yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-23 06:35:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/602' into baremetal

Browse source
This commit is contained in:
Simon Butcher 2019-07-15 19:24:11 +01:00
parent 5f7436f757 7ae3026d5d
commit feb1cee36e
11 changed files with 223 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configs/baremetal.h
View file

@ -57,6 +57,10 @@
#define MBEDTLS_ECP_MAX_BITS 256
#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
#define MBEDTLS_SSL_CONF_SINGLE_EC
#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
/* Key exchanges */
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

6
include/mbedtls/check_config.h
View file

@ -87,6 +87,12 @@
#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC) && \
( !defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID) || \
!defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID) )
#error "MBEDTLS_SSL_CONF_SINGLE_EC defined, but not all prerequesites"
#endif
#if defined(MBEDTLS_USE_TINYCRYPT) && defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
#error "MBEDTLS_USE_TINYCRYPT defined, but it cannot be defined with MBEDTLS_NO_64BIT_MULTIPLICATION"
#endif

27
include/mbedtls/config.h
View file

@ -3658,6 +3658,33 @@
*/
//#define MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE MBEDTLS_SUITE_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
/* Enable support of a single elliptic curve fixed
* at compile-time, at the benefit of code-size.
*
* On highly constrained systems with large control
* over the configuration of the connection endpoints,
* this option can be used to hardcode the choice of
* a single elliptic curve to be used for all elliptic
* curve operations during the handshake.
*
* If this is set, you must also define the following:
* - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
* This must resolve to the Mbed TLS group ID for the elliptic
* curve to use (e.g. MBEDTLS_ECP_DP_SECP256R1_ENABLED); see
* ::mbedtls_ecp_group_id in mbedtls/ecp.h for a complete list
* of curve identifiers.
* - MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
* This must resolve to the identifier for the elliptic curve
* to use according to the IANA NamedCurve registry:
* https://tools.ietf.org/html/rfc4492#section-5.1
*
* If defined, this option overwrites the effect of the
* runtime configuration API mbedtls_ssl_conf_curves().
*/
//#define MBEDTLS_SSL_CONF_SINGLE_EC
//#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
//#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
/* \} SECTION: Compile-time SSL configuration */
/* Target and application specific configurations

8
include/mbedtls/ssl.h
View file

@ -1082,7 +1082,9 @@ struct mbedtls_ssl_config
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#endif
#if defined(MBEDTLS_DHM_C)
@ -2809,6 +2811,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
/**
* \brief Set the allowed curves in order of preference.
* (Default: all defined curves.)
@ -2832,12 +2835,17 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
* \note This list should be ordered by decreasing preference
* (preferred curve first).
*
* \note On highly constrained systems, the support for a single
* fixed elliptic curve can be configured at compile time
* through the option MBEDTLS_SSL_CONF_SINGLE_EC.
*
* \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curves );
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)

53
include/mbedtls/ssl_internal.h
View file

@ -383,7 +383,7 @@ struct mbedtls_ssl_handshake_params
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecp_curve_info const *curve_info; /*!< Info for EC for ECDHE. */
uint16_t curve_tls_id; /*!< TLS ID of EC for ECDHE. */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char *psk; /*!< PSK from the callback */
@ -1625,4 +1625,55 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( TLS_ID_VAR ) \
{ \
mbedtls_ecp_group_id const *_gid; \
mbedtls_ecp_curve_info const *_info; \
for( _gid = ssl->conf->curve_list; \
*_gid != MBEDTLS_ECP_DP_NONE; _gid++ ) \
{ \
uint16_t TLS_ID_VAR; \
_info = mbedtls_ecp_curve_info_from_grp_id( *_gid ) ; \
if( _info == NULL ) \
continue; \
TLS_ID_VAR = _info->tls_id;
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID \
} \
}
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR ) \
{ \
mbedtls_ecp_group_id const *_gid; \
for( _gid = ssl->conf->curve_list; \
*_gid != MBEDTLS_ECP_DP_NONE; _gid++ ) \
{ \
mbedtls_ecp_group_id EC_ID_VAR = *_gid; \
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID \
} \
}
#else /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( TLS_ID_VAR ) \
{ \
uint16_t TLS_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID; \
((void) ssl);
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID \
}
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( EC_ID_VAR ) \
{ \
mbedtls_ecp_group_id EC_ID_VAR = MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID; \
((void) ssl);
#define MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID \
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* ssl_internal.h */

63
library/ssl_cli.c
View file

@ -254,42 +254,34 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static size_t ssl_get_ec_curve_list_length( mbedtls_ssl_context *ssl )
{
size_t ec_list_len = 0;
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
((void) tls_id);
ec_list_len++;
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
return( ec_list_len );
}
static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen )
{
unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *grp_id;
#else
((void) ssl);
#endif
*olen = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
#if defined(MBEDTLS_ECP_C)
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
#else
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
#endif
{
#if defined(MBEDTLS_ECP_C)
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
#endif
if( info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
return;
}
elliptic_curve_len += 2;
}
/* Each elliptic curve is encoded in 2 bytes. */
elliptic_curve_len = 2 * ssl_get_ec_curve_list_length( ssl );
if( elliptic_curve_len == 0 )
return;
if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
{
@ -297,24 +289,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
return;
}
elliptic_curve_len = 0;
#if defined(MBEDTLS_ECP_C)
for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
#else
for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
#endif
{
#if defined(MBEDTLS_ECP_C)
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}
if( elliptic_curve_len == 0 )
return;
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
@ -324,6 +298,11 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
*p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
*p++ = tls_id >> 8;
*p++ = tls_id & 0xFF;
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
*olen = 6 + elliptic_curve_len;
}

98
library/ssl_srv.c
View file

@ -280,9 +280,9 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len,
mbedtls_ecp_group_id curve_ids[ MBEDTLS_ECP_DP_MAX ] )
unsigned char const **list_start, size_t *list_len )
{
size_t list_size, our_size;
size_t list_size;
const unsigned char *p;
if ( len < 2 ) {
@ -302,37 +302,26 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
}
p = buf + 2;
our_size = MBEDTLS_ECP_DP_MAX;
/* Leave room for final 0-entry */
while( list_size > 0 && our_size > 1 )
/* Remember list for later. */
*list_start = p;
*list_len = list_size / 2;
while( list_size > 0 )
{
uint16_t const tls_id = ( p[0] << 8 ) | p[1];
mbedtls_ecp_curve_info const * const info =
mbedtls_ecp_curve_info_from_tls_id( tls_id );
uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1];
if( info != NULL )
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id )
if( own_tls_id == peer_tls_id &&
ssl->handshake->curve_tls_id == 0 )
{
mbedtls_ecp_group_id const *gid;
/* Remember the first curve that we also support. */
for( gid = ssl->conf->curve_list;
*gid != MBEDTLS_ECP_DP_NONE; gid++ )
{
if( info->grp_id != *gid )
continue;
if( ssl->handshake->curve_info == NULL )
ssl->handshake->curve_info = info;
}
*curve_ids++ = info->grp_id;
our_size--;
ssl->handshake->curve_tls_id = own_tls_id;
}
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
list_size -= 2;
p += 2;
}
*curve_ids = MBEDTLS_ECP_DP_NONE;
return( 0 );
}
@ -736,18 +725,28 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
*/
#if defined(MBEDTLS_ECDSA_C)
static int ssl_check_key_curve( mbedtls_pk_context *pk,
mbedtls_ecp_group_id const *acceptable_ec_grp_ids )
unsigned char const *acceptable_ec_tls_ids,
size_t ec_tls_ids_len )
{
mbedtls_ecp_curve_info const *info;
mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
if( acceptable_ec_grp_ids == NULL )
info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
if( info == NULL )
return( -1 );
while( *acceptable_ec_grp_ids != MBEDTLS_ECP_DP_NONE )
if( acceptable_ec_tls_ids == NULL )
return( -1 );
while( ec_tls_ids_len-- != 0 )
{
if( *acceptable_ec_grp_ids == grp_id )
uint16_t const cur_tls_id =
( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1];
if( cur_tls_id == info->tls_id )
return( 0 );
acceptable_ec_grp_ids++;
acceptable_ec_tls_ids += 2;
}
return( -1 );
@ -760,7 +759,8 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk,
*/
static int ssl_pick_cert( mbedtls_ssl_context *ssl,
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info,
mbedtls_ecp_group_id const *acceptable_ec_grp_ids )
unsigned char const *acceptable_ec_tls_ids,
size_t ec_tls_ids_len )
{
mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
mbedtls_pk_type_t pk_alg =
@ -825,13 +825,16 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDSA_C)
if( pk_alg == MBEDTLS_PK_ECDSA &&
ssl_check_key_curve( pk, acceptable_ec_grp_ids ) != 0 )
ssl_check_key_curve( pk,
acceptable_ec_tls_ids,
ec_tls_ids_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
match = 0;
}
#else
((void) acceptable_ec_grp_ids);
((void) acceptable_ec_tls_ids);
((void) ec_tls_ids_len);
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@ -920,7 +923,8 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
*/
static int ssl_ciphersuite_is_match( mbedtls_ssl_context *ssl,
mbedtls_ssl_ciphersuite_handle_t suite_info,
mbedtls_ecp_group_id const *acceptable_ec_grp_ids )
unsigned char const *acceptable_ec_tls_ids,
size_t ec_tls_ids_len )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@ -970,7 +974,7 @@ static int ssl_ciphersuite_is_match( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
ssl->handshake->curve_info == NULL )
ssl->handshake->curve_tls_id == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
"no common elliptic curve" ) );
@ -1018,14 +1022,17 @@ static int ssl_ciphersuite_is_match( mbedtls_ssl_context *ssl,
* - try the next ciphersuite if we don't
* This must be done last since we modify the key_cert list.
*/
if( ssl_pick_cert( ssl, suite_info, acceptable_ec_grp_ids ) != 0 )
if( ssl_pick_cert( ssl, suite_info,
acceptable_ec_tls_ids,
ec_tls_ids_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
"no suitable certificate" ) );
return( 0 );
}
#else
((void) acceptable_ec_grp_ids);
((void) acceptable_ec_tls_ids);
((void) ec_tls_ids_len);
#endif
return( 1 );
@ -1266,7 +1273,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
got_common_suite = 1;
if( ssl_ciphersuite_is_match( ssl, cur_info, NULL ) )
if( ssl_ciphersuite_is_match( ssl, cur_info, NULL, 0 ) )
{
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
ciphersuite_info = cur_info;
@ -1356,12 +1363,8 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
#endif
int major, minor;
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
mbedtls_ecp_group_id acceptable_ec_grp_ids[ MBEDTLS_ECP_DP_MAX ];
#else
mbedtls_ecp_group_id * acceptable_ec_grp_ids = NULL;
#endif
unsigned char const *acceptable_ec_tls_ids = NULL;
size_t ec_tls_ids_len = 0;
/* If there is no signature-algorithm extension present,
* we need to fall back to the default values for allowed
@ -1921,7 +1924,8 @@ read_record_header:
ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4,
ext_size,
acceptable_ec_grp_ids );
&acceptable_ec_tls_ids,
&ec_tls_ids_len );
if( ret != 0 )
return( ret );
break;
@ -2203,7 +2207,8 @@ read_record_header:
got_common_suite = 1;
if( ssl_ciphersuite_is_match( ssl, cur_info,
acceptable_ec_grp_ids) )
acceptable_ec_tls_ids,
ec_tls_ids_len ) != 0 )
{
#if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE)
ciphersuite_info = cur_info;
@ -3357,7 +3362,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
* ECPoint public;
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info *curve = ssl->handshake->curve_info;
const mbedtls_ecp_curve_info *curve =
mbedtls_ecp_curve_info_from_tls_id( ssl->handshake->curve_tls_id );
int ret;
size_t len = 0;

