Introduce helper functions to traverse signature hashes

This commit is contained in:
Hanno Becker 2019-06-19 16:23:21 +01:00
parent 0af717b520
commit f1bc9e1c69
4 changed files with 47 additions and 31 deletions

View file

@ -1676,4 +1676,29 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */ #endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( MD_VAR ) \
{ \
int const *__md; \
for( __md = ssl->conf->sig_hashes; \
*__md != MBEDTLS_MD_NONE; __md++ ) \
{ \
mbedtls_md_type_t MD_VAR = (mbedtls_md_type_t) *__md; \
#define MBEDTLS_SSL_END_FOR_EACH_SIG_HASH \
} \
}
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( HASH_VAR ) \
{ \
int const *__md; \
for( __md = ssl->conf->sig_hashes; \
*__md != MBEDTLS_MD_NONE; __md++ ) \
{ \
unsigned char HASH_VAR; \
HASH_VAR = mbedtls_ssl_hash_from_md_alg( *__md );
#define MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS \
} \
}
#endif /* ssl_internal.h */ #endif /* ssl_internal.h */

View file

@ -173,7 +173,6 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t sig_alg_len = 0; size_t sig_alg_len = 0;
const int *md;
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
unsigned char *sig_alg_list = buf + 6; unsigned char *sig_alg_list = buf + 6;
#endif #endif
@ -188,15 +187,15 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
{ ((void) hash);
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
sig_alg_len += 2; sig_alg_len += 2;
#endif #endif
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
sig_alg_len += 2; sig_alg_len += 2;
#endif #endif
} MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
{ {
@ -209,17 +208,16 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
*/ */
sig_alg_len = 0; sig_alg_len = 0;
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
{
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); sig_alg_list[sig_alg_len++] = hash;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA; sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif #endif
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); sig_alg_list[sig_alg_len++] = hash;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA; sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif #endif
} MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
/* /*
* enum { * enum {

View file

@ -3074,26 +3074,19 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
*/ */
if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 ) if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 )
{ {
const int *cur;
/* /*
* Supported signature algorithms * Supported signature algorithms
*/ */
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
{ if( 0
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
if( !( 0
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
|| hash == MBEDTLS_SSL_HASH_SHA384 || hash == MBEDTLS_SSL_HASH_SHA384
#endif #endif
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
|| hash == MBEDTLS_SSL_HASH_SHA256 || hash == MBEDTLS_SSL_HASH_SHA256
#endif #endif
) ) )
{ {
continue;
}
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
p[2 + sa_len++] = hash; p[2 + sa_len++] = hash;
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA; p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
@ -3103,6 +3096,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA; p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif #endif
} }
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
p[0] = (unsigned char)( sa_len >> 8 ); p[0] = (unsigned char)( sa_len >> 8 );
p[1] = (unsigned char)( sa_len ); p[1] = (unsigned char)( sa_len );

View file

@ -11308,14 +11308,13 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md ) mbedtls_md_type_t md )
{ {
const int *cur;
if( ssl->conf->sig_hashes == NULL ) if( ssl->conf->sig_hashes == NULL )
return( -1 ); return( -1 );
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( md_alg )
if( *cur == (int) md ) if( md_alg == md )
return( 0 ); return( 0 );
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH
return( -1 ); return( -1 );
} }