abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update TLS 1.2 to support ec_point_formats

Browse Source
This commit is contained in:
Zhi Guan
2026-06-11 20:39:54 +08:00
parent 1dd920c198
commit c534f58e7e
2 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/gmssl/tls.h
View File

@@ -1163,6 +1163,8 @@ typedef struct {
int supported_groups[32];
size_t supported_groups_cnt;
// 11. ec_point_formats
int ec_point_formats;
// 13. signature_algorithms
// in ClientHello, CertificateRequest;

64
src/tls12.c
View File

@@ -859,6 +859,45 @@ static int tls12_select_common_cipher_suites(const uint8_t *client_ciphers, size
return *common_ciphers_cnt ? 1 : 0;
}
// support_uncompressed
static int tls_ec_point_formats_support_uncompressed(const uint8_t *ext_data, size_t ext_datalen)
{
const uint8_t *formats;
size_t formats_len;
int uncompressed = 0;
if (tls_uint8array_from_bytes(&formats, &formats_len, &ext_data, &ext_datalen) != 1
|| tls_length_is_zero(ext_datalen) != 1) {
error_print();
return -1;
}
if (!formats_len) {
error_print();
return -1;
}
while (formats_len) {
uint8_t format;
if (tls_uint8_from_bytes(&format, &formats, &formats_len) != 1) {
error_print();
return -1;
}
if (!tls_ec_point_format_name(format)) {
error_print();
return -1;
}
if (format == TLS_point_uncompressed) {
uncompressed = 1;
}
}
if (!uncompressed) {
error_print();
return 0;
}
return 1;
}
static int tls12_cert_chain_get_end_entity_group(const uint8_t *cert_chain, size_t cert_chain_len, int *group)
{
const uint8_t *cert;
@@ -1025,6 +1064,8 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
size_t cipher_suites_len;
const uint8_t *exts;
size_t extslen;
const uint8_t *ec_point_formats = NULL;
size_t ec_point_formats_len = 0;
const uint8_t *supported_groups = NULL;
size_t supported_groups_len = 0;
const uint8_t *signature_algorithms = NULL;
@@ -1101,6 +1142,7 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
}
switch (ext_type) {
case TLS_extension_ec_point_formats:
case TLS_extension_supported_groups:
case TLS_extension_signature_algorithms:
case TLS_extension_signature_algorithms_cert:
@@ -1114,6 +1156,15 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
}
switch (ext_type) {
case TLS_extension_ec_point_formats:
if (ec_point_formats) {
error_print();
tls_send_alert(conn, TLS_alert_illegal_parameter);
return -1;
}
ec_point_formats = ext_data;
ec_point_formats_len = ext_datalen;
break;
case TLS_extension_supported_groups:
if (supported_groups) {
error_print();
@@ -1155,6 +1206,19 @@ int tls_recv_client_hello(TLS_CONNECT *conn)
}
}
if (ec_point_formats) {
if ((ret = tls_ec_point_formats_support_uncompressed(ec_point_formats, ec_point_formats_len)) < 0) {
error_print();
tls_send_alert(conn, TLS_alert_decode_error);
return -1;
} else if (ret == 0) {
error_print();
tls_send_alert(conn, TLS_alert_illegal_parameter);
return -1;
}
conn->ec_point_formats = 1;
}
if ((ret = tls12_select_common_cipher_suites(cipher_suites, cipher_suites_len,
conn->ctx->cipher_suites, conn->ctx->cipher_suites_cnt,
common_cipher_suites, &common_cipher_suites_cnt,