QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-29 19:24:37 +00:00
Code Issues Projects Releases Wiki Activity

udpate Supported Point Formats Extension code

Browse Source 
Submitted by: Douglas Stebila
This commit is contained in:
Bodo Möller 2006-03-13 01:24:38 +00:00
parent 6adbcb9755
commit b6acb8d0de
5 changed files with 19 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ssl/s3_lib.c
View File

@ -1754,30 +1754,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
} }
s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */ s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
break; break;
#ifndef OPENSSL_NO_EC
case SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST:
if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(larg)) == NULL)
{
SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
}
{
int i;
unsigned char *sparg = (unsigned char *) parg;
for (i = 0; i < larg; i++, sparg++)
{
if (TLSEXT_ECPOINTFORMAT_last < *sparg)
{
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT);
return(0);
}
}
}
s->tlsext_ecpointformatlist_length = larg;
memcpy(s->tlsext_ecpointformatlist, parg, larg);
s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
break;
#endif /* OPENSSL_NO_EC */
#endif /* !OPENSSL_NO_TLSEXT */ #endif /* !OPENSSL_NO_TLSEXT */
default: default:
break; break;

1
ssl/ssl.h
View File

@ -1289,7 +1289,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#define SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST 56
#endif #endif
#define SSL_session_reused(ssl) \ #define SSL_session_reused(ssl) \

1
ssl/ssl_sess.c
View File

@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session)
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
if (s->tlsext_ecpointformatlist) if (s->tlsext_ecpointformatlist)
{ {
if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
{ {
SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);

27
ssl/t1_lib.c
View File

@ -359,6 +359,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
return 0; return 0;
} }
s->session->tlsext_ecpointformatlist_length = 0; s->session->tlsext_ecpointformatlist_length = 0;
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
{ {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
@ -430,6 +431,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
return 0; return 0;
} }
s->session->tlsext_ecpointformatlist_length = 0; s->session->tlsext_ecpointformatlist_length = 0;
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
{ {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
@ -485,6 +487,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (s->session->tlsext_ecpointformatlist == NULL) if (s->session->tlsext_ecpointformatlist == NULL)
{ {
s->session->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; s->session->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
{ {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
@ -509,7 +512,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
{ {
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
/* If we are client and using an elliptic curve cryptography cipher suite, send the point formats we /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats we
* support (namely, only uncompressed points). * support.
*/ */
int using_ecc = 0; int using_ecc = 0;
int i; int i;
@ -528,13 +531,16 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
using_ecc = using_ecc && (s->version == TLS1_VERSION); using_ecc = using_ecc && (s->version == TLS1_VERSION);
if (using_ecc) if (using_ecc)
{ {
if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL) if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
{ {
SSLerr(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
s->tlsext_ecpointformatlist_length = 1; s->tlsext_ecpointformatlist_length = 3;
*s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
return 1; return 1;
@ -543,8 +549,8 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
int ssl_prepare_serverhello_tlsext(SSL *s) int ssl_prepare_serverhello_tlsext(SSL *s)
{ {
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
/* If we are server and using an ECC cipher suite, send the point formats we support (namely, only /* If we are server and using an ECC cipher suite, send the point formats we support
* uncompressed points) if the client sent us an ECPointsFormat extension. * if the client sent us an ECPointsFormat extension.
*/ */
int i; int i;
int algs = s->s3->tmp.new_cipher->algorithms; int algs = s->s3->tmp.new_cipher->algorithms;
@ -553,13 +559,16 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
if (using_ecc) if (using_ecc)
{ {
if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(1)) == NULL) if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
{ {
SSLerr(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
s->tlsext_ecpointformatlist_length = 1; s->tlsext_ecpointformatlist_length = 3;
*s->tlsext_ecpointformatlist = TLSEXT_ECPOINTFORMAT_uncompressed; s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
} }
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */
return 1; return 1;

5
ssl/tls1.h
View File

@ -223,11 +223,6 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
#ifndef OPENSSL_NO_EC
#define SSL_set_tlsext_ecpointformat(s,length,list) \
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_ECPOINTFORMATLIST,length,(unsigned char *)list)
#endif /* OPENSSL_NO_EC */
#endif #endif
/* PSK ciphersuites from 4279 */ /* PSK ciphersuites from 4279 */