diff options
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions.c | 2 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 21 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 7 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 6 |
4 files changed, 4 insertions, 32 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 6dc21ad42f..47ad5110ab 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1409,7 +1409,7 @@ static int final_key_share(SSL_CONNECTION *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 2)) + 1)) break; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 19f6561b17..18bcba036f 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -226,21 +226,6 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { -#ifndef OPENSSL_NO_TLS1_3 - int ctmp13 = ssl_group_id_internal_to_tls13(ctmp); - - if (ctmp13 != 0 && ctmp13 != ctmp - && max_version == TLS1_3_VERSION) { - if (!WPACKET_put_bytes_u16(pkt, ctmp13)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - tls13added++; - added++; - if (min_version == TLS1_3_VERSION) - continue; - } -#endif if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -646,7 +631,7 @@ static int add_key_share(SSL_CONNECTION *s, WPACKET *pkt, unsigned int curve_id) } /* Create KeyShareEntry */ - if (!WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13(curve_id)) + if (!WPACKET_put_bytes_u16(pkt, curve_id) || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -699,9 +684,6 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, curve_id = s->s3.group_id; } else { for (i = 0; i < num_groups; i++) { - if (ssl_group_id_internal_to_tls13(pgroups[i]) == 0) - continue; - if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; @@ -1799,7 +1781,6 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, return 0; } - group_id = ssl_group_id_tls13_to_internal(group_id); if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) { const uint16_t *pgroups = NULL; size_t i, num_groups; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 4f7321fd20..6a488a8737 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -642,7 +642,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, * we requested, and must be the only key_share sent. */ if (s->s3.group_id != 0 - && (ssl_group_id_tls13_to_internal(group_id) != s->s3.group_id + && (group_id != s->s3.group_id || PACKET_remaining(&key_share_list) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; @@ -664,8 +664,6 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, /* Cache the selected group ID in the SSL_SESSION */ s->session->kex_group = group_id; - group_id = ssl_group_id_tls13_to_internal(group_id); - if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); @@ -1612,8 +1610,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13( - s->s3.group_id)) + || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 07939ee960..8b34c11048 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2222,15 +2222,9 @@ int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, if (groups == NULL || num_groups == 0) return 0; - if (checkallow == 1) - group_id = ssl_group_id_tls13_to_internal(group_id); - for (i = 0; i < num_groups; i++) { uint16_t group = groups[i]; - if (checkallow == 2) - group = ssl_group_id_tls13_to_internal(group); - if (group_id == group && (!checkallow || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { |