Add support for setting the supported EC curves via

SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous SSL{_CTX}_set1_curves{_list} names. This also changes the default list of EC curves to be X25519, P-256 and P-384. If you want others (such a brainpool) you need to configure this yourself. Inspired by parts of BoringSSL and OpenSSL. ok beck@
author: jsing <> 2017-01-24 09:03:21 +0000
committer: jsing <> 2017-01-24 09:03:21 +0000
commit: 71cc331549d24c7e6a825b6aa26d8c8064dfe01a (patch)
tree: b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/ssl_sess.c
parent: 17a2441804c81d4524f94ae1c3fe8adbec4a0236 (diff)
download: openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.gz
openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.bz2
openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 307c730e3f..8c802b170e 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.66 2017/01/24 01:44:00 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.67 2017/01/24 09:03:21 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -219,8 +219,8 @@ SSL_SESSION_new(void)
        ss->internal->tlsext_ecpointformatlist_length = 0;
        ss->internal->tlsext_ecpointformatlist = NULL;
-        ss->internal->tlsext_ellipticcurvelist_length = 0;
+        ss->internal->tlsext_supportedgroups_length = 0;
-        ss->internal->tlsext_ellipticcurvelist = NULL;
+        ss->internal->tlsext_supportedgroups = NULL;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);
@@ -709,7 +709,7 @@ SSL_SESSION_free(SSL_SESSION *ss)
        free(ss->tlsext_hostname);
        free(ss->tlsext_tick);
        free(ss->internal->tlsext_ecpointformatlist);
-        free(ss->internal->tlsext_ellipticcurvelist);
+        free(ss->internal->tlsext_supportedgroups);
        explicit_bzero(ss->internal, sizeof(*ss->internal));
        free(ss->internal);
author	jsing <>	2017-01-24 09:03:21 +0000
committer	jsing <>	2017-01-24 09:03:21 +0000
commit	71cc331549d24c7e6a825b6aa26d8c8064dfe01a (patch)
tree	b493d9d91e40b334aae5a2cbf99981f9d4916d09 /src/lib/libssl/ssl_sess.c
parent	17a2441804c81d4524f94ae1c3fe8adbec4a0236 (diff)
download	openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.gz openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.tar.bz2 openbsd-71cc331549d24c7e6a825b6aa26d8c8064dfe01a.zip

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 307c730e3f..8c802b170e 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.66 2017/01/24 01:44:00 jsing Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.67 2017/01/24 09:03:21 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -219,8 +219,8 @@ SSL_SESSION_new(void)
219		219
220	ss->internal->tlsext_ecpointformatlist_length = 0;	220	ss->internal->tlsext_ecpointformatlist_length = 0;
221	ss->internal->tlsext_ecpointformatlist = NULL;	221	ss->internal->tlsext_ecpointformatlist = NULL;
222	ss->internal->tlsext_ellipticcurvelist_length = 0;	222	ss->internal->tlsext_supportedgroups_length = 0;
223	ss->internal->tlsext_ellipticcurvelist = NULL;	223	ss->internal->tlsext_supportedgroups = NULL;
224		224
225	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);	225	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);
226		226
@@ -709,7 +709,7 @@ SSL_SESSION_free(SSL_SESSION *ss)
709	free(ss->tlsext_hostname);	709	free(ss->tlsext_hostname);
710	free(ss->tlsext_tick);	710	free(ss->tlsext_tick);
711	free(ss->internal->tlsext_ecpointformatlist);	711	free(ss->internal->tlsext_ecpointformatlist);
712	free(ss->internal->tlsext_ellipticcurvelist);	712	free(ss->internal->tlsext_supportedgroups);
713		713
714	explicit_bzero(ss->internal, sizeof(*ss->internal));	714	explicit_bzero(ss->internal, sizeof(*ss->internal));
715	free(ss->internal);	715	free(ss->internal);