-typedef struct
- {
- int nid; /* Curve NID */
- int secbits; /* Bits of security (from SP800-57) */
- unsigned int flags; /* Flags: currently just field type */
- } tls_curve_info;
-
-#define TLS_CURVE_CHAR2 0x1
-#define TLS_CURVE_PRIME 0x0
-
-static tls_curve_info nid_list[] =
- {
- {NID_sect163k1, 80, TLS_CURVE_CHAR2},/* sect163k1 (1) */
- {NID_sect163r1, 80, TLS_CURVE_CHAR2},/* sect163r1 (2) */
- {NID_sect163r2, 80, TLS_CURVE_CHAR2},/* sect163r2 (3) */
- {NID_sect193r1, 80, TLS_CURVE_CHAR2},/* sect193r1 (4) */
- {NID_sect193r2, 80, TLS_CURVE_CHAR2},/* sect193r2 (5) */
- {NID_sect233k1, 112, TLS_CURVE_CHAR2},/* sect233k1 (6) */
- {NID_sect233r1, 112, TLS_CURVE_CHAR2},/* sect233r1 (7) */
- {NID_sect239k1, 112, TLS_CURVE_CHAR2},/* sect239k1 (8) */
- {NID_sect283k1, 128, TLS_CURVE_CHAR2},/* sect283k1 (9) */
- {NID_sect283r1, 128, TLS_CURVE_CHAR2},/* sect283r1 (10) */
- {NID_sect409k1, 192, TLS_CURVE_CHAR2},/* sect409k1 (11) */
- {NID_sect409r1, 192, TLS_CURVE_CHAR2},/* sect409r1 (12) */
- {NID_sect571k1, 256, TLS_CURVE_CHAR2},/* sect571k1 (13) */
- {NID_sect571r1, 256, TLS_CURVE_CHAR2},/* sect571r1 (14) */
- {NID_secp160k1, 80, TLS_CURVE_PRIME},/* secp160k1 (15) */
- {NID_secp160r1, 80, TLS_CURVE_PRIME},/* secp160r1 (16) */
- {NID_secp160r2, 80, TLS_CURVE_PRIME},/* secp160r2 (17) */
- {NID_secp192k1, 80, TLS_CURVE_PRIME},/* secp192k1 (18) */
- {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME},/* secp192r1 (19) */
- {NID_secp224k1, 112, TLS_CURVE_PRIME},/* secp224k1 (20) */
- {NID_secp224r1, 112, TLS_CURVE_PRIME},/* secp224r1 (21) */
- {NID_secp256k1, 128, TLS_CURVE_PRIME},/* secp256k1 (22) */
- {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME},/* secp256r1 (23) */
- {NID_secp384r1, 192, TLS_CURVE_PRIME},/* secp384r1 (24) */
- {NID_secp521r1, 256, TLS_CURVE_PRIME},/* secp521r1 (25) */
- {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
- {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
- {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME},/* brainpool512r1 (28) */
- };
-
-
-static const unsigned char ecformats_default[] =
- {
- TLSEXT_ECPOINTFORMAT_uncompressed,
- TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
- TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
- };
-
-static const unsigned char eccurves_default[] =
- {
- 0,14, /* sect571r1 (14) */
- 0,13, /* sect571k1 (13) */
- 0,25, /* secp521r1 (25) */
- 0,28, /* brainpool512r1 (28) */
- 0,11, /* sect409k1 (11) */
- 0,12, /* sect409r1 (12) */
- 0,27, /* brainpoolP384r1 (27) */
- 0,24, /* secp384r1 (24) */
- 0,9, /* sect283k1 (9) */
- 0,10, /* sect283r1 (10) */
- 0,26, /* brainpoolP256r1 (26) */
- 0,22, /* secp256k1 (22) */
- 0,23, /* secp256r1 (23) */
- 0,8, /* sect239k1 (8) */
- 0,6, /* sect233k1 (6) */
- 0,7, /* sect233r1 (7) */
- 0,20, /* secp224k1 (20) */
- 0,21, /* secp224r1 (21) */
- 0,4, /* sect193r1 (4) */
- 0,5, /* sect193r2 (5) */
- 0,18, /* secp192k1 (18) */
- 0,19, /* secp192r1 (19) */
- 0,1, /* sect163k1 (1) */
- 0,2, /* sect163r1 (2) */
- 0,3, /* sect163r2 (3) */
- 0,15, /* secp160k1 (15) */
- 0,16, /* secp160r1 (16) */
- 0,17, /* secp160r2 (17) */
- };
-
-static const unsigned char suiteb_curves[] =
- {
- 0, TLSEXT_curve_P_256,
- 0, TLSEXT_curve_P_384
- };
+typedef struct {
+ int nid; /* Curve NID */
+ int secbits; /* Bits of security (from SP800-57) */
+ unsigned int flags; /* Flags: currently just field type */
+} tls_curve_info;
+
+# define TLS_CURVE_CHAR2 0x1
+# define TLS_CURVE_PRIME 0x0
+
+static const tls_curve_info nid_list[] = {
+ {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
+ {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
+ {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */
+ {NID_sect193r1, 80, TLS_CURVE_CHAR2}, /* sect193r1 (4) */
+ {NID_sect193r2, 80, TLS_CURVE_CHAR2}, /* sect193r2 (5) */
+ {NID_sect233k1, 112, TLS_CURVE_CHAR2}, /* sect233k1 (6) */
+ {NID_sect233r1, 112, TLS_CURVE_CHAR2}, /* sect233r1 (7) */
+ {NID_sect239k1, 112, TLS_CURVE_CHAR2}, /* sect239k1 (8) */
+ {NID_sect283k1, 128, TLS_CURVE_CHAR2}, /* sect283k1 (9) */
+ {NID_sect283r1, 128, TLS_CURVE_CHAR2}, /* sect283r1 (10) */
+ {NID_sect409k1, 192, TLS_CURVE_CHAR2}, /* sect409k1 (11) */
+ {NID_sect409r1, 192, TLS_CURVE_CHAR2}, /* sect409r1 (12) */
+ {NID_sect571k1, 256, TLS_CURVE_CHAR2}, /* sect571k1 (13) */
+ {NID_sect571r1, 256, TLS_CURVE_CHAR2}, /* sect571r1 (14) */
+ {NID_secp160k1, 80, TLS_CURVE_PRIME}, /* secp160k1 (15) */
+ {NID_secp160r1, 80, TLS_CURVE_PRIME}, /* secp160r1 (16) */
+ {NID_secp160r2, 80, TLS_CURVE_PRIME}, /* secp160r2 (17) */
+ {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
+ {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
+ {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
+ {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
+ {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
+ {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
+ {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
+ {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
+ {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
+ {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
+ {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
+};
+
+static const unsigned char ecformats_default[] = {
+ TLSEXT_ECPOINTFORMAT_uncompressed,
+ TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
+ TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
+};
+
+/* The default curves */
+static const unsigned char eccurves_default[] = {
+ /* Prefer P-256 which has the fastest and most secure implementations. */
+ 0, 23, /* secp256r1 (23) */
+ /* Other >= 256-bit prime curves. */
+ 0, 25, /* secp521r1 (25) */
+ 0, 28, /* brainpool512r1 (28) */
+ 0, 27, /* brainpoolP384r1 (27) */
+ 0, 24, /* secp384r1 (24) */
+ 0, 26, /* brainpoolP256r1 (26) */
+ 0, 22, /* secp256k1 (22) */
+ /* >= 256-bit binary curves. */
+ 0, 14, /* sect571r1 (14) */
+ 0, 13, /* sect571k1 (13) */
+ 0, 11, /* sect409k1 (11) */
+ 0, 12, /* sect409r1 (12) */
+ 0, 9, /* sect283k1 (9) */
+ 0, 10, /* sect283r1 (10) */
+};
+
+static const unsigned char eccurves_all[] = {
+ /* Prefer P-256 which has the fastest and most secure implementations. */
+ 0, 23, /* secp256r1 (23) */
+ /* Other >= 256-bit prime curves. */
+ 0, 25, /* secp521r1 (25) */
+ 0, 28, /* brainpool512r1 (28) */
+ 0, 27, /* brainpoolP384r1 (27) */
+ 0, 24, /* secp384r1 (24) */
+ 0, 26, /* brainpoolP256r1 (26) */
+ 0, 22, /* secp256k1 (22) */
+ /* >= 256-bit binary curves. */
+ 0, 14, /* sect571r1 (14) */
+ 0, 13, /* sect571k1 (13) */
+ 0, 11, /* sect409k1 (11) */
+ 0, 12, /* sect409r1 (12) */
+ 0, 9, /* sect283k1 (9) */
+ 0, 10, /* sect283r1 (10) */
+ /*
+ * Remaining curves disabled by default but still permitted if set
+ * via an explicit callback or parameters.
+ */
+ 0, 20, /* secp224k1 (20) */
+ 0, 21, /* secp224r1 (21) */
+ 0, 18, /* secp192k1 (18) */
+ 0, 19, /* secp192r1 (19) */
+ 0, 15, /* secp160k1 (15) */
+ 0, 16, /* secp160r1 (16) */
+ 0, 17, /* secp160r2 (17) */
+ 0, 8, /* sect239k1 (8) */
+ 0, 6, /* sect233k1 (6) */
+ 0, 7, /* sect233r1 (7) */
+ 0, 4, /* sect193r1 (4) */
+ 0, 5, /* sect193r2 (5) */
+ 0, 1, /* sect163k1 (1) */
+ 0, 2, /* sect163r1 (2) */
+ 0, 3, /* sect163r2 (3) */
+};
+
+
+static const unsigned char suiteb_curves[] = {
+ 0, TLSEXT_curve_P_256,
+ 0, TLSEXT_curve_P_384
+};