yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor elliptic curve extension for NamedGroups

Browse source 
The refactoring is needed for the group api to work
properly. Code is modified to use mbedtls_get_supported_groups
instead of direct access so that both deprecated and new api
are useable.

Signed-off-by: Brett Warren <brett.warren@arm.com>
This commit is contained in:
Brett Warren 2021-08-17 13:50:51 +01:00
parent 7f813d5d88
commit 01f3dae3f3
2 changed files with 17 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
library/ssl_cli.c
View file

@ -309,27 +309,32 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
const mbedtls_ecp_group_id *grp_id;
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
*olen = 0;
/* Check there is room for header */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
MBEDTLS_SSL_DEBUG_MSG( 3,
( "client hello, adding supported_elliptic_curves extension" ) );
if( ssl->conf->curve_list == NULL )
if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ )
for( ; *group_list != 0; group_list++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
info = mbedtls_ecp_curve_info_from_tls_id( *group_list );
if( info == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "invalid curve in ssl configuration" ) );
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
/* Check there is room for another curve */
MBEDTLS_SSL_CHK_BUF_PTR( elliptic_curve_list, end, elliptic_curve_len + 2 );
MBEDTLS_PUT_UINT16_BE( *group_list, elliptic_curve_list, elliptic_curve_len );
elliptic_curve_len += 2;
if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
@ -344,19 +349,6 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
if( elliptic_curve_len == 0 )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
elliptic_curve_len = 0;
for( grp_id = ssl->conf->curve_list;
*grp_id != MBEDTLS_ECP_DP_NONE;
grp_id++ )
{
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
}
MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
p += 2;

8
library/ssl_srv.c
View file

@ -3036,14 +3036,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
const mbedtls_ecp_group_id *gid;
const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
/* Match our preference list against the offered curves */
for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
if( group_list == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *group_list != 0; group_list++ )
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
if( (*curve)->grp_id == *gid )
if( (*curve)->tls_id == *group_list )
goto curve_matching_done;
curve_matching_done: