1 files changed, 97 insertions, 51 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b200f78098..0eb3354276 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.205 2025/05/20 05:39:08 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -151,6 +151,7 @@ tls1_clear(SSL *s)
 }
 struct supported_group {
+        uint16_t group_id;
        int nid;
        int bits;
 };
@@ -160,119 +161,148 @@ struct supported_group {
 * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
 */
 static const struct supported_group nid_list[] = {
-        [1] = {
+        {
+                .group_id = 1,
                .nid = NID_sect163k1,
                .bits = 80,
        },
-        [2] = {
+        {
+                .group_id = 2,
                .nid = NID_sect163r1,
                .bits = 80,
        },
-        [3] = {
+        {
+                .group_id = 3,
                .nid = NID_sect163r2,
                .bits = 80,
        },
-        [4] = {
+        {
+                .group_id = 4,
                .nid = NID_sect193r1,
                .bits = 80,
        },
-        [5] = {
+        {
+                .group_id = 5,
                .nid = NID_sect193r2,
                .bits = 80,
        },
-        [6] = {
+        {
+                .group_id = 6,
                .nid = NID_sect233k1,
                .bits = 112,
        },
-        [7] = {
+        {
+                .group_id = 7,
                .nid = NID_sect233r1,
                .bits = 112,
        },
-        [8] = {
+        {
+                .group_id = 8,
                .nid = NID_sect239k1,
                .bits = 112,
        },
-        [9] = {
+        {
+                .group_id = 9,
                .nid = NID_sect283k1,
                .bits = 128,
        },
-        [10] = {
+        {
+                .group_id = 10,
                .nid = NID_sect283r1,
                .bits = 128,
        },
-        [11] = {
+        {
+                .group_id = 11,
                .nid = NID_sect409k1,
                .bits = 192,
        },
-        [12] = {
+        {
+                .group_id = 12,
                .nid = NID_sect409r1,
                .bits = 192,
        },
-        [13] = {
+        {
+                .group_id = 13,
                .nid = NID_sect571k1,
                .bits = 256,
        },
-        [14] = {
+        {
+                .group_id = 14,
                .nid = NID_sect571r1,
                .bits = 256,
        },
-        [15] = {
+        {
+                .group_id = 15,
                .nid = NID_secp160k1,
                .bits = 80,
        },
-        [16] = {
+        {
+                .group_id = 16,
                .nid = NID_secp160r1,
                .bits = 80,
        },
-        [17] = {
+        {
+                .group_id = 17,
                .nid = NID_secp160r2,
                .bits = 80,
        },
-        [18] = {
+        {
+                .group_id = 18,
                .nid = NID_secp192k1,
                .bits = 80,
        },
-        [19] = {
+        {
+                .group_id = 19,
                .nid = NID_X9_62_prime192v1,    /* aka secp192r1 */
                .bits = 80,
        },
-        [20] = {
+        {
+                .group_id = 20,
                .nid = NID_secp224k1,
                .bits = 112,
        },
-        [21] = {
+        {
+                .group_id = 21,
                .nid = NID_secp224r1,
                .bits = 112,
        },
-        [22] = {
+        {
+                .group_id = 22,
                .nid = NID_secp256k1,
                .bits = 128,
        },
-        [23] = {
+        {
+                .group_id = 23,
                .nid = NID_X9_62_prime256v1,    /* aka secp256r1 */
                .bits = 128,
        },
-        [24] = {
+        {
+                .group_id = 24,
                .nid = NID_secp384r1,
                .bits = 192,
        },
-        [25] = {
+        {
+                .group_id = 25,
                .nid = NID_secp521r1,
                .bits = 256,
        },
-        [26] = {
+        {
+                .group_id = 26,
                .nid = NID_brainpoolP256r1,
                .bits = 128,
        },
-        [27] = {
+        {
+                .group_id = 27,
                .nid = NID_brainpoolP384r1,
                .bits = 192,
        },
-        [28] = {
+        {
+                .group_id = 28,
                .nid = NID_brainpoolP512r1,
                .bits = 256,
        },
-        [29] = {
+        {
+                .group_id = 29,
                .nid = NID_X25519,
                .bits = 128,
        },
@@ -339,18 +369,41 @@ static const uint16_t ecgroups_server_default[] = {
        24,                     /* secp384r1 (24) */
 };
+static const struct supported_group *
+tls1_supported_group_by_id(uint16_t group_id)
+{
+        int i;
+        for (i = 0; i < NID_LIST_LEN; i++) {
+                if (group_id == nid_list[i].group_id)
+                        return &nid_list[i];
+        }
+        return NULL;
+}
+static const struct supported_group *
+tls1_supported_group_by_nid(int nid)
+{
+        int i;
+        for (i = 0; i < NID_LIST_LEN; i++) {
+                if (nid == nid_list[i].nid)
+                        return &nid_list[i];
+        }
+        return NULL;
+}
 int
 tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
 {
-        int nid;
+        const struct supported_group *sg;
-        if (group_id >= NID_LIST_LEN)
-                return 0;
-        if ((nid = nid_list[group_id].nid) == 0)
+        if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
                return 0;
-        *out_nid = nid;
+        *out_nid = sg->nid;
        return 1;
 }
@@ -358,15 +411,12 @@ tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
 int
 tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
 {
-        int bits;
+        const struct supported_group *sg;
-        if (group_id >= NID_LIST_LEN)
+        if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
                return 0;
-        if ((bits = nid_list[group_id].bits) == 0)
+        *out_bits = sg->bits;
-                return 0;
-        *out_bits = bits;
        return 1;
 }
@@ -374,19 +424,15 @@ tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
 int
 tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)
 {
-        uint16_t group_id;
+        const struct supported_group *sg;
-        if (nid == 0)
+        if ((sg = tls1_supported_group_by_nid(nid)) == NULL)
                return 0;
-        for (group_id = 0; group_id < NID_LIST_LEN; group_id++) {
+        *out_group_id = sg->group_id;
-                if (nid_list[group_id].nid == nid) {
-                        *out_group_id = group_id;
+        return 1;
-                        return 1;
-                }
-        }
-        return 0;
 }
 /*

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b200f78098..0eb3354276 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.205 2025/05/20 05:39:08 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -151,6 +151,7 @@ tls1_clear(SSL *s)
