Google Git
Sign in
boringssl/boringssl.git/5fd1807d95f75895ae99e336ac21b422f3cc6bd3^!/./ssl/ssl_lib.c
commit
5fd1807d95f75895ae99e336ac21b422f3cc6bd3
[log]
author
Alessandro Ghedini <alessandro@ghedini.me>
Wed Sep 28 21:04:25 2016 +0100
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Fri Sep 30 00:45:19 2016 +0000
tree
f9865aff5100fb5a89e80cec55f433d99a9f1fb4
parent
a252b34d66373c10be8e43c74df91e3c634bd26c [diff] [blame]
Implement SSL_CTX_set1_curves_list()

This function is used by NGINX to enable specific curves for ECDH from a
configuration file. However when building with BoringSSL, since it's not
implmeneted, it falls back to using EC_KEY_new_by_curve_name() wich doesn't
support X25519.

Change-Id: I533df4ef302592c1a9f9fc8880bd85f796ce0ef3
Reviewed-on: https://boringssl-review.googlesource.com/11382
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 63f72ca..b580d95 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1499,6 +1499,16 @@
                          curves_len);
 }
 
+int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves) {
+  return tls1_set_curves_list(&ctx->supported_group_list,
+                              &ctx->supported_group_list_len, curves);
+}
+
+int SSL_set1_curves_list(SSL *ssl, const char *curves) {
+  return tls1_set_curves_list(&ssl->supported_group_list,
+                              &ssl->supported_group_list_len, curves);
+}
+
 uint16_t SSL_get_curve_id(const SSL *ssl) {
   /* TODO(davidben): This checks the wrong session if there is a renegotiation in
    * progress. */