Remove ssl_any_ec_cipher_suites_enabled check.
TLS 1.3 also uses this extension and doesn't use any EC-based suites.
Always offering the extension is simpler. Also this gets an
SSL_get_ciphers call out of the way (that function is somewhat messy in
semantics).
Change-Id: I2091cb1046e0aea85caa76e73f50e8416e6ed94c
Reviewed-on: https://boringssl-review.googlesource.com/11980
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c386499..83bae27 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1839,26 +1839,6 @@
*
* https://tools.ietf.org/html/rfc4492#section-5.1.2 */
-static int ssl_any_ec_cipher_suites_enabled(const SSL *ssl) {
- if (ssl->version < TLS1_VERSION && !SSL_is_dtls(ssl)) {
- return 0;
- }
-
- const STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(ssl);
-
- for (size_t i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
- const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(cipher_stack, i);
-
- const uint32_t alg_k = cipher->algorithm_mkey;
- const uint32_t alg_a = cipher->algorithm_auth;
- if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
- return 1;
- }
- }
-
- return 0;
-}
-
static int ext_ec_point_add_extension(SSL *ssl, CBB *out) {
CBB contents, formats;
if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
@@ -1873,10 +1853,6 @@
}
static int ext_ec_point_add_clienthello(SSL *ssl, CBB *out) {
- if (!ssl_any_ec_cipher_suites_enabled(ssl)) {
- return 1;
- }
-
return ext_ec_point_add_extension(ssl, out);
}
@@ -2322,10 +2298,6 @@
* https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-4.2.4 */
static int ext_supported_groups_add_clienthello(SSL *ssl, CBB *out) {
- if (!ssl_any_ec_cipher_suites_enabled(ssl)) {
- return 1;
- }
-
CBB contents, groups_bytes;
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_groups) ||
!CBB_add_u16_length_prefixed(out, &contents) ||
