Renamed extension supported ECC to supported groups. Fixes #451.

Split combined ECC extensions into different files.

Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

12 files changed, 217 insertions, 158 deletions

diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 7b24757468..02023ce2a9 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -1224,7 +1224,7 @@ const gnutls_cipher_suite_entry_st
 		if (kx_algorithm == p->kx_algorithm &&
 			      cipher_algorithm == p->block_algorithm
 			      && mac_algorithm == p->mac_algorithm) {
-			ret = p; 
+			ret = p;
 			break;
 		}
 	);
@@ -1460,7 +1460,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session,
 	 * by RFC4492, probably to allow SSLv2 hellos negotiate elliptic curve
 	 * ciphersuites */
 	if (!version->tls13_sem && session->internals.cand_ec_group == NULL &&
-	    !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_ECC)) {
+	    !_gnutls_hello_ext_is_present(session, GNUTLS_EXTENSION_SUPPORTED_GROUPS)) {
 		session->internals.cand_ec_group = _gnutls_id_to_group(DEFAULT_EC_GROUP);
 	}
 
@@ -1655,11 +1655,11 @@ _gnutls_get_client_ciphersuites(gnutls_session_t session,
  * @sidx: internal index of cipher suite to get information about.
  *
  * Provides the internal ciphersuite index to be used with
- * gnutls_cipher_suite_info(). The index @idx provided is an 
+ * gnutls_cipher_suite_info(). The index @idx provided is an
  * index kept at the priorities structure. It might be that a valid
- * priorities index does not correspond to a ciphersuite and in 
- * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned. 
- * Once the last available index is crossed then 
+ * priorities index does not correspond to a ciphersuite and in
+ * that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE will be returned.
+ * Once the last available index is crossed then
  * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
  *
  * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c
index 2872427eea..7b9a7f65bf 100644
--- a/lib/auth/anon_ecdh.c
+++ b/lib/auth/anon_ecdh.c
@@ -37,7 +37,7 @@
 #include "mpi.h"
 #include <state.h>
 #include <auth/ecdhe.h>
-#include <ext/ecc.h>
+#include <ext/supported_groups.h>
 
 static int gen_anon_ecdh_server_kx(gnutls_session_t, gnutls_buffer_st *);
 static int proc_anon_ecdh_client_kx(gnutls_session_t, uint8_t *, size_t);
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index c9369619dc..8b55704b28 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -37,7 +37,7 @@
 #include <x509.h>
 #include <auth/ecdhe.h>
 #include <ecc.h>
-#include <ext/ecc.h>
+#include <ext/supported_groups.h>
 #include <algorithms.h>
 #include <auth/psk.h>
 #include <auth/cert.h>
diff --git a/lib/ext/Makefile.am b/lib/ext/Makefile.am
index 89d2389be9..626d9bae96 100644
--- a/lib/ext/Makefile.am
+++ b/lib/ext/Makefile.am
@@ -38,13 +38,15 @@ libgnutls_ext_la_SOURCES = max_record.c \
 	server_name.c signature.c safe_renegotiation.c \
 	max_record.h server_name.h srp.h \
 	session_ticket.h signature.h safe_renegotiation.h \
-	session_ticket.c srp.c ecc.c ecc.h heartbeat.c heartbeat.h \
+	session_ticket.c srp.c heartbeat.c heartbeat.h \
 	status_request.h status_request.c dumbfw.c dumbfw.h \
 	ext_master_secret.c ext_master_secret.h etm.h etm.c \
 	supported_versions.c supported_versions.h \
 	post_handshake.c post_handshake.h key_share.c key_share.h \
 	cookie.c cookie.h \
-	psk_ke_modes.c psk_ke_modes.h pre_shared_key.c pre_shared_key.h
+	psk_ke_modes.c psk_ke_modes.h pre_shared_key.c pre_shared_key.h \
+	supported_groups.c supported_groups.h \
+	ec_point_formats.c ec_point_formats.h
 
