1 files changed, 46 insertions, 1 deletions

diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index f5fb8ac76f..d2c0b3585b 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -353,13 +353,58 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name)
 	return ret;
 }
 
+/* This is only called by cfg_apply in priority.c, in blocklisting mode. */
 int _gnutls_ecc_curve_mark_disabled(gnutls_ecc_curve_t curve)
 {
 	gnutls_ecc_curve_entry_st *p;
 
 	for(p = ecc_curves; p->name != NULL; p++) {
 		if (p->id == curve) {
-			p->supported = 0;
+			p->supported = false;
+			return 0;
+		}
+	}
+
+	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+}
+
+/* This is only called by cfg_apply in priority.c, in allowlisting mode. */
+void _gnutls_ecc_curve_mark_disabled_all(void)
+{
+	gnutls_ecc_curve_entry_st *p;
+
+	for(p = ecc_curves; p->name != NULL; p++) {
+		p->supported = false;
+		p->supported_revertible = true;
+	}
+}
+
+/**
+ * gnutls_ecc_curve_set_enabled:
+ * @curve: is an ECC curve
+ * @enabled: whether to enable the curve
+ *
+ * Modify the previous system wide setting that marked @curve as
+ * enabled or disabled.  This only has effect when the curve is
+ * enabled through the allowlisting mode in the configuration file, or
+ * when the setting is modified with a prior call to this function.
+ *
+ * Returns: 0 on success or negative error code otherwise.
+ *
+ * Since: 3.7.3
+ */
+int
+gnutls_ecc_curve_set_enabled(gnutls_ecc_curve_t curve,
+			     unsigned int enabled)
+{
+	gnutls_ecc_curve_entry_st *p;
+
+	for(p = ecc_curves; p->name != NULL; p++) {
+		if (p->id == curve) {
+			if (!p->supported_revertible) {
+				return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+			}
+			p->supported = enabled;
 			return 0;
 		}
 	}