diff options
| author | jsing <> | 2014-10-03 13:58:18 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-03 13:58:18 +0000 |
| commit | f42035acfafef5f2efe92cd8eef619164f7144f2 (patch) | |
| tree | cffe0badf760bb2604b226bec541734923e423b7 /src/lib/libssl/ssl.h | |
| parent | 079e384e3438a23d2ddc504f4d34e5a46d9dd6e8 (diff) | |
| download | openbsd-f42035acfafef5f2efe92cd8eef619164f7144f2.tar.gz openbsd-f42035acfafef5f2efe92cd8eef619164f7144f2.tar.bz2 openbsd-f42035acfafef5f2efe92cd8eef619164f7144f2.zip | |
Add support for automatic ephemeral EC keys.
This allows an SSL server to enable ECDHE ciphers with a single setting,
which results in an EC key being generated using the first preference
shared curve.
Based on OpenSSL with inspiration from boringssl.
ok miod@
Diffstat (limited to 'src/lib/libssl/ssl.h')
| -rw-r--r-- | src/lib/libssl/ssl.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index c7dd4259cc..1e9e846195 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.66 2014/09/28 14:45:48 reyk Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.67 2014/10/03 13:58:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1425,6 +1425,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||
| 1425 | #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 | 1425 | #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 |
| 1426 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 | 1426 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 |
| 1427 | 1427 | ||
| 1428 | #define SSL_CTRL_SET_ECDH_AUTO 94 | ||
| 1429 | |||
| 1428 | #define DTLSv1_get_timeout(ssl, arg) \ | 1430 | #define DTLSv1_get_timeout(ssl, arg) \ |
| 1429 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) | 1431 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) |
| 1430 | #define DTLSv1_handle_timeout(ssl) \ | 1432 | #define DTLSv1_handle_timeout(ssl) \ |
| @@ -1449,6 +1451,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||
| 1449 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1451 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 1450 | #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ | 1452 | #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ |
| 1451 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | 1453 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 1454 | #define SSL_CTX_set_ecdh_auto(ctx, onoff) \ | ||
| 1455 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) | ||
| 1452 | 1456 | ||
| 1453 | #define SSL_need_tmp_RSA(ssl) \ | 1457 | #define SSL_need_tmp_RSA(ssl) \ |
| 1454 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) | 1458 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) |
| @@ -1458,6 +1462,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||
| 1458 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1462 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 1459 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ | 1463 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ |
| 1460 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | 1464 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 1465 | #define SSL_set_ecdh_auto(s, onoff) \ | ||
| 1466 | SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) | ||
| 1461 | 1467 | ||
| 1462 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | 1468 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
| 1463 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | 1469 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |