From 156421a2af4d1295a4c188019bfe2f76af6ec895 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 14 Mar 2012 13:46:50 +0000
Subject: [PATCH] oops, revert unrelated patches

---
 apps/s_client.c | 15 ---------
 ssl/s3_lib.c    | 88 -------------------------------------------------
 ssl/ssl.h       |  4 ---
 ssl/t1_lib.c    | 30 +++++++----------
 4 files changed, 12 insertions(+), 125 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 30588ccf66..ce199be81b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1209,21 +1209,6 @@ bad:
 #endif
 
 	con=SSL_new(ctx);
-#if 0
-{
-int curves[3];
-int rv;
-curves[0] = EC_curve_nist2nid("P-256");
-curves[1] = EC_curve_nist2nid("P-521");
-curves[2] = EC_curve_nist2nid("P-384");
-rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int));
-if (rv == 0)
-	{
-	fprintf(stderr, "Error setting curve list\n");
-	exit(1);
-	}
-}
-#endif
 	if (sess_in)
 		{
 		SSL_SESSION *sess;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e9addc4e58..248bb94df8 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		return (int)clistlen;
 		}
 
-	case SSL_CTRL_SET_CURVELIST:
-		{
-		int *nid_list = parg;
-		size_t nid_listlen = larg, i;
-		unsigned char *clist, *p;
-		/* Bitmap of curves included to detect duplicates: only works
-		 * while curve ids < 32 
-		 */
-		unsigned long dup_list = 0;
-		clist = OPENSSL_malloc(nid_listlen * 2);
-		for (i = 0, p = clist; i < nid_listlen; i++)
-			{
-			unsigned long idmask;
-			int id;
-			id = tls1_ec_nid2curve_id(nid_list[i]);
-			idmask = 1L << id;
-			if (!id || (dup_list & idmask))
-				{
-				OPENSSL_free(clist);
-				return 0;
-				}
-			dup_list |= idmask;
-			s2n(id, p);
-			}
-		if (s->tlsext_ellipticcurvelist)
-			OPENSSL_free(s->tlsext_ellipticcurvelist);
-		s->tlsext_ellipticcurvelist = clist;
-		s->tlsext_ellipticcurvelist_length = nid_listlen * 2;
-		return 1;
-		}
-
-	case SSL_CTRL_SHARED_CURVES:
-		{
-		unsigned long mask = 0;
-		unsigned char *pmask, *pref;
-		size_t pmasklen, preflen, i;
-		int nmatch = 0;
-		/* Must be server */
-		if (!s->server)
-			return 0;
-		/* No curves if client didn't sent supported curves extension */
-		if (!s->session->tlsext_ellipticcurvelist)
-			return 0;
-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-			{
-			pref = s->tlsext_ellipticcurvelist;
-			preflen = s->tlsext_ellipticcurvelist_length;
-			pmask = s->session->tlsext_ellipticcurvelist;
-			pmasklen = s->session->tlsext_ellipticcurvelist_length;
-			}
-		else
-			{
-			pref = s->session->tlsext_ellipticcurvelist;
-			preflen = s->session->tlsext_ellipticcurvelist_length;
-			pmask = s->tlsext_ellipticcurvelist;
-			pmasklen = s->tlsext_ellipticcurvelist_length;
-			}
-		/* Build a mask of supported curves */
-		for (i = 0; i < pmasklen; i+=2, pmask+=2)
-			{
-			/* Skip any curves that wont fit in mask */
-			if (pmask[0] || (pmask[1] > 31))
-				continue;
-			mask |= 1L << pmask[1];
-			}
-		/* Check preference order against mask */
-		for (i = 0; i < preflen; i+=2, pref+=2)
-			{
-			if (pref[0] || (pref[1] > 30))
-				continue;
-			/* Search for matching curves in preference order */
-			if (mask & (1L << pref[1]))
-				{
-				int id = tls1_ec_curve_id2nid(pref[1]);
-				if (id && parg && nmatch == larg)
-					{
-					*((int *)parg) = id;
-					return 1;
-					}
-				nmatch++;
-				}
-			}
-		if (parg)
-			return 0;
-		return nmatch;
-
-		}
-
 	default:
 		break;
 		}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 4215dda89e..3e255fcfee 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_CHAIN_CERT			89
 
 #define SSL_CTRL_GET_CURVELIST			90
-#define SSL_CTRL_SET_CURVELIST			91
-#define SSL_CTRL_SHARED_CURVES			92
 
 #define DTLSv1_get_timeout(ssl, arg) \
 	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 	SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
 #define SSL_get1_curvelist(ctx, s) \
 	SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)
-#define SSL_set1_curvelist(ctx, clist, clistlen) \
-	SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist)
 
 
 #ifndef OPENSSL_NO_BIO
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 33c0b654d6..dfd397f9b7 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
 		s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
 
 		/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
-		if (s->tlsext_ellipticcurvelist == NULL)
+		if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
+		s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
+		if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
 			{
-			unsigned char *clist;
-			size_t clistlen;
 			s->tlsext_ellipticcurvelist_length = 0;
-			clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
-			clist = OPENSSL_malloc(clistlen);
-			if (!clist)
-				{
-				SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-				return -1;
-				}
-			for (i = 0, j = clist; i < (int)clistlen/2; i++)
-				{
-				int id = tls1_ec_nid2curve_id(pref_list[i]);
-				s2n(id,j);
-				}
-			s->tlsext_ellipticcurvelist = clist;
-			s->tlsext_ellipticcurvelist_length = clistlen;
-			}	
+			SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
+				sizeof(pref_list)/sizeof(pref_list[0]); i++)
+			{
+			int id = tls1_ec_nid2curve_id(pref_list[i]);
+			s2n(id,j);
+			}
 		}
 #endif /* OPENSSL_NO_EC */
 
-- 
2.25.1