072334d943
Don't retain curve IDs in serialized form; serialization only happens when writing and reading from the wire. The internal representation is a uint16_t which matches the range of the value and avoids all the checks for the first byte being 0. This also fixes a bug in tls1_check_ec_tmp_key's suite B logic; the || should have been &&, though now it's gone. This doesn't relieve some of the other assumptions about curve IDs: tls1_set_curves still assumes that all curve IDs are under 32, and tls1_ec_curve_id2nid still assumes 0 is not a valid curve ID. Add a compile-time assert and a comment to document this. We're up to 28 now, so this may well need to be revised sooner or later. Remove SSL_get_shared_curve as it's new and unused API, using it in a loop is O(N^3), and lets us simplify a function. Change-Id: I82778cb82648d82f7b5de8c5341e0e1febdf5611 Reviewed-on: https://boringssl-review.googlesource.com/1256 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| openssl | ||