oops, revert unrelated patches
authorDr. Stephen Henson <steve@openssl.org>
Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 14 Mar 2012 13:46:50 +0000 (13:46 +0000)
apps/s_client.c
ssl/s3_lib.c
ssl/ssl.h
ssl/t1_lib.c

index 30588cc..ce199be 100644 (file)
@@ -1209,21 +1209,6 @@ bad:
 #endif
 
        con=SSL_new(ctx);
-#if 0
-{
-int curves[3];
-int rv;
-curves[0] = EC_curve_nist2nid("P-256");
-curves[1] = EC_curve_nist2nid("P-521");
-curves[2] = EC_curve_nist2nid("P-384");
-rv = SSL_set1_curvelist(con, curves, sizeof(curves)/sizeof(int));
-if (rv == 0)
-       {
-       fprintf(stderr, "Error setting curve list\n");
-       exit(1);
-       }
-}
-#endif
        if (sess_in)
                {
                SSL_SESSION *sess;
index e9addc4..248bb94 100644 (file)
@@ -3391,94 +3391,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                return (int)clistlen;
                }
 
-       case SSL_CTRL_SET_CURVELIST:
-               {
-               int *nid_list = parg;
-               size_t nid_listlen = larg, i;
-               unsigned char *clist, *p;
-               /* Bitmap of curves included to detect duplicates: only works
-                * while curve ids < 32 
-                */
-               unsigned long dup_list = 0;
-               clist = OPENSSL_malloc(nid_listlen * 2);
-               for (i = 0, p = clist; i < nid_listlen; i++)
-                       {
-                       unsigned long idmask;
-                       int id;
-                       id = tls1_ec_nid2curve_id(nid_list[i]);
-                       idmask = 1L << id;
-                       if (!id || (dup_list & idmask))
-                               {
-                               OPENSSL_free(clist);
-                               return 0;
-                               }
-                       dup_list |= idmask;
-                       s2n(id, p);
-                       }
-               if (s->tlsext_ellipticcurvelist)
-                       OPENSSL_free(s->tlsext_ellipticcurvelist);
-               s->tlsext_ellipticcurvelist = clist;
-               s->tlsext_ellipticcurvelist_length = nid_listlen * 2;
-               return 1;
-               }
-
-       case SSL_CTRL_SHARED_CURVES:
-               {
-               unsigned long mask = 0;
-               unsigned char *pmask, *pref;
-               size_t pmasklen, preflen, i;
-               int nmatch = 0;
-               /* Must be server */
-               if (!s->server)
-                       return 0;
-               /* No curves if client didn't sent supported curves extension */
-               if (!s->session->tlsext_ellipticcurvelist)
-                       return 0;
-               if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-                       {
-                       pref = s->tlsext_ellipticcurvelist;
-                       preflen = s->tlsext_ellipticcurvelist_length;
-                       pmask = s->session->tlsext_ellipticcurvelist;
-                       pmasklen = s->session->tlsext_ellipticcurvelist_length;
-                       }
-               else
-                       {
-                       pref = s->session->tlsext_ellipticcurvelist;
-                       preflen = s->session->tlsext_ellipticcurvelist_length;
-                       pmask = s->tlsext_ellipticcurvelist;
-                       pmasklen = s->tlsext_ellipticcurvelist_length;
-                       }
-               /* Build a mask of supported curves */
-               for (i = 0; i < pmasklen; i+=2, pmask+=2)
-                       {
-                       /* Skip any curves that wont fit in mask */
-                       if (pmask[0] || (pmask[1] > 31))
-                               continue;
-                       mask |= 1L << pmask[1];
-                       }
-               /* Check preference order against mask */
-               for (i = 0; i < preflen; i+=2, pref+=2)
-                       {
-                       if (pref[0] || (pref[1] > 30))
-                               continue;
-                       /* Search for matching curves in preference order */
-                       if (mask & (1L << pref[1]))
-                               {
-                               int id = tls1_ec_curve_id2nid(pref[1]);
-                               if (id && parg && nmatch == larg)
-                                       {
-                                       *((int *)parg) = id;
-                                       return 1;
-                                       }
-                               nmatch++;
-                               }
-                       }
-               if (parg)
-                       return 0;
-               return nmatch;
-
-               }
-
        default:
                break;
                }
index 4215dda..3e255fc 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1619,8 +1619,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_CHAIN_CERT                    89
 
 #define SSL_CTRL_GET_CURVELIST                 90
-#define SSL_CTRL_SET_CURVELIST                 91
-#define SSL_CTRL_SHARED_CURVES                 92
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1682,8 +1680,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
 #define SSL_get1_curvelist(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)
-#define SSL_set1_curvelist(ctx, clist, clistlen) \
-       SSL_ctrl(ctx,SSL_CTRL_SET_CURVELIST,clistlen,(char *)clist)
 
 
 #ifndef OPENSSL_NO_BIO
index 33c0b65..dfd397f 100644 (file)
@@ -1678,26 +1678,20 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
                s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
 
                /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
-               if (s->tlsext_ellipticcurvelist == NULL)
+               if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
+               s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
+               if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
                        {
-                       unsigned char *clist;
-                       size_t clistlen;
                        s->tlsext_ellipticcurvelist_length = 0;
-                       clistlen = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
-                       clist = OPENSSL_malloc(clistlen);
-                       if (!clist)
-                               {
-                               SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-                               return -1;
-                               }
-                       for (i = 0, j = clist; i < (int)clistlen/2; i++)
-                               {
-                               int id = tls1_ec_nid2curve_id(pref_list[i]);
-                               s2n(id,j);
-                               }
-                       s->tlsext_ellipticcurvelist = clist;
-                       s->tlsext_ellipticcurvelist_length = clistlen;
-                       }       
+                       SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
+                       return -1;
+                       }
+               for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
+                               sizeof(pref_list)/sizeof(pref_list[0]); i++)
+                       {
+                       int id = tls1_ec_nid2curve_id(pref_list[i]);
+                       s2n(id,j);
+                       }
                }
 #endif /* OPENSSL_NO_EC */