151	}	151	}
152		152
153	struct supported_group {	153	struct supported_group {
		154	uint16_t group_id;
154	int nid;	155	int nid;
155	int bits;	156	int bits;
156	};	157	};
@@ -160,119 +161,148 @@ struct supported_group {
160	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-8	161	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
161	*/	162	*/
162	static const struct supported_group nid_list[] = {	163	static const struct supported_group nid_list[] = {
163	[1] = {	164	{
		165	.group_id = 1,
164	.nid = NID_sect163k1,	166	.nid = NID_sect163k1,
165	.bits = 80,	167	.bits = 80,
166	},	168	},
167	[2] = {	169	{
		170	.group_id = 2,
168	.nid = NID_sect163r1,	171	.nid = NID_sect163r1,
169	.bits = 80,	172	.bits = 80,
170	},	173	},
171	[3] = {	174	{
		175	.group_id = 3,
172	.nid = NID_sect163r2,	176	.nid = NID_sect163r2,
173	.bits = 80,	177	.bits = 80,
174	},	178	},
175	[4] = {	179	{
		180	.group_id = 4,
176	.nid = NID_sect193r1,	181	.nid = NID_sect193r1,
177	.bits = 80,	182	.bits = 80,
178	},	183	},
179	[5] = {	184	{
		185	.group_id = 5,
180	.nid = NID_sect193r2,	186	.nid = NID_sect193r2,
181	.bits = 80,	187	.bits = 80,
182	},	188	},
183	[6] = {	189	{
		190	.group_id = 6,
184	.nid = NID_sect233k1,	191	.nid = NID_sect233k1,
185	.bits = 112,	192	.bits = 112,
186	},	193	},
187	[7] = {	194	{
		195	.group_id = 7,
188	.nid = NID_sect233r1,	196	.nid = NID_sect233r1,
189	.bits = 112,	197	.bits = 112,
190	},	198	},
191	[8] = {	199	{
		200	.group_id = 8,
192	.nid = NID_sect239k1,	201	.nid = NID_sect239k1,
193	.bits = 112,	202	.bits = 112,
194	},	203	},
195	[9] = {	204	{
		205	.group_id = 9,
196	.nid = NID_sect283k1,	206	.nid = NID_sect283k1,
197	.bits = 128,	207	.bits = 128,
198	},	208	},
199	[10] = {	209	{
		210	.group_id = 10,
200	.nid = NID_sect283r1,	211	.nid = NID_sect283r1,
201	.bits = 128,	212	.bits = 128,
202	},	213	},
203	[11] = {	214	{
		215	.group_id = 11,
204	.nid = NID_sect409k1,	216	.nid = NID_sect409k1,
205	.bits = 192,	217	.bits = 192,
206	},	218	},
207	[12] = {	219	{
		220	.group_id = 12,
208	.nid = NID_sect409r1,	221	.nid = NID_sect409r1,
209	.bits = 192,	222	.bits = 192,
210	},	223	},
211	[13] = {	224	{
		225	.group_id = 13,
212	.nid = NID_sect571k1,	226	.nid = NID_sect571k1,
213	.bits = 256,	227	.bits = 256,
214	},	228	},
215	[14] = {	229	{
		230	.group_id = 14,
216	.nid = NID_sect571r1,	231	.nid = NID_sect571r1,
217	.bits = 256,	232	.bits = 256,
218	},	233	},
219	[15] = {	234	{
		235	.group_id = 15,
220	.nid = NID_secp160k1,	236	.nid = NID_secp160k1,
221	.bits = 80,	237	.bits = 80,
222	},	238	},
223	[16] = {	239	{
		240	.group_id = 16,
224	.nid = NID_secp160r1,	241	.nid = NID_secp160r1,
225	.bits = 80,	242	.bits = 80,
226	},	243	},
227	[17] = {	244	{
		245	.group_id = 17,
228	.nid = NID_secp160r2,	246	.nid = NID_secp160r2,
229	.bits = 80,	247	.bits = 80,
230	},	248	},
231	[18] = {	249	{
		250	.group_id = 18,
232	.nid = NID_secp192k1,	251	.nid = NID_secp192k1,
233	.bits = 80,	252	.bits = 80,
234	},	253	},
235	[19] = {	254	{
		255	.group_id = 19,
236	.nid = NID_X9_62_prime192v1, /* aka secp192r1 */	256	.nid = NID_X9_62_prime192v1, /* aka secp192r1 */
237	.bits = 80,	257	.bits = 80,
238	},	258	},
239	[20] = {	259	{
		260	.group_id = 20,
240	.nid = NID_secp224k1,	261	.nid = NID_secp224k1,
241	.bits = 112,	262	.bits = 112,
242	},	263	},
243	[21] = {	264	{
		265	.group_id = 21,
244	.nid = NID_secp224r1,	266	.nid = NID_secp224r1,
245	.bits = 112,	267	.bits = 112,
246	},	268	},
247	[22] = {	269	{
		270	.group_id = 22,
248	.nid = NID_secp256k1,	271	.nid = NID_secp256k1,
