"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "ssl/statem/extensions_clnt.c" between
openssl-1.1.1o.tar.gz and openssl-1.1.1p.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

[ To the main openssl source changes report ]

extensions_clnt.c  (openssl-1.1.1o):extensions_clnt.c  (openssl-1.1.1p)
/* /*
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at * in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <openssl/ocsp.h> #include <openssl/ocsp.h>
#include "../ssl_local.h" #include "../ssl_local.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
skipping to change at line 121 skipping to change at line 121
return EXT_RETURN_SENT; return EXT_RETURN_SENT;
} }
#endif #endif
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
static int use_ecc(SSL *s) static int use_ecc(SSL *s)
{ {
int i, end, ret = 0; int i, end, ret = 0;
unsigned long alg_k, alg_a; unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL; STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
const uint16_t *pgroups = NULL;
size_t num_groups, j;
/* See if we support any ECC ciphersuites */ /* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION) if (s->version == SSL3_VERSION)
return 0; return 0;
cipher_stack = SSL_get1_supported_ciphers(s); cipher_stack = SSL_get1_supported_ciphers(s);
end = sk_SSL_CIPHER_num(cipher_stack); end = sk_SSL_CIPHER_num(cipher_stack);
for (i = 0; i < end; i++) { for (i = 0; i < end; i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
skipping to change at line 142 skipping to change at line 144
alg_a = c->algorithm_auth; alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|| (alg_a & SSL_aECDSA) || (alg_a & SSL_aECDSA)
|| c->min_tls >= TLS1_3_VERSION) { || c->min_tls >= TLS1_3_VERSION) {
ret = 1; ret = 1;
break; break;
} }
} }
sk_SSL_CIPHER_free(cipher_stack); sk_SSL_CIPHER_free(cipher_stack);
return ret; if (!ret)
return 0;
/* Check we have at least one EC supported group */
tls1_get_supported_groups(s, &pgroups, &num_groups);
for (j = 0; j < num_groups; j++) {
uint16_t ctmp = pgroups[j];
if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
return 1;
}
return 0;
} }
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
unsigned int context, X509 *x, unsigned int context, X509 *x,
size_t chainidx) size_t chainidx)
{ {
const unsigned char *pformats; const unsigned char *pformats;
size_t num_formats; size_t num_formats;
if (!use_ecc(s)) if (!use_ecc(s))
 End of changes. 3 change blocks. 
2 lines changed or deleted 16 lines changed or added
To the C Programs section of the openssl source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)