summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/s3_lib.c43
-rw-r--r--ssl/ssl_conf.c13
-rw-r--r--ssl/ssl_lib.c22
-rw-r--r--ssl/ssl_locl.h18
-rw-r--r--ssl/ssl_sess.c16
-rw-r--r--ssl/statem/statem_srvr.c2
-rw-r--r--ssl/t1_ext.c2
-rw-r--r--ssl/t1_lib.c72
-rw-r--r--ssl/t1_trce.c10
9 files changed, 104 insertions, 94 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 90c1c66744..dad43753dd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
nid = EC_GROUP_get_curve_name(group);
if (nid == NID_undef)
return 0;
- return tls1_set_curves(&s->tlsext_ellipticcurvelist,
- &s->tlsext_ellipticcurvelist_length,
+ return tls1_set_groups(&s->tlsext_supportedgroupslist,
+ &s->tlsext_supportedgroupslist_length,
&nid, 1);
}
break;
@@ -3112,20 +3112,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return ssl_cert_set_current(s->cert, larg);
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_GET_CURVES:
+ case SSL_CTRL_GET_GROUPS:
{
unsigned char *clist;
size_t clistlen;
if (!s->session)
return 0;
- clist = s->session->tlsext_ellipticcurvelist;
- clistlen = s->session->tlsext_ellipticcurvelist_length / 2;
+ clist = s->session->tlsext_supportedgroupslist;
+ clistlen = s->session->tlsext_supportedgroupslist_length / 2;
if (parg) {
size_t i;
int *cptr = parg;
unsigned int cid, nid;
for (i = 0; i < clistlen; i++) {
n2s(clist, cid);
+ /* TODO(TLS1.3): Handle DH groups here */
nid = tls1_ec_curve_id2nid(cid, NULL);
if (nid != 0)
cptr[i] = nid;
@@ -3136,16 +3137,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return (int)clistlen;
}
- case SSL_CTRL_SET_CURVES:
- return tls1_set_curves(&s->tlsext_ellipticcurvelist,
- &s->tlsext_ellipticcurvelist_length, parg, larg);
+ case SSL_CTRL_SET_GROUPS:
+ return tls1_set_groups(&s->tlsext_supportedgroupslist,
+ &s->tlsext_supportedgroupslist_length, parg, larg);
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
- &s->tlsext_ellipticcurvelist_length, parg);
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(&s->tlsext_supportedgroupslist,
+ &s->tlsext_supportedgroupslist_length, parg);
- case SSL_CTRL_GET_SHARED_CURVE:
- return tls1_shared_curve(s, larg);
+ case SSL_CTRL_GET_SHARED_GROUP:
+ return tls1_shared_group(s, larg);
#endif
case SSL_CTRL_SET_SIGALGS:
@@ -3320,8 +3321,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
nid = EC_GROUP_get_curve_name(group);
if (nid == NID_undef)
return 0;
- return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
- &ctx->tlsext_ellipticcurvelist_length,
+ return tls1_set_groups(&ctx->tlsext_supportedgroupslist,
+ &ctx->tlsext_supportedgroupslist_length,
&nid, 1);
}
/* break; */
@@ -3417,14 +3418,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
#endif
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_CURVES:
- return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
- &ctx->tlsext_ellipticcurvelist_length,
+ case SSL_CTRL_SET_GROUPS:
+ return tls1_set_groups(&ctx->tlsext_supportedgroupslist,
+ &ctx->tlsext_supportedgroupslist_length,
parg, larg);
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
- &ctx->tlsext_ellipticcurvelist_length,
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist,
+ &ctx->tlsext_supportedgroupslist_length,
parg);
#endif
case SSL_CTRL_SET_SIGALGS:
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 63687b5ba1..2382030f34 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -202,17 +202,23 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
return rv > 0;
}
-static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value)
{
int rv;
if (cctx->ssl)
- rv = SSL_set1_curves_list(cctx->ssl, value);
+ rv = SSL_set1_groups_list(cctx->ssl, value);
/* NB: ctx == NULL performs syntax checking only */
else
- rv = SSL_CTX_set1_curves_list(cctx->ctx, value);
+ rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
return rv > 0;
}
+/* This is the old name for cmd_Groups - retained for backwards compatibility */
+static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+{
+ return cmd_Groups(cctx, value);
+}
+
#ifndef OPENSSL_NO_EC
/* ECDH temporary parameters */
static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
@@ -543,6 +549,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
SSL_CONF_CMD_STRING(Curves, "curves", 0),
+ SSL_CONF_CMD_STRING(Groups, "groups", 0),
#ifndef OPENSSL_NO_EC
SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
#endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 363b4f4ab8..a6360accea 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -610,14 +610,14 @@ SSL *SSL_new(SSL_CTX *ctx)
s->tlsext_ecpointformatlist_length =
ctx->tlsext_ecpointformatlist_length;
}
- if (ctx->tlsext_ellipticcurvelist) {
- s->tlsext_ellipticcurvelist =
- OPENSSL_memdup(ctx->tlsext_ellipticcurvelist,
- ctx->tlsext_ellipticcurvelist_length);
- if (!s->tlsext_ellipticcurvelist)
+ if (ctx->tlsext_supportedgroupslist) {
+ s->tlsext_supportedgroupslist =
+ OPENSSL_memdup(ctx->tlsext_supportedgroupslist,
+ ctx->tlsext_supportedgroupslist_length);
+ if (!s->tlsext_supportedgroupslist)
goto err;
- s->tlsext_ellipticcurvelist_length =
- ctx->tlsext_ellipticcurvelist_length;
+ s->tlsext_supportedgroupslist_length =
+ ctx->tlsext_supportedgroupslist_length;
}
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
@@ -1001,7 +1001,7 @@ void SSL_free(SSL *s)
SSL_CTX_free(s->initial_ctx);
#ifndef OPENSSL_NO_EC
OPENSSL_free(s->tlsext_ecpointformatlist);
- OPENSSL_free(s->tlsext_ellipticcurvelist);
+ OPENSSL_free(s->tlsext_supportedgroupslist);
#endif /* OPENSSL_NO_EC */
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
#ifndef OPENSSL_NO_OCSP
@@ -1857,8 +1857,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
if (ctx == NULL) {
switch (cmd) {
#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_CURVES_LIST:
- return tls1_set_curves_list(NULL, NULL, parg);
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(NULL, NULL, parg);
#endif
case SSL_CTRL_SET_SIGALGS_LIST:
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
@@ -2630,7 +2630,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_EC
OPENSSL_free(a->tlsext_ecpointformatlist);
- OPENSSL_free(a->tlsext_ellipticcurvelist);
+ OPENSSL_free(a->tlsext_supportedgroupslist);
#endif
OPENSSL_free(a->alpn_client_proto_list);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 63b001ffee..dbe8813acf 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -554,8 +554,8 @@ struct ssl_session_st {
# ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist; /* peer's list */
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+ size_t tlsext_supportedgroupslist_length;
+ unsigned char *tlsext_supportedgroupslist; /* peer's list */
# endif /* OPENSSL_NO_EC */
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
@@ -868,8 +868,8 @@ struct ssl_ctx_st {
/* EC extension values inherited by SSL structure */
size_t tlsext_ecpointformatlist_length;
unsigned char *tlsext_ecpointformatlist;
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist;
+ size_t tlsext_supportedgroupslist_length;
+ unsigned char *tlsext_supportedgroupslist;
# endif /* OPENSSL_NO_EC */
/* ext status type used for CSR extension (OCSP Stapling) */
@@ -1078,9 +1078,9 @@ struct ssl_st {
size_t tlsext_ecpointformatlist_length;
/* our list */
unsigned char *tlsext_ecpointformatlist;
- size_t tlsext_ellipticcurvelist_length;
+ size_t tlsext_supportedgroupslist_length;
/* our list */
- unsigned char *tlsext_ellipticcurvelist;
+ unsigned char *tlsext_supportedgroupslist;
# endif /* OPENSSL_NO_EC */
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
@@ -2053,10 +2053,10 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
__owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags);
__owur int tls1_ec_nid2curve_id(int nid);
__owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
-__owur int tls1_shared_curve(SSL *s, int nmatch);
-__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen,
+__owur int tls1_shared_group(SSL *s, int nmatch);
+__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves);
-__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
+__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen,
const char *str);
__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
__owur EVP_PKEY *ssl_generate_pkey_curve(int id);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 291796e8ad..825e706561 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -132,7 +132,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->tlsext_hostname = NULL;
#ifndef OPENSSL_NO_EC
dest->tlsext_ecpointformatlist = NULL;
- dest->tlsext_ellipticcurvelist = NULL;
+ dest->tlsext_supportedgroupslist = NULL;
#endif
dest->tlsext_tick = NULL;
#ifndef OPENSSL_NO_SRP
@@ -198,11 +198,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (dest->tlsext_ecpointformatlist == NULL)
goto err;
}
- if (src->tlsext_ellipticcurvelist) {
- dest->tlsext_ellipticcurvelist =
- OPENSSL_memdup(src->tlsext_ellipticcurvelist,
- src->tlsext_ellipticcurvelist_length);
- if (dest->tlsext_ellipticcurvelist == NULL)
+ if (src->tlsext_supportedgroupslist) {
+ dest->tlsext_supportedgroupslist =
+ OPENSSL_memdup(src->tlsext_supportedgroupslist,
+ src->tlsext_supportedgroupslist_length);
+ if (dest->tlsext_supportedgroupslist == NULL)
goto err;
}
#endif
@@ -753,8 +753,8 @@ void SSL_SESSION_free(SSL_SESSION *ss)
#ifndef OPENSSL_NO_EC
ss->tlsext_ecpointformatlist_length = 0;
OPENSSL_free(ss->tlsext_ecpointformatlist);
- ss->tlsext_ellipticcurvelist_length = 0;
- OPENSSL_free(ss->tlsext_ellipticcurvelist);
+ ss->tlsext_supportedgroupslist_length = 0;
+ OPENSSL_free(ss->tlsext_supportedgroupslist);
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_PSK
OPENSSL_free(ss->psk_identity_hint);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ba3457d2e0..142c637dc9 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1736,7 +1736,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
}
/* Get NID of appropriate shared curve */
- nid = tls1_shared_curve(s, -2);
+ nid = tls1_shared_group(s, -2);
curve_id = tls1_ec_nid2curve_id(nid);
if (curve_id == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 30b304669f..bbec1359ca 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -242,7 +242,7 @@ int SSL_extension_supported(unsigned int ext_type)
/* Internally supported extensions. */
case TLSEXT_TYPE_application_layer_protocol_negotiation:
case TLSEXT_TYPE_ec_point_formats:
- case TLSEXT_TYPE_elliptic_curves:
+ case TLSEXT_TYPE_supported_groups:
case TLSEXT_TYPE_heartbeat:
#ifndef OPENSSL_NO_NEXTPROTONEG
case TLSEXT_TYPE_next_proto_neg:
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e79c37eee0..a7aa955223 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -268,8 +268,8 @@ static int tls1_get_curvelist(SSL *s, int sess,
{
size_t pcurveslen = 0;
if (sess) {
- *pcurves = s->session->tlsext_ellipticcurvelist;
- pcurveslen = s->session->tlsext_ellipticcurvelist_length;
+ *pcurves = s->session->tlsext_supportedgroupslist;
+ pcurveslen = s->session->tlsext_supportedgroupslist_length;
} else {
/* For Suite B mode only include P-256, P-384 */
switch (tls1_suiteb(s)) {
@@ -288,8 +288,8 @@ static int tls1_get_curvelist(SSL *s, int sess,
pcurveslen = 2;
break;
default:
- *pcurves = s->tlsext_ellipticcurvelist;
- pcurveslen = s->tlsext_ellipticcurvelist_length;
+ *pcurves = s->tlsext_supportedgroupslist;
+ pcurveslen = s->tlsext_supportedgroupslist_length;
}
if (!*pcurves) {
*pcurves = eccurves_default;
@@ -356,13 +356,13 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
}
/*-
- * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef
+ * For nmatch >= 0, return the NID of the |nmatch|th shared group or NID_undef
* if there is no match.
* For nmatch == -1, return number of matches
- * For nmatch == -2, return the NID of the curve to use for
+ * For nmatch == -2, return the NID of the group to use for
* an EC tmp key, or NID_undef if there is no match.
