(sizeof suites) / (sizeof suites[0]));
/*
- * Public-key algorithm imeplementations.
+ * Public-key algorithm implementations.
*
* -- RSA public core ("rsapub") is needed for "RSA" key exchange
* (cipher suites whose name starts with TLS_RSA).
* -- ECDSA signature verification is needed for "ECDHE_ECDSA"
* cipher suites (but not for ECDHE_RSA, ECDH_ECDSA or ECDH_RSA).
*
+ * Normally, you use the "default" implementations, obtained
+ * through relevant function calls. These functions return
+ * implementations that are deemed "best" for the current
+ * platform, where "best" means "fastest within constant-time
+ * implementations". Selecting the default implementation is a
+ * mixture of compile-time and runtime checks.
+ *
+ * Nevertheless, specific implementations may be selected
+ * explicitly, e.g. to use code which is slower but with a
+ * smaller footprint.
+ *
* The RSA code comes in three variants, called "i15", "i31" and
* "i32". The "i31" code is somewhat faster than the "i32" code.
* Usually, "i31" is faster than "i15", except on some specific
* architectures (ARM Cortex M0, M0+, M1 and M3) where the "i15"
- * should be prefered (the "i15" code is constant-time, while
+ * should be preferred (the "i15" code is constant-time, while
* the "i31" is not, and the "i15" code is faster anyway).
*
* ECDSA code also comes in "i15" and "i31" variants. As in the
* implementations directly will result in smaller code, but
* support for fewer curves and possibly lower performance.
*/
+ br_ssl_client_set_default_rsapub(cc);
+ br_ssl_engine_set_default_rsavrfy(&cc->eng);
+ br_ssl_engine_set_default_ecdsa(&cc->eng);
+ /* Alternate: set implementations explicitly.
br_ssl_client_set_rsapub(cc, &br_rsa_i31_public);
br_ssl_client_set_rsavrfy(cc, &br_rsa_i31_pkcs1_vrfy);
br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m31);
- br_ssl_client_set_ecdsa(cc, &br_ecdsa_i31_vrfy_asn1);
+ br_ssl_engine_set_ecdsa(&cc->eng, &br_ecdsa_i31_vrfy_asn1);
+ */
/*
* Record handler:
* but it is not constant-time.
*
* aes_x86ni Very fast implementation that uses the AES-NI
- * opcodes on recent x86 CPU.
+ * opcodes on recent x86 CPU. But it may not be
+ * compiled in the library if the compiler or
+ * architecture is not supported; and the CPU
+ * may also not support the opcodes. Selection
+ * functions are provided to test for availability
+ * of the code and the opcodes.
*
* Whether having constant-time implementations is absolutely
* required for security depends on the context (in particular
* ctmul64 Uses 64-bit multiplications with a 64-bit result.
*
* On 64-bit platforms, ctmul64 is the smallest and fastest of
- * the three. On 32-bit systems, ctmul should be prefered. The
+ * the three. On 32-bit systems, ctmul should be preferred. The
* ctmul32 implementation is meant to be used for the specific
* 32-bit systems that do not have a 32x32->64 multiplier (i.e.
* the ARM Cortex-M0 and Cortex-M0+).