TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

tls: remove dependency from mbedtls_ecp_curve functions

Browse Source 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti
2022-12-30 17:44:24 +01:00
committed by Gilles Peskine
parent 71159f45ab
commit 5f10bedfb9
7 changed files with 238 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
include/mbedtls/psa_util.h
View File

@@ -257,23 +257,6 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
/* This function transforms an ECC group identifier from
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* into a PSA ECC group identifier. */
#if defined(MBEDTLS_ECP_C)
static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
uint16_t tls_ecc_grp_reg_id, size_t *bits)
{
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id);
if (curve_info == NULL) {
return 0;
}
return PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa(curve_info->grp_id, bits));
}
#endif /* MBEDTLS_ECP_C */
/* Expose whatever RNG the PSA subsystem uses to applications using the
* mbedtls_xxx API. The declarations and definitions here need to be
* consistent with the implementation in library/psa_crypto_random_impl.h.

8
library/ssl_client.c
View File

@@ -266,16 +266,16 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) ||
(mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) &&
mbedtls_ssl_tls12_named_group_is_ecdhe(*group_list))) {
const mbedtls_ecp_curve_info *curve_info;
curve_info = mbedtls_ecp_curve_info_from_tls_id(*group_list);
if (curve_info == NULL) {
if (mbedtls_ssl_get_ecp_group_id_from_tls_id(*group_list) ==
MBEDTLS_ECP_DP_NONE) {
continue;
}
MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
p += 2;
MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
curve_info->name, *group_list));
mbedtls_ssl_get_curve_name_from_tls_id(*group_list),
*group_list));
}
#endif /* MBEDTLS_ECP_C */
/* Add DHE groups here */

71
library/ssl_misc.h
View File

@@ -781,7 +781,7 @@ struct mbedtls_ssl_handshake_params {
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
@@ -1554,6 +1554,70 @@ MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
#endif
/**
* \brief Return PSA EC info for the specified TLS ID.
*
* \param tls_id The TLS ID to look for
* \param family If the TLD ID is supported, then proper \c psa_ecc_family_t
* value is returned here. Can be NULL.
* \param bits If the TLD ID is supported, then proper bit size is returned
* here. Can be NULL.
* \return PSA_SUCCESS if the TLS ID is supported,
* PSA_ERROR_NOT_SUPPORTED otherwise
*
* \note If either \c family or \c bits parameters are NULL, then
* the corresponding value is not returned.
* The function can be called with both parameters as NULL
* simply to check if a specific TLS ID is supported.
*/
int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
psa_ecc_family_t *family,
size_t *bits);
/**
* \brief Return \c mbedtls_ecp_group_id for the specified TLS ID.
*
* \param tls_id The TLS ID to look for
* \return Proper \c mbedtls_ecp_group_id if the TLS ID is supported,
* or MBEDTLS_ECP_DP_NONE otherwise
*/
mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id);
/**
* \brief Return TLS ID for the specified \c mbedtls_ecp_group_id.
*
* \param grp_id The \c mbedtls_ecp_group_id ID to look for
* \return Proper TLS ID if the \c mbedtls_ecp_group_id is supported,
* or 0 otherwise
*/
uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id);
/**
* \brief Return EC's name for the specified TLS ID.
*
* \param tls_id The TLS ID to look for
* \return A pointer to a const string with the proper name. If TLS
* ID is not suppoted, a NULL pointer is returned insted.
*/
const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id);
/* This function transforms an ECC group identifier from
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
* into a PSA ECC group identifier. */
#if defined(MBEDTLS_ECP_C)
static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
uint16_t tls_ecc_grp_reg_id, size_t *bits)
{
mbedtls_ecp_group_id grp_id =
mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_ecc_grp_reg_id);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
return 0;
}
return PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa(grp_id, bits));
}
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
(const uint16_t srtp_profile_value)
@@ -2153,9 +2217,8 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
{
#if defined(MBEDTLS_ECDH_C)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group)) {
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id(named_group);
if (curve_info != NULL) {
if (mbedtls_ssl_get_ecp_group_id_from_tls_id(named_group) !=
MBEDTLS_ECP_DP_NONE) {
return 1;
}
}

