From 8837c1be2ba8a3c123df3f5a87003daa9aac6539 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Mon, 30 Dec 2013 11:54:23 +0100
Subject: crypto: selective support for GF2m curves

Newer OpenSSL versions allow to selectively disable GF2m elliptic curves.
Selectively enable GF2m curves is support for them is available.
---
 lib/ssl/src/tls_v1.erl | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index b618675cce..7c7fdd64c3 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -368,12 +368,19 @@ finished_label(server) ->
 
 %% list ECC curves in prefered order
 ecc_curves(_Minor) ->
-    [?sect571r1,?sect571k1,?secp521r1,?brainpoolP512r1,
-     ?sect409k1,?sect409r1,?brainpoolP384r1,?secp384r1,
-     ?sect283k1,?sect283r1,?brainpoolP256r1,?secp256k1,?secp256r1,
-     ?sect239k1,?sect233k1,?sect233r1,?secp224k1,?secp224r1,
-     ?sect193r1,?sect193r2,?secp192k1,?secp192r1,?sect163k1,
-     ?sect163r1,?sect163r2,?secp160k1,?secp160r1,?secp160r2].
+    TLSCurves = [sect571r1,sect571k1,secp521r1,brainpoolP512r1,
+		 sect409k1,sect409r1,brainpoolP384r1,secp384r1,
+		 sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1,
+		 sect239k1,sect233k1,sect233r1,secp224k1,secp224r1,
+		 sect193r1,sect193r2,secp192k1,secp192r1,sect163k1,
+		 sect163r1,sect163r2,secp160k1,secp160r1,secp160r2],
+    CryptoCurves = crypto:ec_curves(),
+    lists:foldr(fun(Curve, Curves) ->
+			case proplists:get_bool(Curve, CryptoCurves) of
+			    true ->  [pubkey_cert_records:namedCurves(Curve)|Curves];
+			    false -> Curves
+			end
+		end, [], TLSCurves).
 
 %% ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005)
 oid_to_enum(?sect163k1) -> 1;
-- 
cgit v1.2.3