crypto/tls: send ec_points_format extension in ServerHello

Follow the recommandation from RFC 8422, section 5.1.2 of sending back the ec_points_format extension when requested by the client. This is to fix some clients declining the handshake if omitted. Fixes #31943 Change-Id: I7b04dbac6f9af75cda094073defe081e1e9a295d Reviewed-on: https://go-review.googlesource.com/c/go/+/176418 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Olivier Poitrey <rs@rhapsodyk.net> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-05-09 17:31:34 -07:00 · 2019-05-09 17:31:34 -07:00 · e580b52d55
commit e580b52d55
parent 02cbb08611
39 changed files with 2497 additions and 2371 deletions
--- a/handshake_messages.go
+++ b/handshake_messages.go
@ -606,6 +606,7 @@ type serverHelloMsg struct {
 	serverShare                  keyShare
 	selectedIdentityPresent      bool
 	selectedIdentity             uint16
+	supportedPoints              []uint8

 	// HelloRetryRequest extensions
 	cookie        []byte
@ -707,6 +708,14 @@ func (m *serverHelloMsg) marshal() []byte {
 					b.AddUint16(uint16(m.selectedGroup))
 				})
 			}
+			if len(m.supportedPoints) > 0 {
+				b.AddUint16(extensionSupportedPoints)
+				b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+					b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+						b.AddBytes(m.supportedPoints)
+					})
+				})
+			}

 			extensionsPresent = len(b.BytesOrPanic()) > 2
 		})
@ -811,6 +820,12 @@ func (m *serverHelloMsg) unmarshal(data []byte) bool {
 			if !extData.ReadUint16(&m.selectedIdentity) {
 				return false
 			}
+		case extensionSupportedPoints:
+			// RFC 4492, Section 5.1.2
+			if !readUint8LengthPrefixed(&extData, &m.supportedPoints) ||
+				len(m.supportedPoints) == 0 {
+				return false
+			}
 		default:
 			// Ignore unknown extensions.
 			continue