#endif
#ifndef OPENSSL_NO_EC
-static int use_ecc(SSL *s, int max_version)
+static int use_ecc(SSL *s, int min_version, int max_version)
{
int i, end, ret = 0;
unsigned long alg_k, alg_a;
for (j = 0; j < num_groups; j++) {
uint16_t ctmp = pgroups[j];
- if (tls_valid_group(s, ctmp, max_version)
+ if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
return 1;
}
SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason);
return EXT_RETURN_FAIL;
}
- if (!use_ecc(s, max_version))
+ if (!use_ecc(s, min_version, max_version))
return EXT_RETURN_NOT_SENT;
/* Add TLS extension ECPointFormats to the ClientHello message */
if (max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#else
- if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION)
+ if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION)
return EXT_RETURN_NOT_SENT;
#endif
for (i = 0; i < num_groups; i++) {
uint16_t ctmp = pgroups[i];
- if (tls_valid_group(s, ctmp, max_version)
+ if (tls_valid_group(s, ctmp, min_version, max_version)
&& tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
/* SSLfatal() already called */
return 0;
}
-
- /*
- * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
- * knows how to get a key from an encoded point with the help of
- * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
- * downgrades an EVP_PKEY to contain a legacy key.
- *
- * THIS IS TEMPORARY
- */
- EVP_PKEY_get0(key_share_key);
- if (EVP_PKEY_id(key_share_key) == EVP_PKEY_NONE) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
- ERR_R_EC_LIB);
- goto err;
- }
}
/* Encode the public key. */
return 0;
}
- /*
- * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint()
- * knows how to get a key from an encoded point with the help of
- * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0()
- * downgrades an EVP_PKEY to contain a legacy key.
- *
- * THIS IS TEMPORARY
- */
- EVP_PKEY_get0(skey);
- if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) {
- EVP_PKEY_free(skey);
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
- ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,