X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_client.t0;h=89da775d22f628e45a45d1627ad21617112d808d;hp=4067b4d4a83a42d0abcc891605f59fcb124d125e;hb=3655193439d4e093bb80a2f0d9e02179d424de08;hpb=05ac106834fa8889cf55ee462fe4108d4712040a;ds=sidebyside

diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0
index 4067b4d..89da775 100644
--- a/src/ssl/ssl_hs_client.t0
+++ b/src/ssl/ssl_hs_client.t0
@@ -230,8 +230,8 @@ make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
 {
 	int curve;
 	unsigned char key[66], point[133];
-	const unsigned char *generator, *order, *point_src;
-	size_t glen, olen, point_len;
+	const unsigned char *order, *point_src;
+	size_t glen, olen, point_len, xoff, xlen;
 	unsigned char mask;
 
 	if (ecdhe) {
@@ -271,7 +271,7 @@ make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
 	 * Compute the common ECDH point, whose X coordinate is the
 	 * pre-master secret.
 	 */
-	generator = ctx->eng.iec->generator(curve, &glen);
+	ctx->eng.iec->generator(curve, &glen);
 	if (glen != point_len) {
 		return -BR_ERR_INVALID_ALGORITHM;
 	}
@@ -284,12 +284,10 @@ make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
 	/*
 	 * The pre-master secret is the X coordinate.
 	 */
-	br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
+	xoff = ctx->eng.iec->xoff(curve, &xlen);
+	br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
 
-	memcpy(point, generator, glen);
-	if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
-		return -BR_ERR_INVALID_ALGORITHM;
-	}
+	ctx->eng.iec->mulgen(point, key, olen, curve);
 	memcpy(ctx->eng.pad, point, glen);
 	return (int)glen;
 }
@@ -320,12 +318,12 @@ make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
 	}
 	memcpy(point, pk->key.ec.q, point_len);
 	if (!(*ctx->client_auth_vtable)->do_keyx(
-		ctx->client_auth_vtable, point, point_len))
+		ctx->client_auth_vtable, point, &point_len))
 	{
 		return -1;
 	}
 	br_ssl_engine_compute_master(&ctx->eng,
-		prf_id, point + 1, point_len >> 1);
+		prf_id, point, point_len);
 	return 0;
 }
 
@@ -393,10 +391,9 @@ addr-ctx: hash_id
 
 \ Length of Signatures extension.
 : ext-signatures-length ( -- len )
-	supported-hash-functions { x } drop
-	0
-	supports-rsa-sign? if x + then
-	supports-ecdsa? if x + then
+	supported-hash-functions { num } drop 0
+	supports-rsa-sign? if num + then
+	supports-ecdsa? if num + then
 	dup if 1 << 6 + then ;
 
 \ Write supported hash functions ( sign -- )
@@ -538,13 +535,16 @@ cc: ext-ALPN-length ( -- len ) {
 			supports-rsa-sign? if 1 write-hashes then
 		then
 		\ TODO: add an API to specify preference order for curves.
-		\ Right now we use increasing id order, which makes P-256
-		\ the preferred curve.
+		\ Right now we send Curve25519 first, then other curves in
+		\ increasing ID values (hence P-256 in second).
 		ext-supported-curves-length dup if
 			0x000A write16          \ extension type (10)
 			4 - dup write16         \ extension length
 			2- write16              \ list length
 			supported-curves 0
+			dup 0x20000000 and if
+				0xDFFFFFFF and 29 write16
+			then
 			begin dup 32 < while
 				dup2 >> 1 and if dup write16 then
 				1+
@@ -1026,7 +1026,7 @@ cc: get-client-chain ( auth_types -- ) {
 		\  - There is an explicit list of supported sign+hash.
 		\  - The ECDH flags must be adjusted for RSA/ECDSA
 		\    support.
-		read-list-sign-algos dup addr-hashes set16
+		read-list-sign-algos dup addr-hashes set32
 
 		\ Trim down the list depending on what hash functions
 		\ we support (since the hashing itself is done by the SSL