[openssl-commits] [openssl] OpenSSL source code branch master updated. 376e2ca3e3525290619602dc6013c97c9653c037

Emilia Kasper emilia at openssl.org
Fri Dec 5 12:34:09 EST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, master has been updated
       via  376e2ca3e3525290619602dc6013c97c9653c037 (commit)
      from  740580c2b2b86c2ffdc4a2d36850248c6091d6a0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 376e2ca3e3525290619602dc6013c97c9653c037
Author: Emilia Kasper <emilia at openssl.org>
Date:   Thu Dec 4 15:00:11 2014 +0100

    Clarify the return values for SSL_get_shared_curve.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/ssl/SSL_CTX_set1_curves.pod |   19 ++++++++++++-------
 ssl/t1_lib.c                    |   17 ++++++++++-------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod
index 0c9be25..18d0c9a 100644
--- a/doc/ssl/SSL_CTX_set1_curves.pod
+++ b/doc/ssl/SSL_CTX_set1_curves.pod
@@ -45,11 +45,12 @@ B<curves> array is in the form of a set of curve NIDs in preference
 order. It can return zero if the client did not send a supported curves
 extension.
 
-SSL_get1_shared_curve() returns shared curve B<n> for B<ssl>. If B<n> is
--1 then the total number of shared curves is returned, which may be
-zero. Other than for diagnostic purposes, most applications will only
-be interested in the first shared curve so B<n> is normally set to zero.
-If the value B<n> is out of range zero is returned.
+SSL_get_shared_curve() returns shared curve B<n> for a server-side
+SSL B<ssl>. If B<n> is -1 then the total number of shared curves is
+returned, which may be zero. Other than for diagnostic purposes,
+most applications will only be interested in the first shared curve
+so B<n> is normally set to zero. If the value B<n> is out of range,
+NID_undef is returned.
 
 SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve
 selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then 
@@ -84,8 +85,12 @@ return 1 for success and 0 for failure.
 
 SSL_get1_curves() returns the number of curves, which may be zero.
 
-SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there
-is no shared curve B<n> or the number of shared curves if B<n> is -1.
+SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there
+is no shared curve B<n>; or the total number of shared curves if B<n>
+is -1.
+
+When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and
+returns -1.
 
 =head1 SEE ALSO
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index debad3b..86c06e2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -504,11 +504,12 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
 	return 0;
 	}
 
-/* Return nth shared curve. If nmatch == -1 return number of
- * matches. For nmatch == -2 return the NID of the curve to use for
- * an EC tmp key.
+/*
+ * Return |nmatch|th shared curve or NID_undef if there is no match.
+ * For nmatch == -1, return number of  matches
+ * For nmatch == -2, return the NID of the curve to use for
+ * an EC tmp key, or NID_undef if there is no match.
  */
-
 int tls1_shared_curve(SSL *s, int nmatch)
 	{
 	const unsigned char *pref, *supp;
@@ -542,10 +543,11 @@ int tls1_shared_curve(SSL *s, int nmatch)
 	 */
 	if (!tls1_get_curvelist(s, (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0,
 			&supp, &num_supp))
-		return 0;
+		/* In practice, NID_undef == 0 but let's be precise. */
+		return nmatch == -1 ? 0 : NID_undef;
 	if(!tls1_get_curvelist(s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE),
 			&pref, &num_pref))
-		return 0;
+		return nmatch == -1 ? 0 : NID_undef;
 	k = 0;
 	for (i = 0; i < num_pref; i++, pref+=2)
 		{
@@ -567,7 +569,8 @@ int tls1_shared_curve(SSL *s, int nmatch)
 		}
 	if (nmatch == -1)
 		return k;
-	return 0;
+	/* Out of range (nmatch > k). */
+	return NID_undef;
 	}
 
 int tls1_set_curves(unsigned char **pext, size_t *pextlen,


hooks/post-receive
-- 
OpenSSL source code

More information about the openssl-commits mailing list