 if ENABLE_ALPN
 libgnutls_ext_la_SOURCES += alpn.c alpn.h
diff --git a/lib/ext/ec_point_formats.c b/lib/ext/ec_point_formats.c
new file mode 100644
index 0000000000..657eb6625d
--- /dev/null
+++ b/lib/ext/ec_point_formats.c
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* This file contains the code for the Elliptic Curve Point Formats extension.
+ */
+
+#include "ext/ec_point_formats.h"
+#include "str.h"
+#include "state.h"
+#include <gnutls/gnutls.h>
+
+
+static int _gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session,
+						const uint8_t * data,
+						size_t data_size);
+static int _gnutls_supported_ec_point_formats_send_params(gnutls_session_t session,
+						gnutls_buffer_st * extdata);
+
+
+const hello_ext_entry_st ext_mod_supported_ec_point_formats = {
+	.name = "Supported EC Point Formats",
+	.tls_id = 11,
+	.gid = GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS,
+	.parse_type = GNUTLS_EXT_TLS,
+	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
+		    GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
+	.recv_func = _gnutls_supported_ec_point_formats_recv_params,
+	.send_func = _gnutls_supported_ec_point_formats_send_params,
+	.pack_func = NULL,
+	.unpack_func = NULL,
+	.deinit_func = NULL
+};
+
+
+/* Receive point formats
+ */
+static int
+_gnutls_supported_ec_point_formats_recv_params(gnutls_session_t session,
+				     const uint8_t * data,
+				     size_t _data_size)
+{
+	int len, i;
+	int uncompressed = 0;
+	int data_size = _data_size;
+
+	if (session->security_parameters.entity == GNUTLS_CLIENT) {
+		if (data_size < 1)
+			return
+			    gnutls_assert_val
+			    (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+		len = data[0];
+		if (len < 1)
+			return
+			    gnutls_assert_val
+			    (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+
+		DECR_LEN(data_size, len + 1);
+
+		for (i = 1; i <= len; i++)
+			if (data[i] == 0) {	/* uncompressed */
+				uncompressed = 1;
+				break;
+			}
+
+		if (uncompressed == 0)
+			return
+			    gnutls_assert_val
+			    (GNUTLS_E_UNKNOWN_PK_ALGORITHM);
+	} else {
+		/* only sanity check here. We only support uncompressed points
+		 * and a client must support it thus nothing to check.
+		 */
+		if (_data_size < 1)
+			return
+			    gnutls_assert_val
+			    (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
+	}
+
+	return 0;
+}
+
+/* returns data_size or a negative number on failure
+ */
+static int
+_gnutls_supported_ec_point_formats_send_params(gnutls_session_t session,
+				     gnutls_buffer_st * extdata)
+{
+	const uint8_t p[2] = { 0x01, 0x00 };	/* only support uncompressed point format */
+	int ret;
+
+	if (session->security_parameters.entity == GNUTLS_SERVER
+	    && !_gnutls_session_is_ecc(session))
+		return 0;
+
+	if (session->internals.priorities->groups.size > 0) {
+		ret = _gnutls_buffer_append_data(extdata, p, 2);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
+		return 2;
+	}
+	return 0;
+}
diff --git a/lib/ext/ec_point_formats.h b/lib/ext/ec_point_formats.h
new file mode 100644
index 0000000000..51f9ad2562
--- /dev/null
+++ b/lib/ext/ec_point_formats.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+#ifndef EXT_EC_POINT_FORMATS_H
+#define EXT_EC_POINT_FORMATS_H
+
+#include <hello_ext.h>
+
+extern const hello_ext_entry_st ext_mod_supported_ec_point_formats;
+
+#endif
diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
index 5802e47679..98bb729131 100644
--- a/lib/ext/key_share.c
+++ b/lib/ext/key_share.c
@@ -26,7 +26,7 @@
 #include "gnutls_int.h"
 #include "errors.h"
 #include "num.h"
-#include <ext/ecc.h>
+#include "ext/supported_groups.h"
 #include <state.h>
 #include <num.h>
 #include <algorithms.h>
diff --git a/lib/ext/ecc.c b/lib/ext/supported_groups.c
index 164b6150db..6a1cdadd88 100644
--- a/lib/ext/ecc.c
+++ b/lib/ext/supported_groups.c
@@ -21,62 +21,42 @@
  *
  */
 
