Align on using the "group" over "curve" for ECDH in TLS
We're this awkward mix of "group" and "curve" right now. On the spec
side, this is because they used to be "curves", but then RFC 7919
renamed to "group" in an attempt to generalize FFDH and ECDH. The
negotiated FFDH stuff never really went anywhere (the way it used cipher
suite values in TLS 1.2 made it unusable), but the name change stuck.
In our implementation and API, we originally called it "curve". In
preparation for TLS 1.3, we renamed the internals to "group" to match
the spec in
https://boringssl-review.googlesource.com/c/boringssl/+/7955, but the
public API was still "curve".
Then we exported a few more things in
https://boringssl-review.googlesource.com/c/boringssl/+/8565, but I left
it at "curve" to keep the public API self-consistent.
Then we added OpenSSL's new "group" APIs in
https://boringssl-review.googlesource.com/c/boringssl/+/54306, but
didn't go as far to deprecate the old ones yet.
Now I'd like to add new APIs to clear up the weird mix of TLS codepoints
and NIDs that appear in our APIs. But our naming is a mess, so either
choice of "group" or "curve" for the new API looks weird.
In hindsight, we probably should have left it at "curve". Both terms are
equally useless for the future post-quantum KEMs, but at least "curve"
is more unique of a name than "group". But at this point, I think we're
too far through the "group" rename to really backtrack:
- Chromium says "group" in its internals
- QUICHE says "group" in its internals and public API
- Our internals say "group"
- OpenSSL has switched to "group" and deprecated "curve", so new APIs
will be based on "group"
So align with all this and say "group". This CL handles set1_curves and
set1_curves_list APIs, which already have "group" replacements from
OpenSSL. A follow-up CL will handle our APIs. This is a soft deprecation
because I don't think updating things is particularly worth the churn,
but get the old names out of the way, so new code can have a simpler API
to target.
Also rewrite the documentation for that section accordingly. I don't
think we need to talk about how it's always enabled now. That's a
reference to some very, very old OpenSSL behavior where ECDH negotiation
needed to be separately enabled.
Change-Id: I7a356793d36419fc668364c912ca7b4f5c6c23a2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60206
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/fuzz/ssl_ctx_api.cc b/fuzz/ssl_ctx_api.cc
index da0a2d3..f7c1f73 100644
--- a/fuzz/ssl_ctx_api.cc
+++ b/fuzz/ssl_ctx_api.cc
@@ -410,18 +410,18 @@
SSL_CTX_set_tlsext_ticket_keys(ctx, keys.data(), keys.size());
},
[](SSL_CTX *ctx, CBS *cbs) {
- std::vector<int> curves;
- if (!GetVector(&curves, cbs)) {
+ std::vector<int> groups;
+ if (!GetVector(&groups, cbs)) {
return;
}
- SSL_CTX_set1_curves(ctx, curves.data(), curves.size());
+ SSL_CTX_set1_groups(ctx, groups.data(), groups.size());
},
[](SSL_CTX *ctx, CBS *cbs) {
- std::string curves;
- if (!GetString(&curves, cbs)) {
+ std::string groups;
+ if (!GetString(&groups, cbs)) {
return;
}
- SSL_CTX_set1_curves_list(ctx, curves.c_str());
+ SSL_CTX_set1_groups_list(ctx, groups.c_str());
},
[](SSL_CTX *ctx, CBS *cbs) {
SSL_CTX_enable_signed_cert_timestamps(ctx);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f63acf6..31add55 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2331,45 +2331,51 @@
OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
-// Elliptic curve Diffie-Hellman.
+// Diffie-Hellman groups and ephemeral key exchanges.
//
-// Cipher suites using an ECDHE key exchange perform Diffie-Hellman over an
-// elliptic curve negotiated by both endpoints. See RFC 4492. Only named curves
-// are supported. ECDHE is always enabled, but the curve preferences may be
-// configured with these functions.
+// Most TLS handshakes (ECDHE cipher suites in TLS 1.2, and all supported TLS
+// 1.3 modes) incorporate an ephemeral key exchange, most commonly using
+// Elliptic Curve Diffie-Hellman (ECDH), as described in RFC 8422. The key
+// exchange algorithm is negotiated separately from the cipher suite, using
+// NamedGroup values, which define Diffie-Hellman groups.
//
-// Note that TLS 1.3 renames these from curves to groups. For consistency, we
-// currently use the TLS 1.2 name in the API.
+// Historically, these values were known as "curves", in reference to ECDH, and
+// some APIs refer to the original name. RFC 7919 renamed them to "groups" in
+// reference to Diffie-Hellman in general. These values are also used to select
+// experimental post-quantum KEMs. Though not Diffie-Hellman groups, KEMs can
+// fill a similar role in TLS, so they use the same codepoints.
+//
+// In TLS 1.2, the ECDH values also negotiate elliptic curves used in ECDSA. In
+// TLS 1.3 and later, ECDSA curves are part of the signature algorithm. See
+// |SSL_SIGN_*|.
-// SSL_CTX_set1_curves sets the preferred curves for |ctx| to be |curves|. Each
-// element of |curves| should be a curve nid. It returns one on success and
-// zero on failure.
+// SSL_CTX_set1_groups sets the preferred groups for |ctx| to be |groups|. Each
+// element of |groups| should be a |NID_*| constant from nid.h. It returns one
+// on success and zero on failure.
//
-// Note that this API uses nid values from nid.h and not the |SSL_CURVE_*|
-// values defined below.
-OPENSSL_EXPORT int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves,
- size_t curves_len);
+// Note that this API does not use the |SSL_CURVE_*| values defined below.
+OPENSSL_EXPORT int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups,
+ size_t num_groups);
-// SSL_set1_curves sets the preferred curves for |ssl| to be |curves|. Each
-// element of |curves| should be a curve nid. It returns one on success and
-// zero on failure.
+// SSL_set1_groups sets the preferred groups for |ssl| to be |groups|. Each
+// element of |groups| should be a |NID_*| constant from nid.h. It returns one
+// on success and zero on failure.
//
-// Note that this API uses nid values from nid.h and not the |SSL_CURVE_*|
-// values defined below.
-OPENSSL_EXPORT int SSL_set1_curves(SSL *ssl, const int *curves,
- size_t curves_len);
+// Note that this API does not use the |SSL_CURVE_*| values defined below.
+OPENSSL_EXPORT int SSL_set1_groups(SSL *ssl, const int *groups,
+ size_t num_groups);
-// SSL_CTX_set1_curves_list sets the preferred curves for |ctx| to be the
-// colon-separated list |curves|. Each element of |curves| should be a curve
+// SSL_CTX_set1_groups_list sets the preferred groups for |ctx| to be the
+// colon-separated list |groups|. Each element of |groups| should be a curve
// name (e.g. P-256, X25519, ...). It returns one on success and zero on
// failure.
-OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves);
+OPENSSL_EXPORT int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
-// SSL_set1_curves_list sets the preferred curves for |ssl| to be the
-// colon-separated list |curves|. Each element of |curves| should be a curve
+// SSL_set1_groups_list sets the preferred groups for |ssl| to be the
+// colon-separated list |groups|. Each element of |groups| should be a curve
// name (e.g. P-256, X25519, ...). It returns one on success and zero on
// failure.
-OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves);
+OPENSSL_EXPORT int SSL_set1_groups_list(SSL *ssl, const char *groups);
// SSL_CURVE_* define TLS curve IDs.
#define SSL_CURVE_SECP224R1 21
@@ -2404,20 +2410,6 @@
// list, so this does not apply if, say, sending strings across services.
OPENSSL_EXPORT size_t SSL_get_all_curve_names(const char **out, size_t max_out);
-// SSL_CTX_set1_groups calls |SSL_CTX_set1_curves|.
-OPENSSL_EXPORT int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups,
- size_t groups_len);
-
-// SSL_set1_groups calls |SSL_set1_curves|.
-OPENSSL_EXPORT int SSL_set1_groups(SSL *ssl, const int *groups,
- size_t groups_len);
-
-// SSL_CTX_set1_groups_list calls |SSL_CTX_set1_curves_list|.
-OPENSSL_EXPORT int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
-
-// SSL_set1_groups_list calls |SSL_set1_curves_list|.
-OPENSSL_EXPORT int SSL_set1_groups_list(SSL *ssl, const char *groups);
-
// Certificate verification.
//
@@ -5090,12 +5082,12 @@
// Use |SSL_CTX_set_quiet_shutdown| instead.
OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
-// SSL_CTX_set_tmp_ecdh calls |SSL_CTX_set1_curves| with a one-element list
-// containing |ec_key|'s curve.
+// SSL_CTX_set_tmp_ecdh calls |SSL_CTX_set1_groups| with a one-element list
+// containing |ec_key|'s curve. The remainder of |ec_key| is ignored.
OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
-// SSL_set_tmp_ecdh calls |SSL_set1_curves| with a one-element list containing
-// |ec_key|'s curve.
+// SSL_set_tmp_ecdh calls |SSL_set1_groups| with a one-element list containing
+// |ec_key|'s curve. The remainder of |ec_key| is ignored.
OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
// SSL_add_dir_cert_subjects_to_stack lists files in directory |dir|. It calls
@@ -5244,6 +5236,14 @@
SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE
#define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED
+// The following symbols are compatibility aliases for equivalent functions that
+// use the newer "group" terminology. New code should use the new functions for
+// consistency, but we do not plan to remove these aliases.
+#define SSL_CTX_set1_curves SSL_CTX_set1_groups
+#define SSL_set1_curves SSL_set1_groups
+#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list
+#define SSL_set1_curves_list SSL_set1_groups_list
+
// Compliance policy configurations
//
@@ -5359,6 +5359,8 @@
#define SSL_CTRL_SESS_NUMBER doesnt_exist
#define SSL_CTRL_SET_CURVES doesnt_exist
#define SSL_CTRL_SET_CURVES_LIST doesnt_exist
+#define SSL_CTRL_SET_GROUPS doesnt_exist
+#define SSL_CTRL_SET_GROUPS_LIST doesnt_exist
#define SSL_CTRL_SET_ECDH_AUTO doesnt_exist
#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist
@@ -5407,7 +5409,7 @@
#define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size
#define SSL_CTX_set0_chain SSL_CTX_set0_chain
#define SSL_CTX_set1_chain SSL_CTX_set1_chain
-#define SSL_CTX_set1_curves SSL_CTX_set1_curves
+#define SSL_CTX_set1_groups SSL_CTX_set1_groups
#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list
#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment
#define SSL_CTX_set_mode SSL_CTX_set_mode
@@ -5440,7 +5442,7 @@
#define SSL_session_reused SSL_session_reused
#define SSL_set0_chain SSL_set0_chain
#define SSL_set1_chain SSL_set1_chain
-#define SSL_set1_curves SSL_set1_curves
+#define SSL_set1_groups SSL_set1_groups
#define SSL_set_max_cert_list SSL_set_max_cert_list
#define SSL_set_max_send_fragment SSL_set_max_send_fragment
#define SSL_set_mode SSL_set_mode
diff --git a/ssl/extensions.cc b/ssl/extensions.cc
index 5ee2802..974a36c 100644
--- a/ssl/extensions.cc
+++ b/ssl/extensions.cc
@@ -358,57 +358,6 @@
return false;
}
-bool tls1_set_curves(Array<uint16_t> *out_group_ids, Span<const int> curves) {
- Array<uint16_t> group_ids;
- if (!group_ids.Init(curves.size())) {
- return false;
- }
-
- for (size_t i = 0; i < curves.size(); i++) {
- if (!ssl_nid_to_group_id(&group_ids[i], curves[i])) {
- return false;
- }
- }
-
- *out_group_ids = std::move(group_ids);
- return true;
-}
-
-bool tls1_set_curves_list(Array<uint16_t> *out_group_ids, const char *curves) {
- // Count the number of curves in the list.
- size_t count = 0;
- const char *ptr = curves, *col;
- do {
- col = strchr(ptr, ':');
- count++;
- if (col) {
- ptr = col + 1;
- }
- } while (col);
-
- Array<uint16_t> group_ids;
- if (!group_ids.Init(count)) {
- return false;
- }
-
- size_t i = 0;
- ptr = curves;
- do {
- col = strchr(ptr, ':');
- if (!ssl_name_to_group_id(&group_ids[i++], ptr,
- col ? (size_t)(col - ptr) : strlen(ptr))) {
- return false;
- }
- if (col) {
- ptr = col + 1;
- }
- } while (col);
-
- assert(i == count);
- *out_group_ids = std::move(group_ids);
- return true;
-}
-
bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
if (is_post_quantum_group(group_id) &&
ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
diff --git a/ssl/internal.h b/ssl/internal.h
index 2f8ce57..c95b8fa 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -3353,17 +3353,6 @@
// found, it returns false.
bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id);
-// tls1_set_curves converts the array of NIDs in |curves| into a newly allocated
-// array of TLS group IDs. On success, the function returns true and writes the
-// array to |*out_group_ids|. Otherwise, it returns false.
