generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clarify the return values for SSL_get_shared_curve.

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 376e2ca3e3525290619602dc6013c97c9653c037)
This commit is contained in:
Emilia Kasper 2014-12-04 15:00:11 +01:00
parent 533814c6b5
commit bd34823e55
2 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/ssl/SSL_CTX_set1_curves.pod
View File

@ -45,11 +45,12 @@ B<curves> array is in the form of a set of curve NIDs in preference
order. It can return zero if the client did not send a supported curves order. It can return zero if the client did not send a supported curves
extension. extension.
SSL_get1_shared_curve() returns shared curve B<n> for B<ssl>. If B<n> is SSL_get_shared_curve() returns shared curve B<n> for a server-side
-1 then the total number of shared curves is returned, which may be SSL B<ssl>. If B<n> is -1 then the total number of shared curves is
zero. Other than for diagnostic purposes, most applications will only returned, which may be zero. Other than for diagnostic purposes,
be interested in the first shared curve so B<n> is normally set to zero. most applications will only be interested in the first shared curve
If the value B<n> is out of range zero is returned. so B<n> is normally set to zero. If the value B<n> is out of range,
NID_undef is returned.
SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve
selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then
@ -84,8 +85,12 @@ return 1 for success and 0 for failure.
SSL_get1_curves() returns the number of curves, which may be zero. SSL_get1_curves() returns the number of curves, which may be zero.
SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there
is no shared curve B<n> or the number of shared curves if B<n> is -1. is no shared curve B<n>; or the total number of shared curves if B<n>
is -1.
When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and
returns -1.
=head1 SEE ALSO =head1 SEE ALSO

17
ssl/t1_lib.c
View File

@ -540,11 +540,12 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
return 0; return 0;
} }
/* Return nth shared curve. If nmatch == -1 return number of /*
* matches. For nmatch == -2 return the NID of the curve to use for * Return |nmatch|th shared curve or NID_undef if there is no match.
* an EC tmp key. * For nmatch == -1, return number of matches
* For nmatch == -2, return the NID of the curve to use for
* an EC tmp key, or NID_undef if there is no match.
*/ */
int tls1_shared_curve(SSL *s, int nmatch) int tls1_shared_curve(SSL *s, int nmatch)
{ {
const unsigned char *pref, *supp; const unsigned char *pref, *supp;
@ -578,10 +579,11 @@ int tls1_shared_curve(SSL *s, int nmatch)
*/ */
if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0, if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0,
&supp, &num_supp)) &supp, &num_supp))
return 0; /* In practice, NID_undef == 0 but let's be precise. */
return nmatch == -1 ? 0 : NID_undef;
if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE),
&pref, &num_pref)) &pref, &num_pref))
return 0; return nmatch == -1 ? 0 : NID_undef;
k = 0; k = 0;
for (i = 0; i < num_pref; i++, pref+=2) for (i = 0; i < num_pref; i++, pref+=2)
{ {
@ -601,7 +603,8 @@ int tls1_shared_curve(SSL *s, int nmatch)
} }
if (nmatch == -1) if (nmatch == -1)
return k; return k;
return 0; /* Out of range (nmatch > k). */
return NID_undef;
} }
int tls1_set_curves(unsigned char **pext, size_t *pextlen, int tls1_set_curves(unsigned char **pext, size_t *pextlen,