Merge remote-tracking branch 'origin/pr/602' into baremetal

2019-07-15 19:24:11 +01:00 · 2019-07-15 19:24:11 +01:00 · feb1cee36e
commit feb1cee36e
parent 5f7436f757 7ae3026d5d
11 changed files with 223 additions and 108 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -8635,6 +8635,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */

 #if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
 /*
 * Set the allowed elliptic curves
 */
@ -8643,6 +8644,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
 {
    conf->curve_list = curve_list;
 }
+#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
 #endif /* MBEDTLS_ECP_C */

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -10869,7 +10871,7 @@ static int ssl_preset_suiteb_hashes[] = {
 };
 #endif

-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
 static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
    MBEDTLS_ECP_DP_SECP256R1,
@ -11020,7 +11022,9 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif

 #if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
            conf->curve_list = ssl_preset_suiteb_curves;
+#endif
 #endif
            break;

@ -11068,8 +11072,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
 #endif

 #if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_SSL_CONF_SINGLE_EC)
            conf->curve_list = mbedtls_ecp_grp_id_list();
 #endif
+#endif

 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
            conf->dhm_min_bitlen = 1024;
@ -11285,14 +11291,10 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
 */
 int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
 {
-    const mbedtls_ecp_group_id *gid;
-
-    if( ssl->conf->curve_list == NULL )
-        return( -1 );
-
-    for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
-        if( *gid == grp_id )
-            return( 0 );
+    MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
+    if( own_ec_id == grp_id )
+        return( 0 );
+    MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID

    return( -1 );
 }