},
/* GOST Ciphersuites */
-
+#ifndef OPENSL_NO_GOST
{
1,
"GOST2001-GOST89-GOST89",
0,
0
},
-
+#endif
#ifndef OPENSSL_NO_CAMELLIA
/* Camellia ciphersuites from RFC4132 (256-bit portion) */
256,
256,
},
-
+#ifndef OPENSSL_NO_GOST
{
1,
"GOST2012-GOST8912-GOST8912",
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256,
0,
0},
-
+#endif
/* end of list */
};
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
- EC_KEY *ecdh = NULL;
+ const EC_GROUP *group = NULL;
+ int nid;
if (parg == NULL) {
SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return (ret);
- }
- if (!EC_KEY_up_ref((EC_KEY *)parg)) {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
- return (ret);
+ return 0;
}
- ecdh = (EC_KEY *)parg;
- if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
- if (!EC_KEY_generate_key(ecdh)) {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
- return (ret);
- }
+ group = EC_KEY_get0_group((const EC_KEY *)parg);
+ if (group == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+ return 0;
}
- EC_KEY_free(s->cert->ecdh_tmp);
- s->cert->ecdh_tmp = ecdh;
- ret = 1;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+ &s->tlsext_ellipticcurvelist_length,
+ &nid, 1);
}
break;
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (ret);
- }
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
case SSL_CTRL_GET_SHARED_CURVE:
return tls1_shared_curve(s, larg);
-# ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_ECDH_AUTO:
- s->cert->ecdh_tmp_auto = larg;
- return 1;
-# endif
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(s->cert, parg, larg, 0);
s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->tlsext_debug_cb = (void (*)(SSL *, int, int,
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TMP_ECDH:
{
- EC_KEY *ecdh = NULL;
+ const EC_GROUP *group = NULL;
+ int nid;
if (parg == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ecdh = EC_KEY_dup((EC_KEY *)parg);
- if (ecdh == NULL) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
+ group = EC_KEY_get0_group((const EC_KEY *)parg);
+ if (group == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
return 0;
}
- if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
- if (!EC_KEY_generate_key(ecdh)) {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
- return 0;
- }
- }
-
- EC_KEY_free(cert->ecdh_tmp);
- cert->ecdh_tmp = ecdh;
- return 1;
+ nid = EC_GROUP_get_curve_name(group);
+ if (nid == NID_undef)
+ return 0;
+ return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+ &ctx->tlsext_ellipticcurvelist_length,
+ &nid, 1);
}
/* break; */
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (0);
- }
#endif /* !OPENSSL_NO_EC */
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
&ctx->tlsext_ellipticcurvelist_length,
parg);
- case SSL_CTRL_SET_ECDH_AUTO:
- ctx->cert->ecdh_tmp_auto = larg;
- return 1;
#endif
case SSL_CTRL_SET_SIGALGS:
return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
}
break;
-#endif
-#ifndef OPENSSL_NO_EC
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;