diff options
| author | jsing <> | 2017-01-24 09:03:21 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-24 09:03:21 +0000 |
| commit | 71cc331549d24c7e6a825b6aa26d8c8064dfe01a (patch) | |
| tree | b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/ssl_locl.h | |
| parent | 17a2441804c81d4524f94ae1c3fe8adbec4a0236 (diff) | |
| download | openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.gz openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.bz2 openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.zip | |
Add support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names.
This also changes the default list of EC curves to be X25519, P-256 and
P-384. If you want others (such a brainpool) you need to configure this
yourself.
Inspired by parts of BoringSSL and OpenSSL.
ok beck@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 231e0ba333..0cda709da6 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.163 2017/01/23 22:34:38 beck Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.164 2017/01/24 09:03:21 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -425,8 +425,8 @@ typedef struct ssl_session_internal_st { | |||
| 425 | 425 | ||
| 426 | size_t tlsext_ecpointformatlist_length; | 426 | size_t tlsext_ecpointformatlist_length; |
| 427 | uint8_t *tlsext_ecpointformatlist; /* peer's list */ | 427 | uint8_t *tlsext_ecpointformatlist; /* peer's list */ |
| 428 | size_t tlsext_ellipticcurvelist_length; | 428 | size_t tlsext_supportedgroups_length; |
| 429 | uint16_t *tlsext_ellipticcurvelist; /* peer's list */ | 429 | uint16_t *tlsext_supportedgroups; /* peer's list */ |
| 430 | } SSL_SESSION_INTERNAL; | 430 | } SSL_SESSION_INTERNAL; |
| 431 | #define SSI(s) (s->session->internal) | 431 | #define SSI(s) (s->session->internal) |
| 432 | 432 | ||
| @@ -603,6 +603,11 @@ typedef struct ssl_ctx_internal_st { | |||
| 603 | /* Client list of supported protocols in wire format. */ | 603 | /* Client list of supported protocols in wire format. */ |
| 604 | unsigned char *alpn_client_proto_list; | 604 | unsigned char *alpn_client_proto_list; |
| 605 | unsigned int alpn_client_proto_list_len; | 605 | unsigned int alpn_client_proto_list_len; |
| 606 | |||
| 607 | size_t tlsext_ecpointformatlist_length; | ||
| 608 | uint8_t *tlsext_ecpointformatlist; /* our list */ | ||
| 609 | size_t tlsext_supportedgroups_length; | ||
| 610 | uint16_t *tlsext_supportedgroups; /* our list */ | ||
| 606 | } SSL_CTX_INTERNAL; | 611 | } SSL_CTX_INTERNAL; |
| 607 | 612 | ||
| 608 | typedef struct ssl_internal_st { | 613 | typedef struct ssl_internal_st { |
| @@ -745,10 +750,11 @@ typedef struct ssl_internal_st { | |||
| 745 | 750 | ||
| 746 | /* RFC4507 session ticket expected to be received or sent */ | 751 | /* RFC4507 session ticket expected to be received or sent */ |
| 747 | int tlsext_ticket_expected; | 752 | int tlsext_ticket_expected; |
| 753 | |||
| 748 | size_t tlsext_ecpointformatlist_length; | 754 | size_t tlsext_ecpointformatlist_length; |
| 749 | uint8_t *tlsext_ecpointformatlist; /* our list */ | 755 | uint8_t *tlsext_ecpointformatlist; /* our list */ |
| 750 | size_t tlsext_ellipticcurvelist_length; | 756 | size_t tlsext_supportedgroups_length; |
| 751 | uint16_t *tlsext_ellipticcurvelist; /* our list */ | 757 | uint16_t *tlsext_supportedgroups; /* our list */ |
| 752 | 758 | ||
| 753 | /* TLS Session Ticket extension override */ | 759 | /* TLS Session Ticket extension override */ |
| 754 | TLS_SESSION_TICKET_EXT *tlsext_session_ticket; | 760 | TLS_SESSION_TICKET_EXT *tlsext_session_ticket; |
| @@ -1304,6 +1310,11 @@ int ssl_ok(SSL *s); | |||
| 1304 | 1310 | ||
| 1305 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); | 1311 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); |
| 1306 | 1312 | ||
| 1313 | int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len, | ||
| 1314 | const int *groups, size_t ngroups); | ||
| 1315 | int tls1_set_groups_list(uint16_t **out_group_ids, size_t *out_group_ids_len, | ||
| 1316 | const char *groups); | ||
| 1317 | |||
| 1307 | int tls1_ec_curve_id2nid(const uint16_t curve_id); | 1318 | int tls1_ec_curve_id2nid(const uint16_t curve_id); |
| 1308 | uint16_t tls1_ec_nid2curve_id(const int nid); | 1319 | uint16_t tls1_ec_nid2curve_id(const int nid); |
| 1309 | int tls1_check_curve(SSL *s, const uint16_t curve_id); | 1320 | int tls1_check_curve(SSL *s, const uint16_t curve_id); |