Clarify the return values for SSL_get_shared_curve.
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Emilia Kasper
parent
740580c2b2
commit
376e2ca3e3
2 changed files with 22 additions and 14 deletions
|
|
@ -45,11 +45,12 @@ B<curves> array is in the form of a set of curve NIDs in preference
|
|||
order. It can return zero if the client did not send a supported curves
|
||||
extension.
|
||||
|
||||
SSL_get1_shared_curve() returns shared curve B<n> for B<ssl>. If B<n> is
|
||||
-1 then the total number of shared curves is returned, which may be
|
||||
zero. Other than for diagnostic purposes, most applications will only
|
||||
be interested in the first shared curve so B<n> is normally set to zero.
|
||||
If the value B<n> is out of range zero is returned.
|
||||
SSL_get_shared_curve() returns shared curve B<n> for a server-side
|
||||
SSL B<ssl>. If B<n> is -1 then the total number of shared curves is
|
||||
returned, which may be zero. Other than for diagnostic purposes,
|
||||
most applications will only be interested in the first shared curve
|
||||
so B<n> is normally set to zero. If the value B<n> is out of range,
|
||||
NID_undef is returned.
|
||||
|
||||
SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve
|
||||
selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then
|
||||
|
|
@ -84,8 +85,12 @@ return 1 for success and 0 for failure.
|
|||
|
||||
SSL_get1_curves() returns the number of curves, which may be zero.
|
||||
|
||||
SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there
|
||||
is no shared curve B<n> or the number of shared curves if B<n> is -1.
|
||||
SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there
|
||||
is no shared curve B<n>; or the total number of shared curves if B<n>
|
||||
is -1.
|
||||
|
||||
When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and
|
||||
returns -1.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
|
|
|
|||
17
ssl/t1_lib.c
17
ssl/t1_lib.c
|
|
@ -504,11 +504,12 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* Return nth shared curve. If nmatch == -1 return number of
|
||||
* matches. For nmatch == -2 return the NID of the curve to use for
|
||||
* an EC tmp key.
|
||||
/*
|
||||
* Return |nmatch|th shared curve or NID_undef if there is no match.
|
||||
* For nmatch == -1, return number of matches
|
||||
* For nmatch == -2, return the NID of the curve to use for
|
||||
* an EC tmp key, or NID_undef if there is no match.
|
||||
*/
|
||||
|
||||
int tls1_shared_curve(SSL *s, int nmatch)
|
||||
{
|
||||
const unsigned char *pref, *supp;
|
||||
|
|
@ -542,10 +543,11 @@ int tls1_shared_curve(SSL *s, int nmatch)
|
|||
*/
|
||||
if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0,
|
||||
&supp, &num_supp))
|
||||
return 0;
|
||||
/* In practice, NID_undef == 0 but let's be precise. */
|
||||
return nmatch == -1 ? 0 : NID_undef;
|
||||
if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE),
|
||||
&pref, &num_pref))
|
||||
return 0;
|
||||
return nmatch == -1 ? 0 : NID_undef;
|
||||
k = 0;
|
||||
for (i = 0; i < num_pref; i++, pref+=2)
|
||||
{
|
||||
|
|
@ -567,7 +569,8 @@ int tls1_shared_curve(SSL *s, int nmatch)
|
|||
}
|
||||
if (nmatch == -1)
|
||||
return k;
|
||||
return 0;
|
||||
/* Out of range (nmatch > k). */
|
||||
return NID_undef;
|
||||
}
|
||||
|
||||
int tls1_set_curves(unsigned char **pext, size_t *pextlen,
|
||||
|
|
|
|||
Loading…
Reference in a new issue