Modify TLS support for new X25519 API.

When handling ECDH check to see if the curve is "custom" (X25519 is currently the only curve of this type) and instead of setting a curve NID just allocate a key of appropriate type. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-08-11 15:41:49 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-08-13 14:11:05 +0100
commit: ec24630ae2b714d6e22fbfa4695aa8f8adef1828 (patch)
tree: d011ddd52b33c5bb4d58cdede78c9d4ea690199a /ssl/statem/statem_srvr.c
parent: 3bca6c27317958f30f8bbfe67814a7ab9a07f4a3 (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 602336acd9..a5fe75216b 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1737,7 +1737,7 @@ int tls_construct_server_key_exchange(SSL *s)
                    SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
             goto err;
         }
-        s->s3->tmp.pkey = ssl_generate_pkey(NULL, nid);
+        s->s3->tmp.pkey = ssl_generate_pkey(NULL, curve_id);
         /* Generate a new key for this curve */
         if (s->s3->tmp.pkey == NULL) {
             al = SSL_AD_INTERNAL_ERROR;
@@ -1746,10 +1746,8 @@ int tls_construct_server_key_exchange(SSL *s)
         }
 
         /* Encode the public key. */
-        encodedlen = EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(s->s3->tmp.pkey),
-                                    POINT_CONVERSION_UNCOMPRESSED,
-                                    &encodedPoint, NULL);
-
+        encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,
+                                                    &encodedPoint);
         if (encodedlen == 0) {
             SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
             goto err;
@@ -2386,8 +2384,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt, int *al)
             SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EVP_LIB);
             goto err;
         }
-        if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,
-                           NULL) == 0) {
+        if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
             *al = SSL_AD_HANDSHAKE_FAILURE;
             SSLerr(SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB);
             goto err;
author	Dr. Stephen Henson <steve@openssl.org>	2016-08-11 15:41:49 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-08-13 14:11:05 +0100
commit	ec24630ae2b714d6e22fbfa4695aa8f8adef1828 (patch)
tree	d011ddd52b33c5bb4d58cdede78c9d4ea690199a /ssl/statem/statem_srvr.c
parent	3bca6c27317958f30f8bbfe67814a7ab9a07f4a3 (diff)