120
library/ssl_tls.c
View File

@@ -1040,13 +1040,13 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
}
for (size_t i = 0; i < length; i++) {
const mbedtls_ecp_curve_info *info =
mbedtls_ecp_curve_info_from_grp_id(curve_list[i]);
if (info == NULL) {
uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
curve_list[i]);
if (tls_id == 0) {
mbedtls_free(group_list);
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
group_list[i] = info->tls_id;
group_list[i] = tls_id;
}
group_list[length] = 0;
@@ -4019,7 +4019,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free((void *) handshake->curves);
mbedtls_free((void *) handshake->curves_tls_id);
#endif
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
@@ -5418,19 +5418,119 @@ int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_
*/
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id)
{
const mbedtls_ecp_curve_info *grp_info =
mbedtls_ecp_curve_info_from_grp_id(grp_id);
uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
if (grp_info == NULL) {
if (tls_id == 0) {
return -1;
}
uint16_t tls_id = grp_info->tls_id;
return mbedtls_ssl_check_curve_tls_id(ssl, tls_id);
}
#endif /* MBEDTLS_ECP_C */
static const struct {
uint16_t tls_id;
mbedtls_ecp_group_id ecp_group_id;
psa_ecc_family_t psa_family;
uint16_t bits;
const char *name;
} tls_id_match_table[] =
{
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, "secp521r1" },
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, "brainpoolP512r1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, "secp384r1" },
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, "brainpoolP384r1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
{ 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, "secp256r1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, "secp256k1" },
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, "brainpoolP256r1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, "secp224r1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, "secp224k1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, "secp192r1" },
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, "secp192k1" },
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 256, "x25519" },
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, "x448" },
#endif
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
};
int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
psa_ecc_family_t *family,
size_t *bits)
{
for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
if (tls_id_match_table[i].tls_id == tls_id) {
if (family != NULL) {
*family = tls_id_match_table[i].psa_family;
}
if (bits != NULL) {
*bits = tls_id_match_table[i].bits;
}
return PSA_SUCCESS;
}
}
return PSA_ERROR_NOT_SUPPORTED;
}
mbedtls_ecp_group_id mbedtls_ssl_get_ecp_group_id_from_tls_id(uint16_t tls_id)
{
for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
if (tls_id_match_table[i].tls_id == tls_id) {
return tls_id_match_table[i].ecp_group_id;
}
}
return MBEDTLS_ECP_DP_NONE;
}
uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id)
{
for (int i = 0; tls_id_match_table[i].ecp_group_id != MBEDTLS_ECP_DP_NONE;
i++) {
if (tls_id_match_table[i].ecp_group_id == grp_id) {
return tls_id_match_table[i].tls_id;
}
}
return 0;
}
const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
{
for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
if (tls_id_match_table[i].tls_id == tls_id) {
return tls_id_match_table[i].name;
}
}
return NULL;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite,

17
library/ssl_tls12_client.c
View File

@@ -1778,7 +1778,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl)
{
const mbedtls_ecp_curve_info *curve_info;
uint16_t tls_id;
mbedtls_ecp_group_id grp_id;
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
grp_id = ssl->handshake->ecdh_ctx.grp.id;
@@ -1786,13 +1786,14 @@ static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl)
grp_id = ssl->handshake->ecdh_ctx.grp_id;
#endif
curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id);
if (curve_info == NULL) {
tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
if (tls_id == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name));
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
mbedtls_ssl_get_curve_name_from_tls_id(tls_id)));
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
return -1;
@@ -2222,15 +2223,15 @@ start_processing:
* that TLS ID here
*/
uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE(p, 1);
const mbedtls_ecp_curve_info *curve_info;
uint16_t exp_tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
MBEDTLS_ECP_DP_SECP256R1);
if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(
MBEDTLS_ECP_DP_SECP256R1)) == NULL) {
if (exp_tls_id == 0) {
return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
if ((*p != MBEDTLS_ECP_TLS_NAMED_CURVE) ||
(read_tls_id != curve_info->tls_id)) {
(read_tls_id != exp_tls_id)) {
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}

67
library/ssl_tls12_server.c
View File

@@ -182,7 +182,8 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
{
size_t list_size, our_size;
const unsigned char *p;
const mbedtls_ecp_curve_info *curve_info, **curves;
//const mbedtls_ecp_curve_info *curve_info, **curves;
uint16_t *curves_tls_id;
if (len < 2) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
@@ -200,7 +201,7 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
}
/* Should never happen unless client duplicates the extension */
if (ssl->handshake->curves != NULL) {
if (ssl->handshake->curves_tls_id != NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message"));
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER);
@@ -214,20 +215,22 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
our_size = MBEDTLS_ECP_DP_MAX;
}
if ((curves = mbedtls_calloc(our_size, sizeof(*curves))) == NULL) {
if ((curves_tls_id = mbedtls_calloc(our_size,
sizeof(*curves_tls_id))) == NULL) {
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR);
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
ssl->handshake->curves = curves;
ssl->handshake->curves_tls_id = curves_tls_id;
p = buf + 2;
while (list_size > 0 && our_size > 1) {
curve_info = mbedtls_ecp_curve_info_from_tls_id((p[0] << 8) | p[1]);
uint16_t curr_tls_id = MBEDTLS_GET_UINT16_BE(p, 0);
if (curve_info != NULL) {
*curves++ = curve_info;
if (mbedtls_ssl_get_ecp_group_id_from_tls_id(curr_tls_id) !=
MBEDTLS_ECP_DP_NONE) {
*curves_tls_id++ = curr_tls_id;
our_size--;
}
@@ -657,16 +660,18 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDSA_C)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_key_curve(mbedtls_pk_context *pk,
const mbedtls_ecp_curve_info **curves)
uint16_t *curves_tls_id)
{
const mbedtls_ecp_curve_info **crv = curves;
uint16_t *curr_tls_id = curves_tls_id;
mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id;
mbedtls_ecp_group_id curr_grp_id;
while (*crv != NULL) {
if ((*crv)->grp_id == grp_id) {
while (*curr_tls_id != 0) {
curr_grp_id = mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id);
if (curr_grp_id == grp_id) {
return 0;
}
crv++;
curr_tls_id++;
}
return -1;
@@ -758,7 +763,8 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDSA_C)
if (pk_alg == MBEDTLS_PK_ECDSA &&
ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves) != 0) {
ssl_check_key_curve(&cur->cert->pk,
ssl->handshake->curves_tls_id) != 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve"));
continue;
}
@@ -821,8 +827,8 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
(ssl->handshake->curves == NULL ||
ssl->handshake->curves[0] == NULL)) {
(ssl->handshake->curves_tls_id == NULL ||
ssl->handshake->curves_tls_id[0] == 0)) {
MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: "
"no common elliptic curve"));
return 0;
@@ -2741,7 +2747,6 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
ssl->out_msglen;
size_t output_offset = 0;
size_t output_len = 0;
const mbedtls_ecp_curve_info *curve_info;
/*
* The first 3 bytes are:
@@ -2751,12 +2756,13 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
* However since we only support secp256r1 for now, we hardcode its
* TLS ID here
*/
if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(
MBEDTLS_ECP_DP_SECP256R1)) == NULL) {
uint16_t tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(
MBEDTLS_ECP_DP_SECP256R1);
if (tls_id == 0) {
return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
}
*out_p = MBEDTLS_ECP_TLS_NAMED_CURVE;
MBEDTLS_PUT_UINT16_BE(curve_info->tls_id, out_p, 1);
MBEDTLS_PUT_UINT16_BE(tls_id, out_p, 1);
output_offset += 3;
ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
@@ -2869,30 +2875,32 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl,
* ECPoint public;
* } ServerECDHParams;
*/
const mbedtls_ecp_curve_info **curve = NULL;
uint16_t *curr_tls_id = ssl->handshake->curves_tls_id;
const uint16_t *group_list = mbedtls_ssl_get_groups(ssl);
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
/* Match our preference list against the offered curves */
if (group_list == NULL) {
if ((group_list == NULL) || (curr_tls_id == NULL)) {
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
for (; *group_list != 0; group_list++) {
for (curve = ssl->handshake->curves; *curve != NULL; curve++) {
if ((*curve)->tls_id == *group_list) {
for (curr_tls_id = ssl->handshake->curves_tls_id;
*curr_tls_id != 0; curr_tls_id++) {
if (*curr_tls_id == *group_list) {
goto curve_matching_done;
}
}
}
curve_matching_done:
if (curve == NULL || *curve == NULL) {
if (*curr_tls_id == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE"));
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", (*curve)->name));
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s",
mbedtls_ssl_get_curve_name_from_tls_id(*curr_tls_id)));
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -2908,7 +2916,7 @@ curve_matching_done:
/* Convert EC group to PSA key type. */
handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group(
(*curve)->tls_id, &ecdh_bits);
*curr_tls_id, &ecdh_bits);
if (handshake->ecdh_psa_type == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid ecc group parse."));
@@ -2932,7 +2940,7 @@ curve_matching_done:
/*
* Next two bytes are the namedcurve value
*/
MBEDTLS_PUT_UINT16_BE((*curve)->tls_id, p, 0);
MBEDTLS_PUT_UINT16_BE(*curr_tls_id, p, 0);
p += 2;
/* Generate ECDH private key. */
@@ -2976,8 +2984,11 @@ curve_matching_done:
/* Determine full message length. */
len += header_size;
#else
mbedtls_ecp_group_id curr_grp_id =
mbedtls_ssl_get_ecp_group_id_from_tls_id(*curr_tls_id);
if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx,
(*curve)->grp_id)) != 0) {
curr_grp_id)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret);
return ret;
}

