diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-03-28 15:05:04 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-03-28 15:05:04 +0000 |
commit | d0595f170c225b918a980f49c5d16ec53545a6ad (patch) | |
tree | 113824b5df10b6a23f08061dbfaf9e268218bc10 /apps | |
parent | 751e26cb9b5ca46d0db4e7d9b71e215ece496223 (diff) | |
download | openssl-d0595f170c225b918a980f49c5d16ec53545a6ad.tar.gz |
Initial revision of ECC extension handling.
Tidy some code up.
Don't allocate a structure to handle ECC extensions when it is used for
default values.
Make supported curves configurable.
Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_cb.c | 23 | ||||
-rw-r--r-- | apps/s_client.c | 12 | ||||
-rw-r--r-- | apps/s_server.c | 24 |
3 files changed, 53 insertions, 6 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index eab0a08038..141c222895 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -316,18 +316,17 @@ int ssl_print_sigalgs(BIO *out, SSL *s) int ssl_print_curves(BIO *out, SSL *s) { - int i, ncurves, *curves; - ncurves = SSL_get1_curvelist(s, NULL); + int i, ncurves, *curves, nid; + const char *cname; + ncurves = SSL_get1_curves(s, NULL); if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); - SSL_get1_curvelist(s, curves); + SSL_get1_curves(s, curves); BIO_puts(out, "Supported Elliptic Curves: "); for (i = 0; i < ncurves; i++) { - int nid; - const char *cname; if (i) BIO_puts(out, ":"); nid = curves[i]; @@ -343,8 +342,20 @@ int ssl_print_curves(BIO *out, SSL *s) BIO_printf(out, "%s", cname); } } - BIO_puts(out, "\n"); + BIO_puts(out, "\nShared Elliptic curves: "); OPENSSL_free(curves); + ncurves = SSL_get_shared_curve(s, -1); + for (i = 0; i < ncurves; i++) + { + if (i) + BIO_puts(out, ":"); + nid = SSL_get_shared_curve(s, i); + cname = EC_curve_nid2nist(nid); + if (!cname) + cname = OBJ_nid2sn(nid); + BIO_printf(out, "%s", cname); + } + BIO_puts(out, "\n"); return 1; } diff --git a/apps/s_client.c b/apps/s_client.c index 6870368ff1..55facead51 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -601,6 +601,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_TLSEXT char *servername = NULL; + char *curves=NULL; tlsextctx tlsextcbp = {NULL,0}; # ifndef OPENSSL_NO_NEXTPROTONEG @@ -937,6 +938,11 @@ int MAIN(int argc, char **argv) servername= *(++argv); /* meth=TLSv1_client_method(); */ } + else if (strcmp(*argv,"-curves") == 0) + { + if (--argc < 1) goto bad; + curves= *(++argv); + } #endif #ifndef OPENSSL_NO_JPAKE else if (strcmp(*argv,"-jpake") == 0) @@ -1176,6 +1182,12 @@ bad: } #ifndef OPENSSL_NO_TLSEXT + if (curves != NULL) + if(!SSL_CTX_set1_curves_list(ctx,curves)) { + BIO_printf(bio_err,"error setting curve list\n"); + ERR_print_errors(bio_err); + goto end; + } if (servername != NULL) { tlsextcbp.biodebug = bio_err; diff --git a/apps/s_server.c b/apps/s_server.c index 608f3208dc..5f1bcffb91 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -273,6 +273,7 @@ static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; #ifndef OPENSSL_NO_TLSEXT static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; +static char *curves=NULL; #endif static char *s_dcert_file=NULL,*s_dkey_file=NULL; #ifdef FIONBIO @@ -437,6 +438,7 @@ static void s_server_init(void) s_cert_file=TEST_CERT; s_key_file=NULL; #ifndef OPENSSL_NO_TLSEXT + curves=NULL; s_cert_file2=TEST_CERT2; s_key_file2=NULL; ctx2=NULL; @@ -1174,6 +1176,11 @@ int MAIN(int argc, char *argv[]) goto bad; } } + else if (strcmp(*argv,"-curves") == 0) + { + if (--argc < 1) goto bad; + curves= *(++argv); + } #endif else if (strcmp(*argv,"-msg") == 0) { s_msg=1; } @@ -1849,6 +1856,23 @@ bad: } #endif } +#ifndef OPENSSL_NO_TLSEXT + if (curves) + { + if(!SSL_CTX_set1_curves_list(ctx,curves)) + { + BIO_printf(bio_err,"error setting curves list\n"); + ERR_print_errors(bio_err); + goto end; + } + if(ctx2 && !SSL_CTX_set1_curves_list(ctx2,curves)) + { + BIO_printf(bio_err,"error setting curves list\n"); + ERR_print_errors(bio_err); + goto end; + } + } +#endif SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, sizeof s_server_session_id_context); |