Loading apps/s_client.c +0 −15 Original line number Diff line number Diff line Loading @@ -1209,21 +1209,6 @@ bad: #endif con=SSL_new(ctx); #if 0 { int curves[3]; int rv; curves[0] = EC_curve_nist2nid("P-256"); curves[1] = EC_curve_nist2nid("P-521"); curves[2] = EC_curve_nist2nid("P-384"); rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int)); if (rv == 0) { fprintf(stderr, "Error setting curve list\n"); exit(1); } } #endif if (sess_in) { SSL_SESSION *sess; Loading ssl/s3_lib.c +0 −88 Original line number Diff line number Diff line Loading @@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } case SSL_CTRL_SET_CURVELIST: { int *nid_list = parg; size_t nid_listlen = larg, i; unsigned char *clist, *p; /* Bitmap of curves included to detect duplicates: only works * while curve ids < 32 */ unsigned long dup_list = 0; clist = OPENSSL_malloc(nid_listlen * 2); for (i = 0, p = clist; i < nid_listlen; i++) { unsigned long idmask; int id; id = tls1_ec_nid2curve_id(nid_list[i]); idmask = 1L << id; if (!id || (dup_list & idmask)) { OPENSSL_free(clist); return 0; } dup_list |= idmask; s2n(id, p); } if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); s->tlsext_ellipticcurvelist = clist; s->tlsext_ellipticcurvelist_length = nid_listlen * 2; return 1; } case SSL_CTRL_SHARED_CURVES: { unsigned long mask = 0; unsigned char *pmask, *pref; size_t pmasklen, preflen, i; int nmatch = 0; /* Must be server */ if (!s->server) return 0; /* No curves if client didn't sent supported curves extension */ if (!s->session->tlsext_ellipticcurvelist) return 0; if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { pref = s->tlsext_ellipticcurvelist; preflen = s->tlsext_ellipticcurvelist_length; pmask = s->session->tlsext_ellipticcurvelist; pmasklen = s->session->tlsext_ellipticcurvelist_length; } else { pref = s->session->tlsext_ellipticcurvelist; preflen = s->session->tlsext_ellipticcurvelist_length; pmask = s->tlsext_ellipticcurvelist; pmasklen = s->tlsext_ellipticcurvelist_length; } /* Build a mask of supported curves */ for (i = 0; i < pmasklen; i+=2, pmask+=2) { /* Skip any curves that wont fit in mask */ if (pmask[0] || (pmask[1] > 31)) continue; mask |= 1L << pmask[1]; } /* Check preference order against mask */ for (i = 0; i < preflen; i+=2, pref+=2) { if (pref[0] || (pref[1] > 30)) continue; /* Search for matching curves in preference order */ if (mask & (1L << pref[1])) { int id = tls1_ec_curve_id2nid(pref[1]); if (id && parg && nmatch == larg) { *((int *)parg) = id; return 1; } nmatch++; } } if (parg) return 0; return nmatch; } default: break; } Loading ssl/ssl.h +0 −4 Original line number Diff line number Diff line Loading @@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_CHAIN_CERT 89 #define SSL_CTRL_GET_CURVELIST 90 #define SSL_CTRL_SET_CURVELIST 91 #define SSL_CTRL_SHARED_CURVES 92 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) Loading Loading @@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) #define SSL_get1_curvelist(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s) #define SSL_set1_curvelist(ctx, clist, clistlen) \ SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist) #ifndef OPENSSL_NO_BIO Loading ssl/t1_lib.c +12 −18 Original line number Diff line number Diff line Loading @@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s) s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ if (s->tlsext_ellipticcurvelist == NULL) if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { unsigned char *clist; size_t clistlen; s->tlsext_ellipticcurvelist_length = 0; clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2; clist = OPENSSL_malloc(clistlen); if (!clist) { SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); return -1; } for (i = 0, j = clist; i < (int)clistlen/2; i++) for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < sizeof(pref_list)/sizeof(pref_list[0]); i++) { int id = tls1_ec_nid2curve_id(pref_list[i]); s2n(id,j); } s->tlsext_ellipticcurvelist = clist; s->tlsext_ellipticcurvelist_length = clistlen; } } #endif /* OPENSSL_NO_EC */ Loading Loading