-/* This file contains the code the Negotiated groups TLS 1.3, or
- * Elliptic curves TLS 1.2 extension.
+/* This file contains the code for the Supported Groups extension (rfc7919).
+ * This extension was previously named Supported Elliptic Curves under TLS 1.2.
  */
 
-#include "gnutls_int.h"
-#include "errors.h"
+#include "ext/supported_groups.h"
+#include "str.h"
 #include "num.h"
-#include <ext/ecc.h>
-#include <state.h>
-#include <num.h>
-#include <algorithms.h>
 #include "auth/psk.h"
 #include "auth/cert.h"
 #include "auth/anon.h"
+#include "algorithms.h"
+#include <gnutls/gnutls.h>
 
-static int _gnutls_supported_ecc_recv_params(gnutls_session_t session,
+
+static int _gnutls_supported_groups_recv_params(gnutls_session_t session,
 					     const uint8_t * data,
 					     size_t data_size);
-static int _gnutls_supported_ecc_send_params(gnutls_session_t session,
+static int _gnutls_supported_groups_send_params(gnutls_session_t session,
 					     gnutls_buffer_st * extdata);
 
-static int _gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
-						const uint8_t * data,
-						size_t data_size);
-static int _gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
-						gnutls_buffer_st *
-						extdata);
 
-const hello_ext_entry_st ext_mod_supported_ecc = {
-	.name = "Negotiated Groups",
+const hello_ext_entry_st ext_mod_supported_groups = {
+	.name = "Supported Groups",
 	.tls_id = 10,
-	.gid = GNUTLS_EXTENSION_SUPPORTED_ECC,
+	.gid = GNUTLS_EXTENSION_SUPPORTED_GROUPS,
 	.parse_type = GNUTLS_EXT_TLS,
 	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
 		    GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
-	.recv_func = _gnutls_supported_ecc_recv_params,
-	.send_func = _gnutls_supported_ecc_send_params,
+	.recv_func = _gnutls_supported_groups_recv_params,
+	.send_func = _gnutls_supported_groups_send_params,
 	.pack_func = NULL,
 	.unpack_func = NULL,
 	.deinit_func = NULL,
 	.cannot_be_overriden = 1
 };
 
-const hello_ext_entry_st ext_mod_supported_ecc_pf = {
-	.name = "Supported ECC Point Formats",
-	.tls_id = 11,
-	.gid = GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
-	.parse_type = GNUTLS_EXT_TLS,
-	.validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
-		    GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
-	.recv_func = _gnutls_supported_ecc_pf_recv_params,
-	.send_func = _gnutls_supported_ecc_pf_send_params,
-	.pack_func = NULL,
-	.unpack_func = NULL,
-	.deinit_func = NULL
-};
 
 static unsigned get_min_dh(gnutls_session_t session)
 {
@@ -103,16 +83,16 @@ static unsigned get_min_dh(gnutls_session_t session)
 	return 0;
 }
 
-/* 
- * In case of a server: if a SUPPORTED_ECC extension type is received then it stores
+/*
+ * In case of a server: if a SUPPORTED_GROUPS extension type is received then it stores
  * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
  * to access it.
  *
- * In case of a client: If a supported_eccs have been specified then we send the extension.
+ * In case of a client: If supported_eccs have been specified then we send the extension.
  *
  */
 static int
-_gnutls_supported_ecc_recv_params(gnutls_session_t session,
+_gnutls_supported_groups_recv_params(gnutls_session_t session,
 				  const uint8_t * data, size_t _data_size)
 {
 	int i;
@@ -132,7 +112,7 @@ _gnutls_supported_ecc_recv_params(gnutls_session_t session,
 		 * possible to read that message under TLS1.3 as an encrypted
 		 * extension. */
 		return 0;
-	} else {		/* SERVER SIDE - we must check if the sent supported ecc type is the right one 
+	} else {		/* SERVER SIDE - we must check if the sent supported ecc type is the right one
 				 */
 		if (data_size < 2)
 			return
@@ -233,7 +213,7 @@ _gnutls_supported_ecc_recv_params(gnutls_session_t session,
 /* returns data_size or a negative number on failure
  */
 static int
-_gnutls_supported_ecc_send_params(gnutls_session_t session,
+_gnutls_supported_groups_send_params(gnutls_session_t session,
 				  gnutls_buffer_st * extdata)
 {
 	unsigned len, i;
@@ -254,7 +234,7 @@ _gnutls_supported_ecc_send_params(gnutls_session_t session,
 			for (i = 0; i < len; i++) {
 				p = session->internals.priorities->groups.entry[i]->tls_id;
 
