From: Dr. Stephen Henson Date: Wed, 14 Mar 2012 13:46:50 +0000 (+0000) Subject: oops, revert unrelated patches X-Git-Tag: master-post-reformat~1903 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=156421a2af4d1295a4c188019bfe2f76af6ec895;p=oweals%2Fopenssl.git oops, revert unrelated patches --- diff --git a/apps/s_client.c b/apps/s_client.c index 30588ccf66..ce199be81b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1209,21 +1209,6 @@ bad: #endif con=SSL_new(ctx); -#if 0 -{ -int curves[3]; -int rv; -curves[0] = EC_curve_nist2nid("P-256"); -curves[1] = EC_curve_nist2nid("P-521"); -curves[2] = EC_curve_nist2nid("P-384"); -rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int)); -if (rv == 0) - { - fprintf(stderr, "Error setting curve list\n"); - exit(1); - } -} -#endif if (sess_in) { SSL_SESSION *sess; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e9addc4e58..248bb94df8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)clistlen; } - case SSL_CTRL_SET_CURVELIST: - { - int *nid_list = parg; - size_t nid_listlen = larg, i; - unsigned char *clist, *p; - /* Bitmap of curves included to detect duplicates: only works - * while curve ids < 32 - */ - unsigned long dup_list = 0; - clist = OPENSSL_malloc(nid_listlen * 2); - for (i = 0, p = clist; i < nid_listlen; i++) - { - unsigned long idmask; - int id; - id = tls1_ec_nid2curve_id(nid_list[i]); - idmask = 1L << id; - if (!id || (dup_list & idmask)) - { - OPENSSL_free(clist); - return 0; - } - dup_list |= idmask; - s2n(id, p); - } - if (s->tlsext_ellipticcurvelist) - OPENSSL_free(s->tlsext_ellipticcurvelist); - s->tlsext_ellipticcurvelist = clist; - s->tlsext_ellipticcurvelist_length = nid_listlen * 2; - return 1; - } - - case SSL_CTRL_SHARED_CURVES: - { - unsigned long mask = 0; - unsigned char *pmask, *pref; - size_t pmasklen, preflen, i; - int nmatch = 0; - /* Must be server */ - if (!s->server) - return 0; - /* No curves if client didn't sent supported curves extension */ - if (!s->session->tlsext_ellipticcurvelist) - return 0; - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - pref = s->tlsext_ellipticcurvelist; - preflen = s->tlsext_ellipticcurvelist_length; - pmask = s->session->tlsext_ellipticcurvelist; - pmasklen = s->session->tlsext_ellipticcurvelist_length; - } - else - { - pref = s->session->tlsext_ellipticcurvelist; - preflen = s->session->tlsext_ellipticcurvelist_length; - pmask = s->tlsext_ellipticcurvelist; - pmasklen = s->tlsext_ellipticcurvelist_length; - } - /* Build a mask of supported curves */ - for (i = 0; i < pmasklen; i+=2, pmask+=2) - { - /* Skip any curves that wont fit in mask */ - if (pmask[0] || (pmask[1] > 31)) - continue; - mask |= 1L << pmask[1]; - } - /* Check preference order against mask */ - for (i = 0; i < preflen; i+=2, pref+=2) - { - if (pref[0] || (pref[1] > 30)) - continue; - /* Search for matching curves in preference order */ - if (mask & (1L << pref[1])) - { - int id = tls1_ec_curve_id2nid(pref[1]); - if (id && parg && nmatch == larg) - { - *((int *)parg) = id; - return 1; - } - nmatch++; - } - } - if (parg) - return 0; - return nmatch; - - } - default: break; } diff --git a/ssl/ssl.h b/ssl/ssl.h index 4215dda89e..3e255fcfee 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_CHAIN_CERT 89 #define SSL_CTRL_GET_CURVELIST 90 -#define SSL_CTRL_SET_CURVELIST 91 -#define SSL_CTRL_SHARED_CURVES 92 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) #define SSL_get1_curvelist(ctx, s) \ SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s) -#define SSL_set1_curvelist(ctx, clist, clistlen) \ - SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist) #ifndef OPENSSL_NO_BIO diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 33c0b654d6..dfd397f9b7 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s) s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */ - if (s->tlsext_ellipticcurvelist == NULL) + if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist); + s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2; + if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { - unsigned char *clist; - size_t clistlen; s->tlsext_ellipticcurvelist_length = 0; - clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2; - clist = OPENSSL_malloc(clistlen); - if (!clist) - { - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); - return -1; - } - for (i = 0, j = clist; i < (int)clistlen/2; i++) - { - int id = tls1_ec_nid2curve_id(pref_list[i]); - s2n(id,j); - } - s->tlsext_ellipticcurvelist = clist; - s->tlsext_ellipticcurvelist_length = clistlen; - } + SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); + return -1; + } + for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i < + sizeof(pref_list)/sizeof(pref_list[0]); i++) + { + int id = tls1_ec_nid2curve_id(pref_list[i]); + s2n(id,j); + } } #endif /* OPENSSL_NO_EC */