Added the possibility to define the allowed curves for ECDHE handshake. It also defines the preference of the curves.
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 1bda2b3..2b50304 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -83,6 +83,12 @@
#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
#endif
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
+#endif
+
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
@@ -721,6 +727,9 @@
int disable_renegotiation; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
+ const ecp_group_id *ecdh_curve_list;/*!< allowed curves for ECDH */
+#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< negotiate truncated hmac? */
#endif
@@ -1149,6 +1158,19 @@
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#endif
+#if defined(POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
+/**
+ * \brief Set the allowed ECDH curves.
+ *
+ * The sequence of the curves in the list also determines the
+ * handshake curve preference.
+ *
+ * \param ssl SSL context
+ * \param ecdh_curve_list Zero terminated list of the allowed ECDH curves
+ */
+void ssl_set_ecdh_curves( ssl_context *ssl, const ecp_group_id *ecdh_curve_list );
+#endif
+
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/**
* \brief Set hostname for ServerName TLS extension