Skip to content

Commit c8abd19

Browse files
nabla-c0d3nabla-c0d3
committed
[sslyze #688]Remove duplicate values for elliptic curves
1 parent ec9e79c commit c8abd19

File tree

1 file changed

+6
-10
lines changed

1 file changed

+6
-10
lines changed

nassl/ephemeral_key_info.py

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
from enum import IntEnum
44
from dataclasses import dataclass, field
5-
from typing import Dict, List
5+
from typing import Dict, Set
66

77

88
class OpenSslEvpPkeyEnum(IntEnum):
@@ -48,9 +48,7 @@ class OpenSslEcNidEnum(IntEnum):
4848

4949
# RFC8422 (current)
5050
SECP192R1 = 409
51-
PRIME192V1 = 409 # Intentional duplicate of SECP192R1
5251
SECP256R1 = 415
53-
PRIME256V1 = 415 # Intentional duplicate of SECP256R1
5452
SECP384R1 = 715
5553
SECP521R1 = 716
5654
X25519 = 1034
@@ -73,12 +71,12 @@ class OpenSslEcNidEnum(IntEnum):
7371
brainpoolP512t1 = 934
7472

7573
@classmethod
76-
def get_supported_by_ssl_client(cls) -> List["OpenSslEcNidEnum"]:
74+
def get_supported_by_ssl_client(cls) -> Set["OpenSslEcNidEnum"]:
7775
"""Some NIDs (the brainpool ones) trigger an error with nassl.SslClient when trying to use them.
7876
7977
See also https://github.com/nabla-c0d3/nassl/issues/104.
8078
"""
81-
return [nid for nid in cls if "brainpool" not in nid.name]
79+
return {nid for nid in cls if "brainpool" not in nid.name}
8280

8381

8482
# Mapping between OpenSSL EVP_PKEY_XXX value and display name
@@ -93,9 +91,7 @@ def get_supported_by_ssl_client(cls) -> List["OpenSslEcNidEnum"]:
9391
}
9492

9593

96-
# Mapping between the OpenSSL NID_XXX value and the SECG or ANSI X9.62 name (https://tools.ietf.org/html/rfc4492)
97-
# Where a ANSI X9.62 name is available, this is used in preference to the SECG
98-
# X25519 and X448 also included from https://tools.ietf.org/html/rfc8422
94+
# Mapping between the OpenSSL NID_XXX value and the SECG name (https://www.rfc-editor.org/rfc/rfc8422.html#appendix-A)
9995
_OPENSSL_NID_TO_SECG_ANSI_X9_62: Dict[OpenSslEcNidEnum, str] = {
10096
OpenSslEcNidEnum.SECT163K1: "sect163k1",
10197
OpenSslEcNidEnum.SECT163R1: "sect163r1",
@@ -115,11 +111,11 @@ def get_supported_by_ssl_client(cls) -> List["OpenSslEcNidEnum"]:
115111
OpenSslEcNidEnum.SECP160R1: "secp160r1",
116112
OpenSslEcNidEnum.SECP160R2: "secp160r2",
117113
OpenSslEcNidEnum.SECP192K1: "secp192k1",
114+
OpenSslEcNidEnum.SECP192R1: "secp192r1",
118115
OpenSslEcNidEnum.SECP224K1: "secp224k1",
119116
OpenSslEcNidEnum.SECP224R1: "secp224r1",
120117
OpenSslEcNidEnum.SECP256K1: "secp256k1",
121-
OpenSslEcNidEnum.PRIME192V1: "prime192v1", # Also valid for SECP192R1
122-
OpenSslEcNidEnum.PRIME256V1: "prime256v1", # Also valid for SECP256R1
118+
OpenSslEcNidEnum.SECP256R1: "secp256r1",
123119
OpenSslEcNidEnum.SECP384R1: "secp384r1",
124120
OpenSslEcNidEnum.SECP521R1: "secp521r1",
125121
OpenSslEcNidEnum.X25519: "X25519",

0 commit comments

Comments
 (0)