1 files changed, 7 insertions, 62 deletions
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 02bfa69fc5..003614b448 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -26,15 +26,12 @@
 
 -include("tls_handshake.hrl").
 -include("tls_record.hrl").
--include("ssl_cipher.hrl").
 -include("ssl_alert.hrl").
 -include("ssl_internal.hrl").
--include("ssl_srp.hrl").
 -include_lib("public_key/include/public_key.hrl").
 
--export([client_hello/8, server_hello/4, hello/4,
-	 get_tls_handshake/3, encode_handshake/2, decode_handshake/3,
-	 init_handshake_history/0, update_handshake_history/2]).
+-export([client_hello/8, hello/4,
+	 get_tls_handshake/3, encode_handshake/2, decode_handshake/3]).
 
 %%====================================================================
 %% Internal application API
@@ -56,7 +53,7 @@ client_hello(Host, Port, ConnectionStates,
     SecParams = Pending#connection_state.security_parameters,
     CipherSuites = ssl_handshake:available_suites(UserSuites, Version),
 
-    Extensions = ssl_handshake:client_hello_extensions(Version, CipherSuites,
+    Extensions = ssl_handshake:client_hello_extensions(Host, Version, CipherSuites,
 						SslOpts, ConnectionStates, Renegotiation),
 
     Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),
@@ -70,25 +67,6 @@ client_hello(Host, Port, ConnectionStates,
 		 }.
 
 %%--------------------------------------------------------------------
--spec server_hello(#session{}, tls_version(), #connection_states{},
-		   #hello_extensions{}) -> #server_hello{}.
-%%
-%% Description: Creates a server hello message.
-%%--------------------------------------------------------------------
-server_hello(SessionId, Version, ConnectionStates, Extensions) ->
-    Pending = ssl_record:pending_connection_state(ConnectionStates, read),
-    SecParams = Pending#connection_state.security_parameters,
-
-    #server_hello{server_version = Version,
-		  cipher_suite = SecParams#security_parameters.cipher_suite,
-                  compression_method = 
-		  SecParams#security_parameters.compression_algorithm,
-		  random = SecParams#security_parameters.server_random,
-		  session_id = SessionId,
-		  extensions = Extensions
-		 }.
-
-%%--------------------------------------------------------------------
 -spec hello(#server_hello{} | #client_hello{}, #ssl_options{},
 	    #connection_states{} | {inet:port_number(), #session{}, db_handle(),
 				    atom(), #connection_states{}, binary() | undefined},
@@ -120,17 +98,16 @@ hello(#client_hello{client_version = ClientVersion,
 		    cipher_suites = CipherSuites,
 		    compression_methods = Compressions,
 		    random = Random,
-		    extensions = HelloExt},
+		    extensions = #hello_extensions{elliptic_curves = Curves} = HelloExt},
       #ssl_options{versions = Versions} = SslOpts,
       {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert}, Renegotiation) ->
     Version = ssl_handshake:select_version(tls_record, ClientVersion, Versions),
     case tls_record:is_acceptable_version(Version, Versions) of
 	true ->
-	    %% TODO: need to take supported Curves into Account when selecting the CipherSuite....
-	    %%       if whe have an ECDSA cert with an unsupported curve, we need to drop ECDSA ciphers
+	    ECCCurve = ssl_handshake:select_curve(Curves, ssl_handshake:supported_ecc(Version)),
 	    {Type, #session{cipher_suite = CipherSuite} = Session1}
 		= ssl_handshake:select_session(SugesstedId, CipherSuites, Compressions,
-					       Port, Session0, Version,
+					       Port, Session0#session{ecc = ECCCurve}, Version,
 					       SslOpts, Cache, CacheCb, Cert),
 	    case CipherSuite of 
 		no_suite ->
@@ -168,36 +145,8 @@ get_tls_handshake(Version, Data, Buffer) ->
     get_tls_handshake_aux(Version, list_to_binary([Buffer, Data]), []).
 
 %%--------------------------------------------------------------------
--spec init_handshake_history() -> tls_handshake_history().
-
-%%
-%% Description: Initialize the empty handshake history buffer.
-%%--------------------------------------------------------------------
-init_handshake_history() ->
-    {[], []}.
-
-%%--------------------------------------------------------------------
--spec update_handshake_history(tls_handshake_history(), Data ::term()) ->
-				      tls_handshake_history().
-%%
-%% Description: Update the handshake history buffer with Data.
+%%% Internal functions
 %%--------------------------------------------------------------------
-update_handshake_history(Handshake, % special-case SSL2 client hello
-			 <<?CLIENT_HELLO, ?UINT24(_), ?BYTE(Major), ?BYTE(Minor),
-			   ?UINT16(CSLength), ?UINT16(0),
-			   ?UINT16(CDLength),
-			   CipherSuites:CSLength/binary,
-			   ChallengeData:CDLength/binary>>) ->
-    update_handshake_history(Handshake,
-			     <<?CLIENT_HELLO, ?BYTE(Major), ?BYTE(Minor),
-			       ?UINT16(CSLength), ?UINT16(0),
-			       ?UINT16(CDLength),
-			       CipherSuites:CSLength/binary,
-			       ChallengeData:CDLength/binary>>);
-update_handshake_history({Handshake0, _Prev}, Data) ->
-    {[Data|Handshake0], Handshake0}.
-
-
 get_tls_handshake_aux(Version, <<?BYTE(Type), ?UINT24(Length),
 			Body:Length/binary,Rest/binary>>, Acc) ->
     Raw = <<?BYTE(Type), ?UINT24(Length), Body/binary>>,
@@ -206,10 +155,6 @@ get_tls_handshake_aux(Version, <<?BYTE(Type), ?UINT24(Length),
 get_tls_handshake_aux(_Version, Data, Acc) ->
     {lists:reverse(Acc), Data}.
 
-%%--------------------------------------------------------------------
-%%% Internal functions
-%%--------------------------------------------------------------------
-
 decode_handshake(_, ?HELLO_REQUEST, <<>>) ->
     #hello_request{};