summaryrefslogtreecommitdiff
path: root/lib/libssl/s3_lib.c
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-10-03 13:58:19 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-10-03 13:58:19 +0000
commite04b3252f7c4174da54f7b3c4dc6fa54e643a2eb (patch)
tree49f3bd89ffa3a0f5884fe65662ed93646b39fb71 /lib/libssl/s3_lib.c
parent37148b59ffd46586cc987e9a6102bdb5e2eac79d (diff)
Add support for automatic ephemeral EC keys.
This allows an SSL server to enable ECDHE ciphers with a single setting, which results in an EC key being generated using the first preference shared curve. Based on OpenSSL with inspiration from boringssl. ok miod@
Diffstat (limited to 'lib/libssl/s3_lib.c')
-rw-r--r--lib/libssl/s3_lib.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 246aa6f23df..42f8074f8c3 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.81 2014/09/30 15:40:09 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.82 2014/10/03 13:58:17 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2128,6 +2128,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1;
break;
+ case SSL_CTRL_SET_ECDH_AUTO:
+ s->cert->ecdh_tmp_auto = larg;
+ ret = 1;
+ break;
+
default:
break;
}
@@ -2322,6 +2327,9 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return 1;
break;
+ case SSL_CTRL_SET_ECDH_AUTO:
+ ctx->cert->ecdh_tmp_auto = larg;
+ return 1;
/* A Thawte special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT: