1 files changed, 38 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 1509c7d779..f64d215799 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.23 2018/11/05 20:29:52 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -163,34 +163,33 @@ tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 }
 /*
- * Supported Elliptic Curves - RFC 4492 section 5.1.1
+ * Supported Groups - RFC 7919 section 2
 */
 int
-tlsext_ec_clienthello_needs(SSL *s)
+tlsext_supportedgroups_clienthello_needs(SSL *s)
 {
        return ssl_has_ecc_ciphers(s);
 }
 int
-tlsext_ec_clienthello_build(SSL *s, CBB *cbb)
+tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb)
 {
-        CBB curvelist;
+        const uint16_t *groups;
-        size_t curves_len;
+        size_t groups_len;
+        CBB grouplist;
        int i;
-        const uint16_t *curves;
-        tls1_get_curvelist(s, 0, &curves, &curves_len);
+        tls1_get_group_list(s, 0, &groups, &groups_len);
+        if (groups_len == 0) {
-        if (curves_len == 0) {
                SSLerror(s, ERR_R_INTERNAL_ERROR);
                return 0;
        }
-        if (!CBB_add_u16_length_prefixed(cbb, &curvelist))
+        if (!CBB_add_u16_length_prefixed(cbb, &grouplist))
                return 0;
-        for (i = 0; i < curves_len; i++) {
+        for (i = 0; i < groups_len; i++) {
-                if (!CBB_add_u16(&curvelist, curves[i]))
+                if (!CBB_add_u16(&grouplist, groups[i]))
                        return 0;
        }
@@ -201,48 +200,48 @@ tlsext_ec_clienthello_build(SSL *s, CBB *cbb)
 }
 int
-tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)
+tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert)
 {
-        CBS curvelist;
+        CBS grouplist;
-        size_t curves_len;
+        size_t groups_len;
-        if (!CBS_get_u16_length_prefixed(cbs, &curvelist))
+        if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
                goto err;
        if (CBS_len(cbs) != 0)
                goto err;
-        curves_len = CBS_len(&curvelist);
+        groups_len = CBS_len(&grouplist);
-        if (curves_len == 0 || curves_len % 2 != 0)
+        if (groups_len == 0 || groups_len % 2 != 0)
                goto err;
-        curves_len /= 2;
+        groups_len /= 2;
        if (!s->internal->hit) {
+                uint16_t *groups;
                int i;
-                uint16_t *curves;
                if (SSI(s)->tlsext_supportedgroups != NULL)
                        goto err;
-                if ((curves = reallocarray(NULL, curves_len,
+                if ((groups = reallocarray(NULL, groups_len,
                    sizeof(uint16_t))) == NULL) {
                        *alert = TLS1_AD_INTERNAL_ERROR;
                        return 0;
                }
-                for (i = 0; i < curves_len; i++) {
+                for (i = 0; i < groups_len; i++) {
-                        if (!CBS_get_u16(&curvelist, &curves[i])) {
+                        if (!CBS_get_u16(&grouplist, &groups[i])) {
-                                free(curves);
+                                free(groups);
                                goto err;
                        }
                }
-                if (CBS_len(&curvelist) != 0) {
+                if (CBS_len(&grouplist) != 0) {
-                        free(curves);
+                        free(groups);
                        goto err;
                }
-                SSI(s)->tlsext_supportedgroups = curves;
+                SSI(s)->tlsext_supportedgroups = groups;
-                SSI(s)->tlsext_supportedgroups_length = curves_len;
+                SSI(s)->tlsext_supportedgroups_length = groups_len;
        }
        return 1;
@@ -254,19 +253,19 @@ tlsext_ec_clienthello_parse(SSL *s, CBS *cbs, int *alert)
 /* This extension is never used by the server. */
 int
-tlsext_ec_serverhello_needs(SSL *s)
+tlsext_supportedgroups_serverhello_needs(SSL *s)
 {
        return 0;
 }
 int
-tlsext_ec_serverhello_build(SSL *s, CBB *cbb)
+tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb)
 {
        return 0;
 }
 int
-tlsext_ec_serverhello_parse(SSL *s, CBS *cbs, int *alert)
+tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert)
 {
        /*
         * Servers should not send this extension per the RFC.
