From 9f8a5da13b6653b86f949e67554dafa4591353c0 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 3 Oct 2014 14:09:09 +0000
Subject: Allow "auto" to be specified as an ECDH curve name and make this the
 default. This enables automatic handling of ephemeral EC keys.

Discussed with reyk@ and tedu@
---
 src/lib/libressl/ressl_config.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'src/lib/libressl/ressl_config.c')

diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c
index c92886330e..6d535e2b42 100644
--- a/src/lib/libressl/ressl_config.c
+++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_config.c,v 1.12 2014/09/29 15:11:29 jsing Exp $ */
+/* $OpenBSD: ressl_config.c,v 1.13 2014/10/03 14:09:09 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -71,10 +71,9 @@ ressl_config_new(void)
 		ressl_config_free(config);
 		return (NULL);
 	}
+	ressl_config_set_ecdhcurve(config, "auto");
 	ressl_config_set_protocols(config, RESSL_PROTOCOLS_DEFAULT);
 	ressl_config_set_verify_depth(config, 6);
-	/* ? use function ? */
-	config->ecdhcurve = NID_X9_62_prime256v1;
 	
 	ressl_config_verify(config);
 
@@ -141,12 +140,17 @@ ressl_config_set_ciphers(struct ressl_config *config, const char *ciphers)
 int
 ressl_config_set_ecdhcurve(struct ressl_config *config, const char *name)
 {
-	int nid = NID_undef;
+	int nid;
 
-	if (name != NULL && (nid = OBJ_txt2nid(name)) == NID_undef)
+	if (name == NULL)
+		nid = NID_undef;
+	else if (strcasecmp(name, "auto") == 0)
+		nid = -1;
+	else if ((nid = OBJ_txt2nid(name)) == NID_undef)
 		return (-1);
 
 	config->ecdhcurve = nid;
+
 	return (0);
 }
 
-- 
cgit v1.2.3-55-g6feb