mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-29 01:06:56 +00:00
Introduce helper macro for traversal of supported EC TLS IDs
This commit is contained in:
Hanno Becker
parent
80855881ec
commit
a4a9c696c1
|
|
@ -1484,4 +1484,33 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
|
|||
|
||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
|
||||
|
||||
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( TLS_ID_VAR ) \
|
||||
{ \
|
||||
mbedtls_ecp_group_id const *__gid; \
|
||||
mbedtls_ecp_curve_info const *__info; \
|
||||
for( __gid = ssl->conf->curve_list; \
|
||||
*__gid != MBEDTLS_ECP_DP_NONE; __gid++ ) \
|
||||
{ \
|
||||
uint16_t TLS_ID_VAR; \
|
||||
__info = mbedtls_ecp_curve_info_from_grp_id( *__gid ); \
|
||||
if( __info == NULL ) \
|
||||
continue; \
|
||||
TLS_ID_VAR = __info->tls_id;
|
||||
|
||||
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID \
|
||||
} \
|
||||
}
|
||||
|
||||
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR ) \
|
||||
{ \
|
||||
mbedtls_ecp_group_id const *__gid; \
|
||||
for( __gid = ssl->conf->curve_list; \
|
||||
*__gid != MBEDTLS_ECP_DP_NONE; __gid++ ) \
|
||||
{ \
|
||||
mbedtls_ecp_group_id EC_ID_VAR = *__gid; \
|
||||
|
||||
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID \
|
||||
} \
|
||||
}
|
||||
|
||||
#endif /* ssl_internal.h */
|
||||
|
|
|
|||
|
|
@ -251,6 +251,18 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static size_t ssl_get_ec_curve_list_length( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
size_t ec_list_len = 0;
|
||||
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
|
||||
((void) tls_id);
|
||||
ec_list_len++;
|
||||
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
|
||||
|
||||
return( ec_list_len );
|
||||
}
|
||||
|
||||
static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
|
|
@ -259,28 +271,15 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
|||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||
unsigned char *elliptic_curve_list = p + 6;
|
||||
size_t elliptic_curve_len = 0;
|
||||
const mbedtls_ecp_curve_info *info;
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
const mbedtls_ecp_group_id *grp_id;
|
||||
#else
|
||||
((void) ssl);
|
||||
#endif
|
||||
|
||||
*olen = 0;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
|
||||
|
||||
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
||||
{
|
||||
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
||||
if( info == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
|
||||
return;
|
||||
}
|
||||
|
||||
elliptic_curve_len += 2;
|
||||
}
|
||||
/* Each elliptic curve is encoded in 2 bytes. */
|
||||
elliptic_curve_len = 2 * ssl_get_ec_curve_list_length( ssl );
|
||||
if( elliptic_curve_len == 0 )
|
||||
return;
|
||||
|
||||
if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
|
||||
{
|
||||
|
|
@ -290,15 +289,10 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
|||
|
||||
elliptic_curve_len = 0;
|
||||
|
||||
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
|
||||
{
|
||||
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
|
||||
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
|
||||
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
|
||||
}
|
||||
|
||||
if( elliptic_curve_len == 0 )
|
||||
return;
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
|
||||
elliptic_curve_list[elliptic_curve_len++] = tls_id >> 8;
|
||||
elliptic_curve_list[elliptic_curve_len++] = tls_id & 0xFF;
|
||||
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
|
||||
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
|
||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
|
||||
|
|
|
|||
|
|
@ -309,24 +309,15 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
|
|||
|
||||
while( list_size > 0 )
|
||||
{
|
||||
uint16_t const tls_id = ( p[0] << 8 ) | p[1];
|
||||
mbedtls_ecp_curve_info const * const info =
|
||||
mbedtls_ecp_curve_info_from_tls_id( tls_id );
|
||||
uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1];
|
||||
|
||||
if( info != NULL )
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id )
|
||||
if( own_tls_id == peer_tls_id &&
|
||||
ssl->handshake->curve_tls_id == 0 )
|
||||
{
|
||||
mbedtls_ecp_group_id const *gid;
|
||||
/* Remember the first curve that we also support. */
|
||||
for( gid = ssl->conf->curve_list;
|
||||
*gid != MBEDTLS_ECP_DP_NONE; gid++ )
|
||||
{
|
||||
if( info->grp_id != *gid )
|
||||
continue;
|
||||
|
||||
if( ssl->handshake->curve_tls_id == 0 )
|
||||
ssl->handshake->curve_tls_id = tls_id;
|
||||
}
|
||||
ssl->handshake->curve_tls_id = own_tls_id;
|
||||
}
|
||||
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
|
||||
|
||||
list_size -= 2;
|
||||
p += 2;
|
||||
|
|
|
|||
|
|
@ -11241,14 +11241,13 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
|
|||
*/
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
|
||||
{
|
||||
const mbedtls_ecp_group_id *gid;
|
||||
|
||||
if( ssl->conf->curve_list == NULL )
|
||||
return( -1 );
|
||||
|
||||
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
|
||||
if( *gid == grp_id )
|
||||
return( 0 );
|
||||
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
|
||||
if( own_ec_id == grp_id )
|
||||
return( 0 );
|
||||
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue