diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 43 | ||||
-rw-r--r-- | ssl/ssl_conf.c | 13 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 22 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 18 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 16 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 | ||||
-rw-r--r-- | ssl/t1_ext.c | 2 | ||||
-rw-r--r-- | ssl/t1_lib.c | 72 | ||||
-rw-r--r-- | ssl/t1_trce.c | 10 |
9 files changed, 104 insertions, 94 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 90c1c66744..dad43753dd 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, &nid, 1); } break; @@ -3112,20 +3112,21 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return ssl_cert_set_current(s->cert, larg); #ifndef OPENSSL_NO_EC - case SSL_CTRL_GET_CURVES: + case SSL_CTRL_GET_GROUPS: { unsigned char *clist; size_t clistlen; if (!s->session) return 0; - clist = s->session->tlsext_ellipticcurvelist; - clistlen = s->session->tlsext_ellipticcurvelist_length / 2; + clist = s->session->tlsext_supportedgroupslist; + clistlen = s->session->tlsext_supportedgroupslist_length / 2; if (parg) { size_t i; int *cptr = parg; unsigned int cid, nid; for (i = 0; i < clistlen; i++) { n2s(clist, cid); + /* TODO(TLS1.3): Handle DH groups here */ nid = tls1_ec_curve_id2nid(cid, NULL); if (nid != 0) cptr[i] = nid; @@ -3136,16 +3137,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg, larg); + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&s->tlsext_ellipticcurvelist, - &s->tlsext_ellipticcurvelist_length, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&s->tlsext_supportedgroupslist, + &s->tlsext_supportedgroupslist_length, parg); - case SSL_CTRL_GET_SHARED_CURVE: - return tls1_shared_curve(s, larg); + case SSL_CTRL_GET_SHARED_GROUP: + return tls1_shared_group(s, larg); #endif case SSL_CTRL_SET_SIGALGS: @@ -3320,8 +3321,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) return 0; - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, &nid, 1); } /* break; */ @@ -3417,14 +3418,14 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #endif #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES: - return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS: + return tls1_set_groups(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg, larg); - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, - &ctx->tlsext_ellipticcurvelist_length, + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist, + &ctx->tlsext_supportedgroupslist_length, parg); #endif case SSL_CTRL_SET_SIGALGS: diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 63687b5ba1..2382030f34 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -202,17 +202,23 @@ static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value) { int rv; if (cctx->ssl) - rv = SSL_set1_curves_list(cctx->ssl, value); + rv = SSL_set1_groups_list(cctx->ssl, value); /* NB: ctx == NULL performs syntax checking only */ else - rv = SSL_CTX_set1_curves_list(cctx->ctx, value); + rv = SSL_CTX_set1_groups_list(cctx->ctx, value); return rv > 0; } +/* This is the old name for cmd_Groups - retained for backwards compatibility */ +static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) +{ + return cmd_Groups(cctx, value); +} + #ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) @@ -543,6 +549,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), SSL_CONF_CMD_STRING(Curves, "curves", 0), + SSL_CONF_CMD_STRING(Groups, "groups", 0), #ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 363b4f4ab8..a6360accea 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -610,14 +610,14 @@ SSL *SSL_new(SSL_CTX *ctx) s->tlsext_ecpointformatlist_length = ctx->tlsext_ecpointformatlist_length; } - if (ctx->tlsext_ellipticcurvelist) { - s->tlsext_ellipticcurvelist = - OPENSSL_memdup(ctx->tlsext_ellipticcurvelist, - ctx->tlsext_ellipticcurvelist_length); - if (!s->tlsext_ellipticcurvelist) + if (ctx->tlsext_supportedgroupslist) { + s->tlsext_supportedgroupslist = + OPENSSL_memdup(ctx->tlsext_supportedgroupslist, + ctx->tlsext_supportedgroupslist_length); + if (!s->tlsext_supportedgroupslist) goto err; - s->tlsext_ellipticcurvelist_length = - ctx->tlsext_ellipticcurvelist_length; + s->tlsext_supportedgroupslist_length = + ctx->tlsext_supportedgroupslist_length; } #endif #ifndef OPENSSL_NO_NEXTPROTONEG @@ -1001,7 +1001,7 @@ void SSL_free(SSL *s) SSL_CTX_free(s->initial_ctx); #ifndef OPENSSL_NO_EC OPENSSL_free(s->tlsext_ecpointformatlist); - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->tlsext_supportedgroupslist); #endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); #ifndef OPENSSL_NO_OCSP @@ -1857,8 +1857,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) if (ctx == NULL) { switch (cmd) { #ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_CURVES_LIST: - return tls1_set_curves_list(NULL, NULL, parg); + case SSL_CTRL_SET_GROUPS_LIST: + return tls1_set_groups_list(NULL, NULL, parg); #endif case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: @@ -2630,7 +2630,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_EC OPENSSL_free(a->tlsext_ecpointformatlist); - OPENSSL_free(a->tlsext_ellipticcurvelist); + OPENSSL_free(a->tlsext_supportedgroupslist); #endif