Loading ssl/t1_lib.c +48 −0 Original line number Diff line number Diff line Loading @@ -296,6 +296,38 @@ static const unsigned char suiteb_curves[] = 0, TLSEXT_curve_P_384 }; #ifdef OPENSSL_FIPS /* Brainpool not allowed in FIPS mode */ static const unsigned char fips_curves_default[] = { 0,14, /* sect571r1 (14) */ 0,13, /* sect571k1 (13) */ 0,25, /* secp521r1 (25) */ 0,11, /* sect409k1 (11) */ 0,12, /* sect409r1 (12) */ 0,24, /* secp384r1 (24) */ 0,9, /* sect283k1 (9) */ 0,10, /* sect283r1 (10) */ 0,22, /* secp256k1 (22) */ 0,23, /* secp256r1 (23) */ 0,8, /* sect239k1 (8) */ 0,6, /* sect233k1 (6) */ 0,7, /* sect233r1 (7) */ 0,20, /* secp224k1 (20) */ 0,21, /* secp224r1 (21) */ 0,4, /* sect193r1 (4) */ 0,5, /* sect193r2 (5) */ 0,18, /* secp192k1 (18) */ 0,19, /* secp192r1 (19) */ 0,1, /* sect163k1 (1) */ 0,2, /* sect163r1 (2) */ 0,3, /* sect163r2 (3) */ 0,15, /* secp160k1 (15) */ 0,16, /* secp160r1 (16) */ 0,17, /* secp160r2 (17) */ }; #endif int tls1_ec_curve_id2nid(int curve_id) { /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ Loading Loading @@ -406,6 +438,14 @@ static void tls1_get_curvelist(SSL *s, int sess, } if (!*pcurves) { #ifdef OPENSSL_FIPS if (FIPS_mode()) { *pcurves = fips_curves_default; *pcurveslen = sizeof(fips_curves_default); return; } #endif *pcurves = eccurves_default; *pcurveslen = sizeof(eccurves_default); } Loading Loading @@ -523,6 +563,14 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, unsigned long idmask; int id; id = tls1_ec_nid2curve_id(curves[i]); #ifdef OPENSSL_FIPS /* NB: 25 is last curve ID supported by FIPS module */ if (FIPS_mode() && id > 25) { OPENSSL_free(clist); return 0; } #endif idmask = 1L << id; if (!id || (dup_list & idmask)) { Loading Loading
ssl/t1_lib.c +48 −0 Original line number Diff line number Diff line Loading @@ -296,6 +296,38 @@ static const unsigned char suiteb_curves[] = 0, TLSEXT_curve_P_384 }; #ifdef OPENSSL_FIPS /* Brainpool not allowed in FIPS mode */ static const unsigned char fips_curves_default[] = { 0,14, /* sect571r1 (14) */ 0,13, /* sect571k1 (13) */ 0,25, /* secp521r1 (25) */ 0,11, /* sect409k1 (11) */ 0,12, /* sect409r1 (12) */ 0,24, /* secp384r1 (24) */ 0,9, /* sect283k1 (9) */ 0,10, /* sect283r1 (10) */ 0,22, /* secp256k1 (22) */ 0,23, /* secp256r1 (23) */ 0,8, /* sect239k1 (8) */ 0,6, /* sect233k1 (6) */ 0,7, /* sect233r1 (7) */ 0,20, /* secp224k1 (20) */ 0,21, /* secp224r1 (21) */ 0,4, /* sect193r1 (4) */ 0,5, /* sect193r2 (5) */ 0,18, /* secp192k1 (18) */ 0,19, /* secp192r1 (19) */ 0,1, /* sect163k1 (1) */ 0,2, /* sect163r1 (2) */ 0,3, /* sect163r2 (3) */ 0,15, /* secp160k1 (15) */ 0,16, /* secp160r1 (16) */ 0,17, /* secp160r2 (17) */ }; #endif int tls1_ec_curve_id2nid(int curve_id) { /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ Loading Loading @@ -406,6 +438,14 @@ static void tls1_get_curvelist(SSL *s, int sess, } if (!*pcurves) { #ifdef OPENSSL_FIPS if (FIPS_mode()) { *pcurves = fips_curves_default; *pcurveslen = sizeof(fips_curves_default); return; } #endif *pcurves = eccurves_default; *pcurveslen = sizeof(eccurves_default); } Loading Loading @@ -523,6 +563,14 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, unsigned long idmask; int id; id = tls1_ec_nid2curve_id(curves[i]); #ifdef OPENSSL_FIPS /* NB: 25 is last curve ID supported by FIPS module */ if (FIPS_mode() && id > 25) { OPENSSL_free(clist); return 0; } #endif idmask = 1L << id; if (!id || (dup_list & idmask)) { Loading
Tim Hudson <tjh@openssl.org>Tim Hudson <tjh@openssl.org>