Handle suported_point_formats in ServerHello
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 68f6cae..4b7e4b5 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -273,7 +273,7 @@
*olen = 6;
}
-#endif
+#endif /* POLARSSL_ECDH_C */
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
static void ssl_write_max_fragment_length_ext( ssl_context *ssl,
@@ -686,6 +686,40 @@
}
#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_ECP_C)
+static int ssl_parse_supported_point_formats_ext( ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ size_t list_size;
+ const unsigned char *p;
+
+ list_size = buf[0];
+ if( list_size + 1 != len )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
+ }
+
+ p = buf + 2;
+ while( list_size > 0 )
+ {
+ if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED ||
+ p[0] == POLARSSL_ECP_PF_COMPRESSED )
+ {
+ ssl->handshake->ec_point_format = p[0];
+ SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
+ return( 0 );
+ }
+
+ list_size--;
+ p++;
+ }
+
+ return( 0 );
+}
+#endif /* POLARSSL_ECP_C */
+
static int ssl_parse_server_hello( ssl_context *ssl )
{
uint32_t t;
@@ -941,6 +975,19 @@
break;
#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_ECP_C)
+ case TLS_EXT_SUPPORTED_POINT_FORMATS:
+ SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
+
+ if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
+ ext + 4, ext_size ) ) != 0 )
+ {
+ return( ret );
+ }
+
+ break;
+#endif /* POLARSSL_ECP_C */
+
default:
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
ext_id ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2b6f06f..85820a5 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -553,6 +553,7 @@
p[0] == POLARSSL_ECP_PF_COMPRESSED )
{
ssl->handshake->ec_point_format = p[0];
+ SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
return( 0 );
}
@@ -1423,6 +1424,31 @@
}
#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_ECDH_C)
+static void ssl_write_supported_point_formats_ext( ssl_context *ssl,
+ unsigned char *buf,
+ size_t *olen )
+{
+ unsigned char *p = buf;
+ ((void) ssl);
+
+ *olen = 0;
+
+ SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
+
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
+
+ *p++ = 0x00;
+ *p++ = 2;
+
+ *p++ = 1;
+ *p++ = POLARSSL_ECP_PF_UNCOMPRESSED;
+
+ *olen = 6;
+}
+#endif /* POLARSSL_ECDH_C */
+
static int ssl_write_server_hello( ssl_context *ssl )
{
#if defined(POLARSSL_HAVE_TIME)
@@ -1578,6 +1604,11 @@
ext_len += olen;
#endif
+#if defined(POLARSSL_ECDH_C)
+ ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ ext_len += olen;
+#endif
+
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );