Loading ssl/s3_lib.c +0 −24 Original line number Diff line number Diff line Loading @@ -1754,30 +1754,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST: if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(larg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); return 0; } { int i; unsigned char *sparg = (unsigned char *) parg; for (i = 0; i < larg; i++, sparg++) { if (TLSEXT_ECPOINTFORMAT_last < *sparg) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT); return(0); } } } s->tlsext_ecpointformatlist_length = larg; memcpy(s->tlsext_ecpointformatlist, parg, larg); s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; #endif /* OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_TLSEXT */ default: break; Loading ssl/ssl.h +0 −1 Original line number Diff line number Diff line Loading @@ -1289,7 +1289,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST 56 #endif #define SSL_session_reused(ssl) \ Loading ssl/ssl_sess.c +1 −0 Original line number Diff line number Diff line Loading @@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session) #ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist) { if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); Loading ssl/t1_lib.c +18 −9 Original line number Diff line number Diff line Loading @@ -359,6 +359,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 0; } s->session->tlsext_ecpointformatlist_length = 0; if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; Loading Loading @@ -430,6 +431,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 0; } s->session->tlsext_ecpointformatlist_length = 0; if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; Loading Loading @@ -485,6 +487,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (s->session->tlsext_ecpointformatlist == NULL) { s->session->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; Loading @@ -509,7 +512,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s) { #ifndef OPENSSL_NO_EC /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats we * support (namely, only uncompressed points). * support. */ int using_ecc = 0; int i; Loading @@ -528,13 +531,16 @@ int ssl_prepare_clienthello_tlsext(SSL *s) using_ecc = using_ecc && (s->version == TLS1_VERSION); if (using_ecc) { if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL) if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) { SSLerr(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); return -1; } s->tlsext_ecpointformatlist_length = 1; *s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist_length = 3; s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; } #endif /* OPENSSL_NO_EC */ return 1; Loading @@ -543,8 +549,8 @@ int ssl_prepare_clienthello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s) { #ifndef OPENSSL_NO_EC /* If we are server and using an ECC cipher suite, send the point formats we support (namely, only * uncompressed points) if the client sent us an ECPointsFormat extension. /* If we are server and using an ECC cipher suite, send the point formats we support * if the client sent us an ECPointsFormat extension. */ int i; int algs = s->s3->tmp.new_cipher->algorithms; Loading @@ -553,13 +559,16 @@ int ssl_prepare_serverhello_tlsext(SSL *s) if (using_ecc) { if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL) if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) { SSLerr(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); return -1; } s->tlsext_ecpointformatlist_length = 1; *s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist_length = 3; s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; } #endif /* OPENSSL_NO_EC */ return 1; Loading ssl/tls1.h +0 −5 Original line number Diff line number Diff line Loading @@ -223,11 +223,6 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #ifndef OPENSSL_NO_EC #define SSL_set_tlsext_ecpointformat(s,length,list) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST,length,(unsigned char *)list) #endif /* OPENSSL_NO_EC */ #endif /* PSK ciphersuites from 4279 */ Loading Loading
ssl/s3_lib.c +0 −24 Original line number Diff line number Diff line Loading @@ -1754,30 +1754,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST: if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(larg)) == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); return 0; } { int i; unsigned char *sparg = (unsigned char *) parg; for (i = 0; i < larg; i++, sparg++) { if (TLSEXT_ECPOINTFORMAT_last < *sparg) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT); return(0); } } } s->tlsext_ecpointformatlist_length = larg; memcpy(s->tlsext_ecpointformatlist, parg, larg); s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ break; #endif /* OPENSSL_NO_EC */ #endif /* !OPENSSL_NO_TLSEXT */ default: break; Loading
ssl/ssl.h +0 −1 Original line number Diff line number Diff line Loading @@ -1289,7 +1289,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST 56 #endif #define SSL_session_reused(ssl) \ Loading
ssl/ssl_sess.c +1 −0 Original line number Diff line number Diff line Loading @@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session) #ifndef OPENSSL_NO_EC if (s->tlsext_ecpointformatlist) { if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); Loading
ssl/t1_lib.c +18 −9 Original line number Diff line number Diff line Loading @@ -359,6 +359,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 0; } s->session->tlsext_ecpointformatlist_length = 0; if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; Loading Loading @@ -430,6 +431,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in return 0; } s->session->tlsext_ecpointformatlist_length = 0; if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; Loading Loading @@ -485,6 +487,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (s->session->tlsext_ecpointformatlist == NULL) { s->session->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; Loading @@ -509,7 +512,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s) { #ifndef OPENSSL_NO_EC /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats we * support (namely, only uncompressed points). * support. */ int using_ecc = 0; int i; Loading @@ -528,13 +531,16 @@ int ssl_prepare_clienthello_tlsext(SSL *s) using_ecc = using_ecc && (s->version == TLS1_VERSION); if (using_ecc) { if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL) if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) { SSLerr(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); return -1; } s->tlsext_ecpointformatlist_length = 1; *s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist_length = 3; s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; } #endif /* OPENSSL_NO_EC */ return 1; Loading @@ -543,8 +549,8 @@ int ssl_prepare_clienthello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s) { #ifndef OPENSSL_NO_EC /* If we are server and using an ECC cipher suite, send the point formats we support (namely, only * uncompressed points) if the client sent us an ECPointsFormat extension. /* If we are server and using an ECC cipher suite, send the point formats we support * if the client sent us an ECPointsFormat extension. */ int i; int algs = s->s3->tmp.new_cipher->algorithms; Loading @@ -553,13 +559,16 @@ int ssl_prepare_serverhello_tlsext(SSL *s) if (using_ecc) { if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL) if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist); if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) { SSLerr(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); return -1; } s->tlsext_ecpointformatlist_length = 1; *s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist_length = 3; s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; } #endif /* OPENSSL_NO_EC */ return 1; Loading
ssl/tls1.h +0 −5 Original line number Diff line number Diff line Loading @@ -223,11 +223,6 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #ifndef OPENSSL_NO_EC #define SSL_set_tlsext_ecpointformat(s,length,list) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST,length,(unsigned char *)list) #endif /* OPENSSL_NO_EC */ #endif /* PSK ciphersuites from 4279 */ Loading