20
library/ssl_tls.c
View file

@ -8635,6 +8635,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
/*
* Set the allowed elliptic curves
*/
@ -8643,6 +8644,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
{
conf->curve_list = curve_list;
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -10869,7 +10871,7 @@ static int ssl_preset_suiteb_hashes[] = {
};
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_ECP_DP_SECP256R1,
@ -11020,7 +11022,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
conf->curve_list = ssl_preset_suiteb_curves;
#endif
#endif
break;
@ -11068,8 +11072,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
conf->curve_list = mbedtls_ecp_grp_id_list();
#endif
#endif
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
conf->dhm_min_bitlen = 1024;
@ -11285,14 +11291,10 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
const mbedtls_ecp_group_id *gid;
if( ssl->conf->curve_list == NULL )
return( -1 );
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
if( *gid == grp_id )
return( 0 );
MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
if( own_ec_id == grp_id )
return( 0 );
MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID
return( -1 );
}

24
programs/ssl/query_config.c
View file

@ -2810,6 +2810,30 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC );
return( 0 );
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID );
return( 0 );
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID */
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID );
return( 0 );
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
/* If the symbol is not found, return an error */
return( 1 );
}

14
programs/ssl/ssl_client2.c
View file

@ -215,7 +215,7 @@ int main( void )
#define USAGE_ALPN ""
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@ -777,7 +777,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
@ -1115,8 +1115,10 @@ int main( int argc, char *argv[] )
default: goto usage;
}
}
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
else if( strcmp( p, "etm" ) == 0 )
{
switch( atoi( q ) )
@ -1422,7 +1424,7 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL )
{
p = (char *) opt.curves;
@ -1476,7 +1478,7 @@ int main( int argc, char *argv[] )
curve_list[i] = MBEDTLS_ECP_DP_NONE;
}
}
#endif /* MBEDTLS_ECP_C */
#endif /* MBEDTLS_ECP_C && !MBEDTLS_SSL_CONF_SINGLE_EC */
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
@ -1847,12 +1849,14 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
mbedtls_ssl_conf_curves( &conf, curve_list );
}
#endif
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,

14
programs/ssl/ssl_server2.c
View file

@ -381,7 +381,7 @@ int main( void )
#define USAGE_ECJPAKE ""
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@ -1425,7 +1425,7 @@ int main( int argc, char *argv[] )
#if defined(SNI_OPTION)
sni_entry *sni_info = NULL;
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info * curve_cur;
#endif
@ -1707,8 +1707,10 @@ int main( int argc, char *argv[] )
}
opt.force_ciphersuite[1] = 0;
}
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
else if( strcmp( p, "version_suites" ) == 0 )
opt.version_suites = q;
else if( strcmp( p, "renegotiation" ) == 0 )
@ -2176,7 +2178,7 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL )
{
p = (char *) opt.curves;
@ -2230,7 +2232,7 @@ int main( int argc, char *argv[] )
curve_list[i] = MBEDTLS_ECP_DP_NONE;
}
}
#endif /* MBEDTLS_ECP_C */
#endif /* MBEDTLS_ECP_C && !MBEDTLS_SSL_CONF_SINGLE_EC */
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
@ -2848,12 +2850,14 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
mbedtls_ssl_conf_curves( &conf, curve_list );
}
#endif
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )