mbedtls/include
Hanno Becker d3b2fcb7c6 Don't store client-supported ECs in heap-allocated buffer
So far, the client-proposed list of elliptic curves was stored for the
duration of the entire handshake in a heap-allocated buffer referenced
from mbedtls_ssl_handshake_params::curves. It is used in the following
places:
1) When the server chooses a suitable ciphersuite, it checks that
   it has a certificate matching the ciphersuite; in particular, if
   the ciphersuite involves ECDHE, the server needs an EC certificate
   with a curve suitable for the client.
2) When performing the ECDHE key exchange, the server choose one
   curve among those proposed by the client which matches the server's
   own supported curve configuration.

This commit removes the hold back the entire client-side curve list
during the handshake, by performing (1) and (2) on during ClientHello
parsing, and in case of (2) only remembering the curve chosen for ECDHE
within mbedtls_ssl_handshake_params.
2019-07-04 12:41:08 +01:00
..
mbedtls Don't store client-supported ECs in heap-allocated buffer 2019-07-04 12:41:08 +01:00
tinycrypt Consistently use the name tinycrypt over uecc 2019-05-09 11:24:11 +02:00
.gitignore Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
CMakeLists.txt Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00