Make SSL_(CTX_)?set_tmp_ecdh call SSL_(CTX_)?set1_curves.
Then deprecate the old functions. Thanks to upstream's
6977e8ee4a718a76351ba5275a9f0be4e530eab5 for the idea.
Change-Id: I916abd6fca2a3b2a439ec9902d9779707f7e41eb
Reviewed-on: https://boringssl-review.googlesource.com/6622
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index a62108b..b61df9d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1791,20 +1791,6 @@
OPENSSL_EXPORT int SSL_set1_curves(SSL *ssl, const int *curves,
size_t curves_len);
-/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the
- * curve for ephemeral ECDH keys. For historical reasons, this API expects an
- * |EC_KEY|, but only the curve is used. It returns one on success and zero on
- * error. If unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.) */
-OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
-
-/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve
- * for ephemeral ECDH keys. For historical reasons, this API expects an
- * |EC_KEY|, but only the curve is used. It returns one on success and zero on
- * error. If unset, an appropriate curve will be chosen based on curve
- * preferences. (This is recommended.) */
-OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
-
/* SSL_get_curve_name returns a human-readable name for the elliptic curve
* specified by the given TLS curve id, or NULL if the curve if unknown. */
OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);
@@ -3304,6 +3290,14 @@
* Use |SSL_CTX_set_quiet_shutdown| instead. */
OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
+/* SSL_CTX_set_tmp_ecdh calls |SSL_CTX_set1_curves| with a one-element list
+ * containing |ec_key|'s curve. */
+OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key);
+
+/* SSL_set_tmp_ecdh calls |SSL_set1_curves| with a one-element list containing
+ * |ec_key|'s curve. */
+OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
+
/* Private structures.
*
diff --git a/ssl/internal.h b/ssl/internal.h
index 73387a0..dde605b 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -726,10 +726,6 @@
DH *dh_tmp;
DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
- /* ecdh_nid, if not |NID_undef|, is the NID of the curve to use for ephemeral
- * ECDH keys. */
- int ecdh_nid;
-
/* peer_sigalgs are the algorithm/hash pairs that the peer supports. These
* are taken from the contents of signature algorithms extension for a server
* or from the CertificateRequest for a client. */
@@ -1172,10 +1168,6 @@
* zero. */
int tls1_check_ec_cert(SSL *s, X509 *x);
-/* tls1_check_ec_tmp_key returns one if the EC temporary key is compatible with
- * client extensions and zero otherwise. */
-int tls1_check_ec_tmp_key(SSL *s);
-
int tls1_shared_list(SSL *s, const uint8_t *l1, size_t l1len, const uint8_t *l2,
size_t l2len, int nmatch);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f6d400a..3f8cea0 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -299,8 +299,8 @@
OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ctx->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
- return 1;
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
+ return SSL_CTX_set1_curves(ctx, &nid, 1);
}
int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
@@ -308,8 +308,8 @@
OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
- return 1;
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
+ return SSL_set1_curves(ssl, &nid, 1);
}
int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 04cae2e..13e1d35 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1299,12 +1299,7 @@
r_pad_bytes[2] = BN_num_bytes(dh->p) - BN_num_bytes(dh->pub_key);
} else if (alg_k & SSL_kECDHE) {
/* Determine the curve to use. */
- int nid = NID_undef;
- if (cert->ecdh_nid != NID_undef) {
- nid = cert->ecdh_nid;
- } else {
- nid = tls1_get_shared_curve(s);
- }
+ int nid = tls1_get_shared_curve(s);
if (nid == NID_undef) {
al = SSL_AD_HANDSHAKE_FAILURE;
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_TMP_ECDH_KEY);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 8788152..bb83f88 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -185,8 +185,6 @@
}
ret->dh_tmp_cb = cert->dh_tmp_cb;
- ret->ecdh_nid = cert->ecdh_nid;
-
if (cert->x509 != NULL) {
ret->x509 = X509_up_ref(cert->x509);
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 379fd4f..5e4d997 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1785,8 +1785,8 @@
}
/* If we are considering an ECC cipher suite that uses an ephemeral EC
- * key, check it. */
- if (tls1_check_ec_tmp_key(s)) {
+ * key, check for a shared curve. */
+ if (tls1_get_shared_curve(s) != NID_undef) {
mask_k |= SSL_kECDHE;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0e78594..f0b792e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -602,20 +602,6 @@
return ret;
}
-int tls1_check_ec_tmp_key(SSL *s) {
- if (s->cert->ecdh_nid != NID_undef) {
- /* If the curve is preconfigured, ECDH is acceptable iff the peer supports
- * the curve. */
- uint16_t curve_id;
- return tls1_ec_nid2curve_id(&curve_id, s->cert->ecdh_nid) &&
- tls1_check_curve_id(s, curve_id);
- }
-
- /* Otherwise, the curve gets selected automatically. ECDH is acceptable iff
- * there is a shared curve. */
- return tls1_get_shared_curve(s) != NID_undef;
-}
-
/* List of supported signature algorithms and hashes. Should make this
* customisable at some point, for now include everything we support. */