Commit eda3766b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Output supported curves in preference order instead of numerically.

parent 62b6c5c4

CHANGES

+5 −0
Original line number Original line Diff line number Diff line
@@ -4,6 +4,11 @@ 




 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]





  *) Output TLS supported curves in preference order instead of numerical

     order. This is currently hardcoded for the highest order curves first.

     This should be configurable so applications can judge speed vs strength.

     [Steve Henson]



  *) Add protection against ECDSA timing attacks as mentioned in the paper

  *) Add protection against ECDSA timing attacks as mentioned in the paper

     by Billy Bob Brumley and Nicola Tuveri, see:

     by Billy Bob Brumley and Nicola Tuveri, see:

ssl/t1_lib.c

+38 −5
Original line number Original line Diff line number Diff line
@@ -170,6 +170,7 @@ void tls1_clear(SSL *s) 
	}

	}





#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC



static int nid_list[] =

static int nid_list[] =

	{

	{

		NID_sect163k1, /* sect163k1 (1) */

		NID_sect163k1, /* sect163k1 (1) */
@@ -199,6 +200,35 @@ static int nid_list[] = 
		NID_secp521r1  /* secp521r1 (25) */	

		NID_secp521r1  /* secp521r1 (25) */	

	};

	};





static int pref_list[] =

	{

		NID_sect571r1, /* sect571r1 (14) */ 

		NID_sect571k1, /* sect571k1 (13) */ 

		NID_secp521r1, /* secp521r1 (25) */	

		NID_sect409k1, /* sect409k1 (11) */ 

		NID_sect409r1, /* sect409r1 (12) */

		NID_secp384r1, /* secp384r1 (24) */

		NID_sect283k1, /* sect283k1 (9) */

		NID_sect283r1, /* sect283r1 (10) */ 

		NID_secp256k1, /* secp256k1 (22) */ 

		NID_X9_62_prime256v1, /* secp256r1 (23) */ 

		NID_sect239k1, /* sect239k1 (8) */ 

		NID_sect233k1, /* sect233k1 (6) */

		NID_sect233r1, /* sect233r1 (7) */ 

		NID_secp224k1, /* secp224k1 (20) */ 

		NID_secp224r1, /* secp224r1 (21) */

		NID_sect193r1, /* sect193r1 (4) */ 

		NID_sect193r2, /* sect193r2 (5) */ 

		NID_secp192k1, /* secp192k1 (18) */

		NID_X9_62_prime192v1, /* secp192r1 (19) */ 

		NID_sect163k1, /* sect163k1 (1) */

		NID_sect163r1, /* sect163r1 (2) */

		NID_sect163r2, /* sect163r2 (3) */

		NID_secp160k1, /* secp160k1 (15) */

		NID_secp160r1, /* secp160r1 (16) */ 

		NID_secp160r2, /* secp160r2 (17) */ 

	};



int tls1_ec_curve_id2nid(int curve_id)

int tls1_ec_curve_id2nid(int curve_id)

	{

	{

	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */

	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
@@ -1487,16 +1517,19 @@ int ssl_prepare_clienthello_tlsext(SSL *s) 




		/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */

		/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */

		if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);

		if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);

		s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;

		s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;

		if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)

		if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)

			{

			{

			s->tlsext_ellipticcurvelist_length = 0;

			s->tlsext_ellipticcurvelist_length = 0;

			SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);

			SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);

			return -1;

			return -1;

			}

			}

		for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=

		for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <

				sizeof(nid_list)/sizeof(nid_list[0]); i++)

				sizeof(pref_list)/sizeof(pref_list[0]); i++)

			s2n(i,j);

			{

			int id = tls1_ec_nid2curve_id(pref_list[i]);

			s2n(id,j);

			}

		}

		}

#endif /* OPENSSL_NO_EC */

#endif /* OPENSSL_NO_EC */