-bool tls1_set_curves(Array<uint16_t> *out_group_ids, Span<const int> curves);
-
-// tls1_set_curves_list converts the string of curves pointed to by |curves|
-// into a newly allocated array of TLS group IDs. On success, the function
-// returns true and writes the array to |*out_group_ids|. Otherwise, it returns
-// false.
-bool tls1_set_curves_list(Array<uint16_t> *out_group_ids, const char *curves);
-
// ssl_add_clienthello_tlsext writes ClientHello extensions to |out| for |type|.
// It returns true on success and false on failure. The |header_len| argument is
// the length of the ClientHello written so far and is used to compute the
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 838761a..066fe69 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1939,44 +1939,81 @@
return 1;
}
-int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, size_t curves_len) {
- return tls1_set_curves(&ctx->supported_group_list,
- MakeConstSpan(curves, curves_len));
+static bool ssl_nids_to_group_ids(Array<uint16_t> *out_group_ids,
+ Span<const int> nids) {
+ Array<uint16_t> group_ids;
+ if (!group_ids.Init(nids.size())) {
+ return false;
+ }
+
+ for (size_t i = 0; i < nids.size(); i++) {
+ if (!ssl_nid_to_group_id(&group_ids[i], nids[i])) {
+ return false;
+ }
+ }
+
+ *out_group_ids = std::move(group_ids);
+ return true;
}
-int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) {
+int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t num_groups) {
+ return ssl_nids_to_group_ids(&ctx->supported_group_list,
+ MakeConstSpan(groups, num_groups));
+}
+
+int SSL_set1_groups(SSL *ssl, const int *groups, size_t num_groups) {
if (!ssl->config) {
return 0;
}
- return tls1_set_curves(&ssl->config->supported_group_list,
- MakeConstSpan(curves, curves_len));
+ return ssl_nids_to_group_ids(&ssl->config->supported_group_list,
+ MakeConstSpan(groups, num_groups));
}
-int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
- return tls1_set_curves_list(&ctx->supported_group_list, curves);
-}
+static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids,
+ const char *str) {
+ // Count the number of groups in the list.
+ size_t count = 0;
+ const char *ptr = str, *col;
+ do {
+ col = strchr(ptr, ':');
+ count++;
+ if (col) {
+ ptr = col + 1;
+ }
+ } while (col);
-int SSL_set1_curves_list(SSL *ssl, const char *curves) {
- if (!ssl->config) {
- return 0;
+ Array<uint16_t> group_ids;
+ if (!group_ids.Init(count)) {
+ return false;
}
- return tls1_set_curves_list(&ssl->config->supported_group_list, curves);
-}
-int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) {
- return SSL_CTX_set1_curves(ctx, groups, groups_len);
-}
+ size_t i = 0;
+ ptr = str;
+ do {
+ col = strchr(ptr, ':');
+ if (!ssl_name_to_group_id(&group_ids[i++], ptr,
+ col ? (size_t)(col - ptr) : strlen(ptr))) {
+ return false;
+ }
+ if (col) {
+ ptr = col + 1;
+ }
+ } while (col);
-int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len) {
- return SSL_set1_curves(ssl, groups, groups_len);
+ assert(i == count);
+ *out_group_ids = std::move(group_ids);
+ return true;
}
int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) {
- return SSL_CTX_set1_curves_list(ctx, groups);
+ return ssl_str_to_group_ids(&ctx->supported_group_list, groups);
}
int SSL_set1_groups_list(SSL *ssl, const char *groups) {
- return SSL_set1_curves_list(ssl, groups);
+ if (!ssl->config) {
+ return 0;
+ }
+ return ssl_str_to_group_ids(&ssl->config->supported_group_list, groups);
}
uint16_t SSL_get_curve_id(const SSL *ssl) {
@@ -3040,7 +3077,7 @@
return 0;
}
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
- return SSL_CTX_set1_curves(ctx, &nid, 1);
+ return SSL_CTX_set1_groups(ctx, &nid, 1);
}
int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
@@ -3049,7 +3086,7 @@
return 0;
}
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
- return SSL_set1_curves(ssl, &nid, 1);
+ return SSL_set1_groups(ssl, &nid, 1);
}
void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
@@ -3151,7 +3188,7 @@
// Section 3.3.1
// "The server shall be configured to only use cipher suites that are
// composed entirely of NIST approved algorithms"
-static const int kCurves[] = {NID_X9_62_prime256v1, NID_secp384r1};
+static const int kGroups[] = {NID_X9_62_prime256v1, NID_secp384r1};
static const uint16_t kSigAlgs[] = {
SSL_SIGN_RSA_PKCS1_SHA256,
@@ -3188,7 +3225,7 @@
// Encrypt-then-MAC extension is required for all CBC cipher suites and so
// it's easier to drop them.
SSL_CTX_set_strict_cipher_list(ctx, kTLS12Ciphers) &&
- SSL_CTX_set1_curves(ctx, kCurves, OPENSSL_ARRAY_SIZE(kCurves)) &&
+ SSL_CTX_set1_groups(ctx, kGroups, OPENSSL_ARRAY_SIZE(kGroups)) &&
SSL_CTX_set_signing_algorithm_prefs(ctx, kSigAlgs,
OPENSSL_ARRAY_SIZE(kSigAlgs)) &&
SSL_CTX_set_verify_algorithm_prefs(ctx, kSigAlgs,
@@ -3202,7 +3239,7 @@
return SSL_set_min_proto_version(ssl, TLS1_2_VERSION) &&
SSL_set_max_proto_version(ssl, TLS1_3_VERSION) &&
SSL_set_strict_cipher_list(ssl, kTLS12Ciphers) &&
- SSL_set1_curves(ssl, kCurves, OPENSSL_ARRAY_SIZE(kCurves)) &&
+ SSL_set1_groups(ssl, kGroups, OPENSSL_ARRAY_SIZE(kGroups)) &&
SSL_set_signing_algorithm_prefs(ssl, kSigAlgs,
OPENSSL_ARRAY_SIZE(kSigAlgs)) &&
SSL_set_verify_algorithm_prefs(ssl, kSigAlgs,
@@ -3215,7 +3252,7 @@
// See WPA version 3.1, section 3.5.
-static const int kCurves[] = {NID_secp384r1};
+static const int kGroups[] = {NID_secp384r1};
static const uint16_t kSigAlgs[] = {
SSL_SIGN_RSA_PKCS1_SHA384, //
@@ -3235,7 +3272,7 @@
return SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION) &&
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION) &&
SSL_CTX_set_strict_cipher_list(ctx, kTLS12Ciphers) &&
- SSL_CTX_set1_curves(ctx, kCurves, OPENSSL_ARRAY_SIZE(kCurves)) &&
+ SSL_CTX_set1_groups(ctx, kGroups, OPENSSL_ARRAY_SIZE(kGroups)) &&
SSL_CTX_set_signing_algorithm_prefs(ctx, kSigAlgs,
OPENSSL_ARRAY_SIZE(kSigAlgs)) &&
SSL_CTX_set_verify_algorithm_prefs(ctx, kSigAlgs,
@@ -3248,7 +3285,7 @@
return SSL_set_min_proto_version(ssl, TLS1_2_VERSION) &&
SSL_set_max_proto_version(ssl, TLS1_3_VERSION) &&
SSL_set_strict_cipher_list(ssl, kTLS12Ciphers) &&
- SSL_set1_curves(ssl, kCurves, OPENSSL_ARRAY_SIZE(kCurves)) &&
+ SSL_set1_groups(ssl, kGroups, OPENSSL_ARRAY_SIZE(kGroups)) &&
SSL_set_signing_algorithm_prefs(ssl, kSigAlgs,
OPENSSL_ARRAY_SIZE(kSigAlgs)) &&
SSL_set_verify_algorithm_prefs(ssl, kSigAlgs,
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 4f6a0e6..bd58f1c 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -446,7 +446,7 @@
"COMPLEMENTOFDEFAULT",
// Invalid command.
"?BAR",
- // Special operators are not allowed if groups are used.
+ // Special operators are not allowed if equi-preference groups are used.
"[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:+FOO",
"[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:!FOO",
"[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]:-FOO",
@@ -695,7 +695,7 @@
bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
ASSERT_TRUE(ctx);
- ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), t.rule));
+ ASSERT_TRUE(SSL_CTX_set1_groups_list(ctx.get(), t.rule));
ASSERT_EQ(t.expected.size(), ctx->supported_group_list.size());
for (size_t i = 0; i < t.expected.size(); i++) {
EXPECT_EQ(t.expected[i], ctx->supported_group_list[i]);
@@ -707,7 +707,7 @@
bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
ASSERT_TRUE(ctx);
- EXPECT_FALSE(SSL_CTX_set1_curves_list(ctx.get(), rule));
+ EXPECT_FALSE(SSL_CTX_set1_groups_list(ctx.get(), rule));
ERR_clear_error();
}
}
@@ -5578,8 +5578,8 @@
ASSERT_TRUE(server);
// handoff is a handoff message that has been artificially modified to pretend
- // that only one curve is supported. When it is applied to |server|, all
- // curves but that one should be removed.
+ // that only one ECDH group is supported. When it is applied to |server|, all
+ // groups but that one should be removed.
//
// See |ApplyHandoffRemovesUnsupportedCiphers| for how to make a new one of
// these.
@@ -6512,13 +6512,13 @@
ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method));
ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method));
- // BoringSSL predicts the most preferred curve, so using different preferences
- // will trigger HelloRetryRequest.
+ // BoringSSL predicts the most preferred ECDH group, so using different
+ // preferences will trigger HelloRetryRequest.
static const int kClientPrefs[] = {NID_X25519, NID_X9_62_prime256v1};
- ASSERT_TRUE(SSL_CTX_set1_curves(client_ctx_.get(), kClientPrefs,
+ ASSERT_TRUE(SSL_CTX_set1_groups(client_ctx_.get(), kClientPrefs,
OPENSSL_ARRAY_SIZE(kClientPrefs)));
static const int kServerPrefs[] = {NID_X9_62_prime256v1, NID_X25519};
- ASSERT_TRUE(SSL_CTX_set1_curves(server_ctx_.get(), kServerPrefs,
+ ASSERT_TRUE(SSL_CTX_set1_groups(server_ctx_.get(), kServerPrefs,
OPENSSL_ARRAY_SIZE(kServerPrefs)));
ASSERT_TRUE(CreateClientAndServer());
@@ -6758,7 +6758,7 @@
// Configure the server to prefer P-256, which will reject 0-RTT via
// HelloRetryRequest.
int p256 = NID_X9_62_prime256v1;
- ASSERT_TRUE(SSL_set1_curves(server_.get(), &p256, 1));
+ ASSERT_TRUE(SSL_set1_groups(server_.get(), &p256, 1));
} else {
// Disable 0-RTT on the server, so it will reject it.
SSL_set_early_data_enabled(server_.get(), 0);
@@ -7739,7 +7739,7 @@
ASSERT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), TLS1_2_VERSION));
ASSERT_TRUE(SSL_CTX_set_strict_cipher_list(
ctx.get(), "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"));
- ASSERT_TRUE(SSL_CTX_set1_curves_list(ctx.get(), "X25519"));
+ ASSERT_TRUE(SSL_CTX_set1_groups_list(ctx.get(), "X25519"));
ASSERT_TRUE(SSL_CTX_set1_sigalgs_list(ctx.get(), "rsa_pkcs1_sha256"));
// Connect a client and server that accept renegotiation.
diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h
index 4888a39..5041501 100644
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h
@@ -418,11 +418,11 @@
return false;
}
- static const int kCurves[] = {NID_X25519Kyber768Draft00, NID_X25519,
+ static const int kGroups[] = {NID_X25519Kyber768Draft00, NID_X25519,
NID_X9_62_prime256v1, NID_secp384r1,
NID_secp521r1};
- if (!SSL_CTX_set1_curves(ctx_.get(), kCurves,
- OPENSSL_ARRAY_SIZE(kCurves))) {
+ if (!SSL_CTX_set1_groups(ctx_.get(), kGroups,
+ OPENSSL_ARRAY_SIZE(kGroups))) {
return false;
}