@@ -1262,16 +1261,16 @@ static struct tls_extension tls_extensions[] = {
                },
        },
        {
-                .type = TLSEXT_TYPE_elliptic_curves,
+                .type = TLSEXT_TYPE_supported_groups,
                .clienthello = {
-                        .needs = tlsext_ec_clienthello_needs,
+                        .needs = tlsext_supportedgroups_clienthello_needs,
-                        .build = tlsext_ec_clienthello_build,
+                        .build = tlsext_supportedgroups_clienthello_build,
-                        .parse = tlsext_ec_clienthello_parse,
+                        .parse = tlsext_supportedgroups_clienthello_parse,
                },
                .serverhello = {
-                        .needs = tlsext_ec_serverhello_needs,
+                        .needs = tlsext_supportedgroups_serverhello_needs,
-                        .build = tlsext_ec_serverhello_build,
+                        .build = tlsext_supportedgroups_serverhello_build,
-                        .parse = tlsext_ec_serverhello_parse,
+                        .parse = tlsext_supportedgroups_serverhello_parse,
                },
        },
        {

diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 1509c7d779..f64d215799 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.23 2018/11/05 20:29:52 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.24 2018/11/05 20:41:30 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -163,34 +163,33 @@ tlsext_alpn_serverhello_parse(SSL s, CBS cbs, int *alert)
163	}	163	}
164		164
165	/*	165	/*
166	* Supported Elliptic Curves - RFC 4492 section 5.1.1	166	* Supported Groups - RFC 7919 section 2
167	*/	167	*/
168	int	168	int
169	tlsext_ec_clienthello_needs(SSL *s)	169	tlsext_supportedgroups_clienthello_needs(SSL *s)
170	{	170	{
171	return ssl_has_ecc_ciphers(s);	171	return ssl_has_ecc_ciphers(s);
172	}	172	}
173		173
174	int	174	int
175	tlsext_ec_clienthello_build(SSL s, CBB cbb)	175	tlsext_supportedgroups_clienthello_build(SSL s, CBB cbb)
176	{	176	{
177	CBB curvelist;	177	const uint16_t *groups;
178	size_t curves_len;	178	size_t groups_len;
		179	CBB grouplist;
179	int i;	180	int i;
180	const uint16_t *curves;
181		181
182	tls1_get_curvelist(s, 0, &curves, &curves_len);	182	tls1_get_group_list(s, 0, &groups, &groups_len);
183		183	if (groups_len == 0) {
184	if (curves_len == 0) {
185	SSLerror(s, ERR_R_INTERNAL_ERROR);	184	SSLerror(s, ERR_R_INTERNAL_ERROR);
186	return 0;	185	return 0;
187	}	186	}
188		187
189	if (!CBB_add_u16_length_prefixed(cbb, &curvelist))	188	if (!CBB_add_u16_length_prefixed(cbb, &grouplist))
190	return 0;	189	return 0;
191		190
192	for (i = 0; i < curves_len; i++) {	191	for (i = 0; i < groups_len; i++) {
193	if (!CBB_add_u16(&curvelist, curves[i]))	192	if (!CBB_add_u16(&grouplist, groups[i]))
194	return 0;	193	return 0;
195	}	194	}
196		195
@@ -201,48 +200,48 @@ tlsext_ec_clienthello_build(SSL s, CBB cbb)
201	}	200	}
202		201
203	int	202	int
204	tlsext_ec_clienthello_parse(SSL s, CBS cbs, int *alert)	203	tlsext_supportedgroups_clienthello_parse(SSL s, CBS cbs, int *alert)
205	{	204	{
206	CBS curvelist;	205	CBS grouplist;
207	size_t curves_len;	206	size_t groups_len;
208		207
209	if (!CBS_get_u16_length_prefixed(cbs, &curvelist))	208	if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
210	goto err;	209	goto err;
211	if (CBS_len(cbs) != 0)	210	if (CBS_len(cbs) != 0)
212	goto err;	211	goto err;
213		212
214	curves_len = CBS_len(&curvelist);	213	groups_len = CBS_len(&grouplist);
215	if (curves_len == 0 \|\| curves_len % 2 != 0)	214	if (groups_len == 0 \|\| groups_len % 2 != 0)
216	goto err;	215	goto err;
217	curves_len /= 2;	216	groups_len /= 2;
218		217
219	if (!s->internal->hit) {	218	if (!s->internal->hit) {
		219	uint16_t *groups;
220	int i;	220	int i;
221	uint16_t *curves;
222		221
223	if (SSI(s)->tlsext_supportedgroups != NULL)	222	if (SSI(s)->tlsext_supportedgroups != NULL)
224	goto err;	223	goto err;
225		224
226	if ((curves = reallocarray(NULL, curves_len,	225	if ((groups = reallocarray(NULL, groups_len,
227	sizeof(uint16_t))) == NULL) {	226	sizeof(uint16_t))) == NULL) {
228	*alert = TLS1_AD_INTERNAL_ERROR;	227	*alert = TLS1_AD_INTERNAL_ERROR;
229	return 0;	228	return 0;
230	}	229	}
231		230
232	for (i = 0; i < curves_len; i++) {	231	for (i = 0; i < groups_len; i++) {
233	if (!CBS_get_u16(&curvelist, &curves[i])) {	232	if (!CBS_get_u16(&grouplist, &groups[i])) {
234	free(curves);	233	free(groups);
235	goto err;	234	goto err;
236	}	235	}
237	}	236	}
238		237
239	if (CBS_len(&curvelist) != 0) {	238	if (CBS_len(&grouplist) != 0) {
240	free(curves);	239	free(groups);
241	goto err;	240	goto err;
242	}	241	}
243		242
244	SSI(s)->tlsext_supportedgroups = curves;	243	SSI(s)->tlsext_supportedgroups = groups;
245	SSI(s)->tlsext_supportedgroups_length = curves_len;	244	SSI(s)->tlsext_supportedgroups_length = groups_len;
246	}	245	}
247		246
248	return 1;	247	return 1;
@@ -254,19 +253,19 @@ tlsext_ec_clienthello_parse(SSL s, CBS cbs, int *alert)
254		253
255	/* This extension is never used by the server. */	254	/* This extension is never used by the server. */
256	int	255	int
257	tlsext_ec_serverhello_needs(SSL *s)	256	tlsext_supportedgroups_serverhello_needs(SSL *s)
258	{	257	{
259	return 0;	258	return 0;
260	}	259	}
261		260
262	int	261	int
263	tlsext_ec_serverhello_build(SSL s, CBB cbb)	262	tlsext_supportedgroups_serverhello_build(SSL s, CBB cbb)
264	{	263	{
265	return 0;	264	return 0;
266	}	265	}
267		266
268	int	267	int
269	tlsext_ec_serverhello_parse(SSL s, CBS cbs, int *alert)	268	tlsext_supportedgroups_serverhello_parse(SSL s, CBS cbs, int *alert)
270	{	269	{
271	/*	270	/*
272	* Servers should not send this extension per the RFC.	271	* Servers should not send this extension per the RFC.
@@ -1262,16 +1261,16 @@ static struct tls_extension tls_extensions[] = {
1262	},	1261	},
1263	},	1262	},
1264	{	1263	{
1265	.type = TLSEXT_TYPE_elliptic_curves,	1264	.type = TLSEXT_TYPE_supported_groups,
1266	.clienthello = {	1265	.clienthello = {
1267	.needs = tlsext_ec_clienthello_needs,	1266	.needs = tlsext_supportedgroups_clienthello_needs,
1268	.build = tlsext_ec_clienthello_build,	1267	.build = tlsext_supportedgroups_clienthello_build,
1269	.parse = tlsext_ec_clienthello_parse,	1268	.parse = tlsext_supportedgroups_clienthello_parse,
1270	},	1269	},
1271	.serverhello = {	1270	.serverhello = {
1272	.needs = tlsext_ec_serverhello_needs,	1271	.needs = tlsext_supportedgroups_serverhello_needs,
1273	.build = tlsext_ec_serverhello_build,	1272	.build = tlsext_supportedgroups_serverhello_build,
1274	.parse = tlsext_ec_serverhello_parse,	1273	.parse = tlsext_supportedgroups_serverhello_parse,
1275	},	1274	},
1276	},	1275	},
1277	{	1276	{