diff options
| author | David Benjamin <davidben@chromium.org> | 2015-12-19 10:20:57 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-12-22 20:45:26 +0300 |
| commit | 64d9250e2ffd0b959b6785aece9cea71a657fcee (patch) | |
| tree | b4a40c4349010fc06c058f94e9fe51d1d19d72ec /ssl | |
| parent | 8c2b3bf965b175b799cad0600496f3899a05663d (diff) | |
Completely remove P-224 from the TLS stack.
It already wasn't in the default list and no one enables it. Remove it
altogether. (It's also gone from the current TLS 1.3 draft.)
Change-Id: I143d07d390d186252204df6bdb8ffd22649f80e3
Reviewed-on: https://boringssl-review.googlesource.com/6775
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/t1_lib.c | 1 | ||||
| -rw-r--r-- | ssl/test/bssl_shim.cc | 2 | ||||
| -rw-r--r-- | ssl/test/runner/runner.go | 8 |
3 files changed, 4 insertions, 7 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8b5bf8ec..3e5d9d9f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -343,7 +343,6 @@ struct tls_curve { /* ECC curves from RFC4492. */ static const struct tls_curve tls_curves[] = { - {21, NID_secp224r1, "P-224"}, {23, NID_X9_62_prime256v1, "P-256"}, {24, NID_secp384r1, "P-384"}, {25, NID_secp521r1, "P-521"}, diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 13edeede..73ca87d8 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -1239,7 +1239,7 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, } if (config->enable_all_curves) { static const int kAllCurves[] = { - NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, + NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, }; if (!SSL_set1_curves(ssl.get(), kAllCurves, sizeof(kAllCurves) / sizeof(kAllCurves[0]))) { diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index 6f2bb4ec..2a32cd3c 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go @@ -1691,14 +1691,13 @@ func addBasicTests() { { name: "UnsupportedCurve", config: Config{ - CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, - // BoringSSL implements P-224 but doesn't enable it by - // default. - CurvePreferences: []CurveID{CurveP224}, + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, + CurvePreferences: []CurveID{CurveP256}, Bugs: ProtocolBugs{ IgnorePeerCurvePreferences: true, }, }, + flags: []string{"-p384-only"}, shouldFail: true, expectedError: ":WRONG_CURVE:", }, @@ -4622,7 +4621,6 @@ var testCurves = []struct { name string id CurveID }{ - {"P-224", CurveP224}, {"P-256", CurveP256}, {"P-384", CurveP384}, {"P-521", CurveP521}, |