EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx, int *al) { unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) && (s->session->ext.ecpointformats != NULL); const unsigned char *plist; size_t plistlen; if (!using_ecc) return EXT_RETURN_NOT_SENT; tls1_get_formatlist(s, &plist, &plistlen); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } return EXT_RETURN_SENT; }
int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, int *al) { const unsigned char *pformats; size_t num_formats; if (!use_ecc(s)) return 1; /* Add TLS extension ECPointFormats to the ClientHello message */ tls1_get_formatlist(s, &pformats, &num_formats); if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats) /* Sub-packet for formats extension */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats) || !WPACKET_close(pkt)) { SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return 0; } return 1; }
/* Check that an EC key is compatible with extensions. */ static int tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) { size_t curveslen, formatslen, i; const uint16_t *curves; const uint8_t *formats; /* * Check point formats extension if present, otherwise everything * is supported (see RFC4492). */ tls1_get_formatlist(s, 1, &formats, &formatslen); if (comp_id != NULL && formats != NULL) { for (i = 0; i < formatslen; i++) { if (formats[i] == *comp_id) break; } if (i == formatslen) return (0); } /* * Check curve list if present, otherwise everything is supported. */ tls1_get_curvelist(s, 1, &curves, &curveslen); if (curve_id != NULL && curves != NULL) { for (i = 0; i < curveslen; i++) { if (curves[i] == *curve_id) break; } if (i == curveslen) return (0); } return (1); }