249	.bits = 128,	272	.bits = 128,
250	},	273	},
251	[23] = {	274	{
		275	.group_id = 23,
252	.nid = NID_X9_62_prime256v1, /* aka secp256r1 */	276	.nid = NID_X9_62_prime256v1, /* aka secp256r1 */
253	.bits = 128,	277	.bits = 128,
254	},	278	},
255	[24] = {	279	{
		280	.group_id = 24,
256	.nid = NID_secp384r1,	281	.nid = NID_secp384r1,
257	.bits = 192,	282	.bits = 192,
258	},	283	},
259	[25] = {	284	{
		285	.group_id = 25,
260	.nid = NID_secp521r1,	286	.nid = NID_secp521r1,
261	.bits = 256,	287	.bits = 256,
262	},	288	},
263	[26] = {	289	{
		290	.group_id = 26,
264	.nid = NID_brainpoolP256r1,	291	.nid = NID_brainpoolP256r1,
265	.bits = 128,	292	.bits = 128,
266	},	293	},
267	[27] = {	294	{
		295	.group_id = 27,
268	.nid = NID_brainpoolP384r1,	296	.nid = NID_brainpoolP384r1,
269	.bits = 192,	297	.bits = 192,
270	},	298	},
271	[28] = {	299	{
		300	.group_id = 28,
272	.nid = NID_brainpoolP512r1,	301	.nid = NID_brainpoolP512r1,
273	.bits = 256,	302	.bits = 256,
274	},	303	},
275	[29] = {	304	{
		305	.group_id = 29,
276	.nid = NID_X25519,	306	.nid = NID_X25519,
277	.bits = 128,	307	.bits = 128,
278	},	308	},
@@ -339,18 +369,41 @@ static const uint16_t ecgroups_server_default[] = {
339	24, /* secp384r1 (24) */	369	24, /* secp384r1 (24) */
340	};	370	};
341		371
		372	static const struct supported_group *
		373	tls1_supported_group_by_id(uint16_t group_id)
		374	{
		375	int i;
		376
		377	for (i = 0; i < NID_LIST_LEN; i++) {
		378	if (group_id == nid_list[i].group_id)
		379	return &nid_list[i];
		380	}
		381
		382	return NULL;
		383	}
		384
		385	static const struct supported_group *
		386	tls1_supported_group_by_nid(int nid)
		387	{
		388	int i;
		389
		390	for (i = 0; i < NID_LIST_LEN; i++) {
		391	if (nid == nid_list[i].nid)
		392	return &nid_list[i];
		393	}
		394
		395	return NULL;
		396	}
		397
342	int	398	int
343	tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)	399	tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
344	{	400	{
345	int nid;	401	const struct supported_group *sg;
346
347	if (group_id >= NID_LIST_LEN)
348	return 0;
349		402
350	if ((nid = nid_list[group_id].nid) == 0)	403	if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
351	return 0;	404	return 0;
352		405
353	*out_nid = nid;	406	*out_nid = sg->nid;
354		407
355	return 1;	408	return 1;
356	}	409	}
@@ -358,15 +411,12 @@ tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
358	int	411	int
359	tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)	412	tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
360	{	413	{
361	int bits;	414	const struct supported_group *sg;
362		415
363	if (group_id >= NID_LIST_LEN)	416	if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
364	return 0;	417	return 0;
365		418
366	if ((bits = nid_list[group_id].bits) == 0)	419	*out_bits = sg->bits;
367	return 0;
368
369	*out_bits = bits;
370		420
371	return 1;	421	return 1;
372	}	422	}
@@ -374,19 +424,15 @@ tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
374	int	424	int
375	tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)	425	tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)
376	{	426	{
377	uint16_t group_id;	427	const struct supported_group *sg;
378		428
379	if (nid == 0)	429	if ((sg = tls1_supported_group_by_nid(nid)) == NULL)
380	return 0;	430	return 0;
381		431
382	for (group_id = 0; group_id < NID_LIST_LEN; group_id++) {	432	*out_group_id = sg->group_id;
383	if (nid_list[group_id].nid == nid) {	433
384	*out_group_id = group_id;	434	return 1;
385	return 1;
386	}
387	}
388		435
389	return 0;
390	}	436	}
391		437
392	/*	438	/*