Loading apps/s_apps.h +1 −1 Original line number Diff line number Diff line Loading @@ -199,5 +199,5 @@ void print_ssl_cert_checks(BIO *bio, SSL *s, int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr); int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str); STACK_OF(OPENSSL_STRING) *str, int no_ecdhe); #endif apps/s_cb.c +19 −1 Original line number Diff line number Diff line Loading @@ -1594,7 +1594,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, } int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str) STACK_OF(OPENSSL_STRING) *str, int no_ecdhe) { int i; SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); Loading @@ -1602,6 +1602,11 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, { const char *param = sk_OPENSSL_STRING_value(str, i); const char *value = sk_OPENSSL_STRING_value(str, i + 1); /* If no_ecdhe or named curve already specified don't need * a default. */ if (!no_ecdhe && !strcmp(param, "-named_curve")) no_ecdhe = 1; if (SSL_CONF_cmd(cctx, param, value) <= 0) { BIO_printf(err, "Error with command: \"%s %s\"\n", Loading @@ -1610,5 +1615,18 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, return 0; } } /* This is a special case to keep existing s_server functionality: * if we don't have any curve specified *and* we haven't disabled * ECDHE then use P-256. */ if (!no_ecdhe) { if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0) { BIO_puts(err, "Error setting EC curve\n"); ERR_print_errors(err); return 0; } } return 1; } apps/s_client.c +1 −1 Original line number Diff line number Diff line Loading @@ -1149,7 +1149,7 @@ bad: if (vpm) SSL_CTX_set1_param(ctx, vpm); if (!args_ssl_call(ctx, bio_err, cctx, ssl_args)) if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1)) { ERR_print_errors(bio_err); goto end; Loading apps/s_server.c +2 −57 Original line number Diff line number Diff line Loading @@ -963,9 +963,6 @@ int MAIN(int argc, char *argv[]) char *vfyCApath=NULL,*vfyCAfile=NULL; unsigned char *context = NULL; char *dhfile = NULL; #ifndef OPENSSL_NO_ECDH char *named_curve = NULL; #endif int badop=0; int ret=1; int build_chain = 0; Loading Loading @@ -1703,7 +1700,7 @@ bad: if (vpm) SSL_CTX_set1_param(ctx, vpm); if (!args_ssl_call(ctx, bio_err, cctx, ssl_args)) if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe)) goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) Loading Loading @@ -1769,7 +1766,7 @@ bad: if (vpm) SSL_CTX_set1_param(ctx2, vpm); if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args)) if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe)) goto end; } Loading Loading @@ -1823,58 +1820,6 @@ bad: } #endif #ifndef OPENSSL_NO_ECDH if (!no_ecdhe) { EC_KEY *ecdh=NULL; if (named_curve && strcmp(named_curve, "auto")) { int nid = EC_curve_nist2nid(named_curve); if (nid == NID_undef) nid = OBJ_sn2nid(named_curve); if (nid == 0) { BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve); goto end; } } if (ecdh != NULL) { BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); } else if (named_curve) SSL_CTX_set_ecdh_auto(ctx, 1); else { BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (nistp256)\n"); goto end; } } (void)BIO_flush(bio_s_out); SSL_CTX_set_tmp_ecdh(ctx,ecdh); #ifndef OPENSSL_NO_TLSEXT if (ctx2) SSL_CTX_set_tmp_ecdh(ctx2,ecdh); #endif EC_KEY_free(ecdh); } #endif if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT Loading Loading
apps/s_apps.h +1 −1 Original line number Diff line number Diff line Loading @@ -199,5 +199,5 @@ void print_ssl_cert_checks(BIO *bio, SSL *s, int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr); int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str); STACK_OF(OPENSSL_STRING) *str, int no_ecdhe); #endif
apps/s_cb.c +19 −1 Original line number Diff line number Diff line Loading @@ -1594,7 +1594,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, } int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str) STACK_OF(OPENSSL_STRING) *str, int no_ecdhe) { int i; SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); Loading @@ -1602,6 +1602,11 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, { const char *param = sk_OPENSSL_STRING_value(str, i); const char *value = sk_OPENSSL_STRING_value(str, i + 1); /* If no_ecdhe or named curve already specified don't need * a default. */ if (!no_ecdhe && !strcmp(param, "-named_curve")) no_ecdhe = 1; if (SSL_CONF_cmd(cctx, param, value) <= 0) { BIO_printf(err, "Error with command: \"%s %s\"\n", Loading @@ -1610,5 +1615,18 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, return 0; } } /* This is a special case to keep existing s_server functionality: * if we don't have any curve specified *and* we haven't disabled * ECDHE then use P-256. */ if (!no_ecdhe) { if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0) { BIO_puts(err, "Error setting EC curve\n"); ERR_print_errors(err); return 0; } } return 1; }
apps/s_client.c +1 −1 Original line number Diff line number Diff line Loading @@ -1149,7 +1149,7 @@ bad: if (vpm) SSL_CTX_set1_param(ctx, vpm); if (!args_ssl_call(ctx, bio_err, cctx, ssl_args)) if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1)) { ERR_print_errors(bio_err); goto end; Loading
apps/s_server.c +2 −57 Original line number Diff line number Diff line Loading @@ -963,9 +963,6 @@ int MAIN(int argc, char *argv[]) char *vfyCApath=NULL,*vfyCAfile=NULL; unsigned char *context = NULL; char *dhfile = NULL; #ifndef OPENSSL_NO_ECDH char *named_curve = NULL; #endif int badop=0; int ret=1; int build_chain = 0; Loading Loading @@ -1703,7 +1700,7 @@ bad: if (vpm) SSL_CTX_set1_param(ctx, vpm); if (!args_ssl_call(ctx, bio_err, cctx, ssl_args)) if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe)) goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile)) Loading Loading @@ -1769,7 +1766,7 @@ bad: if (vpm) SSL_CTX_set1_param(ctx2, vpm); if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args)) if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe)) goto end; } Loading Loading @@ -1823,58 +1820,6 @@ bad: } #endif #ifndef OPENSSL_NO_ECDH if (!no_ecdhe) { EC_KEY *ecdh=NULL; if (named_curve && strcmp(named_curve, "auto")) { int nid = EC_curve_nist2nid(named_curve); if (nid == NID_undef) nid = OBJ_sn2nid(named_curve); if (nid == 0) { BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve); goto end; } } if (ecdh != NULL) { BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); } else if (named_curve) SSL_CTX_set_ecdh_auto(ctx, 1); else { BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (ecdh == NULL) { BIO_printf(bio_err, "unable to create curve (nistp256)\n"); goto end; } } (void)BIO_flush(bio_s_out); SSL_CTX_set_tmp_ecdh(ctx,ecdh); #ifndef OPENSSL_NO_TLSEXT if (ctx2) SSL_CTX_set_tmp_ecdh(ctx2,ecdh); #endif EC_KEY_free(ecdh); } #endif if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT Loading
