AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make ssl_set_curves() work client-side too.

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-04 15:14:13 +01:00
parent ac7194133e
commit cd49f76898
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/polarssl/ssl.h
View File

@ -1162,14 +1162,19 @@ int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \ #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
defined(POLARSSL_SSL_SET_CURVES) defined(POLARSSL_SSL_SET_CURVES)
/** /**
* \brief Set the allowed ECDH curves. * \brief Set the allowed curves in order of preference.
* (Default: all defined curves.) * (Default: all defined curves.)
* *
* The sequence of the curves in the list also determines the * On server: this only affects selection of the ECDHE curve;
* handshake curve preference. * the curves used for ECDH and ECDSA are determined by the
* list of available certificates instead.
*
* On client: this affects the list of curves offered for any
* use. The server can override our preferences.
* *
* \param ssl SSL context * \param ssl SSL context
* \param curves Zero terminated list of the allowed ECDH curves * \param curves Ordered list of allowed curves,
* terminated by POLARSSL_ECP_DP_NONE.
*/ */
void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves ); void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves );
#endif #endif

21
library/ssl_cli.c
View File

@ -233,19 +233,26 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
unsigned char *p = buf; unsigned char *p = buf;
unsigned char *elliptic_curve_list = p + 6; unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0; size_t elliptic_curve_len = 0;
const ecp_curve_info *curve; const ecp_curve_info *info;
((void) ssl); #if defined(POLARSSL_SSL_SET_CURVES)
const ecp_group_id *grp_id;
#endif
*olen = 0; *olen = 0;
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
for( curve = ecp_curve_list(); #if defined(POLARSSL_SSL_SET_CURVES)
curve->grp_id != POLARSSL_ECP_DP_NONE; for( grp_id = ssl->curve_list; *grp_id != POLARSSL_ECP_DP_NONE; grp_id++ )
curve++ )
{ {
elliptic_curve_list[elliptic_curve_len++] = curve->tls_id >> 8; info = ecp_curve_info_from_grp_id( *grp_id );
elliptic_curve_list[elliptic_curve_len++] = curve->tls_id & 0xFF; #else
for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ )
{
#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
} }
if( elliptic_curve_len == 0 ) if( elliptic_curve_len == 0 )