generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add support for automatic ECDH temporary key parameter selection. When

Browse Source 
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
2012-04-06 20:15:50 +00:00
parent c132ca95c0
commit e46c807e4f
10 changed files with 75 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/s3_srvr.c
View File

@@ -1673,7 +1673,14 @@ int ssl3_send_server_key_exchange(SSL *s)
const EC_GROUP *group;
ecdhp=cert->ecdh_tmp;
if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
if (s->cert->ecdh_tmp_auto)
{
/* Get NID of first shared curve */
int nid = tls1_shared_curve(s, 0);
if (nid != NID_undef)
ecdhp = EC_KEY_new_by_curve_name(nid);
}
else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb)
{
ecdhp=s->cert->ecdh_tmp_cb(s,
SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
@@ -1698,7 +1705,9 @@ int ssl3_send_server_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
if (s->cert->ecdh_tmp_auto)
ecdh = ecdhp;
else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;