Introduce helper macro for traversal of supported EC TLS IDs
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d226e65..e7e0d46 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -251,6 +251,18 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static size_t ssl_get_ec_curve_list_length( mbedtls_ssl_context *ssl )
+{
+ size_t ec_list_len = 0;
+
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
+ ((void) tls_id);
+ ec_list_len++;
+ MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
+
+ return( ec_list_len );
+}
+
static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen )
@@ -259,28 +271,15 @@
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
- const mbedtls_ecp_curve_info *info;
-#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *grp_id;
-#else
- ((void) ssl);
-#endif
*olen = 0;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
- for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
- {
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
- if( info == NULL )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
- return;
- }
-
- elliptic_curve_len += 2;
- }
+ /* Each elliptic curve is encoded in 2 bytes. */
+ elliptic_curve_len = 2 * ssl_get_ec_curve_list_length( ssl );
+ if( elliptic_curve_len == 0 )
+ return;
if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
{
@@ -290,15 +289,10 @@
elliptic_curve_len = 0;
- for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
- {
- info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
- elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
- elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
- }
-
- if( elliptic_curve_len == 0 )
- return;
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id )
+ elliptic_curve_list[elliptic_curve_len++] = tls_id >> 8;
+ elliptic_curve_list[elliptic_curve_len++] = tls_id & 0xFF;
+ MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index d1970c3..39ce374 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -309,24 +309,15 @@
while( list_size > 0 )
{
- uint16_t const tls_id = ( p[0] << 8 ) | p[1];
- mbedtls_ecp_curve_info const * const info =
- mbedtls_ecp_curve_info_from_tls_id( tls_id );
+ uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1];
- if( info != NULL )
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id )
+ if( own_tls_id == peer_tls_id &&
+ ssl->handshake->curve_tls_id == 0 )
{
- mbedtls_ecp_group_id const *gid;
- /* Remember the first curve that we also support. */
- for( gid = ssl->conf->curve_list;
- *gid != MBEDTLS_ECP_DP_NONE; gid++ )
- {
- if( info->grp_id != *gid )
- continue;
-
- if( ssl->handshake->curve_tls_id == 0 )
- ssl->handshake->curve_tls_id = tls_id;
- }
+ ssl->handshake->curve_tls_id = own_tls_id;
}
+ MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID
list_size -= 2;
p += 2;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2a2d321..633fb4b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -11241,14 +11241,13 @@
*/
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
{
- const mbedtls_ecp_group_id *gid;
-
if( ssl->conf->curve_list == NULL )
return( -1 );
- for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
- if( *gid == grp_id )
- return( 0 );
+ MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_GRP_ID( own_ec_id )
+ if( own_ec_id == grp_id )
+ return( 0 );
+ MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_GRP_ID
return( -1 );
}