summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2016-11-09 14:51:06 +0000
committerMatt Caswell <matt@openssl.org>2016-11-10 15:05:36 +0000
commitde4d764e3271ce09d28c0d6d7bce3dc9d8b85ab9 (patch)
tree7b0ae4c29057430930b4c4dfc2a7485606545b01 /ssl
parentcf551a51d2385f59536645f644f03a572cc232f9 (diff)
Rename the Elliptic Curves extension to supported_groups
This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s3_lib.c43
-rw-r--r--ssl/ssl_conf.c13
-rw-r--r--ssl/ssl_lib.c22
-rw-r--r--ssl/ssl_locl.h18
-rw-r--r--ssl/ssl_sess.c16
-rw-r--r--ssl/statem/statem_srvr.c2
-rw-r--r--ssl/t1_ext.c2
-rw-r--r--ssl/t1_lib.c72
-rw-r--r--ssl/t1_trce.c10
9 files changed, 104 insertions, 94 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 90c1c66744..dad43753dd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
nid = EC_GROUP_get_curve_name(group);
if (nid == NID_undef)
return 0;
- return tls1_set_curves(&s->tlsext_ellipticcurvelist,
- &s->tlsext_ellipticcurvelist_length,
+ return tls1_set_groups(&s->tlsext_supportedgroupslist,
+ &s->tlsext_supportedgroupslist_length,
&nid, 1);
}
break;
@@ -3112,20 +3112,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return ssl_cert_set_current(s->cert, larg);
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_GET_CURVES:
+ case SSL_CTRL_GET_GROUPS:
{
unsigned char *clist;
size_t clistlen;
if (!s->session)
return 0;
- clist = s->session->tlsext_ellipticcurvelist;
- clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
+ clist = s->session->tlsext_supportedgroupslist;
+ clistlen = s->session->tlsext_supportedgroupslist_length / 2;
if (parg) {
size_t i;
int *cptr = parg;
unsigned int cid, nid;
for (i = 0; i < clistlen; i++) {
n2s(clist, cid);
+ /* TODO(TLS1.3): Handle DH groups here */
nid = tls1_ec_curve_id2nid(cid, NULL);
if (nid != 0)
cptr[i] = nid;
@@ -3136,16 +3137,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (int)clistlen;
}
- case SSL_CTRL_SET_CURVES:
- return tls1_set_curves(&s->tlsext_ellipticcurvelist,
- &s->tlsext_ellipticcurvelist_length, parg, larg);
+ case SSL_CTRL_SET_GROUPS:
+ return tls1_set_groups(&s->tlsext_supportedgroupslist,
+ &s->tlsext_supportedgroupslist_length, parg, larg);
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
- &s->tlsext_ellipticcurvelist_length, parg);
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(&s->tlsext_supportedgroupslist,
+ &s->tlsext_supportedgroupslist_length, parg);
- case SSL_CTRL_GET_SHARED_CURVE:
- return tls1_shared_curve(s, larg);
+ case SSL_CTRL_GET_SHARED_GROUP:
+ return tls1_shared_group(s, larg);
#endif
case SSL_CTRL_SET_SIGALGS:
@@ -3320,8 +3321,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
nid = EC_GROUP_get_curve_name(group);
if (nid == NID_undef)
return 0;
- return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
- &ctx->tlsext_ellipticcurvelist_length,
+ return tls1_set_groups(&ctx->tlsext_supportedgroupslist,
+ &ctx->tlsext_supportedgroupslist_length,
&nid, 1);
}
/* break; */
@@ -3417,14 +3418,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
#endif
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_CURVES:
- return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
- &ctx->tlsext_ellipticcurvelist_length,
+ case SSL_CTRL_SET_GROUPS:
+ return tls1_set_groups(&ctx->tlsext_supportedgroupslist,
+ &ctx->tlsext_supportedgroupslist_length,
parg, larg);
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
- &ctx->tlsext_ellipticcurvelist_length,
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist,
+ &ctx->tlsext_supportedgroupslist_length,
parg);
#endif
case SSL_CTRL_SET_SIGALGS:
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 63687b5ba1..2382030f34 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -202,17 +202,23 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
return rv > 0;
}
-static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value)
{
int rv;
if (cctx->ssl)
- rv = SSL_set1_curves_list(cctx->ssl, value);
+ rv = SSL_set1_groups_list(cctx->ssl, value);
/* NB: ctx == NULL performs syntax checking only */
else
- rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
+ rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
return rv > 0;
}
+/* This is the old name for cmd_Groups - retained for backwards compatibility */
+static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+{
+ return cmd_Groups(cctx, value);
+}
+
#ifndef OPENSSL_NO_EC
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
@@ -543,6 +549,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
SSL_CONF_CMD_STRING(Curves, "curves", 0),
+ SSL_CONF_CMD_STRING(Groups, "groups", 0),
#ifndef OPENSSL_NO_EC
SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
#endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 363b4f4ab8..a6360accea 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -610,14 +610,14 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_ecpointformatlist_length =
ctx->tlsext_ecpointformatlist_length;
}
- if (ctx->tlsext_ellipticcurvelist) {
- s->tlsext_ellipticcurvelist =
- OPENSSL_memdup(ctx->tlsext_ellipticcurvelist,
- ctx->tlsext_ellipticcurvelist_length);
- if (!s->tlsext_ellipticcurvelist)
+ if (ctx->tlsext_supportedgroupslist) {
+ s->tlsext_supportedgroupslist =
+ OPENSSL_memdup(ctx->tlsext_supportedgroupslist,
+ ctx->tlsext_supportedgroupslist_length);
+ if (!s->tlsext_supportedgroupslist)
goto err;
- s->tlsext_ellipticcurvelist_length =
- ctx->tlsext_ellipticcurvelist_length;
+ s->tlsext_supportedgroupslist_length =
+ ctx->tlsext_supportedgroupslist_length;
}
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
@@ -1001,7 +1001,7 @@ void SSL_free(SSL *s)
SSL_CTX_free(s->initial_ctx);
#ifndef OPENSSL_NO_EC
OPENSSL_free(s->tlsext_ecpointformatlist);
- OPENSSL_free(s->tlsext_ellipticcurvelist);
+ OPENSSL_free(s->tlsext_supportedgroupslist);
#endif /* OPENSSL_NO_EC */
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
#ifndef OPENSSL_NO_OCSP
@@ -1857,8 +1857,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
if (ctx == NULL) {
switch (cmd) {
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(NULL, NULL, parg);
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(NULL, NULL, parg);
#endif
case SSL_CTRL_SET_SIGALGS_LIST:
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
@@ -2630,7 +2630,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_EC
OPENSSL_free(a->tlsext_ecpointformatlist);
- OPENSSL_free(a->tlsext_ellipticcurvelist);
+ OPENSSL_free(a->tlsext_supportedgroupslist);
#endif
OPENSSL_free(a->alpn_client_proto_list);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 63b001ffee..dbe8813acf 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -554,8 +554,8 @@ struct ssl_session_st {
# ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist; /* peer's list */
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+ size_t tlsext_supportedgroupslist_length;
+ unsigned char *tlsext_supportedgroupslist; /* peer's list */
# endif /* OPENSSL_NO_EC */
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
@@ -868,8 +868,8 @@ struct ssl_ctx_st {
/* EC extension values inherited by SSL structure */
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist;
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist;
+ size_t tlsext_supportedgroupslist_length;
+ unsigned char *tlsext_supportedgroupslist;
# endif /* OPENSSL_NO_EC */
/* ext status type used for CSR extension (OCSP Stapling) */
@@ -1078,9 +1078,9 @@ struct ssl_st {
size_t tlsext_ecpointformatlist_length;
/* our list */
unsigned char *tlsext_ecpointformatlist;
- size_t tlsext_ellipticcurvelist_length;
+ size_t tlsext_supportedgroupslist_length;
/* our list */
- unsigned char *tlsext_ellipticcurvelist;
+ unsigned char *tlsext_supportedgroupslist;
# endif /* OPENSSL_NO_EC */
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
@@ -2053,10 +2053,10 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
__owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags);
__owur int tls1_ec_nid2curve_id(int nid);
__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
-__owur int tls1_shared_curve(SSL *s, int nmatch);
-__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
+__owur int tls1_shared_group(SSL *s, int nmatch);
+__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves);
-__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
+__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen,
const char *str);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 291796e8ad..825e706561 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -132,7 +132,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->tlsext_hostname = NULL;
#ifndef OPENSSL_NO_EC
dest->tlsext_ecpointformatlist = NULL;
- dest->tlsext_ellipticcurvelist = NULL;
+ dest->tlsext_supportedgroupslist = NULL;
#endif
dest->tlsext_tick = NULL;
#ifndef OPENSSL_NO_SRP
@@ -198,11 +198,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (dest->tlsext_ecpointformatlist == NULL)
goto err;
}
- if (src->tlsext_ellipticcurvelist) {
- dest->tlsext_ellipticcurvelist =
- OPENSSL_memdup(src->tlsext_ellipticcurvelist,
- src->tlsext_ellipticcurvelist_length);
- if (dest->tlsext_ellipticcurvelist == NULL)
+ if (src->tlsext_supportedgroupslist) {
+ dest->tlsext_supportedgroupslist =
+ OPENSSL_memdup(src->tlsext_supportedgroupslist,
+ src->tlsext_supportedgroupslist_length);
+ if (dest->tlsext_supportedgroupslist == NULL)
goto err;
}
#endif
@@ -753,8 +753,8 @@ void SSL_SESSION_free(SSL_SESSION *ss)
#ifndef OPENSSL_NO_EC
ss->tlsext_ecpointformatlist_length = 0;
OPENSSL_free(ss->tlsext_ecpointformatlist);
- ss->tlsext_ellipticcurvelist_length = 0;
- OPENSSL_free(ss->tlsext_ellipticcurvelist);
+ ss->tlsext_supportedgroupslist_length = 0;
+ OPENSSL_free(ss->tlsext_supportedgroupslist);
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ba3457d2e0..142c637dc9 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1736,7 +1736,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
}
/* Get NID of appropriate shared curve */
- nid = tls1_shared_curve(s, -2);
+ nid = tls1_shared_group(s, -2);
curve_id = tls1_ec_nid2curve_id(nid);
if (curve_id == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 30b304669f..bbec1359ca 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -242,7 +242,7 @@ int SSL_extension_supported(unsigned int ext_type)
/* Internally supported extensions. */
case TLSEXT_TYPE_application_layer_protocol_negotiation:
case TLSEXT_TYPE_ec_point_formats:
- case TLSEXT_TYPE_elliptic_curves:
+ case TLSEXT_TYPE_supported_groups:
case TLSEXT_TYPE_heartbeat:
#ifndef OPENSSL_NO_NEXTPROTONEG
case TLSEXT_TYPE_next_proto_neg:
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e79c37eee0..a7aa955223 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -268,8 +268,8 @@ static int tls1_get_curvelist(SSL *s, int sess,
{
size_t pcurveslen = 0;
if (sess) {
- *pcurves = s->session->tlsext_ellipticcurvelist;
- pcurveslen = s->session->tlsext_ellipticcurvelist_length;
+ *pcurves = s->session->tlsext_supportedgroupslist;
+ pcurveslen = s->session->tlsext_supportedgroupslist_length;
} else {
/* For Suite B mode only include P-256, P-384 */
switch (tls1_suiteb(s)) {
@@ -288,8 +288,8 @@ static int tls1_get_curvelist(SSL *s, int sess,
pcurveslen = 2;
break;
default:
- *pcurves = s->tlsext_ellipticcurvelist;
- pcurveslen = s->tlsext_ellipticcurvelist_length;
+ *pcurves = s->tlsext_supportedgroupslist;
+ pcurveslen = s->tlsext_supportedgroupslist_length;
}
if (!*pcurves) {
*pcurves = eccurves_default;
@@ -356,13 +356,13 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
}
/*-
- * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef
+ * For nmatch >= 0, return the NID of the |nmatch|th shared group or NID_undef
* if there is no match.
* For nmatch == -1, return number of matches
- * For nmatch == -2, return the NID of the curve to use for
+ * For nmatch == -2, return the NID of the group to use for
* an EC tmp key, or NID_undef if there is no match.
*/
-int tls1_shared_curve(SSL *s, int nmatch)
+int tls1_shared_group(SSL *s, int nmatch)
{
const unsigned char *pref, *supp;
size_t num_pref, num_supp, i, j;
@@ -434,34 +434,35 @@ int tls1_shared_curve(SSL *s, int nmatch)
return NID_undef;
}
-int tls1_set_curves(unsigned char **pext, size_t *pextlen,
- int *curves, size_t ncurves)
+int tls1_set_groups(unsigned char **pext, size_t *pextlen,
+ int *groups, size_t ngroups)
{
- unsigned char *clist, *p;
+ unsigned char *glist, *p;
size_t i;
/*
- * Bitmap of curves included to detect duplicates: only works while curve
+ * Bitmap of groups included to detect duplicates: only works while group
* ids < 32
*/
unsigned long dup_list = 0;
- clist = OPENSSL_malloc(ncurves * 2);
- if (clist == NULL)
+ glist = OPENSSL_malloc(ngroups * 2);
+ if (glist == NULL)
return 0;
- for (i = 0, p = clist; i < ncurves; i++) {
+ for (i = 0, p = glist; i < ngroups; i++) {
unsigned long idmask;
int id;
- id = tls1_ec_nid2curve_id(curves[i]);
+ /* TODO(TLS1.3): Convert for DH groups */
+ id = tls1_ec_nid2curve_id(groups[i]);
idmask = 1L << id;
if (!id || (dup_list & idmask)) {
- OPENSSL_free(clist);
+ OPENSSL_free(glist);
return 0;
}
dup_list |= idmask;
s2n(id, p);
}
OPENSSL_free(*pext);
- *pext = clist;
- *pextlen = ncurves * 2;
+ *pext = glist;
+ *pextlen = ngroups * 2;
return 1;
}
@@ -500,8 +501,8 @@ static int nid_cb(const char *elem, int len, void *arg)
return 1;
}
-/* Set curves based on a colon separate list */
-int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
+/* Set groups based on a colon separate list */
+int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str)
{
nid_cb_st ncb;
ncb.nidcnt = 0;
@@ -509,7 +510,7 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
return 0;
if (pext == NULL)
return 1;
- return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
+ return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
}
/* For an EC key set TLS id and required compression based on parameters */
@@ -706,7 +707,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
return 1;
}
/* Need a shared curve */
- if (tls1_shared_curve(s, 0))
+ if (tls1_shared_group(s, 0))
return 1;
return 0;
}
@@ -1117,16 +1118,17 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
}
/*
- * Add TLS extension EllipticCurves to the ClientHello message
+ * Add TLS extension supported_groups to the ClientHello message
*/
- pcurves = s->tlsext_ellipticcurvelist;
+ /* TODO(TLS1.3): Add support for DHE groups */
+ pcurves = s->tlsext_supportedgroupslist;
if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves)
- /* Sub-packet for curves extension */
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+ /* Sub-packet for supported_groups extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
@@ -1982,22 +1984,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al)
return 0;
}
}
- } else if (currext->type == TLSEXT_TYPE_elliptic_curves) {
- PACKET elliptic_curve_list;
+ } else if (currext->type == TLSEXT_TYPE_supported_groups) {
+ PACKET supported_groups_list;
- /* Each NamedCurve is 2 bytes and we must have at least 1. */
+ /* Each group is 2 bytes and we must have at least 1. */
if (!PACKET_as_length_prefixed_2(&currext->data,
- &elliptic_curve_list)
- || PACKET_remaining(&elliptic_curve_list) == 0
- || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) {
+ &supported_groups_list)
+ || PACKET_remaining(&supported_groups_list) == 0
+ || (PACKET_remaining(&supported_groups_list) % 2) != 0) {
return 0;
}
if (!s->hit) {
- if (!PACKET_memdup(&elliptic_curve_list,
- &s->session->tlsext_ellipticcurvelist,
+ if (!PACKET_memdup(&supported_groups_list,
+ &s->session->tlsext_supportedgroupslist,
&s->
- session->tlsext_ellipticcurvelist_length)) {
+ session->tlsext_supportedgroupslist_length)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index c8d00532d8..52c72b2450 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -448,7 +448,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_client_authz, "client_authz"},
{TLSEXT_TYPE_server_authz, "server_authz"},
{TLSEXT_TYPE_cert_type, "cert_type"},
- {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"},
+ {TLSEXT_TYPE_supported_groups, "supported_groups"},
{TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
{TLSEXT_TYPE_srp, "srp"},
{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
@@ -466,7 +466,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}
};
-static ssl_trace_tbl ssl_curve_tbl[] = {
+static ssl_trace_tbl ssl_groups_tbl[] = {
{1, "sect163k1 (K-163)"},
{2, "sect163r1"},
{3, "sect163r2 (B-163)"},
@@ -665,13 +665,13 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
return 0;
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
- case TLSEXT_TYPE_elliptic_curves:
+ case TLSEXT_TYPE_supported_groups:
if (extlen < 2)
return 0;
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
- return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl);
+ return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
case TLSEXT_TYPE_signature_algorithms:
@@ -1009,7 +1009,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
curve = (msg[1] << 8) | msg[2];
BIO_printf(bio, "named_curve: %s (%d)\n",
- ssl_trace_str(curve, ssl_curve_tbl), curve);
+ ssl_trace_str(curve, ssl_groups_tbl), curve);
msg += 3;
msglen -= 3;
if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 15:36:19 +0000