diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-11 15:41:49 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-13 14:11:05 +0100 |
| commit | ec24630ae2b714d6e22fbfa4695aa8f8adef1828 (patch) | |
| tree | d011ddd52b33c5bb4d58cdede78c9d4ea690199a /ssl/t1_lib.c | |
| parent | 3bca6c27317958f30f8bbfe67814a7ab9a07f4a3 (diff) | |
Modify TLS support for new X25519 API.
When handling ECDH check to see if the curve is "custom" (X25519 is
currently the only curve of this type) and instead of setting a curve
NID just allocate a key of appropriate type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2418c65862..ca4e7d6956 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -121,12 +121,6 @@ typedef struct { unsigned int flags; /* Flags: currently just field type */ } tls_curve_info; -/* Mask for curve type */ -# define TLS_CURVE_TYPE 0x3 -# define TLS_CURVE_PRIME 0x0 -# define TLS_CURVE_CHAR2 0x1 -# define TLS_CURVE_CUSTOM 0x2 - /* * Table of curve information. * Do not delete entries or reorder this array! It is used as a lookup @@ -161,8 +155,7 @@ static const tls_curve_info nid_list[] = { {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */ - /* X25519 (29) */ - {NID_X25519, 128, TLS_CURVE_CUSTOM}, + {NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */ }; static const unsigned char ecformats_default[] = { @@ -222,12 +215,16 @@ static const unsigned char suiteb_curves[] = { 0, TLSEXT_curve_P_384 }; -int tls1_ec_curve_id2nid(int curve_id) +int tls1_ec_curve_id2nid(int curve_id, unsigned int *pflags) { + const tls_curve_info *cinfo; /* ECC curves from RFC 4492 and RFC 7027 */ if ((curve_id < 1) || ((unsigned int)curve_id > OSSL_NELEM(nid_list))) return 0; - return nid_list[curve_id - 1].nid; + cinfo = nid_list + curve_id - 1; + if (pflags) + *pflags = cinfo->flags; + return cinfo->nid; } int tls1_ec_nid2curve_id(int nid) @@ -413,7 +410,7 @@ int tls1_shared_curve(SSL *s, int nmatch) continue; if (nmatch == k) { int id = (pref[0] << 8) | pref[1]; - return tls1_ec_curve_id2nid(id); + return tls1_ec_curve_id2nid(id, NULL); } k++; } |