From 415564fe2c1648c305c76154c5070ad3757a6d85 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Sat, 23 Jan 2016 01:04:15 -0500
Subject: [PATCH] Update draft-irtf-cfrg-curves-11 references to RFC 7748.

Change-Id: I6148df93a1748754ee6be9e2b98cc8afd38746cb
Reviewed-on: https://boringssl-review.googlesource.com/6960
Reviewed-by: Adam Langley <alangley@gmail.com>
---
 crypto/curve25519/x25519_test.cc | 6 ++----
 include/openssl/curve25519.h     | 5 ++---
 ssl/test/runner/key_agreement.go | 3 +--
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/crypto/curve25519/x25519_test.cc b/crypto/curve25519/x25519_test.cc
index 85ee4a2d..24dfa650 100644
--- a/crypto/curve25519/x25519_test.cc
+++ b/crypto/curve25519/x25519_test.cc
@@ -20,8 +20,7 @@
 
 
 static bool TestX25519() {
-  /* Taken from
-   * https://tools.ietf.org/html/draft-irtf-cfrg-curves-11#section-5.2 */
+  /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
   static const uint8_t kScalar1[32] = {
       0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 0x3b, 0x16, 0x15,
       0x4b, 0x82, 0x46, 0x5e, 0xdd, 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc,
@@ -91,8 +90,7 @@ static bool TestX25519SmallOrder() {
 }
 
 static bool TestX25519Iterated() {
-  /* Taken from
-   * https://tools.ietf.org/html/draft-irtf-cfrg-curves-11#section-5.2 */
+  /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
   uint8_t scalar[32] = {9}, point[32] = {9}, out[32];
 
   unsigned i;
diff --git a/include/openssl/curve25519.h b/include/openssl/curve25519.h
index 30c64701..c202575f 100644
--- a/include/openssl/curve25519.h
+++ b/include/openssl/curve25519.h
@@ -24,8 +24,7 @@ extern "C" {
 
 /* Curve25519.
  *
- * Curve25519 is an elliptic curve. See
- * https://tools.ietf.org/html/draft-irtf-cfrg-curves-11. */
+ * Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748. */
 
 
 /* X25519.
@@ -33,7 +32,7 @@ extern "C" {
  * Curve25519 is an elliptic curve. The same name is also sometimes used for
  * the Diffie-Hellman primitive built from it but “X25519” is a more precise
  * name for that, which is the one used here. See http://cr.yp.to/ecdh.html and
- * https://tools.ietf.org/html/draft-irtf-cfrg-curves-11. */
+ * https://tools.ietf.org/html/rfc7748. */
 
 /* X25519_keypair sets |out_public_value| and |out_private_key| to a freshly
  * generated, public–private key pair. */
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index 4f399d95..9ecd2e56 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -312,8 +312,7 @@ func (e *x25519ECDHCurve) computeSecret(peerKey []byte) (preMasterSecret []byte,
 	copy(peerKeyCopy[:], peerKey)
 	curve25519.ScalarMult(&out, &e.privateKey, &peerKeyCopy)
 
-	// Per draft-irtf-cfrg-curves-11, reject the all-zero value in constant
-	// time.
+	// Per RFC 7748, reject the all-zero value in constant time.
 	var zeros [32]byte
 	if subtle.ConstantTimeCompare(zeros[:], out[:]) == 1 {
 		return nil, errors.New("tls: X25519 value with wrong order")