Introduce helper macro for traversal of supported EC TLS IDs

This commit is contained in:
Hanno Becker 2019-06-18 16:55:47 +01:00
parent 80855881ec
commit a4a9c696c1
4 changed files with 59 additions and 46 deletions

View file

@ -1484,4 +1484,33 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( TLS_ID_VAR ) \
{ \
mbedtls_ecp_group_id const *__gid; \
mbedtls_ecp_curve_info const *__info; \
for( __gid = ssl->conf->curve_list; \
*__gid != MBEDTLS_ECP_DP_NONE; __gid++ ) \
{ \
uint16_t TLS_ID_VAR; \
__info = mbedtls_ecp_curve_info_from_grp_id( *__gid ); \
if( __info == NULL ) \
continue; \
TLS_ID_VAR = __info->tls_id;
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID \
} \
}
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR ) \
{ \
mbedtls_ecp_group_id const *__gid; \
for( __gid = ssl->conf->curve_list; \
*__gid != MBEDTLS_ECP_DP_NONE; __gid++ ) \
{ \
mbedtls_ecp_group_id EC_ID_VAR = *__gid; \
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID \
} \
}
#endif /* ssl_internal.h */

View file

@ -251,6 +251,18 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static size_t ssl_get_ec_curve_list_length( mbedtls_ssl_context *ssl )
{
size_t ec_list_len = 0;
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
((void) tls_id);
ec_list_len++;
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
return( ec_list_len );
}
static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@ -259,28 +271,15 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *grp_id;
#else
((void) ssl);
#endif
*olen = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
if( info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
return;
}
elliptic_curve_len += 2;
}
/* Each elliptic curve is encoded in 2 bytes. */
elliptic_curve_len = 2 * ssl_get_ec_curve_list_length( ssl );
if( elliptic_curve_len == 0 )
return;
if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
{
@ -290,15 +289,10 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
elliptic_curve_len = 0;
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}
if( elliptic_curve_len == 0 )
return;
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
elliptic_curve_list[elliptic_curve_len++] = tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = tls_id & 0xFF;
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );

View file

@ -309,24 +309,15 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
while( list_size > 0 )
{
uint16_t const tls_id = ( p[0] << 8 ) | p[1];
mbedtls_ecp_curve_info const * const info =
mbedtls_ecp_curve_info_from_tls_id( tls_id );
uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1];
if( info != NULL )
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id )
if( own_tls_id == peer_tls_id &&
ssl->handshake->curve_tls_id == 0 )
{
mbedtls_ecp_group_id const *gid;
/* Remember the first curve that we also support. */
for( gid = ssl->conf->curve_list;
*gid != MBEDTLS_ECP_DP_NONE; gid++ )
{
if( info->grp_id != *gid )
continue;
if( ssl->handshake->curve_tls_id == 0 )
ssl->handshake->curve_tls_id = tls_id;
}
ssl->handshake->curve_tls_id = own_tls_id;
}
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
list_size -= 2;
p += 2;

View file

@ -11241,14 +11241,13 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
const mbedtls_ecp_group_id *gid;
if( ssl->conf->curve_list == NULL )
return( -1 );
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
if( *gid == grp_id )
return( 0 );
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
if( own_ec_id == grp_id )
return( 0 );
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID
return( -1 );
}