Simplify server-side ECDH curve selection.
There's multiple sets of APIs for selecting the curve. Fold away
SSL_OP_SINGLE_ECDH_USE as failing to set it is either a no-op or a bug. With
that gone, the consumer only needs to control the selection of a curve, with
key generation from then on being uniform. Also clean up the interaction
between the three API modes in s3_srvr.c; they were already mutually exclusive
due to tls1_check_ec_tmp_key.
This also removes all callers of EC_KEY_dup (and thus CRYPTO_dup_ex_data)
within the library.
Change-Id: I477b13bd9e77eb03d944ef631dd521639968dc8c
Reviewed-on: https://boringssl-review.googlesource.com/4200
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 01d9875..0009d13 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -606,23 +606,22 @@
}
int tls1_check_ec_tmp_key(SSL *s) {
- uint16_t curve_id;
- EC_KEY *ec = s->cert->ecdh_tmp;
-
if (s->cert->ecdh_tmp_auto) {
- /* Need a shared curve */
+ /* If using |ecdh_tmp_auto|, ECDH is acceptable if there is a shared
+ * curve. */
return tls1_get_shared_curve(s) != NID_undef;
}
- if (!ec) {
- if (s->cert->ecdh_tmp_cb) {
- return 1;
- }
- return 0;
+ if (s->cert->ecdh_nid != NID_undef) {
+ /* If the curve is preconfigured, ECDH is acceptable if the peer supports
+ * the curve. */
+ uint16_t curve_id;
+ return tls1_ec_nid2curve_id(&curve_id, s->cert->ecdh_nid) &&
+ tls1_check_curve_id(s, curve_id);
}
- return tls1_curve_params_from_ec_key(&curve_id, NULL, ec) &&
- tls1_check_curve_id(s, curve_id);
+ /* Otherwise, assume the callback will provide an acceptable curve. */
+ return s->cert->ecdh_tmp_cb != NULL;
}
/* List of supported signature algorithms and hashes. Should make this
