Consistently use uint16_t for curve IDs.
Don't retain curve IDs in serialized form; serialization only happens when
writing and reading from the wire. The internal representation is a uint16_t
which matches the range of the value and avoids all the checks for the first
byte being 0.
This also fixes a bug in tls1_check_ec_tmp_key's suite B logic; the || should
have been &&, though now it's gone.
This doesn't relieve some of the other assumptions about curve IDs:
tls1_set_curves still assumes that all curve IDs are under 32, and
tls1_ec_curve_id2nid still assumes 0 is not a valid curve ID. Add a
compile-time assert and a comment to document this. We're up to 28 now, so this
may well need to be revised sooner or later.
Remove SSL_get_shared_curve as it's new and unused API, using it in a loop is
O(N^3), and lets us simplify a function.
Change-Id: I82778cb82648d82f7b5de8c5341e0e1febdf5611
Reviewed-on: https://boringssl-review.googlesource.com/1256
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 14506fc..4b82ded 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1602,7 +1602,7 @@
if (s->cert->ecdh_tmp_auto)
{
/* Get NID of appropriate shared curve */
- int nid = tls1_shared_curve(s, -2);
+ int nid = tls1_get_shared_curve(s);
if (nid != NID_undef)
ecdhp = EC_KEY_new_by_curve_name(nid);
}
