yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-09 20:12:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make ssl_set_ecdh_curves() a compile-time option

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-02-03 15:56:49 +01:00
parent 987bfb510b
commit 5de2580563
4 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
include/polarssl/config.h
View file

@ -813,6 +813,22 @@
*/ */
#define POLARSSL_SSL_TRUNCATED_HMAC #define POLARSSL_SSL_TRUNCATED_HMAC
/**
* \def POLARSSL_SSL_SET_ECDH_CURVES
*
* Enable ssl_set_ecdh_curves().
*
* This is disabled by default since it breaks binary compatibility with the
* 1.3.x line. If you choose to enable it, you will need to rebuild your
* application against the new header files, relinking will not be enough.
* It will be enabled by default, or no longer an option, in the 1.4 branch.
*
* TODO: actually disable it when done working on this branch ,)
*
* Uncomment to make ssl_set_ecdh_curves() available.
*/
#define POLARSSL_SSL_SET_ECDH_CURVES
/** /**
* \def POLARSSL_THREADING_ALT * \def POLARSSL_THREADING_ALT
* *

10
include/polarssl/ssl.h
View file

@ -727,7 +727,8 @@ struct _ssl_context
int disable_renegotiation; /*!< enable/disable renegotiation */ int disable_renegotiation; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */ int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */ const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
defined(POLARSSL_SSL_SET_ECDH_CURVES)
const ecp_group_id *ecdh_curve_list;/*!< allowed curves for ECDH */ const ecp_group_id *ecdh_curve_list;/*!< allowed curves for ECDH */
#endif #endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC) #if defined(POLARSSL_SSL_TRUNCATED_HMAC)
@ -1158,9 +1159,11 @@ int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx ); int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
defined(POLARSSL_SSL_SET_ECDH_CURVES)
/** /**
* \brief Set the allowed ECDH curves. * \brief Set the allowed ECDH curves.
* (Default: all defined curves.)
* *
* The sequence of the curves in the list also determines the * The sequence of the curves in the list also determines the
* handshake curve preference. * handshake curve preference.
@ -1168,7 +1171,8 @@ int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
* \param ssl SSL context * \param ssl SSL context
* \param ecdh_curve_list Zero terminated list of the allowed ECDH curves * \param ecdh_curve_list Zero terminated list of the allowed ECDH curves
*/ */
void ssl_set_ecdh_curves( ssl_context *ssl, const ecp_group_id *ecdh_curve_list ); void ssl_set_ecdh_curves( ssl_context *ssl,
const ecp_group_id *ecdh_curve_list );
#endif #endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)

9
library/ssl_srv.c
View file

@ -2105,7 +2105,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
* ECPoint public; * ECPoint public;
* } ServerECDHParams; * } ServerECDHParams;
*/ */
ecp_group_id grp_id;
#if defined(POLARSSL_SSL_SET_ECDH_CURVES)
unsigned int pref_idx, curv_idx, found; unsigned int pref_idx, curv_idx, found;
/* Match our preference list against the agreed curves */ /* Match our preference list against the agreed curves */
@ -2137,9 +2138,13 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
* ssl->ecdh_curve_list[pref_idx] will contain POLARSSL_ECP_DP_NONE and * ssl->ecdh_curve_list[pref_idx] will contain POLARSSL_ECP_DP_NONE and
* ecp_use_known_dp() will fail. * ecp_use_known_dp() will fail.
*/ */
grp_id = ssl->ecdh_curve_list[pref_idx];
#else
grp_id = ssl->handshake->curves[0]->grp_id;
#endif /* POLARSSL_SSL_SET_ECDH_CURVES */
if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp, if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
ssl->ecdh_curve_list[pref_idx] ) ) != 0 ) grp_id ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret ); SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret );
return( ret ); return( ret );

6
library/ssl_tls.c
View file

@ -3424,7 +3424,8 @@ int ssl_init( ssl_context *ssl )
ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME; ssl->ticket_lifetime = SSL_DEFAULT_TICKET_LIFETIME;
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
defined(POLARSSL_SSL_SET_ECDH_CURVES)
ssl->ecdh_curve_list = ecdh_default_curve_list; ssl->ecdh_curve_list = ecdh_default_curve_list;
#endif #endif
@ -4655,7 +4656,8 @@ md_type_t ssl_md_alg_from_hash( unsigned char hash )
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED) && \
defined(POLARSSL_SSL_SET_ECDH_CURVES)
/* /*
* Set the allowed ECDH curves. * Set the allowed ECDH curves.
*/ */