mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-11 18:40:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tls: use pk_get_group_id() instead of directly accessing PK's structure

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-05-24 13:16:40 +02:00
parent 1194ffa82f
commit d0405093d9
2 changed files with 9 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
library/ssl_tls.c
View File

@ -7388,17 +7388,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
/* and in the unlikely case the above assumption no longer holds /* and in the unlikely case the above assumption no longer holds
* we are making sure that pk_ec() here does not return a NULL * we are making sure that pk_ec() here does not return a NULL
*/ */
mbedtls_ecp_group_id grp_id; mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) if (grp_id == MBEDTLS_ECP_DP_NONE) {
grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
if (ec == NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR; return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
} }
grp_id = ec->grp.id;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
ssl->session_negotiate->verify_result |= ssl->session_negotiate->verify_result |=
MBEDTLS_X509_BADCERT_BAD_KEY; MBEDTLS_X509_BADCERT_BAD_KEY;

16
library/ssl_tls12_server.c
View File

@ -2601,9 +2601,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
size_t key_len; size_t key_len;
mbedtls_pk_context *pk; mbedtls_pk_context *pk;
mbedtls_ecp_group_id grp_id; mbedtls_ecp_group_id grp_id;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair *key;
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
pk = mbedtls_ssl_own_key(ssl); pk = mbedtls_ssl_own_key(ssl);
@ -2611,6 +2608,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk);
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
switch (mbedtls_pk_get_type(pk)) { switch (mbedtls_pk_get_type(pk)) {
case MBEDTLS_PK_OPAQUE: case MBEDTLS_PK_OPAQUE:
if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
@ -2639,15 +2640,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA: case MBEDTLS_PK_ECDSA:
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) grp_id = mbedtls_pk_get_group_id(pk);
grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); if (grp_id == MBEDTLS_ECP_DP_NONE) {
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
key = mbedtls_pk_ec_rw(*pk);
if (key == NULL) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }
grp_id = key->grp.id;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
if (tls_id == 0) { if (tls_id == 0) {
/* This elliptic curve is not supported */ /* This elliptic curve is not supported */