Print curve name instead of size in debugging
Also refactor server-side curve selection
This commit is contained in:
parent
ab24010b54
commit
c3f6b62ccc
2 changed files with 29 additions and 40 deletions
|
@ -1125,9 +1125,16 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
|
|||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
static int ssl_check_server_ecdh_params( const ssl_context *ssl )
|
||||
{
|
||||
// TODO: print name instead
|
||||
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
||||
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
||||
const ecp_curve_info *curve_info;
|
||||
|
||||
curve_info = ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
|
||||
if( curve_info == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "Should never happen" ) );
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
|
||||
|
||||
#if defined(POLARSSL_SSL_ECP_SET_CURVES)
|
||||
if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
|
||||
|
|
|
@ -536,7 +536,7 @@ static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
|
|||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||
}
|
||||
|
||||
/* Don't allow our peer to make use allocated too much memory,
|
||||
/* Don't allow our peer to make us allocate too much memory,
|
||||
* and leave room for a final 0 */
|
||||
our_size = list_size / 2 + 1;
|
||||
if( our_size > POLARSSL_ECP_DP_MAX )
|
||||
|
@ -2105,54 +2105,36 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||
* ECPoint public;
|
||||
* } ServerECDHParams;
|
||||
*/
|
||||
ecp_group_id grp_id;
|
||||
const ecp_curve_info **curve;
|
||||
#if defined(POLARSSL_SSL_SET_CURVES)
|
||||
unsigned int pref_idx, curv_idx, found;
|
||||
const ecp_group_id *gid;
|
||||
|
||||
/* Match our preference list against the agreed curves */
|
||||
for( pref_idx = 0, found = 0;
|
||||
ssl->curve_list[pref_idx] != POLARSSL_ECP_DP_NONE;
|
||||
pref_idx++ )
|
||||
{
|
||||
/* Look through the agreed curve list */
|
||||
for( curv_idx = 0;
|
||||
ssl->handshake->curves[curv_idx] != NULL;
|
||||
curv_idx++ )
|
||||
{
|
||||
if (ssl->handshake->curves[curv_idx]->grp_id ==
|
||||
ssl->curve_list[pref_idx] )
|
||||
{
|
||||
/* We found our most preferred curve */
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
/* Match our preference list against the offered curves */
|
||||
for( gid = ssl->curve_list; *gid != POLARSSL_ECP_DP_NONE; gid++ )
|
||||
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
|
||||
if( (*curve)->grp_id == *gid )
|
||||
goto curve_matching_done;
|
||||
|
||||
/* Exit the search if we have found our curve */
|
||||
if( found == 1 )
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* If we haven't found any allowed / preferred curve,
|
||||
* ssl->curve_list[pref_idx] will contain POLARSSL_ECP_DP_NONE and
|
||||
* ecp_use_known_dp() will fail.
|
||||
*/
|
||||
grp_id = ssl->curve_list[pref_idx];
|
||||
curve_matching_done:
|
||||
#else
|
||||
grp_id = ssl->handshake->curves[0]->grp_id;
|
||||
#endif /* POLARSSL_SSL_SET_CURVES */
|
||||
curve = ssl->handshake->curves;
|
||||
#endif
|
||||
|
||||
if( *curve == NULL )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
|
||||
return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
|
||||
|
||||
if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
|
||||
grp_id ) ) != 0 )
|
||||
(*curve)->grp_id ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
|
||||
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
|
||||
|
||||
if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
|
||||
p, SSL_MAX_CONTENT_LEN - n,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
|
|
Loading…
Reference in a new issue