From: Matt Caswell <matt@openssl.org>
Date: Tue, 15 Nov 2016 17:50:08 +0000 (+0000)
Subject: Move getting the curvelist for client and server out of the loop
X-Git-Tag: OpenSSL_1_1_1-pre1~3040
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9a5198808ae0dffd4459039bd3fc96fcfc3eeaf1;p=oweals%2Fopenssl.git

Move getting the curvelist for client and server out of the loop

No need to continually get the list of supported curves for the client
and server. Just do it once.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 56b6f27e0a..74022eeb2e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1969,8 +1969,8 @@ static int process_key_share_ext(SSL *s, PACKET *pkt, int *al)
 {
     unsigned int group_id;
     PACKET key_share_list, encoded_pt;
-    const unsigned char *curves;
-    size_t num_curves;
+    const unsigned char *clntcurves, *srvrcurves;
+    size_t clnt_num_curves, srvr_num_curves;
     int group_nid, found = 0;
     unsigned int curve_flags;
 
@@ -1988,6 +1988,22 @@ static int process_key_share_ext(SSL *s, PACKET *pkt, int *al)
         return 0;
     }
 
+    /* Get our list of supported curves */
+    if (!tls1_get_curvelist(s, 0, &srvrcurves, &srvr_num_curves)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
+               ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Get the clients list of supported curves */
+    if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
+               ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     while (PACKET_remaining(&key_share_list) > 0) {
         if (!PACKET_get_net_2(&key_share_list, &group_id)
                 || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
@@ -2006,13 +2022,7 @@ static int process_key_share_ext(SSL *s, PACKET *pkt, int *al)
             continue;
 
         /* Check if this share is in supported_groups sent from client */
-        if (!tls1_get_curvelist(s, 1, &curves, &num_curves)) {
-            *al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
-                   ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-        if (!check_in_list(s, group_id, curves, num_curves, 0)) {
+        if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {
             *al = SSL_AD_HANDSHAKE_FAILURE;
             SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
                    SSL_R_BAD_KEY_SHARE);
@@ -2020,13 +2030,7 @@ static int process_key_share_ext(SSL *s, PACKET *pkt, int *al)
         }
 
         /* Check if this share is for a group we can use */
-        if (!tls1_get_curvelist(s, 0, &curves, &num_curves)) {
-            *al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
-                   ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-        if (!check_in_list(s, group_id, curves, num_curves, 1)) {
+        if (!check_in_list(s, group_id, srvrcurves, srvr_num_curves, 1)) {
             /* Share not suitable */
             continue;
         }