mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-29 19:57:00 +00:00
Fixup: Don't reference legacy ECP curve identifier in config.h
TinyCrypt should be used as a replacement of legacy ECC. In particular, there shouldn't be any use of identifiers from the legacy ECC module. So far, there's the configuration option MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in this case must resolve to an identifier of type mbedtls_ecp_group_id indicating which single curve to enable. With the introduction of TinyCrypt, we must either change the type of this option to mbedtls_uecc_group_id, or introduce a separate compilation option. In order to avoid type confusion, this commit follows tha latter approach, introducing the configuration option MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID that indicatesthe TinyCrypt group identifier of the single curve to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE and MBEDTLS_USE_TINYCRYPT are set.
This commit is contained in:
parent
8d49ba3b78
commit
49ac40b81b
|
@ -2577,7 +2577,7 @@
|
|||
* Requires: MBEDTLS_SSL_CONF_RNG
|
||||
* MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
* MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23
|
||||
* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1
|
||||
* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1
|
||||
*
|
||||
* \see MBEDTLS_SSL_CONF_RNG
|
||||
*
|
||||
|
@ -3755,11 +3755,13 @@
|
|||
* curve operations during the handshake.
|
||||
*
|
||||
* If this is set, you must also define the following:
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID (if MBEDTLS_ECP_C is set)
|
||||
* This must resolve to the Mbed TLS group ID for the elliptic
|
||||
* curve to use (e.g. MBEDTLS_ECP_DP_SECP256R1); see
|
||||
* ::mbedtls_ecp_group_id in mbedtls/ecp.h for a complete list
|
||||
* of curve identifiers.
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID (if MBEDTLS_USE_TINYCRYPT is set)
|
||||
* This must resolve to MBEDTLS_UECC_DP_SECP256R1.
|
||||
* - MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
|
||||
* This must resolve to the identifier for the elliptic curve
|
||||
* to use according to the IANA NamedCurve registry:
|
||||
|
@ -3771,6 +3773,7 @@
|
|||
//#define MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
//#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
|
||||
//#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
|
||||
//#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
|
||||
|
||||
/* Enable support a single signature hash algorithm
|
||||
* at compile-time, at the benefit of code-size.
|
||||
|
|
|
@ -2866,6 +2866,14 @@ int query_config( const char *config )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID", config ) == 0 )
|
||||
{
|
||||
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONF_SINGLE_SIG_HASH)
|
||||
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_SIG_HASH", config ) == 0 )
|
||||
{
|
||||
|
|
|
@ -1423,7 +1423,7 @@ component_test_default_tinycrypt_without_legacy_ecdh () {
|
|||
scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
|
||||
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
|
||||
scripts/config.pl unset MBEDTLS_ECDH_C
|
||||
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
|
|
Loading…
Reference in a new issue