19
library/ssl_tls13_client.c
View File

@@ -223,9 +223,8 @@ static int ssl_tls13_get_default_group_id(mbedtls_ssl_context *ssl,
}
for (; *group_list != 0; group_list++) {
const mbedtls_ecp_curve_info *curve_info;
curve_info = mbedtls_ecp_curve_info_from_tls_id(*group_list);
if (curve_info != NULL &&
if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list,
NULL, NULL) == PSA_SUCCESS) &&
mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) {
*group_id = *group_list;
return 0;
@@ -373,7 +372,6 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
const unsigned char *end)
{
#if defined(MBEDTLS_ECDH_C)
const mbedtls_ecp_curve_info *curve_info = NULL;
const unsigned char *p = buf;
int selected_group;
int found = 0;
@@ -400,8 +398,9 @@ static int ssl_tls13_parse_hrr_key_share_ext(mbedtls_ssl_context *ssl,
* then the client MUST abort the handshake with an "illegal_parameter" alert.
*/
for (; *group_list != 0; group_list++) {
curve_info = mbedtls_ecp_curve_info_from_tls_id(*group_list);
if (curve_info == NULL || curve_info->tls_id != selected_group) {
if ((mbedtls_ssl_get_psa_curve_info_from_tls_id(*group_list,
NULL, NULL) == PSA_ERROR_NOT_SUPPORTED) ||
*group_list != selected_group) {
continue;
}
@@ -479,14 +478,14 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDH_C)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group)) {
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_tls_id(group);
if (curve_info == NULL) {
if (mbedtls_ssl_get_psa_curve_info_from_tls_id(group, NULL, NULL)
== PSA_ERROR_NOT_SUPPORTED) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid TLS curve group id"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name));
MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s",
mbedtls_ssl_get_curve_name_from_tls_id(group)));
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(ssl, p, end - p);
if (ret != 0) {