oops, revert unrelated patches
This commit is contained in:
Dr. Stephen Henson
parent
61ad8262a0
commit
156421a2af
@ -1209,21 +1209,6 @@ bad:
|
||||
#endif
|
||||
|
||||
con=SSL_new(ctx);
|
||||
#if 0
|
||||
{
|
||||
int curves[3];
|
||||
int rv;
|
||||
curves[0] = EC_curve_nist2nid("P-256");
|
||||
curves[1] = EC_curve_nist2nid("P-521");
|
||||
curves[2] = EC_curve_nist2nid("P-384");
|
||||
rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int));
|
||||
if (rv == 0)
|
||||
{
|
||||
fprintf(stderr, "Error setting curve list\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
if (sess_in)
|
||||
{
|
||||
SSL_SESSION *sess;
|
||||
|
||||
88
ssl/s3_lib.c
88
ssl/s3_lib.c
@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
||||
return (int)clistlen;
|
||||
}
|
||||
|
||||
case SSL_CTRL_SET_CURVELIST:
|
||||
{
|
||||
int *nid_list = parg;
|
||||
size_t nid_listlen = larg, i;
|
||||
unsigned char *clist, *p;
|
||||
/* Bitmap of curves included to detect duplicates: only works
|
||||
* while curve ids < 32
|
||||
*/
|
||||
unsigned long dup_list = 0;
|
||||
clist = OPENSSL_malloc(nid_listlen * 2);
|
||||
for (i = 0, p = clist; i < nid_listlen; i++)
|
||||
{
|
||||
unsigned long idmask;
|
||||
int id;
|
||||
id = tls1_ec_nid2curve_id(nid_list[i]);
|
||||
idmask = 1L << id;
|
||||
if (!id || (dup_list & idmask))
|
||||
{
|
||||
OPENSSL_free(clist);
|
||||
return 0;
|
||||
}
|
||||
dup_list |= idmask;
|
||||
s2n(id, p);
|
||||
}
|
||||
if (s->tlsext_ellipticcurvelist)
|
||||
OPENSSL_free(s->tlsext_ellipticcurvelist);
|
||||
s->tlsext_ellipticcurvelist = clist;
|
||||
s->tlsext_ellipticcurvelist_length = nid_listlen * 2;
|
||||
return 1;
|
||||
}
|
||||
|
||||
case SSL_CTRL_SHARED_CURVES:
|
||||
{
|
||||
unsigned long mask = 0;
|
||||
unsigned char *pmask, *pref;
|
||||
size_t pmasklen, preflen, i;
|
||||
int nmatch = 0;
|
||||
/* Must be server */
|
||||
if (!s->server)
|
||||
return 0;
|
||||
/* No curves if client didn't sent supported curves extension */
|
||||
if (!s->session->tlsext_ellipticcurvelist)
|
||||
return 0;
|
||||
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
|
||||
{
|
||||
pref = s->tlsext_ellipticcurvelist;
|
||||
preflen = s->tlsext_ellipticcurvelist_length;
|
||||
pmask = s->session->tlsext_ellipticcurvelist;
|
||||
pmasklen = s->session->tlsext_ellipticcurvelist_length;
|
||||
}
|
||||
else
|
||||
{
|
||||
pref = s->session->tlsext_ellipticcurvelist;
|
||||
preflen = s->session->tlsext_ellipticcurvelist_length;
|
||||
pmask = s->tlsext_ellipticcurvelist;
|
||||
pmasklen = s->tlsext_ellipticcurvelist_length;
|
||||
}
|
||||
/* Build a mask of supported curves */
|
||||
for (i = 0; i < pmasklen; i+=2, pmask+=2)
|
||||
{
|
||||
/* Skip any curves that wont fit in mask */
|
||||
if (pmask[0] || (pmask[1] > 31))
|
||||
continue;
|
||||
mask |= 1L << pmask[1];
|
||||
}
|
||||
/* Check preference order against mask */
|
||||
for (i = 0; i < preflen; i+=2, pref+=2)
|
||||
{
|
||||
if (pref[0] || (pref[1] > 30))
|
||||
continue;
|
||||
/* Search for matching curves in preference order */
|
||||
if (mask & (1L << pref[1]))
|
||||
{
|
||||
int id = tls1_ec_curve_id2nid(pref[1]);
|
||||
if (id && parg && nmatch == larg)
|
||||
{
|
||||
*((int *)parg) = id;
|
||||
return 1;
|
||||
}
|
||||
nmatch++;
|
||||
}
|
||||
}
|
||||
if (parg)
|
||||
return 0;
|
||||
return nmatch;
|
||||
|
||||
}
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
#define SSL_CTRL_CHAIN_CERT 89
|
||||
|
||||
#define SSL_CTRL_GET_CURVELIST 90
|
||||
#define SSL_CTRL_SET_CURVELIST 91
|
||||
#define SSL_CTRL_SHARED_CURVES 92
|
||||
|
||||
#define DTLSv1_get_timeout(ssl, arg) \
|
||||
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
|
||||
@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||
SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
|
||||
#define SSL_get1_curvelist(ctx, s) \
|
||||
SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)
|
||||
#define SSL_set1_curvelist(ctx, clist, clistlen) \
|
||||
SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist)
|
||||
|
||||
|
||||
#ifndef OPENSSL_NO_BIO
|
||||
|
||||
16
ssl/t1_lib.c
16
ssl/t1_lib.c
@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
|
||||
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
|
||||
|
||||
/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
|
||||
if (s->tlsext_ellipticcurvelist == NULL)
|
||||
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
|
||||
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
|
||||
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
|
||||
{
|
||||
unsigned char *clist;
|
||||
size_t clistlen;
|
||||
s->tlsext_ellipticcurvelist_length = 0;
|
||||
clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
|
||||
clist = OPENSSL_malloc(clistlen);
|
||||
if (!clist)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
for (i = 0, j = clist; i < (int)clistlen/2; i++)
|
||||
for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
|
||||
sizeof(pref_list)/sizeof(pref_list[0]); i++)
|
||||
{
|
||||
int id = tls1_ec_nid2curve_id(pref_list[i]);
|
||||
s2n(id,j);
|
||||
}
|
||||
s->tlsext_ellipticcurvelist = clist;
|
||||
s->tlsext_ellipticcurvelist_length = clistlen;
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user