mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 01:44:21 +01:00
7177a88a36
This commit introduces a static helper function
`mbedtls_ssl_ciphersuite_uses_srv_cert()`
which determines whether a ciphersuite may make use of server-side CRTs.
This function is in turn uses in `mbedtls_ssl_parse_certificate()` to
skip certificate parsing for ciphersuites which don't involve CRTs.
Note: Ciphersuites not using server-side CRTs don't allow client-side CRTs
either, so it is safe to guard `mbedtls_ssl_{parse/write}_certificate()`
this way.
Note: Previously, the code uses a positive check over the suites
- MBEDTLS_KEY_EXCHANGE_PSK
- MBEDTLS_KEY_EXCHANGE_DHE_PSK
- MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
- MBEDTLS_KEY_EXCHANGE_ECJPAKE,
while now, it uses a negative check over `mbedtls_ssl_ciphersuite_uses_srv_cert()`,
which checks for the suites
- MBEDTLS_KEY_EXCHANGE_RSA
- MBEDTLS_KEY_EXCHANGE_RSA_PSK
- MBEDTLS_KEY_EXCHANGE_DHE_RSA
- MBEDTLS_KEY_EXCHANGE_ECDH_RSA
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
- MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
This is equivalent since, together, those are all ciphersuites.
Quoting ssl_ciphersuites.h:
```
typedef enum {
MBEDTLS_KEY_EXCHANGE_NONE = 0,
MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_KEY_EXCHANGE_ECJPAKE,
} mbedtls_key_exchange_type_t;
```
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| aes.c | ||
| aesni.c | ||
| arc4.c | ||
| aria.c | ||
| asn1parse.c | ||
| asn1write.c | ||
| base64.c | ||
| bignum.c | ||
| blowfish.c | ||
| camellia.c | ||
| ccm.c | ||
| certs.c | ||
| chacha20.c | ||
| chachapoly.c | ||
| cipher_wrap.c | ||
| cipher.c | ||
| cmac.c | ||
| CMakeLists.txt | ||
| ctr_drbg.c | ||
| debug.c | ||
| des.c | ||
| dhm.c | ||
| ecdh.c | ||
| ecdsa.c | ||
| ecjpake.c | ||
| ecp_curves.c | ||
| ecp.c | ||
| entropy_poll.c | ||
| entropy.c | ||
| error.c | ||
| gcm.c | ||
| havege.c | ||
| hkdf.c | ||
| hmac_drbg.c | ||
| Makefile | ||
| md2.c | ||
| md4.c | ||
| md5.c | ||
| md_wrap.c | ||
| md.c | ||
| memory_buffer_alloc.c | ||
| net_sockets.c | ||
| nist_kw.c | ||
| oid.c | ||
| padlock.c | ||
| pem.c | ||
| pk_wrap.c | ||
| pk.c | ||
| pkcs5.c | ||
| pkcs11.c | ||
| pkcs12.c | ||
| pkparse.c | ||
| pkwrite.c | ||
| platform_util.c | ||
| platform.c | ||
| poly1305.c | ||
| ripemd160.c | ||
| rsa_internal.c | ||
| rsa.c | ||
| sha1.c | ||
| sha256.c | ||
| sha512.c | ||
| ssl_cache.c | ||
| ssl_ciphersuites.c | ||
| ssl_cli.c | ||
| ssl_cookie.c | ||
| ssl_srv.c | ||
| ssl_ticket.c | ||
| ssl_tls.c | ||
| threading.c | ||
| timing.c | ||
| version_features.c | ||
| version.c | ||
| x509_create.c | ||
| x509_crl.c | ||
| x509_crt.c | ||
| x509_csr.c | ||
| x509.c | ||
| x509write_crt.c | ||
| x509write_csr.c | ||
| xtea.c | ||