SHA-1 for x86_64.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d75588676d22c06aa32c5da3622a2af17d43216a..06cb57d9eaa760cc53ec187ec8517601867657b3 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -221,9 +221,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                /* Add TLS extension EllipticCurves to the ClientHello message */
                long lenmax; 
 
-               if ((lenmax = limit - p - 5) < 0) return NULL; 
+               if ((lenmax = limit - p - 6) < 0) return NULL; 
                if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
-               if (s->tlsext_ellipticcurvelist_length > 255)
+               if (s->tlsext_ellipticcurvelist_length > 65532)
                        {
                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
                        return NULL;
@@ -231,6 +231,12 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                
                s2n(TLSEXT_TYPE_elliptic_curves,ret);
                s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
+
+               /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
+                * elliptic_curve_list, but the examples use two bytes.
+                * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
+                * resolves this to two bytes.
+                */
                s2n(s->tlsext_ellipticcurvelist_length, ret);
                memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
                ret+=s->tlsext_ellipticcurvelist_length;