diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2021-06-01 11:27:05 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2021-06-01 11:27:05 +0000 |
commit | a84b9b4e5d985a5d8a37268a76e1d35210fd31c5 (patch) | |
tree | 64cf1b6e3f21e1ac96ea119358fda95091ee6e93 /src/sbearssl/sbearssl_choose_algos_ec.c | |
parent | e763c3ef1485404585b923365f93314aab4e8dd6 (diff) | |
download | s6-networking-a84b9b4e5d985a5d8a37268a76e1d35210fd31c5.tar.xz |
Add all the missing pieces for sni_policy
sbearssl_server_init_and_run is yet unchanged, the next step
is to rewrite it using the new primitives.
Diffstat (limited to 'src/sbearssl/sbearssl_choose_algos_ec.c')
-rw-r--r-- | src/sbearssl/sbearssl_choose_algos_ec.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_choose_algos_ec.c b/src/sbearssl/sbearssl_choose_algos_ec.c new file mode 100644 index 0000000..8f02868 --- /dev/null +++ b/src/sbearssl/sbearssl_choose_algos_ec.c @@ -0,0 +1,44 @@ +/* ISC license. */ + +#include <bearssl.h> + +#include <s6-networking/sbearssl.h> +#include "sbearssl-internal.h" + +int sbearssl_choose_algos_ec (br_ssl_server_context const *sc, br_ssl_server_choices *choices, unsigned int usages, int kt) +{ + size_t n ; + br_suite_translated const *st = br_ssl_server_get_client_suites(sc, &n) ; + unsigned int hash_id = sbearssl_choose_hash(br_ssl_server_get_client_hashes(sc) >> 8) ; + if (sc->eng.session.version < BR_TLS12) hash_id = br_sha1_ID ; + for (size_t i = 0 ; i < n ; i++) + { + unsigned int tt = st[i][1] ; + switch (tt >> 12) + { + case BR_SSLKEYX_ECDH_RSA : + if ((usages & BR_KEYTYPE_KEYX) && kt == BR_KEYTYPE_RSA) + { + choices->cipher_suite = st[i][0] ; + return 1 ; + } + break ; + case BR_SSLKEYX_ECDH_ECDSA : + if ((usages & BR_KEYTYPE_KEYX) && kt == BR_KEYTYPE_EC) + { + choices->cipher_suite = st[i][0] ; + return 1 ; + } + break ; + case BR_SSLKEYX_ECDHE_ECDSA : + if ((usages & BR_KEYTYPE_SIGN) && hash_id) + { + choices->cipher_suite = st[i][0] ; + choices->algo_id = hash_id + 0xff00 ; + return 1 ; + } + break ; + } + } + return 0 ; +} |