Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new

extension framework.

input + ok jsing@

1 files changed, 3 insertions, 73 deletions

diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 2e90d3e9df1..4983ad27fa7 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.125 2017/08/11 05:06:34 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.126 2017/08/11 20:14:13 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -365,7 +365,7 @@ tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
  * the client/session curves. Otherwise return the custom curve list if one
  * exists, or the default curves if a custom list has not been specified.
  */
-static void
+void
 tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
     size_t *pcurveslen)
 {
@@ -674,12 +674,9 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 {
 	int extdatalen = 0;
 	unsigned char *ret = p;
-	int using_ecc;
 	size_t len;
 	CBB cbb;
 
-	using_ecc = ssl_has_ecc_ciphers(s);
-
 	ret += 2;
 	if (ret >= limit)
 		return NULL; /* this really never occurs, but ... */
@@ -698,40 +695,6 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 		return NULL;
 	ret += len;
 
-	if (using_ecc) {
-		size_t curveslen, lenmax;
-		const uint16_t *curves;
-		int i;
-
-		/*
-		 * Add TLS extension EllipticCurves to the ClientHello message.
-		 */
-		tls1_get_curvelist(s, 0, &curves, &curveslen);
-
-		if ((size_t)(limit - ret) < 6)
-			return NULL;
-
-		lenmax = limit - ret - 6;
-		if (curveslen * 2 > lenmax)
-			return NULL;
-		if (curveslen * 2 > 65532) {
-			SSLerror(s, ERR_R_INTERNAL_ERROR);
-			return NULL;
-		}
-
-		s2n(TLSEXT_TYPE_elliptic_curves, ret);
-		s2n((curveslen * 2) + 2, ret);
-
-		/* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
-		 * elliptic_curve_list, but the examples use two bytes.
-		 * https://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
-		 * resolves this to two bytes.
-		 */
-		s2n(curveslen * 2, ret);
-		for (i = 0; i < curveslen; i++)
-			s2n(curves[i], ret);
-	}
-
 	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
 		int ticklen;
 		if (!s->internal->new_session && s->session && s->session->tlsext_tick)
@@ -1142,40 +1105,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 		if (!tlsext_clienthello_parse_one(s, &cbs, type, al))
 			return 0;
 
-		if (type == TLSEXT_TYPE_elliptic_curves &&
-		    s->version != DTLS1_VERSION) {
-			unsigned char *sdata = data;
-			size_t curveslen, i;
-			uint16_t *curves;
-
-			if (size < 2) {
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-			}
-			n2s(sdata, curveslen);
-			if (curveslen != size - 2 || curveslen % 2 != 0) {
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-			}
-			curveslen /= 2;
-
-			if (!s->internal->hit) {
-				if (SSI(s)->tlsext_supportedgroups) {
-					*al = TLS1_AD_DECODE_ERROR;
-					return 0;
-				}
-				SSI(s)->tlsext_supportedgroups_length = 0;
-				if ((curves = reallocarray(NULL, curveslen,
-				    sizeof(uint16_t))) == NULL) {
-					*al = TLS1_AD_INTERNAL_ERROR;
-					return 0;
-				}
-				for (i = 0; i < curveslen; i++)
-					n2s(sdata, curves[i]);
-				SSI(s)->tlsext_supportedgroups = curves;
-				SSI(s)->tlsext_supportedgroups_length = curveslen;
-			}
-		} else if (type == TLSEXT_TYPE_session_ticket) {
+		if (type == TLSEXT_TYPE_session_ticket) {
 			if (s->internal->tls_session_ticket_ext_cb &&
 			    !s->internal->tls_session_ticket_ext_cb(s, data, size, s->internal->tls_session_ticket_ext_cb_arg)) {
 				*al = TLS1_AD_INTERNAL_ERROR;