yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-09 19:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add MBEDTLS_ECDH_C guards to ECDH code-paths using legacy ECDH

Browse source 
Previously, MBEDTLS_KEY_EXCHANGE_ECDH[E]_XXX_ENABLED would imply
that MBEDTLS_ECDH_C is set, but with the introduction of tinyCrypt
as an alternative ECDH implementation, this is no longer the case.
This commit is contained in:
Hanno Becker 2019-07-24 11:11:45 +01:00
parent 975b9ee3c8
commit 29d165565c
3 changed files with 49 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
library/ssl_cli.c
View file

@ -2216,11 +2216,12 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char *
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
{ {
const mbedtls_ecp_curve_info *curve_info; const mbedtls_ecp_curve_info *curve_info;
@ -2253,15 +2254,17 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || #endif /* MBEDTLS_ECDH_C &&
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED))
static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
unsigned char **p, unsigned char **p,
unsigned char *end ) unsigned char *end )
@ -2291,9 +2294,10 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
return( ret ); return( ret );
} }
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || #endif /* MBEDTLS_ECDH_C &&
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
@ -2831,9 +2835,10 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
} }
else else
#endif /* MBEDTLS_USE_TINYCRYPT */ #endif /* MBEDTLS_USE_TINYCRYPT */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) )
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
@ -2850,9 +2855,10 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
} }
} }
else else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || #endif /* MBEDTLS_ECDH_C &&
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECJPAKE ) == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
@ -3586,10 +3592,12 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
p += 2 * NUM_ECC_BYTES; p += 2 * NUM_ECC_BYTES;
} }
else else
#elif defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #endif /* MBEDTLS_USE_TINYCRYPT */
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
@ -3627,10 +3635,11 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
p += n; p += n;
} }
else else
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || #endif /* MBEDTLS_ECDH_C && (
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ) */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) ) if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
{ {

9
library/ssl_srv.c
View file

@ -4209,10 +4209,11 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
} }
else else
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )

9
library/ssl_tls.c
View file

@ -1740,10 +1740,11 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
} }
else else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ #if defined(MBEDTLS_ECDH_C) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) )
if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
== MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
mbedtls_ssl_suite_get_key_exchange( ciphersuite_info ) mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )