diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-11 15:41:49 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-13 14:11:05 +0100 |
commit | ec24630ae2b714d6e22fbfa4695aa8f8adef1828 (patch) | |
tree | d011ddd52b33c5bb4d58cdede78c9d4ea690199a /ssl/s3_lib.c | |
parent | 3bca6c27317958f30f8bbfe67814a7ab9a07f4a3 (diff) |
Modify TLS support for new X25519 API.
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e14b448609..f1363ca3b6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3090,7 +3090,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) unsigned int cid, nid; for (i = 0; i < clistlen; i++) { n2s(clist, cid); - nid = tls1_ec_curve_id2nid(cid); + nid = tls1_ec_curve_id2nid(cid, NULL); if (nid != 0) cptr[i] = nid; else @@ -3982,27 +3982,38 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, return s->session->master_key_length >= 0; } -/* Generate a private key from parameters or a curve NID */ -EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int nid) +/* Generate a private key from parameters or a curve ID */ +EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm, int id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; + int nid; if (pm != NULL) { pctx = EVP_PKEY_CTX_new(pm, NULL); + nid = 0; } else { + unsigned int curve_flags; + nid = tls1_ec_curve_id2nid(id, &curve_flags); + if (nid == 0) + goto err; /* * Generate a new key for this curve. * Should not be called if EC is disabled: if it is it will * fail with an unknown algorithm error. */ - pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + if ((curve_flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) { + pctx = EVP_PKEY_CTX_new_id(nid, NULL); + nid = 0; + } else { + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + } } if (pctx == NULL) goto err; if (EVP_PKEY_keygen_init(pctx) <= 0) goto err; #ifndef OPENSSL_NO_EC - if (pm == NULL && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) + if (nid != 0 && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0) goto err; #endif |