apps/s_client.c +0 −15 Original line number Diff line number Diff line Loading @@ -1209,21 +1209,6 @@ bad: #endif con=SSL_new(ctx); #if 0 { int curves[3]; int rv; curves[0] = EC_curve_nist2nid("P-256"); curves[1] = EC_curve_nist2nid("P-521"); curves[2] = EC_curve_nist2nid("P-384"); rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int)); if (rv == 0) { fprintf(stderr, "Error setting curve list\n"); exit(1); } } #endif if (sess_in) { SSL_SESSION *sess; Loading
ssl/s3_lib.c +0 −88 Original line number Diff line number Diff line Loading @@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } case SSL_CTRL_SET_CURVELIST: { int *nid_list = parg; size_t nid_listlen = larg, i; unsigned char *clist, *p; /* Bitmap of curves included to detect duplicates: only works * while curve ids < 32 */ unsigned long dup_list = 0; clist = OPENSSL_malloc(nid_listlen * 2); for (i = 0, p = clist; i < nid_listlen; i++) { unsigned long idmask; int id; id = tls1_ec_nid2curve_id(nid_list[i]); idmask = 1L << id; if (!id || (dup_list & idmask)) { OPENSSL_free(clist); return 0; } dup_list |= idmask; s2n(id, p); } if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); s->tlsext_ellipticcurvelist = clist; s->tlsext_ellipticcurvelist_length = nid_listlen * 2; return 1; } case SSL_CTRL_SHARED_CURVES: { unsigned long mask = 0; unsigned char *pmask, *pref; size_t pmasklen, preflen, i; int nmatch = 0; /* Must be server */ if (!s->server) return 0; /* No curves if client didn't sent supported curves extension */ if (!s->session->tlsext_ellipticcurvelist) return 0; if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { pref = s->tlsext_ellipticcurvelist; preflen = s->tlsext_ellipticcurvelist_length; pmask = s->session->tlsext_ellipticcurvelist; pmasklen = s->session->tlsext_ellipticcurvelist_length; } else { pref = s->session->tlsext_ellipticcurvelist; preflen = s->session->tlsext_ellipticcurvelist_length; pmask = s->tlsext_ellipticcurvelist; pmasklen = s->tlsext_ellipticcurvelist_length; } /* Build a mask of supported curves */ for (i = 0; i < pmasklen; i+=2, pmask+=2) { /* Skip any curves that wont fit in mask */ if (pmask[0] || (pmask[1] > 31)) continue; mask |= 1L << pmask[1]; } /* Check preference order against mask */ for (i = 0; i < preflen; i+=2, pref+=2) { if (pref[0] || (pref[1] > 30)) continue; /* Search for matching curves in preference order */ if (mask & (1L << pref[1])) { int id = tls1_ec_curve_id2nid(pref[1]); if (id && parg && nmatch == larg) { *((int *)parg) = id; return 1; } nmatch++; } } if (parg) return 0; return nmatch; } default: break; } Loading
ssl/ssl.h +0 −4 Original line number Diff line number Diff line Loading @@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_CHAIN_CERT 89 #define SSL_CTRL_GET_CURVELIST 90 #define SSL_CTRL_SET_CURVELIST 91 #define SSL_CTRL_SHARED_CURVES 92 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) Loading Loading @@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) #define SSL_get1_curvelist(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s) #define SSL_set1_curvelist(ctx, clist, clistlen) \ SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist) #ifndef OPENSSL_NO_BIO Loading
ssl/t1_lib.c +12 −18 Original line number Diff line number Diff line Loading @@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s) s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ if (s->tlsext_ellipticcurvelist == NULL) if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { unsigned char *clist; size_t clistlen; s->tlsext_ellipticcurvelist_length = 0; clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2; clist = OPENSSL_malloc(clistlen); if (!clist) { SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); return -1; } for (i = 0, j = clist; i < (int)clistlen/2; i++) for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < sizeof(pref_list)/sizeof(pref_list[0]); i++) { int id = tls1_ec_nid2curve_id(pref_list[i]); s2n(id,j); } s->tlsext_ellipticcurvelist = clist; s->tlsext_ellipticcurvelist_length = clistlen; } } #endif /* OPENSSL_NO_EC */ Loading
