Introduce helper functions to traverse signature hashes

This commit is contained in:
Hanno Becker 2019-06-19 16:23:21 +01:00
parent 0af717b520
commit f1bc9e1c69
4 changed files with 47 additions and 31 deletions

View File

@ -1676,4 +1676,29 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC */
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( MD_VAR ) \
{ \
int const *__md; \
for( __md = ssl->conf->sig_hashes; \
*__md != MBEDTLS_MD_NONE; __md++ ) \
{ \
mbedtls_md_type_t MD_VAR = (mbedtls_md_type_t) *__md; \
#define MBEDTLS_SSL_END_FOR_EACH_SIG_HASH \
} \
}
#define MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( HASH_VAR ) \
{ \
int const *__md; \
for( __md = ssl->conf->sig_hashes; \
*__md != MBEDTLS_MD_NONE; __md++ ) \
{ \
unsigned char HASH_VAR; \
HASH_VAR = mbedtls_ssl_hash_from_md_alg( *__md );
#define MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS \
} \
}
#endif /* ssl_internal.h */

View File

@ -173,7 +173,6 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
unsigned char *p = buf;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t sig_alg_len = 0;
const int *md;
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
@ -188,15 +187,15 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
((void) hash);
#if defined(MBEDTLS_ECDSA_C)
sig_alg_len += 2;
#endif
#if defined(MBEDTLS_RSA_C)
sig_alg_len += 2;
#endif
}
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
{
@ -209,17 +208,16 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
*/
sig_alg_len = 0;
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
#if defined(MBEDTLS_ECDSA_C)
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
sig_alg_list[sig_alg_len++] = hash;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
#if defined(MBEDTLS_RSA_C)
sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
sig_alg_list[sig_alg_len++] = hash;
sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
#endif
}
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
/*
* enum {

View File

@ -3074,26 +3074,19 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
*/
if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 )
{
const int *cur;
/*
* Supported signature algorithms
*/
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
{
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
if( !( 0
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH_TLS( hash )
if( 0
#if defined(MBEDTLS_SHA512_C)
|| hash == MBEDTLS_SSL_HASH_SHA384
#endif
#if defined(MBEDTLS_SHA256_C)
|| hash == MBEDTLS_SSL_HASH_SHA256
#endif
) )
)
{
continue;
}
#if defined(MBEDTLS_RSA_C)
p[2 + sa_len++] = hash;
p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
@ -3103,6 +3096,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
#endif
}
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS
p[0] = (unsigned char)( sa_len >> 8 );
p[1] = (unsigned char)( sa_len );

View File

@ -11308,14 +11308,13 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md )
{
const int *cur;
if( ssl->conf->sig_hashes == NULL )
return( -1 );
for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
if( *cur == (int) md )
MBEDTLS_SSL_BEGIN_FOR_EACH_SIG_HASH( md_alg )
if( md_alg == md )
return( 0 );
MBEDTLS_SSL_END_FOR_EACH_SIG_HASH
return( -1 );
}