yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-04-18 21:05:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Allow hardcoding single supported elliptic curve

Browse source 
This commit introduces the option MBEDTLS_SSL_CONF_SINGLE_EC
which can be used to register a single supported elliptic curve
at compile time. It replaces the runtime configuration API
mbedtls_ssl_conf_curves() which allows to register a _list_
of supported elliptic curves.

In contrast to other options used to hardcode configuration options,
MBEDTLS_SSL_CONF_SINGLE_EC isn't a numeric option, but instead it's
only relevant if it's defined or not. To actually set the single
elliptic curve that should be supported, numeric options

MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID

must both be defined and provide the TLS ID and the Mbed TLS internal
ID and the chosen curve, respectively.
This commit is contained in:
Hanno Becker 2019-06-19 12:30:41 +01:00
parent ee24f8cecb
commit c1096e7514
9 changed files with 116 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

24
programs/ssl/query_config.c
View file

@ -2778,6 +2778,30 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC );
return( 0 );
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID );
return( 0 );
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID */
#if defined(MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID );
return( 0 );
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
/* If the symbol is not found, return an error */
return( 1 );
}

14
programs/ssl/ssl_client2.c
View file

@ -215,7 +215,7 @@ int main( void )
#define USAGE_ALPN ""
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@ -764,7 +764,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_ALPN)
const char *alpn_list[ALPN_LIST_SIZE];
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info *curve_cur;
#endif
@ -1102,8 +1102,10 @@ int main( int argc, char *argv[] )
default: goto usage;
}
}
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
else if( strcmp( p, "etm" ) == 0 )
{
switch( atoi( q ) )
@ -1404,7 +1406,7 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL )
{
p = (char *) opt.curves;
@ -1458,7 +1460,7 @@ int main( int argc, char *argv[] )
curve_list[i] = MBEDTLS_ECP_DP_NONE;
}
}
#endif /* MBEDTLS_ECP_C */
#endif /* MBEDTLS_ECP_C && !MBEDTLS_SSL_CONF_SINGLE_EC */
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
@ -1829,12 +1831,14 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
mbedtls_ssl_conf_curves( &conf, curve_list );
}
#endif
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,

14
programs/ssl/ssl_server2.c
View file

@ -381,7 +381,7 @@ int main( void )
#define USAGE_ECJPAKE ""
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
#define USAGE_CURVES \
" curves=a,b,c,d default: \"default\" (library default)\n" \
" example: \"secp521r1,brainpoolP512r1\"\n" \
@ -1412,7 +1412,7 @@ int main( int argc, char *argv[] )
#if defined(SNI_OPTION)
sni_entry *sni_info = NULL;
#endif
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
mbedtls_ecp_group_id curve_list[CURVE_LIST_SIZE];
const mbedtls_ecp_curve_info * curve_cur;
#endif
@ -1694,8 +1694,10 @@ int main( int argc, char *argv[] )
}
opt.force_ciphersuite[1] = 0;
}
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
else if( strcmp( p, "version_suites" ) == 0 )
opt.version_suites = q;
else if( strcmp( p, "renegotiation" ) == 0 )
@ -2152,7 +2154,7 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_ECP_C)
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL )
{
p = (char *) opt.curves;
@ -2206,7 +2208,7 @@ int main( int argc, char *argv[] )
curve_list[i] = MBEDTLS_ECP_DP_NONE;
}
}
#endif /* MBEDTLS_ECP_C */
#endif /* MBEDTLS_ECP_C && !MBEDTLS_SSL_CONF_SINGLE_EC */
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
@ -2824,12 +2826,14 @@ int main( int argc, char *argv[] )
#endif
#if defined(MBEDTLS_ECP_C)
#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
if( opt.curves != NULL &&
strcmp( opt.curves, "default" ) != 0 )
{
mbedtls_ssl_conf_curves( &conf, curve_list );
}
#endif
#endif /* !MBEDTLS_SSL_CONF_SINGLE_EC */
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )