[openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-96-gbd34823

Emilia Kasper emilia at openssl.org
Fri Dec 5 12:34:09 EST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, OpenSSL_1_0_2-stable has been updated
       via  bd34823e554706e822ae8990afa9454d94e4ce68 (commit)
      from  533814c6b52b9beabe572dd428afc53732e4ce3f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bd34823e554706e822ae8990afa9454d94e4ce68
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Dec 4 15:00:11 2014 +0100

    Clarify the return values for SSL_get_shared_curve.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 376e2ca3e3525290619602dc6013c97c9653c037)

-----------------------------------------------------------------------

Summary of changes:
 doc/ssl/SSL_CTX_set1_curves.pod |   19 ++++++++++++-------
 ssl/t1_lib.c                    |   17 ++++++++++-------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod
index 0c9be25..18d0c9a 100644
--- a/doc/ssl/SSL_CTX_set1_curves.pod
+++ b/doc/ssl/SSL_CTX_set1_curves.pod
@@ -45,11 +45,12 @@ B<curves> array is in the form of a set of curve NIDs in preference
 order. It can return zero if the client did not send a supported curves
 extension.
 
-SSL_get1_shared_curve() returns shared curve B<n> for B<ssl>. If B<n> is
--1 then the total number of shared curves is returned, which may be
-zero. Other than for diagnostic purposes, most applications will only
-be interested in the first shared curve so B<n> is normally set to zero.
-If the value B<n> is out of range zero is returned.
+SSL_get_shared_curve() returns shared curve B<n> for a server-side
+SSL B<ssl>. If B<n> is -1 then the total number of shared curves is
+returned, which may be zero. Other than for diagnostic purposes,
+most applications will only be interested in the first shared curve
+so B<n> is normally set to zero. If the value B<n> is out of range,
+NID_undef is returned.
 
 SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve
 selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then 
@@ -84,8 +85,12 @@ return 1 for success and 0 for failure.
 
 SSL_get1_curves() returns the number of curves, which may be zero.
 
-SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there
-is no shared curve B<n> or the number of shared curves if B<n> is -1.
+SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there
+is no shared curve B<n>; or the total number of shared curves if B<n>
+is -1.
+
+When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and
+returns -1.
 
 =head1 SEE ALSO
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4162ca0..2dea518 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -540,11 +540,12 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
 	return 0;
 	}
 
-/* Return nth shared curve. If nmatch == -1 return number of
- * matches. For nmatch == -2 return the NID of the curve to use for
- * an EC tmp key.
+/*
+ * Return |nmatch|th shared curve or NID_undef if there is no match.
+ * For nmatch == -1, return number of  matches
+ * For nmatch == -2, return the NID of the curve to use for
+ * an EC tmp key, or NID_undef if there is no match.
  */
-
 int tls1_shared_curve(SSL *s, int nmatch)
 	{
 	const unsigned char *pref, *supp;
@@ -578,10 +579,11 @@ int tls1_shared_curve(SSL *s, int nmatch)
 	 */
 	if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0,
 			&supp, &num_supp))
-		return 0;
+		/* In practice, NID_undef == 0 but let's be precise. */
+		return nmatch == -1 ? 0 : NID_undef;
 	if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE),
 			&pref, &num_pref))
-		return 0;
+		return nmatch == -1 ? 0 : NID_undef;
 	k = 0;
 	for (i = 0; i < num_pref; i++, pref+=2)
 		{
@@ -601,7 +603,8 @@ int tls1_shared_curve(SSL *s, int nmatch)
 		}
 	if (nmatch == -1)
 		return k;
-	return 0;
+	/* Out of range (nmatch > k). */
+	return NID_undef;
 	}
 
 int tls1_set_curves(unsigned char **pext, size_t *pextlen,


hooks/post-receive
-- 
OpenSSL source code

More information about the openssl-commits mailing list