-				_gnutls_handshake_log("EXT[%p]: sent group %s (0x%x)\n", session,
+				_gnutls_handshake_log("EXT[%p]: Sent group %s (0x%x)\n", session,
 					session->internals.priorities->groups.entry[i]->name, (unsigned)p);
 
 				ret =
@@ -271,84 +251,6 @@ _gnutls_supported_ecc_send_params(gnutls_session_t session,
 	return 0;
 }
 
-/* 
- * In case of a server: if a SUPPORTED_ECC extension type is received then it stores
- * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
- * to access it.
- *
- * In case of a client: If a supported_eccs have been specified then we send the extension.
- *
- */
-static int
-_gnutls_supported_ecc_pf_recv_params(gnutls_session_t session,
-				     const uint8_t * data,
-				     size_t _data_size)
-{
-	int len, i;
-	int uncompressed = 0;
-	int data_size = _data_size;
-
-	if (session->security_parameters.entity == GNUTLS_CLIENT) {
-		if (data_size < 1)
-			return
-			    gnutls_assert_val
-			    (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
-		len = data[0];
-		if (len < 1)
-			return
-			    gnutls_assert_val
-			    (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-
-		DECR_LEN(data_size, len + 1);
-
-		for (i = 1; i <= len; i++)
-			if (data[i] == 0) {	/* uncompressed */
-				uncompressed = 1;
-				break;
-			}
-
-		if (uncompressed == 0)
-			return
-			    gnutls_assert_val
-			    (GNUTLS_E_UNKNOWN_PK_ALGORITHM);
-	} else {
-		/* only sanity check here. We only support uncompressed points
-		 * and a client must support it thus nothing to check.
-		 */
-		if (_data_size < 1)
-			return
-			    gnutls_assert_val
-			    (GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
-	}
-
-	return 0;
-}
-
-/* returns data_size or a negative number on failure
- */
-static int
-_gnutls_supported_ecc_pf_send_params(gnutls_session_t session,
-				     gnutls_buffer_st * extdata)
-{
-	const uint8_t p[2] = { 0x01, 0x00 };	/* only support uncompressed point format */
-	int ret;
-
-	if (session->security_parameters.entity == GNUTLS_SERVER
-	    && !_gnutls_session_is_ecc(session))
-		return 0;
-
-	if (session->internals.priorities->groups.size > 0) {
-		ret = _gnutls_buffer_append_data(extdata, p, 2);
-		if (ret < 0)
-			return gnutls_assert_val(ret);
-
-		return 2;
-	}
-	return 0;
-}
-
-
 /* Returns 0 if the given ECC curve is allowed in the current
  * session. A negative error value is returned otherwise.
  */
diff --git a/lib/ext/ecc.h b/lib/ext/supported_groups.h
index 106bb15a18..e42e3c0366 100644
--- a/lib/ext/ecc.h
+++ b/lib/ext/supported_groups.h
@@ -19,13 +19,12 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  *
  */
-#ifndef EXT_ECC_H
-#define EXT_ECC_H
+#ifndef EXT_SUPPORTED_GROUPS_H
+#define EXT_SUPPORTED_GROUPS_H
 
 #include <hello_ext.h>
 
-extern const hello_ext_entry_st ext_mod_supported_ecc;
-extern const hello_ext_entry_st ext_mod_supported_ecc_pf;
+extern const hello_ext_entry_st ext_mod_supported_groups;
 
 int
 _gnutls_session_supports_group(gnutls_session_t session,
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 367dbff83e..320c394d18 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -115,7 +115,7 @@ typedef struct {
  */
 #define MAX_HANDSHAKE_PACKET_SIZE 128*1024
 
