diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index df221fe8b..1ba1fe035 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -32,6 +32,7 @@ #include "ssl.h" #include "cipher.h" +#include "oid.h" #if defined(MBEDTLS_MD5_C) #include "md5.h" @@ -1013,8 +1014,14 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); unsigned char mbedtls_ssl_hash_from_md_alg( int md ); +#if defined(MBEDTLS_USE_TINYCRYPT) +int mbedtls_ssl_check_curve_uecc( const mbedtls_ssl_context *ssl, + mbedtls_uecc_group_id grp_id ); +#endif + #if defined(MBEDTLS_ECP_C) -int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); +int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, + mbedtls_ecp_group_id grp_id ); #endif #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) @@ -1743,6 +1750,17 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( #define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID \ } +#if defined(MBEDTLS_USE_TINYCRYPT) +#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_UECC_GRP_ID( EC_ID_VAR ) \ + { \ + mbedtls_uecc_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID; \ + ((void) ssl); + +#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_UECC_GRP_ID \ + } +#endif /* MBEDTLS_USE_TINYCRYPT */ + +#if defined(MBEDTLS_ECP_C) #define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR ) \ { \ mbedtls_ecp_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID; \ @@ -1750,6 +1768,7 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( #define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID \ } +#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_SSL_CONF_SINGLE_EC */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 400d61fa0..2e8a07645 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7181,7 +7181,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, { int ret; #if defined(MBEDTLS_USE_TINYCRYPT) - ret = mbedtls_ssl_check_curve( ssl, MBEDTLS_UECC_DP_SECP256R1 ); + ret = mbedtls_ssl_check_curve_uecc( ssl, MBEDTLS_UECC_DP_SECP256R1 ); #else /* MBEDTLS_USE_TINYCRYPT */ mbedtls_pk_context *pk; ret = mbedtls_x509_crt_pk_acquire( chain, &pk ); @@ -12227,12 +12227,30 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md ) } } +#if defined(MBEDTLS_USE_TINYCRYPT) +/* + * Check if a curve proposed by the peer is in our list. + * Return 0 if we're willing to use it, -1 otherwise. + */ +int mbedtls_ssl_check_curve_uecc( const mbedtls_ssl_context *ssl, + mbedtls_uecc_group_id grp_id ) +{ + MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_UECC_GRP_ID( own_ec_id ) + if( own_ec_id == grp_id ) + return( 0 ); + MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_UECC_GRP_ID + + return( -1 ); +} +#endif /* MBEDTLS_USE_TINYCRYPT */ + #if defined(MBEDTLS_ECP_C) /* * Check if a curve proposed by the peer is in our list. * Return 0 if we're willing to use it, -1 otherwise. */ -int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) +int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, + mbedtls_ecp_group_id grp_id ) { MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id ) if( own_ec_id == grp_id )