Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-23 15:55:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.

Browse source
This commit is contained in:
Gergely Budai 2014-01-19 21:48:42 +01:00 committed by Manuel Pégourié-Gonnard
parent a5d336bcec
commit 987bfb510b
3 changed files with 112 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

54
library/ssl_tls.c
View file

@ -3325,6 +3325,46 @@ static int ssl_handshake_init( ssl_context *ssl )
*/
int ssl_init( ssl_context *ssl )
{
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
/*
* ECDHE allowed curves and preference list
*
* We start with the most secure curves. From the same size curves, we prefer
* the SECP ones because they are much faster.
*
* TODO: Add the Montgomery curves
*/
static const ecp_group_id ecdh_default_curve_list[] =
{
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
POLARSSL_ECP_DP_SECP521R1,
#endif
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
POLARSSL_ECP_DP_BP512R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
POLARSSL_ECP_DP_SECP384R1,
#endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
POLARSSL_ECP_DP_BP384R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
POLARSSL_ECP_DP_SECP256R1,
#endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
POLARSSL_ECP_DP_BP256R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
POLARSSL_ECP_DP_SECP224R1,
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
POLARSSL_ECP_DP_SECP192R1,
#endif
POLARSSL_ECP_DP_NONE
};
#endif
int ret;
int len = SSL_BUFFER_LEN;
@ -3384,6 +3424,10 @@ int ssl_init( ssl_context *ssl )
ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
#endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
ssl->ecdh_curve_list = ecdh_default_curve_list;
#endif
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
return( ret );
@ -4610,3 +4654,13 @@ md_type_t ssl_md_alg_from_hash( unsigned char hash )
}
#endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
/*
* Set the allowed ECDH curves.
*/
void ssl_set_ecdh_curves( ssl_context *ssl, const ecp_group_id *ecdh_curve_list )
{
ssl->ecdh_curve_list = ecdh_curve_list;
}
#endif