lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

fix build fail without TLS13

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
2022-01-12 16:36:14 +08:00
parent f017ee4203
commit 6106fdc085
5 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/ssl.h
View File

@ -3301,7 +3301,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes ); const int *hashes );
#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/** /**
* \brief Configure allowed signature algorithms for use in TLS 1.3 * \brief Configure allowed signature algorithms for use in TLS 1.3
* *
@ -3313,7 +3312,6 @@ void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
*/ */
void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sig_algs( mbedtls_ssl_config *conf,
const uint16_t* sig_algs ); const uint16_t* sig_algs );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)

21
library/ssl_misc.h
View File

@ -1815,24 +1815,17 @@ int mbedtls_ssl_write_supported_groups_ext( mbedtls_ssl_context *ssl,
/* /*
* Return supported sig_algs. * Return supported sig_algs.
*/ */
static inline const void *mbedtls_ssl_conf_get_sig_algs( static inline const void *mbedtls_ssl_get_sig_algs( const mbedtls_ssl_context *ssl )
const mbedtls_ssl_config *conf )
{ {
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->handshake != NULL && ssl->handshake->sig_algs != NULL )
if( mbedtls_ssl_conf_is_tls12_enabled( conf )) return( ssl->handshake->sig_algs );
return( conf->sig_hashes ); #endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ return( ssl->conf->sig_algs );
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( mbedtls_ssl_conf_is_tls13_enabled( conf ))
return( conf->sig_algs );
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
((void) conf); ((void) ssl);
return NULL; return NULL;
} }

7
library/ssl_srv.c
View File

@ -2796,8 +2796,11 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
/* /*
* Supported signature algorithms * Supported signature algorithms
*/ */
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{ {
/* High byte is hash */ /* High byte is hash */
unsigned char hash = ( *sig_alg >> 8 ) & 0xff; unsigned char hash = ( *sig_alg >> 8 ) & 0xff;

26
library/ssl_tls.c
View File

@ -3187,14 +3187,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md ); unsigned char hash = mbedtls_ssl_hash_from_md_alg( *md );
if( hash == MBEDTLS_SSL_HASH_NONE ) if( hash == MBEDTLS_SSL_HASH_NONE )
continue; continue;
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA); *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA);
p++; p++;
#endif #endif
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
*p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA); *p = (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA);
p++; p++;
#endif #endif
} }
*p = MBEDTLS_TLS1_3_SIG_NONE; *p = MBEDTLS_TLS1_3_SIG_NONE;
ssl->handshake->sig_algs_heap_allocated = 1; ssl->handshake->sig_algs_heap_allocated = 1;
@ -4055,7 +4055,6 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
const int *hashes ) const int *hashes )
{ {
conf->sig_hashes = hashes; conf->sig_hashes = hashes;
conf->sig_algs = NULL;
} }
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
@ -6478,8 +6477,9 @@ static int ssl_preset_suiteb_hashes[] = {
}; };
#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static uint16_t ssl_preset_default_sig_algs[] = { static uint16_t ssl_preset_default_sig_algs[] = {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* ECDSA algorithms */ /* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@ -6498,11 +6498,14 @@ static uint16_t ssl_preset_default_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif #endif
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_TLS1_3_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
}; };
static uint16_t ssl_preset_suiteb_sig_algs[] = { static uint16_t ssl_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* ECDSA algorithms */ /* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
@ -6518,10 +6521,10 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif #endif
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
MBEDTLS_TLS1_3_SIG_NONE MBEDTLS_TLS1_3_SIG_NONE
}; };
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#endif #endif
static uint16_t ssl_preset_suiteb_groups[] = { static uint16_t ssl_preset_suiteb_groups[] = {
@ -6936,7 +6939,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
mbedtls_md_type_t md ) mbedtls_md_type_t md )
{ {
const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
if( sig_alg == NULL ) if( sig_alg == NULL )
return( -1 ); return( -1 );
@ -7450,8 +7453,11 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
* Write supported_signature_algorithms * Write supported_signature_algorithms
*/ */
supported_sig_alg = p; supported_sig_alg = p;
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) if( sig_alg == NULL )
return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{ {
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 ); MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );

7
library/ssl_tls13_generic.c
View File

@ -212,8 +212,11 @@ static void ssl_tls13_create_verify_structure( const unsigned char *transcript_h
static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl, static int ssl_tls13_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
uint16_t proposed_sig_alg ) uint16_t proposed_sig_alg )
{ {
for( const uint16_t *sig_alg = mbedtls_ssl_conf_get_sig_algs( ssl->conf ); const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
*sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) if( sig_alg == NULL )
return( 0 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{ {
if( *sig_alg == proposed_sig_alg ) if( *sig_alg == proposed_sig_alg )
return( 1 ); return( 1 );