commit 9a5198808ae0dffd4459039bd3fc96fcfc3eeaf1
author Matt Caswell <matt@openssl.org> Tue Nov 15 17:50:08 2016 +0000
committer Matt Caswell <matt@openssl.org> Wed Nov 16 10:09:46 2016 +0000
tree a5d26ff7f5fa78def2f1a41d1722cf53d465a83b
parent 94ed2c6739754d13306fe510bb8bc19c2ad42749

Move getting the curvelist for client and server out of the loop

No need to continually get the list of supported curves for the client
and server. Just do it once.

Reviewed-by: Rich Salz <rsalz@openssl.org>

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 56b6f27..74022ee 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1969,8 +1969,8 @@
 {
     unsigned int group_id;
     PACKET key_share_list, encoded_pt;
-    const unsigned char *curves;
-    size_t num_curves;
+    const unsigned char *clntcurves, *srvrcurves;
+    size_t clnt_num_curves, srvr_num_curves;
     int group_nid, found = 0;
     unsigned int curve_flags;
 
@@ -1988,6 +1988,22 @@
         return 0;
     }
 
+    /* Get our list of supported curves */
+    if (!tls1_get_curvelist(s, 0, &srvrcurves, &srvr_num_curves)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
+               ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Get the clients list of supported curves */
+    if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {
+        *al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
+               ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     while (PACKET_remaining(&key_share_list) > 0) {
         if (!PACKET_get_net_2(&key_share_list, &group_id)
                 || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
@@ -2006,13 +2022,7 @@
             continue;
 
         /* Check if this share is in supported_groups sent from client */
-        if (!tls1_get_curvelist(s, 1, &curves, &num_curves)) {
-            *al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
-                   ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-        if (!check_in_list(s, group_id, curves, num_curves, 0)) {
+        if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {
             *al = SSL_AD_HANDSHAKE_FAILURE;
             SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
                    SSL_R_BAD_KEY_SHARE);
@@ -2020,13 +2030,7 @@
         }
 
         /* Check if this share is for a group we can use */
-        if (!tls1_get_curvelist(s, 0, &curves, &num_curves)) {
-            *al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_PROCESS_KEY_SHARE_EXT,
-                   ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-        if (!check_in_list(s, group_id, curves, num_curves, 1)) {
+        if (!check_in_list(s, group_id, srvrcurves, srvr_num_curves, 1)) {
             /* Share not suitable */
             continue;
         }