oops, revert unrelated patches

author Dr. Stephen Henson <steve@openssl.org>

Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
diff --git a/apps/s_client.c b/apps/s_client.c

index 30588ccf66b0dab8cc5d708e87d35b8eb5c7e33f..ce199be81bbb57e5dc50bdbbd0dcfc454770f42d 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1209,21 +1209,6 @@ bad:
  #endif
  
         con=SSL_new(ctx);
  #endif
  
         con=SSL_new(ctx);
-#if 0
-{
-int curves[3];
-int rv;
-curves[0] = EC_curve_nist2nid("P-256");
-curves[1] = EC_curve_nist2nid("P-521");
-curves[2] = EC_curve_nist2nid("P-384");
-rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int));
-if (rv == 0)
-       {
-       fprintf(stderr, "Error setting curve list\n");
-       exit(1);
-       }
-}
-#endif
         if (sess_in)
                 {
                 SSL_SESSION *sess;
         if (sess_in)
                 {
                 SSL_SESSION *sess;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index e9addc4e58f1ce39d221ac238c2c8670b4b8467c..248bb94df843f63748113c82571c362e9b5a199a 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 return (int)clistlen;
                 }
  
                 return (int)clistlen;
                 }
  
-       case SSL_CTRL_SET_CURVELIST:
-               {
-               int *nid_list = parg;
-               size_t nid_listlen = larg, i;
-               unsigned char *clist, *p;
-               /* Bitmap of curves included to detect duplicates: only works
-                * while curve ids < 32 
-                */
-               unsigned long dup_list = 0;
-               clist = OPENSSL_malloc(nid_listlen * 2);
-               for (i = 0, p = clist; i < nid_listlen; i++)
-                       {
-                       unsigned long idmask;
-                       int id;
-                       id = tls1_ec_nid2curve_id(nid_list[i]);
-                       idmask = 1L << id;
-                       if (!id || (dup_list & idmask))
-                               {
-                               OPENSSL_free(clist);
-                               return 0;
-                               }
-                       dup_list |= idmask;
-                       s2n(id, p);
-                       }
-               if (s->tlsext_ellipticcurvelist)
-                       OPENSSL_free(s->tlsext_ellipticcurvelist);
-               s->tlsext_ellipticcurvelist = clist;
-               s->tlsext_ellipticcurvelist_length = nid_listlen * 2;
-               return 1;
-               }
-
-       case SSL_CTRL_SHARED_CURVES:
-               {
-               unsigned long mask = 0;
-               unsigned char *pmask, *pref;
-               size_t pmasklen, preflen, i;
-               int nmatch = 0;
-               /* Must be server */
-               if (!s->server)
-                       return 0;
-               /* No curves if client didn't sent supported curves extension */
-               if (!s->session->tlsext_ellipticcurvelist)
-                       return 0;
-               if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-                       {
-                       pref = s->tlsext_ellipticcurvelist;
-                       preflen = s->tlsext_ellipticcurvelist_length;
-                       pmask = s->session->tlsext_ellipticcurvelist;
-                       pmasklen = s->session->tlsext_ellipticcurvelist_length;
-                       }
-               else
-                       {
-                       pref = s->session->tlsext_ellipticcurvelist;
-                       preflen = s->session->tlsext_ellipticcurvelist_length;
-                       pmask = s->tlsext_ellipticcurvelist;
-                       pmasklen = s->tlsext_ellipticcurvelist_length;
-                       }
-               /* Build a mask of supported curves */
-               for (i = 0; i < pmasklen; i+=2, pmask+=2)
-                       {
-                       /* Skip any curves that wont fit in mask */
-                       if (pmask[0] || (pmask[1] > 31))
-                               continue;
-                       mask |= 1L << pmask[1];
-                       }
-               /* Check preference order against mask */
-               for (i = 0; i < preflen; i+=2, pref+=2)
-                       {
-                       if (pref[0] || (pref[1] > 30))
-                               continue;
-                       /* Search for matching curves in preference order */
-                       if (mask & (1L << pref[1]))
-                               {
-                               int id = tls1_ec_curve_id2nid(pref[1]);
-                               if (id && parg && nmatch == larg)
-                                       {
-                                       *((int *)parg) = id;
-                                       return 1;
-                                       }
-                               nmatch++;
-                               }
-                       }
-               if (parg)
-                       return 0;
-               return nmatch;
-
-               }
-
         default:
                 break;
                 }
         default:
                 break;
                 }
diff --git a/ssl/ssl.h b/ssl/ssl.h

index 4215dda89edaabbf86144953164509abb5a13354..3e255fcfeed1e347cd44a68569679cb45b806f23 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  #define SSL_CTRL_CHAIN_CERT                    89
  
  #define SSL_CTRL_GET_CURVELIST                 90
  #define SSL_CTRL_CHAIN_CERT                    89
  
  #define SSL_CTRL_GET_CURVELIST                 90
-#define SSL_CTRL_SET_CURVELIST                 91
-#define SSL_CTRL_SHARED_CURVES                 92
  
  #define DTLSv1_get_timeout(ssl, arg) \
         SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
  
  #define DTLSv1_get_timeout(ssl, arg) \
         SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
         SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
  #define SSL_get1_curvelist(ctx, s) \
         SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)
         SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
  #define SSL_get1_curvelist(ctx, s) \
         SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)
-#define SSL_set1_curvelist(ctx, clist, clistlen) \
-       SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist)
  
  
  #ifndef OPENSSL_NO_BIO
  
  
  #ifndef OPENSSL_NO_BIO
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 33c0b654d6b2ef09268a3da4ab065447ab104bbb..dfd397f9b7d033a2df650f4a0ff20def7cb7a8ea 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
                 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
  
                 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
                 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
  
                 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
-               if (s->tlsext_ellipticcurvelist == NULL)
+               if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
+               s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
+               if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
                         {
                         {
-                       unsigned char *clist;
-                       size_t clistlen;
                         s->tlsext_ellipticcurvelist_length = 0;
                         s->tlsext_ellipticcurvelist_length = 0;
-                       clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
-                       clist = OPENSSL_malloc(clistlen);
-                       if (!clist)
-                               {
-                               SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-                               return -1;
-                               }
-                       for (i = 0, j = clist; i < (int)clistlen/2; i++)
-                               {
-                               int id = tls1_ec_nid2curve_id(pref_list[i]);
-                               s2n(id,j);
-                               }
-                       s->tlsext_ellipticcurvelist = clist;
-                       s->tlsext_ellipticcurvelist_length = clistlen;
-                       }       
+                       SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+                       return -1;
+                       }
+               for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
+                               sizeof(pref_list)/sizeof(pref_list[0]); i++)
+                       {
+                       int id = tls1_ec_nid2curve_id(pref_list[i]);
+                       s2n(id,j);
+                       }
                 }
  #endif /* OPENSSL_NO_EC */
  
                 }
  #endif /* OPENSSL_NO_EC */
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
apps/s_client.c		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history
ssl/ssl.h		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history