mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 16:35:38 +00:00
Introduce helper functions to traverse signature hashes
This commit is contained in:
parent
0af717b520
commit
f1bc9e1c69
|
@ -1676,4 +1676,29 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
|
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
|
||||||
|
|
||||||
|
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( MD_VAR ) \
|
||||||
|
{ \
|
||||||
|
int const *__md; \
|
||||||
|
for( __md = ssl->conf->sig_hashes; \
|
||||||
|
*__md != MBEDTLS_MD_NONE; __md++ ) \
|
||||||
|
{ \
|
||||||
|
mbedtls_md_type_t MD_VAR = (mbedtls_md_type_t) *__md; \
|
||||||
|
|
||||||
|
#define MBEDTLS_SSL_END_FOR_EACH_SIG_HASH \
|
||||||
|
} \
|
||||||
|
}
|
||||||
|
|
||||||
|
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( HASH_VAR ) \
|
||||||
|
{ \
|
||||||
|
int const *__md; \
|
||||||
|
for( __md = ssl->conf->sig_hashes; \
|
||||||
|
*__md != MBEDTLS_MD_NONE; __md++ ) \
|
||||||
|
{ \
|
||||||
|
unsigned char HASH_VAR; \
|
||||||
|
HASH_VAR = mbedtls_ssl_hash_from_md_alg( *__md );
|
||||||
|
|
||||||
|
#define MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS \
|
||||||
|
} \
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* ssl_internal.h */
|
#endif /* ssl_internal.h */
|
||||||
|
|
|
@ -173,7 +173,6 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
|
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
|
||||||
size_t sig_alg_len = 0;
|
size_t sig_alg_len = 0;
|
||||||
const int *md;
|
|
||||||
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
|
||||||
unsigned char *sig_alg_list = buf + 6;
|
unsigned char *sig_alg_list = buf + 6;
|
||||||
#endif
|
#endif
|
||||||
|
@ -188,15 +187,15 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
|
||||||
|
|
||||||
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
|
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
|
||||||
{
|
((void) hash);
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
sig_alg_len += 2;
|
sig_alg_len += 2;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
sig_alg_len += 2;
|
sig_alg_len += 2;
|
||||||
#endif
|
#endif
|
||||||
}
|
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
|
||||||
|
|
||||||
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
|
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
|
||||||
{
|
{
|
||||||
|
@ -209,17 +208,16 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||||
*/
|
*/
|
||||||
sig_alg_len = 0;
|
sig_alg_len = 0;
|
||||||
|
|
||||||
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
|
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
|
||||||
{
|
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
|
sig_alg_list[sig_alg_len++] = hash;
|
||||||
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
|
sig_alg_list[sig_alg_len++] = hash;
|
||||||
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
|
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
|
||||||
#endif
|
#endif
|
||||||
}
|
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* enum {
|
* enum {
|
||||||
|
|
|
@ -3074,26 +3074,19 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
*/
|
*/
|
||||||
if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 )
|
if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||||
{
|
{
|
||||||
const int *cur;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Supported signature algorithms
|
* Supported signature algorithms
|
||||||
*/
|
*/
|
||||||
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
|
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
|
||||||
{
|
if( 0
|
||||||
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
|
|
||||||
if( !( 0
|
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_SHA512_C)
|
||||||
|| hash == MBEDTLS_SSL_HASH_SHA384
|
|| hash == MBEDTLS_SSL_HASH_SHA384
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_SHA256_C)
|
||||||
|| hash == MBEDTLS_SSL_HASH_SHA256
|
|| hash == MBEDTLS_SSL_HASH_SHA256
|
||||||
#endif
|
#endif
|
||||||
) )
|
)
|
||||||
{
|
{
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
p[2 + sa_len++] = hash;
|
p[2 + sa_len++] = hash;
|
||||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
|
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
|
||||||
|
@ -3103,6 +3096,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
|
||||||
|
|
||||||
p[0] = (unsigned char)( sa_len >> 8 );
|
p[0] = (unsigned char)( sa_len >> 8 );
|
||||||
p[1] = (unsigned char)( sa_len );
|
p[1] = (unsigned char)( sa_len );
|
||||||
|
|
|
@ -11308,14 +11308,13 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
|
||||||
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||||
mbedtls_md_type_t md )
|
mbedtls_md_type_t md )
|
||||||
{
|
{
|
||||||
const int *cur;
|
|
||||||
|
|
||||||
if( ssl->conf->sig_hashes == NULL )
|
if( ssl->conf->sig_hashes == NULL )
|
||||||
return( -1 );
|
return( -1 );
|
||||||
|
|
||||||
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
|
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( md_alg )
|
||||||
if( *cur == (int) md )
|
if( md_alg == md )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH
|
||||||
|
|
||||||
return( -1 );
|
return( -1 );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue