TLS support for X25519

Add X25519 to TLS supported curve list. Reject attempts to configure keys which cannot be used for signing. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-02-25 17:46:14 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2016-02-28 22:54:54 +0000
commit: 1db3107ada6a93140b6b7deb59346b1c14e0adb8 (patch)
tree: d230476b2030aebfbf0be5fc4f6328ce5a6005bd /ssl/ssl_rsa.c
parent: db50c1da199145e0427ec5d3e457d5c2249cc078 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index f93db31c77..abced26ae1 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -378,6 +378,11 @@ static int ssl_set_cert(CERT *c, X509 *x)
         return 0;
     }
 
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+
     if (c->pkeys[i].privatekey != NULL) {
         /*
          * The return code from EVP_PKEY_copy_parameters is deliberately
author	Dr. Stephen Henson <steve@openssl.org>	2016-02-25 17:46:14 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2016-02-28 22:54:54 +0000
commit	1db3107ada6a93140b6b7deb59346b1c14e0adb8 (patch)
tree	d230476b2030aebfbf0be5fc4f6328ce5a6005bd /ssl/ssl_rsa.c
parent	db50c1da199145e0427ec5d3e457d5c2249cc078 (diff)