From 3465d79c55e037873b305f078210d9b37aaf0f1c Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Mon, 15 Jun 2026 14:41:54 +0800
Subject: [PATCH] Update tlcp.c

---
 CMakeLists.txt          |  2 +-
 include/gmssl/version.h |  2 +-
 src/tlcp.c              | 49 ++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c3c78029..e3840e3f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -764,7 +764,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1053")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1054")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index 03000f82..49078cbe 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1053"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1054"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/src/tlcp.c b/src/tlcp.c
index 5f4208d1..1c30c407 100644
--- a/src/tlcp.c
+++ b/src/tlcp.c
@@ -704,7 +704,20 @@ int tlcp_recv_server_hello(TLS_CONNECT *conn)
 
 	// supported_groups
 	if (supported_groups) {
-		// 检查cipher_suite依赖的SM2/SM9曲线是否在其中，否则报错
+		int common_group;
+		size_t common_groups_cnt = 0;
+
+		if ((ret = tls_process_supported_groups(supported_groups, supported_groups_len,
+			tlcp_supported_groups, tlcp_supported_groups_cnt,
+			&common_group, &common_groups_cnt, 1)) < 0) {
+			error_print();
+			tls_send_alert(conn, TLS_alert_decode_error);
+			return -1;
+		} else if (ret == 0) {
+			error_print();
+			tls_send_alert(conn, TLS_alert_handshake_failure);
+			return -1;
+		}
 	}
 
 	// application_layer_protocol_negotiation
@@ -1630,6 +1643,40 @@ int tlcp_recv_client_hello(TLS_CONNECT *conn)
 		return -1;
 	}
 
+	if (supported_groups) {
+		int common_group;
+		size_t common_groups_cnt = 0;
+
+		if ((ret = tls_process_supported_groups(supported_groups, supported_groups_len,
+			tlcp_supported_groups, tlcp_supported_groups_cnt,
+			&common_group, &common_groups_cnt, 1)) < 0) {
+			error_print();
+			tls_send_alert(conn, TLS_alert_decode_error);
+			return -1;
+		} else if (ret == 0) {
+			error_print();
+			tls_send_alert(conn, TLS_alert_handshake_failure);
+			return -1;
+		}
+	}
+
+	if (signature_algorithms) {
+		int common_sig_alg;
+		size_t common_sig_algs_cnt = 0;
+
+		if ((ret = tls_process_signature_algorithms(signature_algorithms, signature_algorithms_len,
+			tlcp_signature_algorithms, tlcp_signature_algorithms_cnt,
+			&common_sig_alg, &common_sig_algs_cnt, 1)) < 0) {
+			error_print();
+			tls_send_alert(conn, TLS_alert_decode_error);
+			return -1;
+		} else if (ret == 0) {
+			error_print();
+			tls_send_alert(conn, TLS_alert_handshake_failure);
+			return -1;
+		}
+	}
+
 	if (trusted_ca_keys) {
 		conn->trusted_ca_keys = 1;
 		if (trusted_authorities_len > sizeof(conn->trusted_authorities)) {