OPENSSL_free(a->alpn_client_proto_list); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 63b001ffee..dbe8813acf 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -554,8 +554,8 @@ struct ssl_session_st { # ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; /* peer's list */ # endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ @@ -868,8 +868,8 @@ struct ssl_ctx_st { /* EC extension values inherited by SSL structure */ size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; + size_t tlsext_supportedgroupslist_length; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* ext status type used for CSR extension (OCSP Stapling) */ @@ -1078,9 +1078,9 @@ struct ssl_st { size_t tlsext_ecpointformatlist_length; /* our list */ unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; + size_t tlsext_supportedgroupslist_length; /* our list */ - unsigned char *tlsext_ellipticcurvelist; + unsigned char *tlsext_supportedgroupslist; # endif /* OPENSSL_NO_EC */ /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; @@ -2053,10 +2053,10 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); __owur int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags); __owur int tls1_ec_nid2curve_id(int nid); __owur int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); -__owur int tls1_shared_curve(SSL *s, int nmatch); -__owur int tls1_set_curves(unsigned char **pext, size_t *pextlen, +__owur int tls1_shared_group(SSL *s, int nmatch); +__owur int tls1_set_groups(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, +__owur int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_curve(int id); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 291796e8ad..825e706561 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -132,7 +132,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->tlsext_hostname = NULL; #ifndef OPENSSL_NO_EC dest->tlsext_ecpointformatlist = NULL; - dest->tlsext_ellipticcurvelist = NULL; + dest->tlsext_supportedgroupslist = NULL; #endif dest->tlsext_tick = NULL; #ifndef OPENSSL_NO_SRP @@ -198,11 +198,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->tlsext_ecpointformatlist == NULL) goto err; } - if (src->tlsext_ellipticcurvelist) { - dest->tlsext_ellipticcurvelist = - OPENSSL_memdup(src->tlsext_ellipticcurvelist, - src->tlsext_ellipticcurvelist_length); - if (dest->tlsext_ellipticcurvelist == NULL) + if (src->tlsext_supportedgroupslist) { + dest->tlsext_supportedgroupslist = + OPENSSL_memdup(src->tlsext_supportedgroupslist, + src->tlsext_supportedgroupslist_length); + if (dest->tlsext_supportedgroupslist == NULL) goto err; } #endif @@ -753,8 +753,8 @@ void SSL_SESSION_free(SSL_SESSION *ss) #ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; OPENSSL_free(ss->tlsext_ecpointformatlist); - ss->tlsext_ellipticcurvelist_length = 0; - OPENSSL_free(ss->tlsext_ellipticcurvelist); + ss->tlsext_supportedgroupslist_length = 0; + OPENSSL_free(ss->tlsext_supportedgroupslist); #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index ba3457d2e0..142c637dc9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1736,7 +1736,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } /* Get NID of appropriate shared curve */ - nid = tls1_shared_curve(s, -2); + nid = tls1_shared_group(s, -2); curve_id = tls1_ec_nid2curve_id(nid); if (curve_id == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 30b304669f..bbec1359ca 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -242,7 +242,7 @@ int SSL_extension_supported(unsigned int ext_type) /* Internally supported extensions. */ case TLSEXT_TYPE_application_layer_protocol_negotiation: case TLSEXT_TYPE_ec_point_formats: - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: case TLSEXT_TYPE_heartbeat: #ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e79c37eee0..a7aa955223 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -268,8 +268,8 @@ static int tls1_get_curvelist(SSL *s, int sess, { size_t pcurveslen = 0; if (sess) { - *pcurves = s->session->tlsext_ellipticcurvelist; - pcurveslen = s->session->tlsext_ellipticcurvelist_length; + *pcurves = s->session->tlsext_supportedgroupslist; + pcurveslen = s->session->tlsext_supportedgroupslist_length; } else { /* For Suite B mode only include P-256, P-384 */ switch (tls1_suiteb(s)) { @@ -288,8 +288,8 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = 2; break; default: - *pcurves = s->tlsext_ellipticcurvelist; - pcurveslen = s->tlsext_ellipticcurvelist_length; + *pcurves = s->tlsext_supportedgroupslist; + pcurveslen = s->tlsext_supportedgroupslist_length; } if (!