summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorjsing <>2014-10-03 13:58:18 +0000
committerjsing <>2014-10-03 13:58:18 +0000
commitf42035acfafef5f2efe92cd8eef619164f7144f2 (patch)
treecffe0badf760bb2604b226bec541734923e423b7 /src/lib/libssl/ssl_lib.c
parent079e384e3438a23d2ddc504f4d34e5a46d9dd6e8 (diff)
downloadopenbsd-f42035acfafef5f2efe92cd8eef619164f7144f2.tar.gz
openbsd-f42035acfafef5f2efe92cd8eef619164f7144f2.tar.bz2
openbsd-f42035acfafef5f2efe92cd8eef619164f7144f2.zip
Add support for automatic ephemeral EC keys.
This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
-rw-r--r--src/lib/libssl/ssl_lib.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index bd5f9f6da1..f6a21d4351 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.84 2014/09/07 12:16:23 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.85 2014/10/03 13:58:18 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1943,7 +1943,8 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1943 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); 1943 rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1944 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); 1944 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1945 1945
1946 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); 1946 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
1947 c->ecdh_tmp_auto != 0);
1947 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); 1948 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
1948 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); 1949 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
1949 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); 1950 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 02:36:21 +0000