Inline tls1_check_ec_cert.
These functions are only called once. It ends up being not much code if
just done inline.
Change-Id: Ic432b313a6f7994ff9f51436cffbe0c3686a6c7c
Reviewed-on: https://boringssl-review.googlesource.com/11525
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index 1c0f1c9..ef0b141 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1539,11 +1539,6 @@
int tls1_set_curves_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
const char *curves);
-/* tls1_check_ec_cert returns one if |x| is an ECC certificate with curve and
- * point format compatible with the client's preferences. Otherwise it returns
- * zero. */
-int tls1_check_ec_cert(SSL *ssl, X509 *x);
-
/* ssl_add_clienthello_tlsext writes ClientHello extensions to |out|. It
* returns one on success and zero on failure. The |header_len| argument is the
* length of the ClientHello written so far and is used to compute the padding
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9c6d08e..55b464f 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -778,6 +778,8 @@
}
int ssl_check_leaf_certificate(SSL *ssl, X509 *leaf) {
+ assert(ssl3_protocol_version(ssl) < TLS1_3_VERSION);
+
int ret = 0;
EVP_PKEY *pkey = X509_get_pubkey(leaf);
if (pkey == NULL) {
@@ -804,7 +806,18 @@
goto err;
}
- if (!tls1_check_ec_cert(ssl, leaf)) {
+ EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
+ if (ec_key == NULL) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
+ goto err;
+ }
+
+ /* Check the key's group and point format are acceptable. */
+ uint16_t group_id;
+ if (!ssl_nid_to_group_id(
+ &group_id, EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key))) ||
+ !tls1_check_group_id(ssl, group_id) ||
+ EC_KEY_get_conv_form(ec_key) != POINT_CONVERSION_UNCOMPRESSED) {
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
goto err;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7adf22a..6616154 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -445,47 +445,6 @@
return 0;
}
-/* tls1_curve_params_from_ec_key sets |*out_group_id| and |*out_comp_id| to the
- * TLS group ID and point format, respectively, for |ec|. It returns one on
- * success and zero on failure. */
-static int tls1_curve_params_from_ec_key(uint16_t *out_group_id,
- uint8_t *out_comp_id, EC_KEY *ec) {
- int nid;
- uint16_t id;
- const EC_GROUP *grp;
-
- if (ec == NULL) {
- return 0;
- }
-
- grp = EC_KEY_get0_group(ec);
- if (grp == NULL) {
- return 0;
- }
-
- /* Determine group ID */
- nid = EC_GROUP_get_curve_name(grp);
- if (!ssl_nid_to_group_id(&id, nid)) {
- return 0;
- }
-
- /* Set the named group ID. Arbitrary explicit groups are not supported. */
- *out_group_id = id;
-
- if (out_comp_id) {
- if (EC_KEY_get0_public_key(ec) == NULL) {
- return 0;
- }
- if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
- *out_comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
- } else {
- *out_comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
- }
- }
-
- return 1;
-}
-
/* tls1_check_group_id returns one if |group_id| is consistent with both our
* and the peer's group preferences. Note: if called as the client, only our
* preferences are checked; the peer (the server) does not send preferences. */
@@ -522,35 +481,6 @@
return 1;
}
-int tls1_check_ec_cert(SSL *ssl, X509 *x) {
- if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION) {
- /* In TLS 1.3, the ECDSA curve is negotiated via signature algorithms. */
- return 1;
- }
-
- EVP_PKEY *pkey = X509_get_pubkey(x);
- if (pkey == NULL) {
- return 0;
- }
-
- int ret = 0;
- uint16_t group_id;
- uint8_t comp_id;
- EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
- if (ec_key == NULL ||
- !tls1_curve_params_from_ec_key(&group_id, &comp_id, ec_key) ||
- !tls1_check_group_id(ssl, group_id) ||
- comp_id != TLSEXT_ECPOINTFORMAT_uncompressed) {
- goto done;
- }
-
- ret = 1;
-
-done:
- EVP_PKEY_free(pkey);
- return ret;
-}
-
/* List of supported signature algorithms and hashes. Should make this
* customisable at some point, for now include everything we support. */