-/* The maximum digest size of hash algorithms. 
+/* The maximum digest size of hash algorithms.
  */
 #define MAX_FILENAME 512
 #define MAX_HASH_SIZE 64
@@ -316,8 +316,8 @@ typedef enum extensions_t {
 	GNUTLS_EXTENSION_MAX_RECORD_SIZE = 0,
 	GNUTLS_EXTENSION_STATUS_REQUEST,
 	GNUTLS_EXTENSION_CERT_TYPE,
-	GNUTLS_EXTENSION_SUPPORTED_ECC,
-	GNUTLS_EXTENSION_SUPPORTED_ECC_PF,
+	GNUTLS_EXTENSION_SUPPORTED_GROUPS,
+	GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS,
 	GNUTLS_EXTENSION_SRP,
 	GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
 	GNUTLS_EXTENSION_SRTP,
@@ -456,7 +456,7 @@ typedef struct mbuffer_head_st {
 	size_t byte_length;
 } mbuffer_head_st;
 
-/* Store & Retrieve functions defines: 
+/* Store & Retrieve functions defines:
  */
 
 typedef struct auth_cred_st {
@@ -557,15 +557,15 @@ struct gnutls_key_st {
 	/* The key to encrypt and decrypt session tickets */
 	uint8_t session_ticket_key[TICKET_MASTER_KEY_SIZE];
 
-	/* this is used to hold the peers authentication data 
+	/* this is used to hold the peers authentication data
 	 */
-	/* auth_info_t structures SHOULD NOT contain malloced 
+	/* auth_info_t structures SHOULD NOT contain malloced
 	 * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
 	 * Remember that this should be calloced!
 	 */
 	void *auth_info;
 	gnutls_credentials_type_t auth_info_type;
-	int auth_info_size;	/* needed in order to store to db for restoring 
+	int auth_info_size;	/* needed in order to store to db for restoring
 				 */
 	auth_cred_st *cred;	/* used to specify keys/certificates etc */
 };
@@ -664,7 +664,7 @@ typedef struct {
 	bool only_extension;	/* negotiated only with an extension */
 	bool post_handshake_auth;	/* Supports the TLS 1.3 post handshake auth */
 	bool key_shares;	/* TLS 1.3 key share key exchange */
-	/* 
+	/*
 	 * TLS versions modify the semantics of signature algorithms. This number
 	 * is there to distinguish signature algorithms semantics between versions
 	 * (maps to sign_algorithm_st->tls_sem)
@@ -690,13 +690,13 @@ typedef struct {
 
 #define MAX_VERIFY_DATA_SIZE 36	/* in SSL 3.0, 12 in TLS 1.0 */
 
-/* auth_info_t structures now MAY contain malloced 
+/* auth_info_t structures now MAY contain malloced
  * elements.
  */
 
 /* This structure and auth_info_t, are stored in the resume database,
  * and are restored, in case of resume.
- * Holds all the required parameters to resume the current 
+ * Holds all the required parameters to resume the current
  * session.
  */
 
@@ -717,7 +717,7 @@ typedef struct {
 	/* The epoch at index 0 of record_parameters. */
 	uint16_t epoch_min;
 
-	/* this is the ciphersuite we are going to use 
+	/* this is the ciphersuite we are going to use
 	 * moved here from internals in order to be restored
 	 * on resume;
 	 */
@@ -990,7 +990,7 @@ typedef struct {
 
 	unsigned int hsk_hello_verify_requests;
 
-	/* The actual retrans_timeout for the next message (e.g. doubled or so) 
+	/* The actual retrans_timeout for the next message (e.g. doubled or so)
 	 */
 	unsigned int actual_retrans_timeout_ms;
 
@@ -1024,7 +1024,7 @@ typedef struct {
 						 * the server finished message */
 	unsigned handshake_hash_buffer_client_finished_len;/* if non-zero it is the length of data until the
 						 * the client finished message */
-	gnutls_buffer_st handshake_hash_buffer;	/* used to keep the last received handshake 
+	gnutls_buffer_st handshake_hash_buffer;	/* used to keep the last received handshake
 						 * message */
 	bool resumable;	/* TRUE or FALSE - if we can resume that session */
 
