commit 9e84a42db497e06a38f804b5acd09b6aa4f87db3
author Dr. Stephen Henson <steve@openssl.org> Fri Sep 22 16:06:52 2017 +0100
committer Dr. Stephen Henson <steve@openssl.org> Fri Sep 22 22:59:42 2017 +0100
tree f540bd69b0d412561f4d71639704f1117bd6fc46
parent 6d50589c0434a78733d40d3a0fd7cb97eef1cb94

Store groups as uint16_t

Instead of storing supported groups in on-the-wire format store
them as parsed uint16_t values. This simplifies handling of groups
as the values can be directly used instead of being converted.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4406)

ssl/statem/extensions_srvr.c

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 0dbec91..583b8dd 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -499,7 +499,7 @@
 #ifndef OPENSSL_NO_TLS1_3
     unsigned int group_id;
     PACKET key_share_list, encoded_pt;
-    const unsigned char *clntcurves, *srvrcurves;
+    const uint16_t *clntcurves, *srvrcurves;
     size_t clnt_num_curves, srvr_num_curves;
     int group_nid, found = 0;
     unsigned int curve_flags;
@@ -647,7 +647,7 @@
         OPENSSL_free(s->session->ext.supportedgroups);
         s->session->ext.supportedgroups = NULL;
         s->session->ext.supportedgroups_len = 0;
-        if (!PACKET_memdup(&supported_groups_list,
+        if (!tls1_save_u16(&supported_groups_list,
                            &s->session->ext.supportedgroups,
                            &s->session->ext.supportedgroups_len)) {
             *al = SSL_AD_INTERNAL_ERROR;
@@ -917,7 +917,7 @@
                                                unsigned int context, X509 *x,
                                                size_t chainidx, int *al)
 {
-    const unsigned char *groups;
+    const uint16_t *groups;
     size_t numgroups, i, first = 1;
 
     /* s->s3->group_id is non zero if we accepted a key_share */
@@ -931,14 +931,16 @@
     }
 
     /* Copy group ID if supported */
-    for (i = 0; i < numgroups; i++, groups += 2) {
-        if (tls_curve_allowed(s, groups, SSL_SECOP_CURVE_SUPPORTED)) {
+    for (i = 0; i < numgroups; i++) {
+        uint16_t group = groups[i];
+
+        if (tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
             if (first) {
                 /*
                  * Check if the client is already using our preferred group. If
                  * so we don't need to add this extension
                  */
-                if (s->s3->group_id == GET_GROUP_ID(groups, 0))
+                if (s->s3->group_id == group)
                     return EXT_RETURN_NOT_SENT;
 
                 /* Add extension header */
@@ -953,7 +955,7 @@
 
                 first = 0;
             }
-            if (!WPACKET_put_bytes_u16(pkt, GET_GROUP_ID(groups, 0))) {
+            if (!WPACKET_put_bytes_u16(pkt, group)) {
                     SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
                            ERR_R_INTERNAL_ERROR);
                     return EXT_RETURN_FAIL;