From 445e5d71910656f3b05e76de680c2c867db9e9df Mon Sep 17 00:00:00 2001 From: beck <> Date: Tue, 26 Mar 2024 01:21:34 +0000 Subject: Process supported groups before key share. This will allow us to know the client preferences for an upcoming change to key share processing. ok jsing@ --- src/lib/libssl/ssl_tlsext.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 26bd0c5f3e..3883aa6cec 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.141 2024/03/25 10:18:13 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.142 2024/03/26 01:21:34 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1998,6 +1998,20 @@ static const struct tls_extension tls_extensions[] = { .process = tlsext_versions_server_process, }, }, + { + .type = TLSEXT_TYPE_supported_groups, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, + .client = { + .needs = tlsext_supportedgroups_client_needs, + .build = tlsext_supportedgroups_client_build, + .process = tlsext_supportedgroups_client_process, + }, + .server = { + .needs = tlsext_supportedgroups_server_needs, + .build = tlsext_supportedgroups_server_build, + .process = tlsext_supportedgroups_server_process, + }, + }, { .type = TLSEXT_TYPE_key_share, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | @@ -2070,20 +2084,6 @@ static const struct tls_extension tls_extensions[] = { .process = tlsext_ecpf_server_process, }, }, - { - .type = TLSEXT_TYPE_supported_groups, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_supportedgroups_client_needs, - .build = tlsext_supportedgroups_client_build, - .process = tlsext_supportedgroups_client_process, - }, - .server = { - .needs = tlsext_supportedgroups_server_needs, - .build = tlsext_supportedgroups_server_build, - .process = tlsext_supportedgroups_server_process, - }, - }, { .type = TLSEXT_TYPE_session_ticket, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, -- cgit v1.2.3-55-g6feb