Print curve name instead of size in debugging
Also refactor server-side curve selection
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5947e5c..bdd2d95 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1125,9 +1125,16 @@
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
static int ssl_check_server_ecdh_params( const ssl_context *ssl )
{
- // TODO: print name instead
- SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
- (int) ssl->handshake->ecdh_ctx.grp.nbits ) );
+ const ecp_curve_info *curve_info;
+
+ curve_info = ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
+ if( curve_info == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "Should never happen" ) );
+ return( -1 );
+ }
+
+ SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
#if defined(POLARSSL_SSL_ECP_SET_CURVES)
if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 20a6be5..5acb64b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -536,7 +536,7 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- /* Don't allow our peer to make use allocated too much memory,
+ /* Don't allow our peer to make us allocate too much memory,
* and leave room for a final 0 */
our_size = list_size / 2 + 1;
if( our_size > POLARSSL_ECP_DP_MAX )
@@ -2105,54 +2105,36 @@
* ECPoint public;
* } ServerECDHParams;
*/
- ecp_group_id grp_id;
+ const ecp_curve_info **curve;
#if defined(POLARSSL_SSL_SET_CURVES)
- unsigned int pref_idx, curv_idx, found;
+ const ecp_group_id *gid;
- /* Match our preference list against the agreed curves */
- for( pref_idx = 0, found = 0;
- ssl->curve_list[pref_idx] != POLARSSL_ECP_DP_NONE;
- pref_idx++ )
+ /* Match our preference list against the offered curves */
+ for( gid = ssl->curve_list; *gid != POLARSSL_ECP_DP_NONE; gid++ )
+ for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
+ if( (*curve)->grp_id == *gid )
+ goto curve_matching_done;
+
+curve_matching_done:
+#else
+ curve = ssl->handshake->curves;
+#endif
+
+ if( *curve == NULL )
{
- /* Look through the agreed curve list */
- for( curv_idx = 0;
- ssl->handshake->curves[curv_idx] != NULL;
- curv_idx++ )
- {
- if (ssl->handshake->curves[curv_idx]->grp_id ==
- ssl->curve_list[pref_idx] )
- {
- /* We found our most preferred curve */
- found = 1;
- break;
- }
- }
-
- /* Exit the search if we have found our curve */
- if( found == 1 )
- break;
+ SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
+ return( POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN );
}
- /*
- * If we haven't found any allowed / preferred curve,
- * ssl->curve_list[pref_idx] will contain POLARSSL_ECP_DP_NONE and
- * ecp_use_known_dp() will fail.
- */
- grp_id = ssl->curve_list[pref_idx];
-#else
- grp_id = ssl->handshake->curves[0]->grp_id;
-#endif /* POLARSSL_SSL_SET_CURVES */
+ SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
if( ( ret = ecp_use_known_dp( &ssl->handshake->ecdh_ctx.grp,
- grp_id ) ) != 0 )
+ (*curve)->grp_id ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ecp_use_known_dp", ret );
return( ret );
}
- SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
- (int) ssl->handshake->ecdh_ctx.grp.nbits ) );
-
if( ( ret = ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
p, SSL_MAX_CONTENT_LEN - n,
ssl->f_rng, ssl->p_rng ) ) != 0 )
