Initial revision of ECC extension handling.

Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet.
2012-03-28 15:05:04 +00:00
parent 751e26cb9b
commit d0595f170c
10 changed files with 401 additions and 135 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3365,7 +3365,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		else
 			return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);

-	case SSL_CTRL_GET_CURVELIST:
+	case SSL_CTRL_GET_CURVES:
 		{
 		unsigned char *clist;
 		size_t clistlen;
@@ -3391,6 +3391,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		return (int)clistlen;
 		}

+	case SSL_CTRL_SET_CURVES:
+		return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+					&s->tlsext_ellipticcurvelist_length,
+								parg, larg);
+
+	case SSL_CTRL_SET_CURVES_LIST:
+		return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
+					&s->tlsext_ellipticcurvelist_length,
+								parg);
+
+	case SSL_CTRL_GET_SHARED_CURVE:
+		return tls1_shared_curve(s, larg);
+ 
+
 	default:
 		break;
 		}
@@ -3659,6 +3673,16 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 		ctx->srp_ctx.strength=larg;
 		break;
 #endif
+
+	case SSL_CTRL_SET_CURVES:
+		return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+					&ctx->tlsext_ellipticcurvelist_length,
+								parg, larg);
+
+	case SSL_CTRL_SET_CURVES_LIST:
+		return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
+					&ctx->tlsext_ellipticcurvelist_length,
+								parg);
 #endif /* !OPENSSL_NO_TLSEXT */

 	/* A Thawte special :-) */