@@ -1089,7 +1089,7 @@ typedef struct {
 	/* this buffer holds a record packet -mostly used for
 	 * non blocking IO.
 	 */
-	mbuffer_head_st record_recv_buffer;	/* buffer holding the unparsed record that is currently 
+	mbuffer_head_st record_recv_buffer;	/* buffer holding the unparsed record that is currently
 						 * being received */
 	mbuffer_head_st record_send_buffer;	/* holds cached data
 						 * for the gnutls_io_write_buffered()
@@ -1116,7 +1116,7 @@ typedef struct {
 
 	/* this is the highest version available
 	 * to the peer. (advertized version).
-	 * This is obtained by the Handshake Client Hello 
+	 * This is obtained by the Handshake Client Hello
 	 * message. (some implementations read the Record version)
 	 */
 	uint8_t adv_version_major;
@@ -1397,7 +1397,7 @@ struct gnutls_session_int {
 };
 
 
-/* functions 
+/* functions
  */
 void _gnutls_free_auth_info(gnutls_session_t session);
 
diff --git a/lib/hello_ext.c b/lib/hello_ext.c
index ad3cf54d3f..d9f548457f 100644
--- a/lib/hello_ext.c
+++ b/lib/hello_ext.c
@@ -37,7 +37,8 @@
 #include <ext/safe_renegotiation.h>
 #include <ext/signature.h>
 #include <ext/safe_renegotiation.h>
-#include <ext/ecc.h>
+#include "ext/supported_groups.h"
+#include "ext/ec_point_formats.h"
 #include <ext/status_request.h>
 #include <ext/ext_master_secret.h>
 #include <ext/supported_versions.h>
@@ -76,8 +77,8 @@ static hello_ext_entry_st const *extfunc[MAX_EXT_TYPES+1] = {
 	[GNUTLS_EXTENSION_HEARTBEAT] = &ext_mod_heartbeat,
 #endif
 	[GNUTLS_EXTENSION_SESSION_TICKET] = &ext_mod_session_ticket,
-	[GNUTLS_EXTENSION_SUPPORTED_ECC] = &ext_mod_supported_ecc,
-	[GNUTLS_EXTENSION_SUPPORTED_ECC_PF] = &ext_mod_supported_ecc_pf,
+	[GNUTLS_EXTENSION_SUPPORTED_GROUPS] = &ext_mod_supported_groups,
+	[GNUTLS_EXTENSION_SUPPORTED_EC_POINT_FORMATS] = &ext_mod_supported_ec_point_formats,
 	[GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS] = &ext_mod_sig,
 	[GNUTLS_EXTENSION_KEY_SHARE] = &ext_mod_key_share,
 	[GNUTLS_EXTENSION_COOKIE] = &ext_mod_cookie,
@@ -748,9 +749,9 @@ _gnutls_hello_ext_get_resumed_priv(gnutls_session_t session,
  *
  * Since: 3.4.0
  **/
-int 
+int
 gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type,
-		    gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, 
+		    gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
 		    gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
 		    gnutls_ext_unpack_func unpack_func)
 {
@@ -833,10 +834,10 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_type
  *
  * Since: 3.5.5
  **/
-int 
+int
 gnutls_session_ext_register(gnutls_session_t session,
 			    const char *name, int id, gnutls_ext_parse_type_t parse_type,
-			    gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, 
+			    gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
 			    gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
 			    gnutls_ext_unpack_func unpack_func, unsigned flags)
 {
diff --git a/lib/hello_ext.h b/lib/hello_ext.h
index ac0a4613a7..8a7580a28e 100644
--- a/lib/hello_ext.h
+++ b/lib/hello_ext.h
@@ -24,7 +24,9 @@
 #ifndef GNUTLS_EXTENSIONS_H
 #define GNUTLS_EXTENSIONS_H
 
+#include "gnutls_int.h"
 #include <gnutls/gnutls.h>
+#include "str.h"
 
 /* Functions for hello extension parsing.
  */
@@ -136,7 +138,7 @@ typedef struct hello_ext_entry_st {
 	gnutls_ext_send_func send_func;
 
 	gnutls_ext_deinit_data_func deinit_func;	/* this will be called to deinitialize
-							 * internal data 
+							 * internal data
 							 */
 	gnutls_ext_pack_func pack_func;	/* packs internal data to machine independent format */
 	gnutls_ext_unpack_func unpack_func;	/* unpacks internal data */