From a84b9b4e5d985a5d8a37268a76e1d35210fd31c5 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Tue, 1 Jun 2021 11:27:05 +0000 Subject: Add all the missing pieces for sni_policy sbearssl_server_init_and_run is yet unchanged, the next step is to rewrite it using the new primitives. --- src/sbearssl/sbearssl_choose_algos_ec.c | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 src/sbearssl/sbearssl_choose_algos_ec.c (limited to 'src/sbearssl/sbearssl_choose_algos_ec.c') diff --git a/src/sbearssl/sbearssl_choose_algos_ec.c b/src/sbearssl/sbearssl_choose_algos_ec.c new file mode 100644 index 0000000..8f02868 --- /dev/null +++ b/src/sbearssl/sbearssl_choose_algos_ec.c @@ -0,0 +1,44 @@ +/* ISC license. */ + +#include + +#include +#include "sbearssl-internal.h" + +int sbearssl_choose_algos_ec (br_ssl_server_context const *sc, br_ssl_server_choices *choices, unsigned int usages, int kt) +{ + size_t n ; + br_suite_translated const *st = br_ssl_server_get_client_suites(sc, &n) ; + unsigned int hash_id = sbearssl_choose_hash(br_ssl_server_get_client_hashes(sc) >> 8) ; + if (sc->eng.session.version < BR_TLS12) hash_id = br_sha1_ID ; + for (size_t i = 0 ; i < n ; i++) + { + unsigned int tt = st[i][1] ; + switch (tt >> 12) + { + case BR_SSLKEYX_ECDH_RSA : + if ((usages & BR_KEYTYPE_KEYX) && kt == BR_KEYTYPE_RSA) + { + choices->cipher_suite = st[i][0] ; + return 1 ; + } + break ; + case BR_SSLKEYX_ECDH_ECDSA : + if ((usages & BR_KEYTYPE_KEYX) && kt == BR_KEYTYPE_EC) + { + choices->cipher_suite = st[i][0] ; + return 1 ; + } + break ; + case BR_SSLKEYX_ECDHE_ECDSA : + if ((usages & BR_KEYTYPE_SIGN) && hash_id) + { + choices->cipher_suite = st[i][0] ; + choices->algo_id = hash_id + 0xff00 ; + return 1 ; + } + break ; + } + } + return 0 ; +} -- cgit v1.3.1