summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/t1_lib.c')
-rw-r--r--src/lib/libssl/t1_lib.c147
1 files changed, 96 insertions, 51 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b200f78098..57cd180d09 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */ 1/* $OpenBSD: t1_lib.c,v 1.206 2025/05/31 15:17:11 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -151,6 +151,7 @@ tls1_clear(SSL *s)
151} 151}
152 152
153struct supported_group { 153struct supported_group {
154 uint16_t group_id;
154 int nid; 155 int nid;
155 int bits; 156 int bits;
156}; 157};
@@ -160,119 +161,148 @@ struct supported_group {
160 * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8 161 * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
161 */ 162 */
162static const struct supported_group nid_list[] = { 163static const struct supported_group nid_list[] = {
163 [1] = { 164 {
165 .group_id = 1,
164 .nid = NID_sect163k1, 166 .nid = NID_sect163k1,
165 .bits = 80, 167 .bits = 80,
166 }, 168 },
167 [2] = { 169 {
170 .group_id = 2,
168 .nid = NID_sect163r1, 171 .nid = NID_sect163r1,
169 .bits = 80, 172 .bits = 80,
170 }, 173 },
171 [3] = { 174 {
175 .group_id = 3,
172 .nid = NID_sect163r2, 176 .nid = NID_sect163r2,
173 .bits = 80, 177 .bits = 80,
174 }, 178 },
175 [4] = { 179 {
180 .group_id = 4,
176 .nid = NID_sect193r1, 181 .nid = NID_sect193r1,
177 .bits = 80, 182 .bits = 80,
178 }, 183 },
179 [5] = { 184 {
185 .group_id = 5,
180 .nid = NID_sect193r2, 186 .nid = NID_sect193r2,
181 .bits = 80, 187 .bits = 80,
182 }, 188 },
183 [6] = { 189 {
190 .group_id = 6,
184 .nid = NID_sect233k1, 191 .nid = NID_sect233k1,
185 .bits = 112, 192 .bits = 112,
186 }, 193 },
187 [7] = { 194 {
195 .group_id = 7,
188 .nid = NID_sect233r1, 196 .nid = NID_sect233r1,
189 .bits = 112, 197 .bits = 112,
190 }, 198 },
191 [8] = { 199 {
200 .group_id = 8,
192 .nid = NID_sect239k1, 201 .nid = NID_sect239k1,
193 .bits = 112, 202 .bits = 112,
194 }, 203 },
195 [9] = { 204 {
205 .group_id = 9,
196 .nid = NID_sect283k1, 206 .nid = NID_sect283k1,
197 .bits = 128, 207 .bits = 128,
198 }, 208 },
199 [10] = { 209 {
210 .group_id = 10,
200 .nid = NID_sect283r1, 211 .nid = NID_sect283r1,
201 .bits = 128, 212 .bits = 128,
202 }, 213 },
203 [11] = { 214 {
215 .group_id = 11,
204 .nid = NID_sect409k1, 216 .nid = NID_sect409k1,
205 .bits = 192, 217 .bits = 192,
206 }, 218 },
207 [12] = { 219 {
220 .group_id = 12,
208 .nid = NID_sect409r1, 221 .nid = NID_sect409r1,
209 .bits = 192, 222 .bits = 192,
210 }, 223 },
211 [13] = { 224 {
225 .group_id = 13,
212 .nid = NID_sect571k1, 226 .nid = NID_sect571k1,
213 .bits = 256, 227 .bits = 256,
214 }, 228 },
215 [14] = { 229 {
230 .group_id = 14,
216 .nid = NID_sect571r1, 231 .nid = NID_sect571r1,
217 .bits = 256, 232 .bits = 256,
218 }, 233 },
219 [15] = { 234 {
235 .group_id = 15,
220 .nid = NID_secp160k1, 236 .nid = NID_secp160k1,
221 .bits = 80, 237 .bits = 80,
222 }, 238 },
223 [16] = { 239 {
240 .group_id = 16,
224 .nid = NID_secp160r1, 241 .nid = NID_secp160r1,
225 .bits = 80, 242 .bits = 80,
226 }, 243 },
227 [17] = { 244 {
245 .group_id = 17,
228 .nid = NID_secp160r2, 246 .nid = NID_secp160r2,
229 .bits = 80, 247 .bits = 80,
230 }, 248 },
231 [18] = { 249 {
250 .group_id = 18,
232 .nid = NID_secp192k1, 251 .nid = NID_secp192k1,
233 .bits = 80, 252 .bits = 80,
234 }, 253 },
235 [19] = { 254 {
255 .group_id = 19,
236 .nid = NID_X9_62_prime192v1, /* aka secp192r1 */ 256 .nid = NID_X9_62_prime192v1, /* aka secp192r1 */
237 .bits = 80, 257 .bits = 80,
238 }, 258 },
239 [20] = { 259 {
260 .group_id = 20,
240 .nid = NID_secp224k1, 261 .nid = NID_secp224k1,
241 .bits = 112, 262 .bits = 112,
242 }, 263 },
243 [21] = { 264 {
265 .group_id = 21,
244 .nid = NID_secp224r1, 266 .nid = NID_secp224r1,
245 .bits = 112, 267 .bits = 112,
246 }, 268 },
247 [22] = { 269 {
270 .group_id = 22,
248 .nid = NID_secp256k1, 271 .nid = NID_secp256k1,
249 .bits = 128, 272 .bits = 128,
250 }, 273 },
251 [23] = { 274 {
275 .group_id = 23,
252 .nid = NID_X9_62_prime256v1, /* aka secp256r1 */ 276 .nid = NID_X9_62_prime256v1, /* aka secp256r1 */
253 .bits = 128, 277 .bits = 128,
254 }, 278 },
255 [24] = { 279 {
280 .group_id = 24,
256 .nid = NID_secp384r1, 281 .nid = NID_secp384r1,
257 .bits = 192, 282 .bits = 192,
258 }, 283 },
259 [25] = { 284 {
285 .group_id = 25,
260 .nid = NID_secp521r1, 286 .nid = NID_secp521r1,
261 .bits = 256, 287 .bits = 256,
262 }, 288 },
263 [26] = { 289 {
290 .group_id = 26,
264 .nid = NID_brainpoolP256r1, 291 .nid = NID_brainpoolP256r1,
265 .bits = 128, 292 .bits = 128,
266 }, 293 },
267 [27] = { 294 {
295 .group_id = 27,
268 .nid = NID_brainpoolP384r1, 296 .nid = NID_brainpoolP384r1,
269 .bits = 192, 297 .bits = 192,
270 }, 298 },
271 [28] = { 299 {
300 .group_id = 28,
272 .nid = NID_brainpoolP512r1, 301 .nid = NID_brainpoolP512r1,
273 .bits = 256, 302 .bits = 256,
274 }, 303 },
275 [29] = { 304 {
305 .group_id = 29,
276 .nid = NID_X25519, 306 .nid = NID_X25519,
277 .bits = 128, 307 .bits = 128,
278 }, 308 },
@@ -339,18 +369,41 @@ static const uint16_t ecgroups_server_default[] = {
339 24, /* secp384r1 (24) */ 369 24, /* secp384r1 (24) */
340}; 370};
341 371
372static const struct supported_group *
373tls1_supported_group_by_id(uint16_t group_id)
374{
375 int i;
376
377 for (i = 0; i < NID_LIST_LEN; i++) {
378 if (group_id == nid_list[i].group_id)
379 return &nid_list[i];
380 }
381
382 return NULL;
383}
384
385static const struct supported_group *
386tls1_supported_group_by_nid(int nid)
387{
388 int i;
389
390 for (i = 0; i < NID_LIST_LEN; i++) {
391 if (nid == nid_list[i].nid)
392 return &nid_list[i];
393 }
394
395 return NULL;
396}
397
342int 398int
343tls1_ec_group_id2nid(uint16_t group_id, int *out_nid) 399tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
344{ 400{
345 int nid; 401 const struct supported_group *sg;
346
347 if (group_id >= NID_LIST_LEN)
348 return 0;
349 402
350 if ((nid = nid_list[group_id].nid) == 0) 403 if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
351 return 0; 404 return 0;
352 405
353 *out_nid = nid; 406 *out_nid = sg->nid;
354 407
355 return 1; 408 return 1;
356} 409}
@@ -358,15 +411,12 @@ tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
358int 411int
359tls1_ec_group_id2bits(uint16_t group_id, int *out_bits) 412tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
360{ 413{
361 int bits; 414 const struct supported_group *sg;
362
363 if (group_id >= NID_LIST_LEN)
364 return 0;
365 415
366 if ((bits = nid_list[group_id].bits) == 0) 416 if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
367 return 0; 417 return 0;
368 418
369 *out_bits = bits; 419 *out_bits = sg->bits;
370 420
371 return 1; 421 return 1;
372} 422}
@@ -374,19 +424,14 @@ tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
374int 424int
375tls1_ec_nid2group_id(int nid, uint16_t *out_group_id) 425tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)
376{ 426{
377 uint16_t group_id; 427 const struct supported_group *sg;
378 428
379 if (nid == 0) 429 if ((sg = tls1_supported_group_by_nid(nid)) == NULL)
380 return 0; 430 return 0;
381 431
382 for (group_id = 0; group_id < NID_LIST_LEN; group_id++) { 432 *out_group_id = sg->group_id;
383 if (nid_list[group_id].nid == nid) {
384 *out_group_id = group_id;
385 return 1;
386 }
387 }
388 433
389 return 0; 434 return 1;
390} 435}
391 436
392/* 437/*
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 14:10:37 +0000