623	prime_field = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);	665	prime_field = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
624		666
625	/* Determine curve ID - NID_undef results in a curve ID of zero. */	667	/* Determine group ID. */
626	nid = EC_GROUP_get_curve_name(grp);	668	nid = EC_GROUP_get_curve_name(grp);
627	/* If we have an ID set it, otherwise set arbitrary explicit curve. */	669	/* If we have an ID set it, otherwise set arbitrary explicit group. */
628	if ((*curve_id = tls1_ec_nid2curve_id(nid)) == 0)	670	if (!tls1_ec_nid2group_id(nid, group_id))
629	*curve_id = prime_field ? 0xff01 : 0xff02;	671	*group_id = prime_field ? 0xff01 : 0xff02;
630		672
631	if (comp_id == NULL)	673	if (comp_id == NULL)
632	return (1);	674	return (1);
@@ -646,7 +688,7 @@ tls1_set_ec_id(uint16_t curve_id, uint8_t comp_id, EC_KEY *ec)
646		688
647	/* Check that an EC key is compatible with extensions. */	689	/* Check that an EC key is compatible with extensions. */
648	static int	690	static int
649	tls1_check_ec_key(SSL s, const uint16_t curve_id, const uint8_t *comp_id)	691	tls1_check_ec_key(SSL s, const uint16_t group_id, const uint8_t *comp_id)
650	{	692	{
651	size_t groupslen, formatslen, i;	693	size_t groupslen, formatslen, i;
652	const uint16_t *groups;	694	const uint16_t *groups;
@@ -667,12 +709,12 @@ tls1_check_ec_key(SSL s, const uint16_t curve_id, const uint8_t *comp_id)
667	}	709	}
668		710
669	/*	711	/*
670	* Check curve list if present, otherwise everything is supported.	712	* Check group list if present, otherwise everything is supported.
671	*/	713	*/
672	tls1_get_group_list(s, 1, &groups, &groupslen);	714	tls1_get_group_list(s, 1, &groups, &groupslen);
673	if (curve_id != NULL && groups != NULL) {	715	if (group_id != NULL && groups != NULL) {
674	for (i = 0; i < groupslen; i++) {	716	for (i = 0; i < groupslen; i++) {
675	if (groups[i] == *curve_id)	717	if (groups[i] == *group_id)
676	break;	718	break;
677	}	719	}
678	if (i == groupslen)	720	if (i == groupslen)
@@ -687,7 +729,7 @@ int
687	tls1_check_ec_server_key(SSL *s)	729	tls1_check_ec_server_key(SSL *s)
688	{	730	{
689	SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;	731	SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
690	uint16_t curve_id;	732	uint16_t group_id;
691	uint8_t comp_id;	733	uint8_t comp_id;
692	EC_KEY *eckey;	734	EC_KEY *eckey;
693	EVP_PKEY *pkey;	735	EVP_PKEY *pkey;
@@ -698,10 +740,10 @@ tls1_check_ec_server_key(SSL *s)
698	return (0);	740	return (0);
699	if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)	741	if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
700	return (0);	742	return (0);
701	if (!tls1_set_ec_id(&curve_id, &comp_id, eckey))	743	if (!tls1_set_ec_id(&group_id, &comp_id, eckey))
702	return (0);	744	return (0);
703		745
704	return tls1_check_ec_key(s, &curve_id, &comp_id);	746	return tls1_check_ec_key(s, &group_id, &comp_id);
705	}	747	}
706		748
707	int	749	int