Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve()

in the process. This also fixes a long standing bug where
tls1_ec_curve_id2nid() is called with only one byte of the curve ID.

ok beck@ miod@

1 files changed, 4 insertions, 16 deletions

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index e7dbe9cd99..090259cf1f 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.93 2016/10/19 16:38:40 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.94 2016/11/05 08:26:37 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -282,7 +282,7 @@ static const uint16_t eccurves_default[] = {
 };
 
 int
-tls1_ec_curve_id2nid(uint16_t curve_id)
+tls1_ec_curve_id2nid(const uint16_t curve_id)
 {
         /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
         if ((curve_id < 1) ||
@@ -405,27 +405,15 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
 
 /* Check that a curve is one of our preferences. */
 int
-tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+tls1_check_curve(SSL *s, const uint16_t curve_id)
 {
-        CBS cbs;
         const uint16_t *curves;
         size_t curveslen, i;
-        uint8_t type;
-        uint16_t cid;
-
-        CBS_init(&cbs, p, len);
-
-        /* Only named curves are supported. */
-        if (CBS_len(&cbs) != 3 ||
-            !CBS_get_u8(&cbs, &type) ||
-            type != NAMED_CURVE_TYPE ||
-            !CBS_get_u16(&cbs, &cid))
-                return (0);
 
         tls1_get_curvelist(s, 0, &curves, &curveslen);
 
         for (i = 0; i < curveslen; i++) {
-                if (curves[i] == cid)
+                if (curves[i] == curve_id)
                         return (1);
         }
         return (0);