3 files changed, 52 insertions, 34 deletions

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c593e7b42b..d933acb32d 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.161 2017/05/07 04:22:24 beck Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.162 2017/08/09 22:24:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1259,6 +1259,33 @@ ssl_get_ciphers_by_id(SSL *s)
         return (NULL);
 }
 
+/* See if we have any ECC cipher suites. */
+int
+ssl_has_ecc_ciphers(SSL *s)
+{
+        STACK_OF(SSL_CIPHER) *ciphers;
+        unsigned long alg_k, alg_a;
+        SSL_CIPHER *cipher;
+        int i;
+
+        if (s->version == DTLS1_VERSION)
+                return 0;
+        if ((ciphers = SSL_get_ciphers(s)) == NULL)
+                return 0;
+
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+                cipher = sk_SSL_CIPHER_value(ciphers, i);
+
+                alg_k = cipher->algorithm_mkey;
+                alg_a = cipher->algorithm_auth;
+
+                if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
+                        return 1;
+        }
+
+        return 0;
+}
+
 /* The old interface to get the same thing as SSL_get_ciphers(). */
 const char *
 SSL_get_cipher_list(const SSL *s, int n)
@@ -2085,6 +2112,20 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
         c->valid = 1;
 }
 
+/* See if this handshake is using an ECC cipher suite. */
+int
+ssl_using_ecc_cipher(SSL *s)
+{
+        unsigned long alg_a, alg_k;
+
+        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+
+        return SSI(s)->tlsext_ecpointformatlist != NULL &&
+            SSI(s)->tlsext_ecpointformatlist_length > 0 &&
+            ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
+}
+
 int
 ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 0d48920471..f98ce681a2 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.182 2017/07/24 17:10:31 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.183 2017/08/09 22:24:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1127,6 +1127,7 @@ DH *ssl_get_auto_dh(SSL *s);
 int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+int ssl_has_ecc_ciphers(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
 
@@ -1312,6 +1313,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
 int tls1_alert_code(int code);
 int ssl_ok(SSL *s);
 
+int ssl_using_ecc_cipher(SSL *s);
 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 
 int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index b061bd1100..ea44e7579a 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.122 2017/07/24 17:39:43 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.123 2017/08/09 22:24:25 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -679,28 +679,11 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 {
         int extdatalen = 0;
         unsigned char *ret = p;
-        int using_ecc = 0;
+        int using_ecc;
         size_t len;
         CBB cbb;
 
-        /* See if we support any ECC ciphersuites. */
-        if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION) {
-                STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
-                unsigned long alg_k, alg_a;
-                int i;
-
-                for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
-                        SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
-
-                        alg_k = c->algorithm_mkey;
-                        alg_a = c->algorithm_auth;
-
-                        if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
-                                using_ecc = 1;
-                                break;
-                        }
-                }
-        }
+        using_ecc = ssl_has_ecc_ciphers(s);
 
         ret += 2;
         if (ret >= limit)
@@ -954,16 +937,12 @@ unsigned char *
 ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 {
         int using_ecc, extdatalen = 0;
-        unsigned long alg_a, alg_k;
         unsigned char *ret = p;
         int next_proto_neg_seen;
         size_t len;
         CBB cbb;
 
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
-        using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
-            SSI(s)->tlsext_ecpointformatlist != NULL;
+        using_ecc = ssl_using_ecc_cipher(s);
 
         ret += 2;
         if (ret >= limit)
@@ -1809,13 +1788,9 @@ ssl_check_serverhello_tlsext(SSL *s)
          * suite, then if server returns an EC point formats lists extension
          * it must contain uncompressed.
          */
-        unsigned long alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
-        unsigned long alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
-        if ((s->internal->tlsext_ecpointformatlist != NULL) &&
-            (s->internal->tlsext_ecpointformatlist_length > 0) &&
-            (SSI(s)->tlsext_ecpointformatlist != NULL) &&
-            (SSI(s)->tlsext_ecpointformatlist_length > 0) &&
-            ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
+        if (ssl_using_ecc_cipher(s) &&
+            s->internal->tlsext_ecpointformatlist != NULL &&
+            s->internal->tlsext_ecpointformatlist_length > 0) {
                 /* we are using an ECC cipher */
                 size_t i;
                 unsigned char *list;