Merge branch 'master' into ecdhe-support
diff --git a/.gitignore b/.gitignore
index 867434b..276d4e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+*.py[co]
build
dist
-*.egg-info
\ No newline at end of file
+*.egg-info
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index a257f16..03aa47b 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -122,6 +122,17 @@
SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE
+NID_X9_62_prime192v1 = _lib.NID_X9_62_prime192v1
+NID_X9_62_prime192v2 = _lib.NID_X9_62_prime192v2
+NID_X9_62_prime192v3 = _lib.NID_X9_62_prime192v3
+NID_X9_62_prime239v1 = _lib.NID_X9_62_prime239v1
+NID_X9_62_prime239v2 = _lib.NID_X9_62_prime239v2
+NID_X9_62_prime239v3 = _lib.NID_X9_62_prime239v3
+NID_X9_62_prime256v1 = _lib.NID_X9_62_prime256v1
+
+_Cryptography_HAS_EC = _lib.Cryptography_HAS_EC
+
+
class Error(Exception):
"""
An error occurred in an `OpenSSL.SSL` API.
@@ -594,6 +605,26 @@
_lib.SSL_CTX_set_tmp_dh(self._context, dh)
+ def set_tmp_ecdh_by_curve_name(self, curve_name):
+ """
+ Configure this connection to people to use Elliptical Curve
+ Diffie-Hellman key exchanges.
+
+ :param curve_name: One of the named curve constants.
+ :return: None
+ """
+ if _lib.Cryptography_HAS_EC:
+ ecdh = _lib.EC_KEY_new_by_curve_name(curve_name)
+ if ecdh == _ffi.NULL:
+ raise ValueError(
+ "OpenSSL could not load the requested elliptic curve"
+ )
+ _lib.SSL_CTX_set_tmp_ecdh(self._context, ecdh)
+ _lib.EC_KEY_free(ecdh)
+ else:
+ raise ValueError("OpenSSL is compiled without ECDH support")
+
+
def set_cipher_list(self, cipher_list):
"""
Change the cipher list
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index a6f0127..2686d12 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -35,6 +35,7 @@
SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,
SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,
SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)
+from OpenSSL.SSL import NID_X9_62_prime256v1, _Cryptography_HAS_EC
from OpenSSL.SSL import (
Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)
@@ -1172,6 +1173,17 @@
# XXX What should I assert here? -exarkun
+ if _Cryptography_HAS_EC:
+ def test_set_tmp_ecdh_by_curve_name(self):
+ """
+ :py:obj:`Context.set_tmp_ecdh_by_curve_name` sets the Eliptical
+ Curve for Diffie-Hellman by the named curve.
+ """
+ context = Context(TLSv1_METHOD)
+ context.set_tmp_ecdh_by_curve_name(NID_X9_62_prime256v1)
+ # XXX What should I assert here? -alex
+
+
def test_set_cipher_list_bytes(self):
"""
:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the
diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index b506757..76fb0ad 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -116,6 +116,18 @@
.. versionadded:: 0.14
+.. py:data:: NID_X9_62_prime192v1
+ NID_X9_62_prime192v2
+ NID_X9_62_prime192v3
+ NID_X9_62_prime239v1
+ NID_X9_62_prime239v2
+ NID_X9_62_prime239v3
+ NID_X9_62_prime256v1
+
+ Constants used with :py:meth:`Context.set_tmp_ecdh_by_curve_name` to
+ specify which elliptical curve should be used.
+
+
.. py:data:: OPENSSL_VERSION_NUMBER
An integer giving the version number of the OpenSSL library used to build this
@@ -322,6 +334,16 @@
Load parameters for Ephemeral Diffie-Hellman from *dhfile*.
+.. py:method:: Context.set_tmp_ecdh_by_curve_name(curve_name)
+
+ Configure this connection to people to use Elliptical Curve Diffie-Hellman
+ key exchanges.
+
+ ``curve_name`` should be one of the named curve constants, such as
+ :py:data:`NID_X9_62_prime256v1`.
+
+ Raises a ``ValueError`` if the linked OpenSSL was not compiled with
+ elliptical curve support, or the specified curve is not available.
.. py:method:: Context.set_app_data(data)