From 9b0ea68ab87e09a34ecc7dd2048c60bfdcb9241f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Fri, 8 May 2026 13:32:25 +0200 Subject: [PATCH] Minor refactoring in TLSX_PopulateExtensions --- src/tls.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/src/tls.c b/src/tls.c index c47bd651e9..0b19c1d229 100644 --- a/src/tls.c +++ b/src/tls.c @@ -15969,8 +15969,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) } #endif -#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448)) && defined(HAVE_SUPPORTED_CURVES) +#if defined(HAVE_SUPPORTED_CURVES) if (!ssl->options.userCurves && !ssl->ctx->userCurves) { if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) { @@ -15979,15 +15978,17 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; } } + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) if ((!IsAtLeastTLSv1_3(ssl->version) || ssl->options.downgrade) && TLSX_Find(ssl->ctx->extensions, TLSX_EC_POINT_FORMATS) == NULL && TLSX_Find(ssl->extensions, TLSX_EC_POINT_FORMATS) == NULL) { - ret = TLSX_UsePointFormat(&ssl->extensions, + ret = TLSX_UsePointFormat(&ssl->extensions, WOLFSSL_EC_PF_UNCOMPRESSED, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; + if (ret != WOLFSSL_SUCCESS) + return ret; } -#endif /* (HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ + #endif +#endif /* HAVE_SUPPORTED_CURVES */ #ifdef WOLFSSL_SRTP if (ssl->options.dtls && ssl->dtlsSrtpProfiles != 0) { @@ -16036,20 +16037,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; } - #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && \ - !defined(HAVE_CURVE448) && defined(HAVE_SUPPORTED_CURVES) - if (TLSX_Find(ssl->ctx->extensions, TLSX_SUPPORTED_GROUPS) == NULL) { - /* Put in DH groups for TLS 1.3 only. */ - ret = TLSX_PopulateSupportedGroups(ssl, &ssl->extensions); - if (ret != WOLFSSL_SUCCESS) - return ret; - /* ret value will be overwritten in !NO_PSK case */ - #ifdef NO_PSK - ret = 0; - #endif - } - #endif /* !(HAVE_ECC || CURVE25519 || CURVE448) && HAVE_SUPPORTED_CURVES */ - #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) if (ssl->certHashSigAlgoSz > 0) { WOLFSSL_MSG("Adding signature algorithms cert extension");