Initial revision of ECC extension handling.

Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.

1 files changed, 25 insertions, 1 deletions

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 248bb94df8..f680d35233 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3365,7 +3365,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		else
 			return ssl_cert_add0_chain_cert(s->cert, (X509 *)parg);
 
-	case SSL_CTRL_GET_CURVELIST:
+	case SSL_CTRL_GET_CURVES:
 		{
 		unsigned char *clist;
 		size_t clistlen;
@@ -3391,6 +3391,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 		return (int)clistlen;
 		}
 
+	case SSL_CTRL_SET_CURVES:
+		return tls1_set_curves(&s->tlsext_ellipticcurvelist,
+					&s->tlsext_ellipticcurvelist_length,
+								parg, larg);
+
+	case SSL_CTRL_SET_CURVES_LIST:
+		return tls1_set_curves_list(&s->tlsext_ellipticcurvelist,
+					&s->tlsext_ellipticcurvelist_length,
+								parg);
+
+	case SSL_CTRL_GET_SHARED_CURVE:
+		return tls1_shared_curve(s, larg);
+ 
+
 	default:
 		break;
 		}
@@ -3659,6 +3673,16 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 		ctx->srp_ctx.strength=larg;
 		break;
 #endif
+
+	case SSL_CTRL_SET_CURVES:
+		return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
+					&ctx->tlsext_ellipticcurvelist_length,
+								parg, larg);
+
+	case SSL_CTRL_SET_CURVES_LIST:
+		return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist,
+					&ctx->tlsext_ellipticcurvelist_length,
+								parg);
 #endif /* !OPENSSL_NO_TLSEXT */
 
 	/* A Thawte special :-) */