Output supported curves in preference order instead of numerically.

diff --git a/CHANGES b/CHANGES
index 1633d27975c91f122c4e9266b2c3cf4e56e8ffbf..592b6154c1baa932360fe8cfa19e065ecad7dac5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Output TLS supported curves in preference order instead of numerical
+     order. This is currently hardcoded for the highest order curves first.
+     This should be configurable so applications can judge speed vs strength.
+     [Steve Henson]
+
   *) Add protection against ECDSA timing attacks as mentioned in the paper
      by Billy Bob Brumley and Nicola Tuveri, see:
 

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 43ca29adcd501be777d1c9ba68ef109afe3c0128..bb87fa238852ea5148503ad50fc057f550c60390 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -170,6 +170,7 @@ void tls1_clear(SSL *s)
        }
 
 #ifndef OPENSSL_NO_EC
+
 static int nid_list[] =
        {
                NID_sect163k1, /* sect163k1 (1) */
@@ -198,7 +199,36 @@ static int nid_list[] =
                NID_secp384r1, /* secp384r1 (24) */
                NID_secp521r1  /* secp521r1 (25) */     
        };
-       
+
+static int pref_list[] =
+       {
+               NID_sect571r1, /* sect571r1 (14) */ 
+               NID_sect571k1, /* sect571k1 (13) */ 
+               NID_secp521r1, /* secp521r1 (25) */     
+               NID_sect409k1, /* sect409k1 (11) */ 
+               NID_sect409r1, /* sect409r1 (12) */
+               NID_secp384r1, /* secp384r1 (24) */
+               NID_sect283k1, /* sect283k1 (9) */
+               NID_sect283r1, /* sect283r1 (10) */ 
+               NID_secp256k1, /* secp256k1 (22) */ 
+               NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+               NID_sect239k1, /* sect239k1 (8) */ 
+               NID_sect233k1, /* sect233k1 (6) */
+               NID_sect233r1, /* sect233r1 (7) */ 
+               NID_secp224k1, /* secp224k1 (20) */ 
+               NID_secp224r1, /* secp224r1 (21) */
+               NID_sect193r1, /* sect193r1 (4) */ 
+               NID_sect193r2, /* sect193r2 (5) */ 
+               NID_secp192k1, /* secp192k1 (18) */
+               NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+               NID_sect163k1, /* sect163k1 (1) */
+               NID_sect163r1, /* sect163r1 (2) */
+               NID_sect163r2, /* sect163r2 (3) */
+               NID_secp160k1, /* secp160k1 (15) */
+               NID_secp160r1, /* secp160r1 (16) */ 
+               NID_secp160r2, /* secp160r2 (17) */ 
+       };
+
 int tls1_ec_curve_id2nid(int curve_id)
        {
        /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
@@ -1487,16 +1517,19 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
 
                /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
                if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
-               s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;
+               s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
                if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
                        {
                        s->tlsext_ellipticcurvelist_length = 0;
                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
                        return -1;
                        }
-               for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
-                               sizeof(nid_list)/sizeof(nid_list[0]); i++)
-                       s2n(i,j);
+               for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
+                               sizeof(pref_list)/sizeof(pref_list[0]); i++)
+                       {
+                       int id = tls1_ec_nid2curve_id(pref_list[i]);
+                       s2n(id,j);
+                       }
                }
 #endif /* OPENSSL_NO_EC */