diff options
| author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-07-29 23:13:50 (EDT) |
|---|---|---|
| committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-07-29 23:13:50 (EDT) |
| commit | 61f9174d6855a3f59617e02b5a01006cabe3d534 (patch) | |
| tree | 83ff0140b2df2e372a997d6d06998dfee8c13de3 | |
| parent | a060eceac0038e0783ec0237b60a9a1d3d2e2b60 (diff) | |
s_client: Use supported curves
| -rw-r--r-- | src/s_client.c | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/src/s_client.c b/src/s_client.c index 3559728..20ef929 100644 --- a/src/s_client.c +++ b/src/s_client.c @@ -29,6 +29,7 @@ #include <sys/socket.h> #include <unistd.h> +#include <wolfssl/options.h> #include <wolfssl/ssl.h> #include <wolfssl/wolfcrypt/settings.h> @@ -37,7 +38,9 @@ #define CA_CERTS "/etc/ssl/certs" #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) +#undef MAX #define MAX(a, b) (((a) > (b)) ? (a) : (b)) +#undef MIN #define MIN(a, b) (((a) < (b)) ? (a) : (b)) static _Bool @@ -57,6 +60,99 @@ parse_host_port(char *hostport, char **host, char **port) return true; } +#ifdef HAVE_SUPPORTED_CURVES +static _Bool +use_curves(WOLFSSL_CTX *ctx) +{ + static word16 curves[] = { +#ifdef HAVE_CURVE25519 + WOLFSSL_ECC_X25519, +#endif +#ifdef HAVE_ECC +# if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) +# ifdef HAVE_ECC_KOBLITZ + WOLFSSL_ECC_SECP160K1, +# endif +# ifndef NO_ECC_SECP /* Ugh double negative */ + WOLFSSL_ECC_SECP160R1, +# endif +# ifdef HAVE_ECC_SECPR2 + WOLFSSL_ECC_SECP160R2, +# endif +# endif +# if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) +# ifdef HAVE_ECC_KOBLITZ + WOLFSSL_ECC_SECP192K1, +# endif +# ifndef NO_ECC_SECP + WOLFSSL_ECC_SECP192R1, +# endif +# endif +# if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) +# ifdef HAVE_ECC_KOBLITZ + WOLFSSL_ECC_SECP224K1, +# endif +# ifndef NO_ECC_SECP + WOLFSSL_ECC_SECP224R1, +# endif +# endif +# if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) +# ifdef HAVE_ECC_KOBLITZ + WOLFSSL_ECC_SECP256K1, +# endif +# ifndef NO_ECC_SECP + WOLFSSL_ECC_SECP256R1, +# endif +# ifdef HAVE_ECC_BRAINPOOL + WOLFSSL_ECC_BRAINPOOLP256R1, +# endif +# endif +# if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) +# ifndef NO_ECC_SECP + WOLFSSL_ECC_SECP384R1, +# endif +# ifdef HAVE_ECC_BRAINPOOL + WOLFSSL_ECC_BRAINPOOLP384R1, +# endif +# endif +# if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) +# ifndef NO_ECC_SECP + WOLFSSL_ECC_SECP521R1, +# endif +# ifdef HAVE_ECC_BRAINPOOL + WOLFSSL_ECC_BRAINPOOLP512R1, +# endif +# endif +#endif /* HAVE_ECC */ +#ifdef HAVE_FFDHE_2048 + WOLFSSL_FFDHE_2048, +#endif +#ifdef HAVE_FFDHE_3072 + WOLFSSL_FFDHE_3072, +#endif +#ifdef HAVE_FFDHE_4096 + WOLFSSL_FFDHE_4096, +#endif +#ifdef HAVE_FFDHE_6144 + WOLFSSL_FFDHE_6144, +#endif +#ifdef HAVE_FFDHE_8192 + WOLFSSL_FFDHE_8192, +#endif + }; + size_t i; + + for (i = 0; i < ARRAY_SIZE(curves); ++i) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, curves[i]) != + WOLFSSL_SUCCESS) { + return false; + } + } + + return true; +} +#endif /* HAVE_SUPPORTED_CURVES */ + static int connect_socket(const char *host, const char *port) { @@ -247,6 +343,13 @@ s_client(int argc, char **argv) #else (void) servername; #endif +#ifdef HAVE_SUPPORTED_CURVES + if (use_curves(ctx) == false) { + fputs("Out of memory\n", stderr); + ret = EXIT_FAILURE; + goto ctx_free; + } +#endif ssl = wolfSSL_new(ctx); if (ssl == NULL) { |