diff options
author | steve <steve> | 2012-03-14 13:46:48 +0000 |
---|---|---|
committer | steve <steve> | 2012-03-14 13:46:48 +0000 |
commit | e66917399e06b4fb00e217c3fe54ad6b1aad2ed4 (patch) | |
tree | 5ef00e62b82a625074bedc2191e20de56685ea2c | |
parent | ea5e913a920e2379c525162d8c4e0c7fc98c8c6f (diff) | |
download | openssl-e66917399e06b4fb00e217c3fe54ad6b1aad2ed4.tar.gz |
oops, revert unrelated patches
-rw-r--r-- | apps/s_client.c | 15 | ||||
-rw-r--r-- | ssl/s3_lib.c | 88 | ||||
-rw-r--r-- | ssl/ssl.h | 4 | ||||
-rw-r--r-- | ssl/t1_lib.c | 30 |
4 files changed, 12 insertions, 125 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 30588ccf6..ce199be81 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1209,21 +1209,6 @@ bad: #endif con=SSL_new(ctx); -#if 0 -{ -int curves[3]; -int rv; -curves[0] = EC_curve_nist2nid("P-256"); -curves[1] = EC_curve_nist2nid("P-521"); -curves[2] = EC_curve_nist2nid("P-384"); -rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int)); -if (rv == 0) - { - fprintf(stderr, "Error setting curve list\n"); - exit(1); - } -} -#endif if (sess_in) { SSL_SESSION *sess; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e9addc4e5..248bb94df 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVELIST: - { - int *nid_list = parg; - size_t nid_listlen = larg, i; - unsigned char *clist, *p; - /* Bitmap of curves included to detect duplicates: only works - * while curve ids < 32 - */ - unsigned long dup_list = 0; - clist = OPENSSL_malloc(nid_listlen * 2); - for (i = 0, p = clist; i < nid_listlen; i++) - { - unsigned long idmask; - int id; - id = tls1_ec_nid2curve_id(nid_list[i]); - idmask = 1L << id; - if (!id || (dup_list & idmask)) - { - OPENSSL_free(clist); - return 0; - } - dup_list |= idmask; - s2n(id, p); - } - if (s->tlsext_ellipticcurvelist) - OPENSSL_free(s->tlsext_ellipticcurvelist); - s->tlsext_ellipticcurvelist = clist; - s->tlsext_ellipticcurvelist_length = nid_listlen * 2; - return 1; - } - - case SSL_CTRL_SHARED_CURVES: - { - unsigned long mask = 0; - unsigned char *pmask, *pref; - size_t pmasklen, preflen, i; - int nmatch = 0; - /* Must be server */ - if (!s->server) - return 0; - /* No curves if client didn't sent supported curves extension */ - if (!s->session->tlsext_ellipticcurvelist) - return 0; - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - pref = s->tlsext_ellipticcurvelist; - preflen = s->tlsext_ellipticcurvelist_length; - pmask = s->session->tlsext_ellipticcurvelist; - pmasklen = s->session->tlsext_ellipticcurvelist_length; - } - else - { - pref = s->session->tlsext_ellipticcurvelist; - preflen = s->session->tlsext_ellipticcurvelist_length; - pmask = s->tlsext_ellipticcurvelist; - pmasklen = s->tlsext_ellipticcurvelist_length; - } - /* Build a mask of supported curves */ - for (i = 0; i < pmasklen; i+=2, pmask+=2) - { - /* Skip any curves that wont fit in mask */ - if (pmask[0] || (pmask[1] > 31)) - continue; - mask |= 1L << pmask[1]; - } - /* Check preference order against mask */ - for (i = 0; i < preflen; i+=2, pref+=2) - { - if (pref[0] || (pref[1] > 30)) - continue; - /* Search for matching curves in preference order */ - if (mask & (1L << pref[1])) - { - int id = tls1_ec_curve_id2nid(pref[1]); - if (id && parg && nmatch == larg) - { - *((int *)parg) = id; - return 1; - } - nmatch++; - } - } - if (parg) - return 0; - return nmatch; - - } - default: break; } @@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_CHAIN_CERT 89 #define SSL_CTRL_GET_CURVELIST 90 -#define SSL_CTRL_SET_CURVELIST 91 -#define SSL_CTRL_SHARED_CURVES 92 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) #define SSL_get1_curvelist(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s) -#define SSL_set1_curvelist(ctx, clist, clistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist) #ifndef OPENSSL_NO_BIO diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 33c0b654d..dfd397f9b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s) s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ - if (s->tlsext_ellipticcurvelist == NULL) + if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); + s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; + if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { - unsigned char *clist; - size_t clistlen; s->tlsext_ellipticcurvelist_length = 0; - clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2; - clist = OPENSSL_malloc(clistlen); - if (!clist) - { - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); - return -1; - } - for (i = 0, j = clist; i < (int)clistlen/2; i++) - { - int id = tls1_ec_nid2curve_id(pref_list[i]); - s2n(id,j); - } - s->tlsext_ellipticcurvelist = clist; - s->tlsext_ellipticcurvelist_length = clistlen; - } + SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); + return -1; + } + for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < + sizeof(pref_list)/sizeof(pref_list[0]); i++) + { + int id = tls1_ec_nid2curve_id(pref_list[i]); + s2n(id,j); + } } #endif /* OPENSSL_NO_EC */ |