RFC7027 (Brainpool for TLS) support.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a471995a19e63f6a808b9c2e193af6ffa6422224..08ee76ece17f6f6285865feed31fb8c10f812e23 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -244,7 +244,10 @@ static int nid_list[] =
                NID_secp256k1, /* secp256k1 (22) */ 
                NID_X9_62_prime256v1, /* secp256r1 (23) */ 
                NID_secp384r1, /* secp384r1 (24) */
-               NID_secp521r1  /* secp521r1 (25) */     
+               NID_secp521r1,  /* secp521r1 (25) */    
+               NID_brainpoolP256r1,  /* brainpoolP256r1 (26) */        
+               NID_brainpoolP384r1,  /* brainpoolP384r1 (27) */        
+               NID_brainpoolP512r1  /* brainpool512r1 (28) */  
        };
 
 
@@ -260,11 +263,14 @@ static const unsigned char eccurves_default[] =
                0,14, /* sect571r1 (14) */ 
                0,13, /* sect571k1 (13) */ 
                0,25, /* secp521r1 (25) */      
+               0,28, /* brainpool512r1 (28) */ 
                0,11, /* sect409k1 (11) */ 
                0,12, /* sect409r1 (12) */
+               0,27, /* brainpoolP384r1 (27) */        
                0,24, /* secp384r1 (24) */
                0,9,  /* sect283k1 (9) */
                0,10, /* sect283r1 (10) */ 
+               0,26, /* brainpoolP256r1 (26) */        
                0,22, /* secp256k1 (22) */ 
                0,23, /* secp256r1 (23) */ 
                0,8,  /* sect239k1 (8) */ 
@@ -1869,7 +1875,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
                return;
        data += size;
 
-       if (TLS1_get_version(s) >= TLS1_2_VERSION)
+       if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
                {
                const size_t len1 = sizeof(kSafariExtensionsBlock);
                const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
@@ -1893,7 +1899,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
 
        s->s3->is_probably_safari = 1;
 }
-#endif /* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
 static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 
        {       
@@ -1932,7 +1938,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
 #ifndef OPENSSL_NO_EC
        if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
                ssl_check_for_safari(s, data, d, n);
-#endif /* OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_EC */
 
        /* Clear any signature algorithms extension received */
        if (s->cert->peer_sigalgs)