Merge remote-tracking branch 'origin/pr/602' into baremetal

2019-07-15 19:24:11 +01:00 · 2019-07-15 19:24:11 +01:00 · feb1cee36e
commit feb1cee36e
parent 5f7436f757 7ae3026d5d
11 changed files with 223 additions and 108 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -254,42 +254,34 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,

 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static size_t ssl_get_ec_curve_list_length( mbedtls_ssl_context *ssl )
+{
+    size_t ec_list_len = 0;
+
+    MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
+    ((void) tls_id);
+    ec_list_len++;
+    MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
+
+    return( ec_list_len );
+}
+
 static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
                                                     unsigned char *buf,
                                                     size_t *olen )
 {
    unsigned char *p = buf;
    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    unsigned char *elliptic_curve_list = p + 6;
    size_t elliptic_curve_len = 0;
-    const mbedtls_ecp_curve_info *info;
-#if defined(MBEDTLS_ECP_C)
-    const mbedtls_ecp_group_id *grp_id;
-#else
-    ((void) ssl);
-#endif

    *olen = 0;

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );

-#if defined(MBEDTLS_ECP_C)
-    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
-    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
-    {
-#if defined(MBEDTLS_ECP_C)
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
-        if( info == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
-            return;
-        }
-
-        elliptic_curve_len += 2;
-    }
+    /* Each elliptic curve is encoded in 2 bytes. */
+    elliptic_curve_len = 2 * ssl_get_ec_curve_list_length( ssl );
+    if( elliptic_curve_len == 0 )
+        return;

    if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
    {
@ -297,24 +289,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
        return;
    }

-    elliptic_curve_len = 0;
-
-#if defined(MBEDTLS_ECP_C)
-    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
-    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
-    {
-#if defined(MBEDTLS_ECP_C)
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
-        elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
-        elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
-    }
-
-    if( elliptic_curve_len == 0 )
-        return;
-
    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES      ) & 0xFF );

@ -324,6 +298,11 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
    *p++ = (unsigned char)( ( ( elliptic_curve_len     ) >> 8 ) & 0xFF );
    *p++ = (unsigned char)( ( ( elliptic_curve_len     )      ) & 0xFF );

+    MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
+    *p++ = tls_id >> 8;
+    *p++ = tls_id & 0xFF;
+    MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
+
    *olen = 6 + elliptic_curve_len;
 }