Loading doc/ssl/SSL_CTX_set1_curves.pod +12 −7 Original line number Diff line number Diff line Loading @@ -45,11 +45,12 @@ B<curves> array is in the form of a set of curve NIDs in preference order. It can return zero if the client did not send a supported curves extension. SSL_get1_shared_curve() returns shared curve B<n> for B<ssl>. If B<n> is -1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared curve so B<n> is normally set to zero. If the value B<n> is out of range zero is returned. SSL_get_shared_curve() returns shared curve B<n> for a server-side SSL B<ssl>. If B<n> is -1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared curve so B<n> is normally set to zero. If the value B<n> is out of range, NID_undef is returned. SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then Loading Loading @@ -84,8 +85,12 @@ return 1 for success and 0 for failure. SSL_get1_curves() returns the number of curves, which may be zero. SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there is no shared curve B<n> or the number of shared curves if B<n> is -1. SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there is no shared curve B<n>; or the total number of shared curves if B<n> is -1. When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and returns -1. =head1 SEE ALSO Loading ssl/t1_lib.c +10 −7 Original line number Diff line number Diff line Loading @@ -504,11 +504,12 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) return 0; } /* Return nth shared curve. If nmatch == -1 return number of * matches. For nmatch == -2 return the NID of the curve to use for * an EC tmp key. /* * Return |nmatch|th shared curve or NID_undef if there is no match. * For nmatch == -1, return number of matches * For nmatch == -2, return the NID of the curve to use for * an EC tmp key, or NID_undef if there is no match. */ int tls1_shared_curve(SSL *s, int nmatch) { const unsigned char *pref, *supp; Loading Loading @@ -542,10 +543,11 @@ int tls1_shared_curve(SSL *s, int nmatch) */ if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0, &supp, &num_supp)) return 0; /* In practice, NID_undef == 0 but let's be precise. */ return nmatch == -1 ? 0 : NID_undef; if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref)) return 0; return nmatch == -1 ? 0 : NID_undef; k = 0; for (i = 0; i < num_pref; i++, pref+=2) { Loading @@ -567,7 +569,8 @@ int tls1_shared_curve(SSL *s, int nmatch) } if (nmatch == -1) return k; return 0; /* Out of range (nmatch > k). */ return NID_undef; } int tls1_set_curves(unsigned char **pext, size_t *pextlen, Loading Loading
doc/ssl/SSL_CTX_set1_curves.pod +12 −7 Original line number Diff line number Diff line Loading @@ -45,11 +45,12 @@ B<curves> array is in the form of a set of curve NIDs in preference order. It can return zero if the client did not send a supported curves extension. SSL_get1_shared_curve() returns shared curve B<n> for B<ssl>. If B<n> is -1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared curve so B<n> is normally set to zero. If the value B<n> is out of range zero is returned. SSL_get_shared_curve() returns shared curve B<n> for a server-side SSL B<ssl>. If B<n> is -1 then the total number of shared curves is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared curve so B<n> is normally set to zero. If the value B<n> is out of range, NID_undef is returned. SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then Loading Loading @@ -84,8 +85,12 @@ return 1 for success and 0 for failure. SSL_get1_curves() returns the number of curves, which may be zero. SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there is no shared curve B<n> or the number of shared curves if B<n> is -1. SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there is no shared curve B<n>; or the total number of shared curves if B<n> is -1. When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and returns -1. =head1 SEE ALSO Loading
ssl/t1_lib.c +10 −7 Original line number Diff line number Diff line Loading @@ -504,11 +504,12 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) return 0; } /* Return nth shared curve. If nmatch == -1 return number of * matches. For nmatch == -2 return the NID of the curve to use for * an EC tmp key. /* * Return |nmatch|th shared curve or NID_undef if there is no match. * For nmatch == -1, return number of matches * For nmatch == -2, return the NID of the curve to use for * an EC tmp key, or NID_undef if there is no match. */ int tls1_shared_curve(SSL *s, int nmatch) { const unsigned char *pref, *supp; Loading Loading @@ -542,10 +543,11 @@ int tls1_shared_curve(SSL *s, int nmatch) */ if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0, &supp, &num_supp)) return 0; /* In practice, NID_undef == 0 but let's be precise. */ return nmatch == -1 ? 0 : NID_undef; if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref)) return 0; return nmatch == -1 ? 0 : NID_undef; k = 0; for (i = 0; i < num_pref; i++, pref+=2) { Loading @@ -567,7 +569,8 @@ int tls1_shared_curve(SSL *s, int nmatch) } if (nmatch == -1) return k; return 0; /* Out of range (nmatch > k). */ return NID_undef; } int tls1_set_curves(unsigned char **pext, size_t *pextlen, Loading
Matt Caswell <matt@openssl.org>Matt Caswell <matt@openssl.org>