diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-02-25 17:46:14 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-02-28 22:54:54 +0000 |
commit | 1db3107ada6a93140b6b7deb59346b1c14e0adb8 (patch) | |
tree | d230476b2030aebfbf0be5fc4f6328ce5a6005bd /ssl/ssl_rsa.c | |
parent | db50c1da199145e0427ec5d3e457d5c2249cc078 (diff) |
TLS support for X25519
Add X25519 to TLS supported curve list.
Reject attempts to configure keys which cannot be used
for signing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'ssl/ssl_rsa.c')
-rw-r--r-- | ssl/ssl_rsa.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f93db31c77..abced26ae1 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -378,6 +378,11 @@ static int ssl_set_cert(CERT *c, X509 *x) return 0; } + if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) { + SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING); + return 0; + } + if (c->pkeys[i].privatekey != NULL) { /* * The return code from EVP_PKEY_copy_parameters is deliberately |