{
switch (cmd)
{
+#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_CURVES_LIST:
return tls1_set_curves_list(NULL, NULL, parg);
+#endif
case SSL_CTRL_SET_SIGALGS_LIST:
case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
return tls1_set_sigalgs_list(NULL, parg, 0);
else
*len = ssl->s3->alpn_selected_len;
}
+
+int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
+ unsigned short supp_data_type,
+ cli_supp_data_first_cb_fn fn1,
+ cli_supp_data_second_cb_fn fn2, void* arg)
+ {
+ size_t i;
+ cli_supp_data_record* record;
+
+ /* Check for duplicates */
+ for (i=0; i < ctx->cli_supp_data_records_count; i++)
+ if (supp_data_type == ctx->cli_supp_data_records[i].supp_data_type)
+ return 0;
+
+ ctx->cli_supp_data_records = OPENSSL_realloc(ctx->cli_supp_data_records,
+ (ctx->cli_supp_data_records_count+1) * sizeof(cli_supp_data_record));
+ if (!ctx->cli_supp_data_records)
+ {
+ ctx->cli_supp_data_records_count = 0;
+ return 0;
+ }
+ ctx->cli_supp_data_records_count++;
+ record = &ctx->cli_supp_data_records[ctx->cli_supp_data_records_count - 1];
+ record->supp_data_type = supp_data_type;
+ record->fn1 = fn1;
+ record->fn2 = fn2;
+ record->arg = arg;
+ return 1;
+ }
+
+int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
+ unsigned short supp_data_type,
+ srv_supp_data_first_cb_fn fn1,
+ srv_supp_data_second_cb_fn fn2, void* arg)
+ {
+ size_t i;
+ srv_supp_data_record* record;
+
+ /* Check for duplicates */
+ for (i=0; i < ctx->srv_supp_data_records_count; i++)
+ if (supp_data_type == ctx->srv_supp_data_records[i].supp_data_type)
+ return 0;
+
+ ctx->srv_supp_data_records = OPENSSL_realloc(ctx->srv_supp_data_records,
+ (ctx->srv_supp_data_records_count+1) * sizeof(srv_supp_data_record));
+ if (!ctx->srv_supp_data_records)
+ {
+ ctx->srv_supp_data_records_count = 0;
+ return 0;
+ }
+ ctx->srv_supp_data_records_count++;
+ record = &ctx->srv_supp_data_records[ctx->srv_supp_data_records_count - 1];
+ record->supp_data_type = supp_data_type;
+ record->fn1 = fn1;
+ record->fn2 = fn2;
+ record->arg = arg;
+
+ return 1;
+ }
+
#endif /* !OPENSSL_NO_TLSEXT */
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
ret->custom_cli_ext_records_count = 0;
ret->custom_srv_ext_records = NULL;
ret->custom_srv_ext_records_count = 0;
+ ret->cli_supp_data_records = NULL;
+ ret->cli_supp_data_records_count = 0;
+ ret->srv_supp_data_records = NULL;
+ ret->srv_supp_data_records_count = 0;
#ifndef OPENSSL_NO_BUF_FREELISTS
ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
#ifndef OPENSSL_NO_TLSEXT
OPENSSL_free(a->custom_cli_ext_records);
OPENSSL_free(a->custom_srv_ext_records);
+ OPENSSL_free(a->cli_supp_data_records);
+ OPENSSL_free(a->srv_supp_data_records);
#endif
#ifndef OPENSSL_NO_ENGINE
if (a->client_cert_engine)
int rsa_enc_export,dh_rsa_export,dh_dsa_export;
int rsa_tmp_export,dh_tmp_export,kl;
unsigned long mask_k,mask_a,emask_k,emask_a;
- int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDSA
+ int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+#endif
#ifndef OPENSSL_NO_ECDH
- int have_ecdh_tmp;
+ int have_ecdh_tmp, ecdh_ok;
#endif
+#ifndef OPENSSL_NO_EC
X509 *x = NULL;
EVP_PKEY *ecc_pkey = NULL;
int signature_nid = 0, pk_nid = 0, md_nid = 0;
-
+#endif
if (c == NULL) return;
kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
dh_dsa= cpk->valid_flags & CERT_PKEY_VALID;
dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
cpk= &(c->pkeys[SSL_PKEY_ECC]);
+#ifndef OPENSSL_NO_EC
have_ecc_cert= cpk->valid_flags & CERT_PKEY_VALID;
+#endif
mask_k=0;
mask_a=0;
emask_k=0;
/* An ECC certificate may be usable for ECDH and/or
* ECDSA cipher suites depending on the key usage extension.
*/
+#ifndef OPENSSL_NO_EC
if (have_ecc_cert)
{
cpk = &c->pkeys[SSL_PKEY_ECC];
}
#endif
}
+#endif
#ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp)
}
#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length)
- {
- CERT *c;
- int i;
-
- c = s->cert;
- i = ssl_get_server_cert_index(s);
-
- if (i == -1)
- return NULL;
-
- *authz_length = 0;
- if (c->pkeys[i].authz == NULL)
- return(NULL);
- *authz_length = c->pkeys[i].authz_length;
-
- return c->pkeys[i].authz;
- }
-
int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
size_t *serverinfo_length)
{