diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 39 |
1 files changed, 7 insertions, 32 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index b061bd1100..ea44e7579a 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.122 2017/07/24 17:39:43 jsing Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.123 2017/08/09 22:24:25 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -679,28 +679,11 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | |||
| 679 | { | 679 | { |
| 680 | int extdatalen = 0; | 680 | int extdatalen = 0; |
| 681 | unsigned char *ret = p; | 681 | unsigned char *ret = p; |
| 682 | int using_ecc = 0; | 682 | int using_ecc; |
| 683 | size_t len; | 683 | size_t len; |
| 684 | CBB cbb; | 684 | CBB cbb; |
| 685 | 685 | ||
| 686 | /* See if we support any ECC ciphersuites. */ | 686 | using_ecc = ssl_has_ecc_ciphers(s); |
| 687 | if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION) { | ||
| 688 | STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); | ||
| 689 | unsigned long alg_k, alg_a; | ||
| 690 | int i; | ||
| 691 | |||
| 692 | for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) { | ||
| 693 | SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); | ||
| 694 | |||
| 695 | alg_k = c->algorithm_mkey; | ||
| 696 | alg_a = c->algorithm_auth; | ||
| 697 | |||
| 698 | if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) { | ||
| 699 | using_ecc = 1; | ||
| 700 | break; | ||
| 701 | } | ||
| 702 | } | ||
| 703 | } | ||
| 704 | 687 | ||
| 705 | ret += 2; | 688 | ret += 2; |
| 706 | if (ret >= limit) | 689 | if (ret >= limit) |
| @@ -954,16 +937,12 @@ unsigned char * | |||
| 954 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | 937 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) |
| 955 | { | 938 | { |
| 956 | int using_ecc, extdatalen = 0; | 939 | int using_ecc, extdatalen = 0; |
| 957 | unsigned long alg_a, alg_k; | ||
| 958 | unsigned char *ret = p; | 940 | unsigned char *ret = p; |
| 959 | int next_proto_neg_seen; | 941 | int next_proto_neg_seen; |
| 960 | size_t len; | 942 | size_t len; |
| 961 | CBB cbb; | 943 | CBB cbb; |
| 962 | 944 | ||
| 963 | alg_a = S3I(s)->hs.new_cipher->algorithm_auth; | 945 | using_ecc = ssl_using_ecc_cipher(s); |
| 964 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; | ||
| 965 | using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && | ||
| 966 | SSI(s)->tlsext_ecpointformatlist != NULL; | ||
| 967 | 946 | ||
| 968 | ret += 2; | 947 | ret += 2; |
| 969 | if (ret >= limit) | 948 | if (ret >= limit) |
| @@ -1809,13 +1788,9 @@ ssl_check_serverhello_tlsext(SSL *s) | |||
| 1809 | * suite, then if server returns an EC point formats lists extension | 1788 | * suite, then if server returns an EC point formats lists extension |
| 1810 | * it must contain uncompressed. | 1789 | * it must contain uncompressed. |
| 1811 | */ | 1790 | */ |
| 1812 | unsigned long alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; | 1791 | if (ssl_using_ecc_cipher(s) && |
| 1813 | unsigned long alg_a = S3I(s)->hs.new_cipher->algorithm_auth; | 1792 | s->internal->tlsext_ecpointformatlist != NULL && |
| 1814 | if ((s->internal->tlsext_ecpointformatlist != NULL) && | 1793 | s->internal->tlsext_ecpointformatlist_length > 0) { |
| 1815 | (s->internal->tlsext_ecpointformatlist_length > 0) && | ||
| 1816 | (SSI(s)->tlsext_ecpointformatlist != NULL) && | ||
| 1817 | (SSI(s)->tlsext_ecpointformatlist_length > 0) && | ||
| 1818 | ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) { | ||
| 1819 | /* we are using an ECC cipher */ | 1794 | /* we are using an ECC cipher */ |
| 1820 | size_t i; | 1795 | size_t i; |
| 1821 | unsigned char *list; | 1796 | unsigned char *list; |