SSL: Add support for selecting which curves should be used by an elliptic cipher

[ChangeLog][QtNetwork][QtSSL] It is now possible to choose which elliptic curves should be used by an elliptic curve cipher. Change-Id: If5d0d58922768b6f1375836489180e576f5a015a Done-with: Marc Mutz <marc.mutz@kdab.com> Reviewed-by: Richard J. Moore <rich@kde.org>
author: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> 2014-09-03 11:12:12 +0200
committer: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com> 2014-11-26 22:07:56 +0100
commit: ffbfd8eda691be9e6814187015d87dffc2b0d58f (patch)
tree: 812f64a370cd4e30771201d821a0d12668b232ee /src/network/ssl/qsslcontext_openssl.cpp
parent: 153463ea956794053af755c22f6562fff4ed520a (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp
index a2758398f4..e62367cef3 100644
--- a/src/network/ssl/qsslcontext_openssl.cpp
+++ b/src/network/ssl/qsslcontext_openssl.cpp
@@ -2,6 +2,7 @@
 **
 ** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
 ** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
+** Copyright (C) 2014 Governikus GmbH & Co. KG.
 ** Contact: http://www.qt-project.org/legal
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
@@ -327,6 +328,30 @@ init_context:
     q_EC_KEY_free(ecdh);
 #endif // OPENSSL_NO_EC
 
+    const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves();
+    if (!qcurves.isEmpty()) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+        // Set the curves to be used
+        if (q_SSLeay() >= 0x10002000L) {
+            QVarLengthArray<int, 32> curves;
+            foreach (const QSslEllipticCurve curve, qcurves)
+                curves.append(curve.id);
+
+            if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, curves.size(), curves.data())) {
+                sslContext->errorStr = QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+                sslContext->errorCode = QSslError::UnspecifiedError;
+                return sslContext;
+            }
+        } else
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC)
+        {
+            // specific curves requested, but not possible to set -> error
+            sslContext->errorStr = QSslSocket::tr("Error when setting the elliptic curves (OpenSSL version too old, need at least v1.0.2)");
+            sslContext->errorCode = QSslError::UnspecifiedError;
+            return sslContext;
+        }
+    }
+
     return sslContext;
 }
author	Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>	2014-09-03 11:12:12 +0200
committer	Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>	2014-11-26 22:07:56 +0100
commit	ffbfd8eda691be9e6814187015d87dffc2b0d58f (patch)
tree	812f64a370cd4e30771201d821a0d12668b232ee /src/network/ssl/qsslcontext_openssl.cpp
parent	153463ea956794053af755c22f6562fff4ed520a (diff)