TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e5a916fd3cb658dd20b9613320393bca2f966e49^! / .
commite5a916fd3cb658dd20b9613320393bca2f966e49[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Fri Aug 09 12:00:34 2024 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Sep 02 12:46:03 2024 +0200
tree58fc0c0a575ee8979d93b3c3cc5efff4a5504f15
parent7a4aa4d13309add0650277dbdd89440d3a5ba67b [diff]
Simplify certificate curve check for 1.2

The comments were about the time we were using mbedtls_pk_ec(), which
can return NULL, which we don't want to propagate to other functions.

Now we're using mbedtls_pk_get_ec_group_id() with is a safer interface
(and works even when EC is provided by drivers).

The check for GROUP_NONE was an heritage from the previous NULL check.
However it's actually useless: if NONE were returned (which can't happen
or parsing of the certificate would have failed and we wouldn't be
here), then mbedtls_ssl_check_curve() would work and just say that the
curve wasn't valid, which is OK.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c1573c1..a7631bb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -8050,35 +8050,19 @@
      * Secondary checks: always done, but change 'ret' only if it was 0
      */
 
+    /* Check curve for ECC certs */
 #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-    {
-        const mbedtls_pk_context *pk = &chain->pk;
-
-        /* If certificate uses an EC key, make sure the curve is OK.
-         * This is a public key, so it can't be opaque, so can_do() is a good
-         * enough check to ensure pk_ec() is safe to use here. */
-        if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
-            /* and in the unlikely case the above assumption no longer holds
-             * we are making sure that pk_ec() here does not return a NULL
-             */
-            mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk);
-            if (grp_id == MBEDTLS_ECP_DP_NONE) {
-                MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
-                return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-            }
-            if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
-                ssl->session_negotiate->verify_result |=
-                    MBEDTLS_X509_BADCERT_BAD_KEY;
-
-                MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
-                if (ret == 0) {
-                    ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
-                }
-            }
+    if (mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY) &&
+        mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
+        ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
+        if (ret == 0) {
+            ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
         }
     }
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
 
+    /* Check X.509 usage extensions (keyUsage, extKeyUsage) */
     if (mbedtls_ssl_check_cert_usage(chain,
                                      ciphersuite_info,
                                      ssl->conf->endpoint,