mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 13:55:35 +00:00
d3b2fcb7c6
So far, the client-proposed list of elliptic curves was stored for the duration of the entire handshake in a heap-allocated buffer referenced from mbedtls_ssl_handshake_params::curves. It is used in the following places: 1) When the server chooses a suitable ciphersuite, it checks that it has a certificate matching the ciphersuite; in particular, if the ciphersuite involves ECDHE, the server needs an EC certificate with a curve suitable for the client. 2) When performing the ECDHE key exchange, the server choose one curve among those proposed by the client which matches the server's own supported curve configuration. This commit removes the hold back the entire client-side curve list during the handshake, by performing (1) and (2) on during ClientHello parsing, and in case of (2) only remembering the curve chosen for ECDHE within mbedtls_ssl_handshake_params. |
||
---|---|---|
.. | ||
mbedtls | ||
tinycrypt | ||
.gitignore | ||
CMakeLists.txt |