1 files changed, 44 insertions, 1 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 38f7fcfe7b..20f576e796 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.58 2014/09/27 11:01:06 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -364,6 +364,49 @@ tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *pformatslen)
 }
 /*
+ * Return the appropriate curve list. If client_curves is non-zero, return
+ * the client/session curves. Otherwise return the custom curve list if one
+ * exists, or the default curves if a custom list has not been specified.
+ */
+static void
+tls1_get_curvelist(SSL *s, int client_curves, const unsigned char **pcurves,
+    size_t *pcurveslen)
+{
+        if (client_curves != 0) {
+                *pcurves = s->session->tlsext_ellipticcurvelist;
+                *pcurveslen = s->session->tlsext_ellipticcurvelist_length;
+                return;
+        }
+        *pcurves = s->tlsext_ellipticcurvelist;
+        *pcurveslen = s->tlsext_ellipticcurvelist_length;
+        if (*pcurves == NULL) {
+                *pcurves = eccurves_default;
+                *pcurveslen = sizeof(eccurves_default);
+        }
+}
+/* Check that a curve is one of our preferences. */
+int
+tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
+{
+        const unsigned char *curves;
+        size_t curveslen, i;
+        /* Only named curves are supported. */
+        if (len != 3 || p[0] != NAMED_CURVE_TYPE)
+                return (0);
+        tls1_get_curvelist(s, 0, &curves, &curveslen);
+        for (i = 0; i < curveslen; i += 2, curves += 2) {
+                if (p[1] == curves[0] && p[2] == curves[1])
+                        return (1);
+        }
+        return (0);
+}
+/*
 * List of supported signature algorithms and hashes. Should make this
 * customisable at some point, for now include everything we support.
 */

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 38f7fcfe7b..20f576e796 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.57 2014/09/26 14:58:42 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.58 2014/09/27 11:01:06 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -364,6 +364,49 @@ tls1_get_formatlist(SSL s, const unsigned char pformats, size_t pformatslen)
364	}	364	}
365		365
366	/*	366	/*
		367	* Return the appropriate curve list. If client_curves is non-zero, return
		368	* the client/session curves. Otherwise return the custom curve list if one
		369	* exists, or the default curves if a custom list has not been specified.
		370	*/
		371	static void
		372	tls1_get_curvelist(SSL s, int client_curves, const unsigned char *pcurves,
		373	size_t *pcurveslen)
		374	{
		375	if (client_curves != 0) {
		376	*pcurves = s->session->tlsext_ellipticcurvelist;
		377	*pcurveslen = s->session->tlsext_ellipticcurvelist_length;
		378	return;
		379	}
		380
		381	*pcurves = s->tlsext_ellipticcurvelist;
		382	*pcurveslen = s->tlsext_ellipticcurvelist_length;
		383	if (*pcurves == NULL) {
		384	*pcurves = eccurves_default;
		385	*pcurveslen = sizeof(eccurves_default);
		386	}
		387	}
		388
		389	/* Check that a curve is one of our preferences. */
		390	int
		391	tls1_check_curve(SSL s, const unsigned char p, size_t len)
		392	{
		393	const unsigned char *curves;
		394	size_t curveslen, i;
		395
		396	/* Only named curves are supported. */
		397	if (len != 3 \|\| p[0] != NAMED_CURVE_TYPE)
		398	return (0);
		399
		400	tls1_get_curvelist(s, 0, &curves, &curveslen);
		401
		402	for (i = 0; i < curveslen; i += 2, curves += 2) {
		403	if (p[1] == curves[0] && p[2] == curves[1])
		404	return (1);
		405	}
		406	return (0);
		407	}
		408
		409	/*
367	* List of supported signature algorithms and hashes. Should make this	410	* List of supported signature algorithms and hashes. Should make this
368	* customisable at some point, for now include everything we support.	411	* customisable at some point, for now include everything we support.
369	*/	412	*/