From 9fa2112db3b5977fa473ce68fa02199114a3b870 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 5 Nov 2016 08:26:37 +0000
Subject: Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying
 tls1_check_curve() in the process. This also fixes a long standing bug where
 tls1_ec_curve_id2nid() is called with only one byte of the curve ID.

ok beck@ miod@
---
 src/lib/libssl/t1_lib.c | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

(limited to 'src/lib/libssl/t1_lib.c')

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index e7dbe9cd99..090259cf1f 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.93 2016/10/19 16:38:40 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.94 2016/11/05 08:26:37 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -282,7 +282,7 @@ static const uint16_t eccurves_default[] = {
 };
 
 int
-tls1_ec_curve_id2nid(uint16_t curve_id)
+tls1_ec_curve_id2nid(const uint16_t curve_id)
 {
 	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
 	if ((curve_id < 1) ||
@@ -405,27 +405,15 @@ tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
 
 /* Check that a curve is one of our preferences. */
 int
-tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+tls1_check_curve(SSL *s, const uint16_t curve_id)
 {
-	CBS cbs;
 	const uint16_t *curves;
 	size_t curveslen, i;
-	uint8_t type;
-	uint16_t cid;
-
-	CBS_init(&cbs, p, len);
-
-	/* Only named curves are supported. */
-	if (CBS_len(&cbs) != 3 ||
-	    !CBS_get_u8(&cbs, &type) ||
-	    type != NAMED_CURVE_TYPE ||
-	    !CBS_get_u16(&cbs, &cid))
-		return (0);
 
 	tls1_get_curvelist(s, 0, &curves, &curveslen);
 
 	for (i = 0; i < curveslen; i++) {
-		if (curves[i] == cid)
+		if (curves[i] == curve_id)
 			return (1);
 	}
 	return (0);
-- 
cgit v1.2.3-55-g6feb