commit 4882a6c50bf1d62764c96677a9aaf50722df0904
author David Benjamin <davidben@google.com> Sun Dec 11 02:48:12 2016 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Dec 14 01:07:20 2016 +0000
tree f101bfaa34793ed0957b5ee36e9d601129a3257f
parent 54881224e885199e8fdcd383a6136b1243be6382

Replace key_exchange_info with group_id.

The only accessor for this field is the group/curve ID. Switch to only
storing that so no cipher checks are needed to interpret it. Instead,
ignore older values at parse time.

Change-Id: Id0946d4ac9e7482c69e64cc368a9d0cddf328bd3
Reviewed-on: https://boringssl-review.googlesource.com/12693
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/handshake_client.c

diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 352ddc9..9410fdd 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -1216,11 +1216,11 @@
       goto err;
     }
 
-    ssl->s3->new_session->key_exchange_info = DH_num_bits(dh);
-    if (ssl->s3->new_session->key_exchange_info < 1024) {
+    unsigned bits = DH_num_bits(dh);
+    if (bits < 1024) {
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DH_P_LENGTH);
       goto err;
-    } else if (ssl->s3->new_session->key_exchange_info > 4096) {
+    } else if (bits > 4096) {
       /* Overly large DHE groups are prohibitively expensive, so enforce a limit
        * to prevent a server from causing us to perform too expensive of a
        * computation. */
@@ -1248,7 +1248,7 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
       goto f_err;
     }
-    ssl->s3->new_session->key_exchange_info = group_id;
+    ssl->s3->new_session->group_id = group_id;
 
     /* Ensure the group is consistent with preferences. */
     if (!tls1_check_group_id(ssl, group_id)) {