Loading apps/s_cb.c +4 −3 Original line number Diff line number Diff line Loading @@ -423,7 +423,7 @@ int ssl_print_sigalgs(BIO *out, SSL *s) BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); return 1; } #ifndef OPENSSL_NO_EC int ssl_print_point_formats(BIO *out, SSL *s) { int i, nformats; Loading Loading @@ -515,7 +515,7 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) BIO_puts(out, "\n"); return 1; } #endif int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; Loading @@ -531,7 +531,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) case EVP_PKEY_DH: BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); break; #ifndef OPENSSL_NO_ECDH case EVP_PKEY_EC: { EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); Loading @@ -545,6 +545,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key)); } #endif } EVP_PKEY_free(key); return 1; Loading apps/s_server.c +5 −0 Original line number Diff line number Diff line Loading @@ -2555,7 +2555,10 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_s_out, con); ssl_print_curves(bio_s_out, con, 0); #endif BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) Loading Loading @@ -2875,7 +2878,9 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"\n"); } ssl_print_sigalgs(io, con); #ifndef OPENSSL_NO_EC ssl_print_curves(io, con, 0); #endif BIO_printf(io,(SSL_cache_hit(con) ?"---\nReused, " :"---\nNew, ")); Loading crypto/x509/x509_cmp.c +16 −0 Original line number Diff line number Diff line Loading @@ -349,6 +349,8 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) * flags. */ #ifndef OPENSSL_NO_EC static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) { const EC_GROUP *grp = NULL; Loading Loading @@ -465,6 +467,20 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } #else int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags) { return 0; } int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) { return 0; } #endif /* Not strictly speaking an "up_ref" as a STACK doesn't have a reference * count but it has the same effect by duping the STACK and upping the ref * of each X509 structure. Loading ssl/s3_lib.c +14 −6 Original line number Diff line number Diff line Loading @@ -3397,6 +3397,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg); #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_CURVES: { unsigned char *clist; Loading Loading @@ -3439,7 +3440,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_ECDH_AUTO: s->cert->ecdh_tmp_auto = larg; return 1; #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); Loading Loading @@ -3510,9 +3511,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) return 0; #endif ptmp = EVP_PKEY_new(); if (!ptmp) return 0; Loading @@ -3537,7 +3540,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY_free(ptmp); return 0; } #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { SSL_SESSION *sess = s->session; Loading @@ -3547,7 +3550,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) *pformat = sess->tlsext_ecpointformatlist; return (int)sess->tlsext_ecpointformatlist_length; } #endif default: break; } Loading Loading @@ -3812,6 +3815,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; #endif #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_CURVES: return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, Loading @@ -3824,7 +3828,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); Loading Loading @@ -4137,7 +4141,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ret=0; const unsigned char *sig; size_t i, siglen; int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0; int have_rsa_sign = 0, have_dsa_sign = 0; #ifndef OPENSSL_NO_ECDSA int have_ecdsa_sign = 0; #endif int nostrict = 1; unsigned long alg_k; Loading @@ -4162,10 +4169,11 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) case TLSEXT_signature_dsa: have_dsa_sign = 1; break; #ifndef OPENSSL_NO_ECDSA case TLSEXT_signature_ecdsa: have_ecdsa_sign = 1; break; #endif } } Loading ssl/ssl_ciph.c +4 −3 Original line number Diff line number Diff line Loading @@ -1350,7 +1350,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, return(retval); } #ifndef OPENSSL_NO_EC static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { Loading Loading @@ -1405,6 +1405,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, c->ecdh_tmp_auto = 1; return 1; } #endif STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, Loading @@ -1424,10 +1425,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) return NULL; #ifndef OPENSSL_NO_EC if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) return NULL; #endif /* * To reduce the work to do we only want to process the compiled Loading Loading
apps/s_cb.c +4 −3 Original line number Diff line number Diff line Loading @@ -423,7 +423,7 @@ int ssl_print_sigalgs(BIO *out, SSL *s) BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); return 1; } #ifndef OPENSSL_NO_EC int ssl_print_point_formats(BIO *out, SSL *s) { int i, nformats; Loading Loading @@ -515,7 +515,7 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) BIO_puts(out, "\n"); return 1; } #endif int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; Loading @@ -531,7 +531,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) case EVP_PKEY_DH: BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); break; #ifndef OPENSSL_NO_ECDH case EVP_PKEY_EC: { EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); Loading @@ -545,6 +545,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key)); } #endif } EVP_PKEY_free(key); return 1; Loading
apps/s_server.c +5 −0 Original line number Diff line number Diff line Loading @@ -2555,7 +2555,10 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); #ifndef OPENSSL_NO_EC ssl_print_point_formats(bio_s_out, con); ssl_print_curves(bio_s_out, con, 0); #endif BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) Loading Loading @@ -2875,7 +2878,9 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"\n"); } ssl_print_sigalgs(io, con); #ifndef OPENSSL_NO_EC ssl_print_curves(io, con, 0); #endif BIO_printf(io,(SSL_cache_hit(con) ?"---\nReused, " :"---\nNew, ")); Loading
crypto/x509/x509_cmp.c +16 −0 Original line number Diff line number Diff line Loading @@ -349,6 +349,8 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) * flags. */ #ifndef OPENSSL_NO_EC static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) { const EC_GROUP *grp = NULL; Loading Loading @@ -465,6 +467,20 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); return check_suite_b(pk, sign_nid, &flags); } #else int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, unsigned long flags) { return 0; } int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) { return 0; } #endif /* Not strictly speaking an "up_ref" as a STACK doesn't have a reference * count but it has the same effect by duping the STACK and upping the ref * of each X509 structure. Loading
ssl/s3_lib.c +14 −6 Original line number Diff line number Diff line Loading @@ -3397,6 +3397,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg); #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_CURVES: { unsigned char *clist; Loading Loading @@ -3439,7 +3440,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_SET_ECDH_AUTO: s->cert->ecdh_tmp_auto = larg; return 1; #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); Loading Loading @@ -3510,9 +3511,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) return 0; #endif ptmp = EVP_PKEY_new(); if (!ptmp) return 0; Loading @@ -3537,7 +3540,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY_free(ptmp); return 0; } #ifndef OPENSSL_NO_EC case SSL_CTRL_GET_EC_POINT_FORMATS: { SSL_SESSION *sess = s->session; Loading @@ -3547,7 +3550,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) *pformat = sess->tlsext_ecpointformatlist; return (int)sess->tlsext_ecpointformatlist_length; } #endif default: break; } Loading Loading @@ -3812,6 +3815,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) break; #endif #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_CURVES: return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, Loading @@ -3824,7 +3828,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); Loading Loading @@ -4137,7 +4141,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ret=0; const unsigned char *sig; size_t i, siglen; int have_rsa_sign = 0, have_dsa_sign = 0, have_ecdsa_sign = 0; int have_rsa_sign = 0, have_dsa_sign = 0; #ifndef OPENSSL_NO_ECDSA int have_ecdsa_sign = 0; #endif int nostrict = 1; unsigned long alg_k; Loading @@ -4162,10 +4169,11 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) case TLSEXT_signature_dsa: have_dsa_sign = 1; break; #ifndef OPENSSL_NO_ECDSA case TLSEXT_signature_ecdsa: have_ecdsa_sign = 1; break; #endif } } Loading
ssl/ssl_ciph.c +4 −3 Original line number Diff line number Diff line Loading @@ -1350,7 +1350,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, return(retval); } #ifndef OPENSSL_NO_EC static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { Loading Loading @@ -1405,6 +1405,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, c->ecdh_tmp_auto = 1; return 1; } #endif STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, Loading @@ -1424,10 +1425,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) return NULL; #ifndef OPENSSL_NO_EC if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) return NULL; #endif /* * To reduce the work to do we only want to process the compiled Loading
