From b7f937c40e9bf0f10fa7506f39a33c3fdc1f1c16 Mon Sep 17 00:00:00 2001 From: beck Date: Tue, 26 Mar 2024 01:21:34 +0000 Subject: [PATCH] Process supported groups before key share. This will allow us to know the client preferences for an upcoming change to key share processing. ok jsing@ --- lib/libssl/ssl_tlsext.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 26bd0c5f3e0..3883aa6cec8 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.141 2024/03/25 10:18:13 jsing Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.142 2024/03/26 01:21:34 beck Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1998,6 +1998,20 @@ static const struct tls_extension tls_extensions[] = { .process = tlsext_versions_server_process, }, }, + { + .type = TLSEXT_TYPE_supported_groups, + .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, + .client = { + .needs = tlsext_supportedgroups_client_needs, + .build = tlsext_supportedgroups_client_build, + .process = tlsext_supportedgroups_client_process, + }, + .server = { + .needs = tlsext_supportedgroups_server_needs, + .build = tlsext_supportedgroups_server_build, + .process = tlsext_supportedgroups_server_process, + }, + }, { .type = TLSEXT_TYPE_key_share, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH | @@ -2070,20 +2084,6 @@ static const struct tls_extension tls_extensions[] = { .process = tlsext_ecpf_server_process, }, }, - { - .type = TLSEXT_TYPE_supported_groups, - .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE, - .client = { - .needs = tlsext_supportedgroups_client_needs, - .build = tlsext_supportedgroups_client_build, - .process = tlsext_supportedgroups_client_process, - }, - .server = { - .needs = tlsext_supportedgroups_server_needs, - .build = tlsext_supportedgroups_server_build, - .process = tlsext_supportedgroups_server_process, - }, - }, { .type = TLSEXT_TYPE_session_ticket, .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH, -- 2.20.1