*/
-int tls1_shared_curve(SSL *s, int nmatch)
+int tls1_shared_group(SSL *s, int nmatch)
{
const unsigned char *pref, *supp;
size_t num_pref, num_supp, i, j;
@@ -434,34 +434,35 @@ int tls1_shared_curve(SSL *s, int nmatch)
return NID_undef;
}
-int tls1_set_curves(unsigned char **pext, size_t *pextlen,
- int *curves, size_t ncurves)
+int tls1_set_groups(unsigned char **pext, size_t *pextlen,
+ int *groups, size_t ngroups)
{
- unsigned char *clist, *p;
+ unsigned char *glist, *p;
size_t i;
/*
- * Bitmap of curves included to detect duplicates: only works while curve
+ * Bitmap of groups included to detect duplicates: only works while group
* ids < 32
*/
unsigned long dup_list = 0;
- clist = OPENSSL_malloc(ncurves * 2);
- if (clist == NULL)
+ glist = OPENSSL_malloc(ngroups * 2);
+ if (glist == NULL)
return 0;
- for (i = 0, p = clist; i < ncurves; i++) {
+ for (i = 0, p = glist; i < ngroups; i++) {
unsigned long idmask;
int id;
- id = tls1_ec_nid2curve_id(curves[i]);
+ /* TODO(TLS1.3): Convert for DH groups */
+ id = tls1_ec_nid2curve_id(groups[i]);
idmask = 1L << id;
if (!id || (dup_list & idmask)) {
- OPENSSL_free(clist);
+ OPENSSL_free(glist);
return 0;
}
dup_list |= idmask;
s2n(id, p);
}
OPENSSL_free(*pext);
- *pext = clist;
- *pextlen = ncurves * 2;
+ *pext = glist;
+ *pextlen = ngroups * 2;
return 1;
}
@@ -500,8 +501,8 @@ static int nid_cb(const char *elem, int len, void *arg)
return 1;
}
-/* Set curves based on a colon separate list */
-int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
+/* Set groups based on a colon separate list */
+int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str)
{
nid_cb_st ncb;
ncb.nidcnt = 0;
@@ -509,7 +510,7 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str)
return 0;
if (pext == NULL)
return 1;
- return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
+ return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
}
/* For an EC key set TLS id and required compression based on parameters */
@@ -706,7 +707,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
return 1;
}
/* Need a shared curve */
- if (tls1_shared_curve(s, 0))
+ if (tls1_shared_group(s, 0))
return 1;
return 0;
}
@@ -1117,16 +1118,17 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al)
}
/*
- * Add TLS extension EllipticCurves to the ClientHello message
+ * Add TLS extension supported_groups to the ClientHello message
*/
- pcurves = s->tlsext_ellipticcurvelist;
+ /* TODO(TLS1.3): Add support for DHE groups */
+ pcurves = s->tlsext_supportedgroupslist;
if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
return 0;
}
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves)
- /* Sub-packet for curves extension */
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+ /* Sub-packet for supported_groups extension */
|| !WPACKET_start_sub_packet_u16(pkt)
|| !WPACKET_start_sub_packet_u16(pkt)) {
SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
@@ -1982,22 +1984,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al)
return 0;
}
}
- } else if (currext->type == TLSEXT_TYPE_elliptic_curves) {
- PACKET elliptic_curve_list;
+ } else if (currext->type == TLSEXT_TYPE_supported_groups) {
+ PACKET supported_groups_list;
- /* Each NamedCurve is 2 bytes and we must have at least 1. */
+ /* Each group is 2 bytes and we must have at least 1. */
if (!PACKET_as_length_prefixed_2(&currext->data,
- &elliptic_curve_list)
- || PACKET_remaining(&elliptic_curve_list) == 0
- || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) {
+ &supported_groups_list)
+ || PACKET_remaining(&supported_groups_list) == 0
+ || (PACKET_remaining(&supported_groups_list) % 2) != 0) {
return 0;
}
if (!s->hit) {
- if (!PACKET_memdup(&elliptic_curve_list,
- &s->session->tlsext_ellipticcurvelist,
+ if (!PACKET_memdup(&supported_groups_list,
+ &s->session->tlsext_supportedgroupslist,
&s->
- session->tlsext_ellipticcurvelist_length)) {
+ session->tlsext_supportedgroupslist_length)) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index c8d00532d8..52c72b2450 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -448,7 +448,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_client_authz, "client_authz"},
{TLSEXT_TYPE_server_authz, "server_authz"},
{TLSEXT_TYPE_cert_type, "cert_type"},
- {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"},
+ {TLSEXT_TYPE_supported_groups, "supported_groups"},
{TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
{TLSEXT_TYPE_srp, "srp"},
{TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
@@ -466,7 +466,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}
};
-static ssl_trace_tbl ssl_curve_tbl[] = {
+static ssl_trace_tbl ssl_groups_tbl[] = {
{1, "sect163k1 (K-163)"},
{2, "sect163r1"},
{3, "sect163r2 (B-163)"},
@@ -665,13 +665,13 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype,
return 0;
return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
- case TLSEXT_TYPE_elliptic_curves:
+ case TLSEXT_TYPE_supported_groups:
if (extlen < 2)
return 0;
xlen = (ext[0] << 8) | ext[1];
if (extlen != xlen + 2)
return 0;
- return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl);
+ return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
case TLSEXT_TYPE_signature_algorithms:
@@ -1009,7 +1009,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
curve = (msg[1] << 8) | msg[2];
BIO_printf(bio, "named_curve: %s (%d)\n",
- ssl_trace_str(curve, ssl_curve_tbl), curve);
+ ssl_trace_str(curve, ssl_groups_tbl), curve);
msg += 3;
msglen -= 3;
if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 22:24:30 +0000