Implement Supported Elliptic Curves Extension.

 Changes between 0.9.8a and 0.9.9  [xx XXX xxxx]

  *) Implement the Supported Elliptic Curves Extension for

     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.

     [Douglas Stebila]

  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or

     EVP_CIPHER structures to avoid later problems in EVP_cleanup().

     [Steve Henson]

static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);

#ifndef OPENSSL_NO_ECDH

static int curve_id2nid(int curve_id);

int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);

#endif

		param_len=3;

		if ((param_len > n) ||

		    (*p != NAMED_CURVE_TYPE) || 

		    ((curve_nid = curve_id2nid(*(p + 2))) == 0)) 

		    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) 

			{

			al=SSL_AD_INTERNAL_ERROR;

			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);

err:

	return(0);

	}

#ifndef OPENSSL_NO_ECDH

/* This is the complement of nid2curve_id in s3_srvr.c. */

static int curve_id2nid(int curve_id)

{

	/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)

	 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */

	static int nid_list[26] =

	{

		0,

		NID_sect163k1, /* sect163k1 (1) */

		NID_sect163r1, /* sect163r1 (2) */

		NID_sect163r2, /* sect163r2 (3) */

		NID_sect193r1, /* sect193r1 (4) */ 

		NID_sect193r2, /* sect193r2 (5) */ 

		NID_sect233k1, /* sect233k1 (6) */

		NID_sect233r1, /* sect233r1 (7) */ 

		NID_sect239k1, /* sect239k1 (8) */ 

		NID_sect283k1, /* sect283k1 (9) */

		NID_sect283r1, /* sect283r1 (10) */ 

		NID_sect409k1, /* sect409k1 (11) */ 

		NID_sect409r1, /* sect409r1 (12) */

		NID_sect571k1, /* sect571k1 (13) */ 

		NID_sect571r1, /* sect571r1 (14) */ 

		NID_secp160k1, /* secp160k1 (15) */

		NID_secp160r1, /* secp160r1 (16) */ 

		NID_secp160r2, /* secp160r2 (17) */ 

		NID_secp192k1, /* secp192k1 (18) */

		NID_X9_62_prime192v1, /* secp192r1 (19) */ 

		NID_secp224k1, /* secp224k1 (20) */ 

		NID_secp224r1, /* secp224r1 (21) */

		NID_secp256k1, /* secp256k1 (22) */ 

		NID_X9_62_prime256v1, /* secp256r1 (23) */ 

		NID_secp384r1, /* secp384r1 (24) */

		NID_secp521r1  /* secp521r1 (25) */	

	};

	if ((curve_id < 1) || (curve_id > 25)) return 0;

	return nid_list[curve_id];

}

#endif

	int i,j,ok;

#ifndef OPENSSL_NO_TLSEXT

#ifndef OPENSSL_NO_EC

	int ec_ok;

	int ec_ok, ec_nid;

	unsigned char ec_search1, ec_search2;

	unsigned char *ec_ptr;

#endif /* OPENSSL_NO_EC */

#endif /* OPENSSL_NO_TLSEXT */

	CERT *cert;

				}

			ok = ok && ec_ok;

			}

		if (

			/* if we are considering an ECC cipher suite that uses our certificate */

			(alg & SSL_aECDSA)

			/* and we have an ECC certificate */

			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)

			/* and the client specified an EllipticCurves extension */

			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))

		)

			{

			ec_ok = 0;

			if (

				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)

				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)

			)

				{

				ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);

				if ((ec_nid == 0)

					&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)

				)

					{

					if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)

						{

						ec_search1 = 0xFF;

						ec_search2 = 0x01;

						}

					else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)

						{

						ec_search1 = 0xFF;

						ec_search2 = 0x02;

						}

					}

				else

					{

					ec_search1 = 0x00;

					ec_search2 = tls1_ec_nid2curve_id(ec_nid);

					}

				if ((ec_search1 != 0) || (ec_search2 != 0))

					{

					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)

						{

						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))

							{

							ec_ok = 1;

							break;

							}

						}

					}

				}

			ok = ok && ec_ok;

			}

		if (

			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */

			((alg & SSL_kECDH) || (alg & SSL_kECDHE))

			/* and we have an ephemeral EC key */

			&& (s->cert->ecdh_tmp != NULL)

			/* and the client specified an EllipticCurves extension */

			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))

		)

			{

			ec_ok = 0;

			if (s->cert->ecdh_tmp->group != NULL)

				{

				ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);

				if ((ec_nid == 0)

					&& (s->cert->ecdh_tmp->group->meth != NULL)

				)

					{

					if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)

						{

						ec_search1 = 0xFF;

						ec_search2 = 0x01;

						}

					else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)

						{

						ec_search1 = 0xFF;

						ec_search2 = 0x02;

						}

					}

				else

					{

					ec_search1 = 0x00;

					ec_search2 = tls1_ec_nid2curve_id(ec_nid);

					}

				if ((ec_search1 != 0) || (ec_search2 != 0))

					{

					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)

						{

						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))

							{

							ec_ok = 1;

							break;

							}

						}

					}

				}

			ok = ok && ec_ok;

			}

#endif /* OPENSSL_NO_EC */

#endif /* OPENSSL_NO_TLSEXT */

static const SSL_METHOD *ssl3_get_server_method(int ver);

#ifndef OPENSSL_NO_ECDH

static int nid2curve_id(int nid);

#endif

static const SSL_METHOD *ssl3_get_server_method(int ver)

	{

	if (ver == SSL3_VERSION)

			 * supported named curves, curve_id is non-zero.

			 */

			if ((curve_id = 

			    nid2curve_id(EC_GROUP_get_curve_name(group)))

			    tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))

			    == 0)

				{

				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);

	/* SSL3_ST_SW_CERT_B */

	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

	}

#ifndef OPENSSL_NO_ECDH

/* This is the complement of curve_id2nid in s3_clnt.c. */

static int nid2curve_id(int nid)

{

	/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)

	 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */

	switch (nid) {

	case NID_sect163k1: /* sect163k1 (1) */

		return 1;

	case NID_sect163r1: /* sect163r1 (2) */

		return 2;

	case NID_sect163r2: /* sect163r2 (3) */

		return 3;

	case NID_sect193r1: /* sect193r1 (4) */ 

		return 4;

	case NID_sect193r2: /* sect193r2 (5) */ 

		return 5;

	case NID_sect233k1: /* sect233k1 (6) */

		return 6;

	case NID_sect233r1: /* sect233r1 (7) */ 

		return 7;

	case NID_sect239k1: /* sect239k1 (8) */ 

		return 8;

	case NID_sect283k1: /* sect283k1 (9) */

		return 9;

	case NID_sect283r1: /* sect283r1 (10) */ 

		return 10;

	case NID_sect409k1: /* sect409k1 (11) */ 

		return 11;

	case NID_sect409r1: /* sect409r1 (12) */

		return 12;

	case NID_sect571k1: /* sect571k1 (13) */ 

		return 13;

	case NID_sect571r1: /* sect571r1 (14) */ 

		return 14;

	case NID_secp160k1: /* secp160k1 (15) */

		return 15;

	case NID_secp160r1: /* secp160r1 (16) */ 

		return 16;

	case NID_secp160r2: /* secp160r2 (17) */ 

		return 17;

	case NID_secp192k1: /* secp192k1 (18) */

		return 18;

	case NID_X9_62_prime192v1: /* secp192r1 (19) */ 

		return 19;

	case NID_secp224k1: /* secp224k1 (20) */ 

		return 20;

	case NID_secp224r1: /* secp224r1 (21) */

		return 21;

	case NID_secp256k1: /* secp256k1 (22) */ 

		return 22;

	case NID_X9_62_prime256v1: /* secp256r1 (23) */ 

		return 23;

	case NID_secp384r1: /* secp384r1 (24) */

		return 24;

	case NID_secp521r1:  /* secp521r1 (25) */	

		return 25;

	default:

		return 0;

	}

}

#endif

#ifndef OPENSSL_NO_EC

	size_t tlsext_ecpointformatlist_length;

	unsigned char *tlsext_ecpointformatlist; /* peer's list */

	size_t tlsext_ellipticcurvelist_length;

	unsigned char *tlsext_ellipticcurvelist; /* peer's list */

#endif /* OPENSSL_NO_EC */

#endif

	} SSL_SESSION;

#ifndef OPENSSL_NO_EC

	size_t tlsext_ecpointformatlist_length;

	unsigned char *tlsext_ecpointformatlist; /* our list */

	size_t tlsext_ellipticcurvelist_length;

	unsigned char *tlsext_ellipticcurvelist; /* our list */

#endif /* OPENSSL_NO_EC */

	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

#define session_ctx initial_ctx