Tidy up EC parameter check code: instead of accessing internal structures

add utility functions to t1_lib.c to check if EC certificates and parameters are consistent with peer. (backport from HEAD)
author: Dr. Stephen Henson <steve@openssl.org> 2012-04-06 20:14:53 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-04-06 20:14:53 +0000
commit: c132ca95c05cfcd8029a2670267d3e67b2b9f461 (patch)
tree: 5acc094d845dc1aa53b52da2390ef1d96cc6a716 /ssl/s3_lib.c
parent: 6b870763ac55ce1c748e68293e8169aa61cb4eb2 (diff)
1 files changed, 8 insertions, 159 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8b80dc7fb5..ab94ec8f1a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -152,11 +152,6 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 #include "kssl_lcl.h"
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-#include "../crypto/ec/ec_lcl.h"
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
 #include <openssl/md5.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
@@ -3834,11 +3829,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 	SSL_CIPHER *c,*ret=NULL;
 	STACK_OF(SSL_CIPHER) *prio, *allow;
 	int i,ii,ok;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
-	unsigned int j;
-	int ec_ok, ec_nid;
-	unsigned char ec_search1 = 0, ec_search2 = 0;
-#endif
 	CERT *cert;
 	unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
 
@@ -3939,155 +3929,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 
 #ifndef OPENSSL_NO_TLSEXT
 #ifndef OPENSSL_NO_EC
-		if (
-			/* if we are considering an ECC cipher suite that uses our certificate */
-			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-			/* and we have an ECC certificate */
-			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-			/* and the client specified a Supported Point Formats extension */
-			&& ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
-			/* and our certificate's point is compressed */
-			&& (
-				(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
-				&& (
-					(*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
-					|| (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
-					)
-				)
-		)
-			{
-			ec_ok = 0;
-			/* if our certificate's curve is over a field type that the client does not support
-			 * then do not allow this cipher suite to be negotiated */
-			if (
-				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
-				&& (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
-			)
-				{
-				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
-					{
-					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
-						{
-						ec_ok = 1;
-						break;
-						}
-					}
-				}
-			else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
-				{
-				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
-					{
-					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
-						{
-						ec_ok = 1;
-						break;
-						}
-					}
-				}
-			ok = ok && ec_ok;
-			}
-		if (
-			/* if we are considering an ECC cipher suite that uses our certificate */
-			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-			/* and we have an ECC certificate */
-			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-			/* and the client specified an EllipticCurves extension */
-			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
-		)
-			{
-			ec_ok = 0;
-			if (
-				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
-			)
-				{
-				ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
-				if ((ec_nid == 0)
-					&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
-				)
-					{
-					if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x01;
-						}
-					else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x02;
-						}
-					}
-				else
-					{
-					ec_search1 = 0x00;
-					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-					}
-				if ((ec_search1 != 0) || (ec_search2 != 0))
-					{
-					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
-						{
-						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
-							{
-							ec_ok = 1;
-							break;
-							}
-						}
-					}
-				}
-			ok = ok && ec_ok;
-			}
-		if (
-			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
-			(alg_k & SSL_kEECDH)
-			/* and we have an ephemeral EC key */
-			&& (s->cert->ecdh_tmp != NULL)
-			/* and the client specified an EllipticCurves extension */
-			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
-		)
-			{
-			ec_ok = 0;
-			if (s->cert->ecdh_tmp->group != NULL)
-				{
-				ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
-				if ((ec_nid == 0)
-					&& (s->cert->ecdh_tmp->group->meth != NULL)
-				)
-					{
-					if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x01;
-						}
-					else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x02;
-						}
-					}
-				else
-					{
-					ec_search1 = 0x00;
-					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-					}
-				if ((ec_search1 != 0) || (ec_search2 != 0))
-					{
-					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
-						{
-						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
-							{
-							ec_ok = 1;
-							break;
-							}
-						}
-					}
-				}
-			ok = ok && ec_ok;
-			}
+		/* if we are considering an ECC cipher suite that uses our
+		 * certificate check it */
+		if (alg_a & (SSL_aECDSA|SSL_aECDH))
+			ok = ok && tls1_check_ec_server_key(s);
+		/* if we are considering an ECC cipher suite that uses
+		 * an ephemeral EC key check it */
+		if (alg_k & SSL_kEECDH)
+			ok = ok && tls1_check_ec_tmp_key(s);
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */
author	Dr. Stephen Henson <steve@openssl.org>	2012-04-06 20:14:53 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-04-06 20:14:53 +0000
commit	c132ca95c05cfcd8029a2670267d3e67b2b9f461 (patch)
tree	5acc094d845dc1aa53b52da2390ef1d96cc6a716 /ssl/s3_lib.c
parent	6b870763ac55ce1c748e68293e8169aa61cb4eb2 (diff)