diff options
| author | jsing <> | 2017-01-24 09:03:21 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-24 09:03:21 +0000 |
| commit | 71cc331549d24c7e6a825b6aa26d8c8064dfe01a (patch) | |
| tree | b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/s3_lib.c | |
| parent | 17a2441804c81d4524f94ae1c3fe8adbec4a0236 (diff) | |
| download | openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.gz openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.bz2 openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.zip | |
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and
P-384. If you want others (such a brainpool) you need to configure this
yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1b0ddc702f..9d0217e95f 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.129 2017/01/24 03:00:54 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.130 2017/01/24 09:03:21 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2154,9 +2154,24 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 2154 | default: | 2154 | default: |
| 2155 | break; | 2155 | break; |
| 2156 | } | 2156 | } |
| 2157 | |||
| 2157 | return (ret); | 2158 | return (ret); |
| 2158 | } | 2159 | } |
| 2159 | 2160 | ||
| 2161 | int | ||
| 2162 | SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) | ||
| 2163 | { | ||
| 2164 | return tls1_set_groups(&s->internal->tlsext_supportedgroups, | ||
| 2165 | &s->internal->tlsext_supportedgroups_length, groups, groups_len); | ||
| 2166 | } | ||
| 2167 | |||
| 2168 | int | ||
| 2169 | SSL_set1_groups_list(SSL *s, const char *groups) | ||
| 2170 | { | ||
| 2171 | return tls1_set_groups_list(&s->internal->tlsext_supportedgroups, | ||
| 2172 | &s->internal->tlsext_supportedgroups_length, groups); | ||
| 2173 | } | ||
| 2174 | |||
| 2160 | long | 2175 | long |
| 2161 | ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | 2176 | ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 2162 | { | 2177 | { |
| @@ -2327,6 +2342,20 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | |||
| 2327 | return (1); | 2342 | return (1); |
| 2328 | } | 2343 | } |
| 2329 | 2344 | ||
| 2345 | int | ||
| 2346 | SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) | ||
| 2347 | { | ||
| 2348 | return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, | ||
| 2349 | &ctx->internal->tlsext_supportedgroups_length, groups, groups_len); | ||
| 2350 | } | ||
| 2351 | |||
| 2352 | int | ||
| 2353 | SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) | ||
| 2354 | { | ||
| 2355 | return tls1_set_groups_list(&ctx->internal->tlsext_supportedgroups, | ||
| 2356 | &ctx->internal->tlsext_supportedgroups_length, groups); | ||
| 2357 | } | ||
| 2358 | |||
| 2330 | long | 2359 | long |
| 2331 | ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | 2360 | ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 2332 | { | 2361 | { |