}
s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
break;
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST:
- if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(larg)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- {
- int i;
- unsigned char *sparg = (unsigned char *) parg;
- for (i = 0; i < larg; i++, sparg++)
- {
- if (TLSEXT_ECPOINTFORMAT_last < *sparg)
- {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT);
- return(0);
- }
- }
- }
- s->tlsext_ecpointformatlist_length = larg;
- memcpy(s->tlsext_ecpointformatlist, parg, larg);
- s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
- break;
-#endif /* OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */
default:
break;
return 0;
}
s->session->tlsext_ecpointformatlist_length = 0;
+ if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
s->session->tlsext_ecpointformatlist_length = 0;
+ if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
if (s->session->tlsext_ecpointformatlist == NULL)
{
s->session->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
+ if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
{
#ifndef OPENSSL_NO_EC
/* If we are client and using an elliptic curve cryptography cipher suite, send the point formats we
- * support (namely, only uncompressed points).
+ * support.
*/
int using_ecc = 0;
int i;
using_ecc = using_ecc && (s->version == TLS1_VERSION);
if (using_ecc)
{
- if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL)
+ if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
+ if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
{
SSLerr(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
return -1;
}
- s->tlsext_ecpointformatlist_length = 1;
- *s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed;
+ s->tlsext_ecpointformatlist_length = 3;
+ s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
+ s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+ s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
}
#endif /* OPENSSL_NO_EC */
return 1;
int ssl_prepare_serverhello_tlsext(SSL *s)
{
#ifndef OPENSSL_NO_EC
- /* If we are server and using an ECC cipher suite, send the point formats we support (namely, only
- * uncompressed points) if the client sent us an ECPointsFormat extension.
+ /* If we are server and using an ECC cipher suite, send the point formats we support
+ * if the client sent us an ECPointsFormat extension.
*/
int i;
int algs = s->s3->tmp.new_cipher->algorithms;
if (using_ecc)
{
- if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL)
+ if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
+ if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
{
SSLerr(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
return -1;
}
- s->tlsext_ecpointformatlist_length = 1;
- *s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed;
+ s->tlsext_ecpointformatlist_length = 3;
+ s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
+ s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+ s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
}
#endif /* OPENSSL_NO_EC */
return 1;
#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-
-#ifndef OPENSSL_NO_EC
-#define SSL_set_tlsext_ecpointformat(s,length,list) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST,length,(unsigned char *)list)
-#endif /* OPENSSL_NO_EC */
#endif
/* PSK ciphersuites from 4279 */
projects / oweals / openssl.git / commitdiff