Add support for automatic ephemeral EC keys.

This allows an SSL server to enable ECDHE ciphers with a single setting,
which results in an EC key being generated using the first preference
shared curve.

Based on OpenSSL with inspiration from boringssl.

ok miod@

1 files changed, 9 insertions, 1 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 246aa6f23d..42f8074f8c 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.81 2014/09/30 15:40:09 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.82 2014/10/03 13:58:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2128,6 +2128,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 ret = 1;
                 break;
 
+        case SSL_CTRL_SET_ECDH_AUTO:
+                s->cert->ecdh_tmp_auto = larg;
+                ret = 1;
+                break;
+
         default:
                 break;
         }
@@ -2322,6 +2327,9 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                 return 1;
                 break;
 
+        case SSL_CTRL_SET_ECDH_AUTO:
+                ctx->cert->ecdh_tmp_auto = larg;
+                return 1;
 
                 /* A Thawte special :-) */
         case SSL_CTRL_EXTRA_CHAIN_CERT: