From 7decea9ea915228de78be0a75a5456c6dfd13251 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Jun 2019 12:59:24 +0100 Subject: [PATCH] Simplify supported EC extension writing code The previous code writes the content (the EC curve list) of the extension before writing the extension length field at the beginning, which is common in the library in places where we don't know the length upfront. Here, however, we do traverse the EC curve list upfront to infer its length and do the bounds check, so we can reorder the code to write the extension linearly and hence improve readability. --- library/ssl_cli.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e7e0d46bc..736d9d924 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -269,7 +269,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; - unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; *olen = 0; @@ -287,13 +286,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, return; } - elliptic_curve_len = 0; - - MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) - elliptic_curve_list[elliptic_curve_len++] = tls_id >> 8; - elliptic_curve_list[elliptic_curve_len++] = tls_id & 0xFF; - MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); @@ -303,6 +295,11 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); + MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) + *p++ = tls_id >> 8; + *p++ = tls_id & 0xFF; + MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID + *olen = 6 + elliptic_curve_len; }