*pcurves) { *pcurves = eccurves_default; @@ -356,13 +356,13 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) } /*- - * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef + * For nmatch >= 0, return the NID of the |nmatch|th shared group or NID_undef * if there is no match. * For nmatch == -1, return number of matches - * For nmatch == -2, return the NID of the curve to use for + * For nmatch == -2, return the NID of the group to use for * an EC tmp key, or NID_undef if there is no match. */ -int tls1_shared_curve(SSL *s, int nmatch) +int tls1_shared_group(SSL *s, int nmatch) { const unsigned char *pref, *supp; size_t num_pref, num_supp, i, j; @@ -434,34 +434,35 @@ int tls1_shared_curve(SSL *s, int nmatch) return NID_undef; } -int tls1_set_curves(unsigned char **pext, size_t *pextlen, - int *curves, size_t ncurves) +int tls1_set_groups(unsigned char **pext, size_t *pextlen, + int *groups, size_t ngroups) { - unsigned char *clist, *p; + unsigned char *glist, *p; size_t i; /* - * Bitmap of curves included to detect duplicates: only works while curve + * Bitmap of groups included to detect duplicates: only works while group * ids < 32 */ unsigned long dup_list = 0; - clist = OPENSSL_malloc(ncurves * 2); - if (clist == NULL) + glist = OPENSSL_malloc(ngroups * 2); + if (glist == NULL) return 0; - for (i = 0, p = clist; i < ncurves; i++) { + for (i = 0, p = glist; i < ngroups; i++) { unsigned long idmask; int id; - id = tls1_ec_nid2curve_id(curves[i]); + /* TODO(TLS1.3): Convert for DH groups */ + id = tls1_ec_nid2curve_id(groups[i]); idmask = 1L << id; if (!id || (dup_list & idmask)) { - OPENSSL_free(clist); + OPENSSL_free(glist); return 0; } dup_list |= idmask; s2n(id, p); } OPENSSL_free(*pext); - *pext = clist; - *pextlen = ncurves * 2; + *pext = glist; + *pextlen = ngroups * 2; return 1; } @@ -500,8 +501,8 @@ static int nid_cb(const char *elem, int len, void *arg) return 1; } -/* Set curves based on a colon separate list */ -int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) +/* Set groups based on a colon separate list */ +int tls1_set_groups_list(unsigned char **pext, size_t *pextlen, const char *str) { nid_cb_st ncb; ncb.nidcnt = 0; @@ -509,7 +510,7 @@ int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str) return 0; if (pext == NULL) return 1; - return tls1_set_curves(pext, pextlen, ncb.nid_arr, ncb.nidcnt); + return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt); } /* For an EC key set TLS id and required compression based on parameters */ @@ -706,7 +707,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return 1; } /* Need a shared curve */ - if (tls1_shared_curve(s, 0)) + if (tls1_shared_group(s, 0)) return 1; return 0; } @@ -1117,16 +1118,17 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) } /* - * Add TLS extension EllipticCurves to the ClientHello message + * Add TLS extension supported_groups to the ClientHello message */ - pcurves = s->tlsext_ellipticcurvelist; + /* TODO(TLS1.3): Add support for DHE groups */ + pcurves = s->tlsext_supportedgroupslist; if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_elliptic_curves) - /* Sub-packet for curves extension */ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups) + /* Sub-packet for supported_groups extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); @@ -1982,22 +1984,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) return 0; } } - } else if (currext->type == TLSEXT_TYPE_elliptic_curves) { - PACKET elliptic_curve_list; + } else if (currext->type == TLSEXT_TYPE_supported_groups) { + PACKET supported_groups_list; - /* Each NamedCurve is 2 bytes and we must have at least 1. */ + /* Each group is 2 bytes and we must have at least 1. */ if (!PACKET_as_length_prefixed_2(&currext->data, - &elliptic_curve_list) - || PACKET_remaining(&elliptic_curve_list) == 0 - || (PACKET_remaining(&elliptic_curve_list) % 2) != 0) { + &supported_groups_list) + || PACKET_remaining(&supported_groups_list) == 0 + || (PACKET_remaining(&supported_groups_list) % 2) != 0) { return 0; } if (!s->hit) { - if (!PACKET_memdup(&elliptic_curve_list, - &s->session->tlsext_ellipticcurvelist, + if (!PACKET_memdup(&supported_groups_list, + &s->session->tlsext_supportedgroupslist, &s-> - session->tlsext_ellipticcurvelist_length)) { + session->tlsext_supportedgroupslist_length)) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index c8d00532d8..52c72b2450 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -448,7 +448,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_client_authz, "client_authz"}, {TLSEXT_TYPE_server_authz, "server_authz"}, {TLSEXT_TYPE_cert_type, "cert_type"}, - {TLSEXT_TYPE_elliptic_curves, "elliptic_curves"}, + {TLSEXT_TYPE_supported_groups, "supported_groups"}, {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"}, {TLSEXT_TYPE_srp, "srp"}, {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, @@ -466,7 +466,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} }; -static ssl_trace_tbl ssl_curve_tbl[] = { +static ssl_trace_tbl ssl_groups_tbl[] = { {1, "sect163k1 (K-163)"}, {2, "sect163r1"}, {3, "sect163r2 (B-163)"}, @@ -665,13 +665,13 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); - case TLSEXT_TYPE_elliptic_curves: + case TLSEXT_TYPE_supported_groups: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; - return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl); + return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); case TLSEXT_TYPE_signature_algorithms: @@ -1009,7 +1009,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, return 0; curve = (msg[1] << 8) | msg[2]; BIO_printf(bio, "named_curve: %s (%d)\n", - ssl_trace_str(curve, ssl_curve_tbl), curve); + ssl_trace_str(curve, ssl_groups_tbl), curve); msg += 3; msglen -= 3; if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen)) |