Merge remote-tracking branch 'origin/development' into development-restricted

* origin/development: Update the crypto submodule Use multipart PSA key derivation API platform: Include stdarg.h where needed Update Mbed Crypto to contain mbed-crypto#152 CMake: Add a subdirectory build regression test README: Enable builds as a CMake subproject ChangeLog: Enable builds as a CMake subproject Remove use of CMAKE_SOURCE_DIR Update library version to 2.18.0
2025-07-29 11:41:15 +03:00 · 2019-08-29 14:14:05 +01:00
parent f1cdceae0d 3ec504738e
commit 64f264332f
9 changed files with 158 additions and 91 deletions
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -172,14 +172,14 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 if(USE_SHARED_MBEDTLS_LIBRARY)

    add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.17.0 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.18.0 SOVERSION 1)
    target_link_libraries(mbedx509 ${libs} mbedcrypto)
    target_include_directories(mbedx509
        PUBLIC ${MBEDTLS_DIR}/include/
        PUBLIC ${MBEDTLS_DIR}/crypto/include/)

    add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.17.0 SOVERSION 12)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.18.0 SOVERSION 13)
    target_link_libraries(mbedtls ${libs} mbedx509)
    target_include_directories(mbedtls
        PUBLIC ${MBEDTLS_DIR}/include/
--- a/library/Makefile
+++ b/library/Makefile
@ -35,8 +35,8 @@ LOCAL_CFLAGS += -fPIC -fpic
 endif
 endif

-SOEXT_TLS=so.12
-SOEXT_X509=so.0
+SOEXT_TLS=so.13
+SOEXT_X509=so.1
 SOEXT_CRYPTO=so.3

 # Set AR_DASH= (empty string) to use an ar implementation that does not accept
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -689,6 +689,52 @@ exit:

 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation,
+                                              psa_key_handle_t slot,
+                                              psa_algorithm_t alg,
+                                              const unsigned char* seed, size_t seed_length,
+                                              const unsigned char* label, size_t label_length,
+                                              size_t capacity )
+{
+    psa_status_t status;
+
+    status = psa_key_derivation_setup( derivation, alg );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
+    {
+        status = psa_key_derivation_input_bytes( derivation,
+                                                 PSA_KEY_DERIVATION_INPUT_SEED,
+                                                 seed, seed_length );
+        if( status != PSA_SUCCESS )
+            return( status );
+
+        status = psa_key_derivation_input_key( derivation,
+                                               PSA_KEY_DERIVATION_INPUT_SECRET,
+                                               slot );
+        if( status != PSA_SUCCESS )
+            return( status );
+
+        status = psa_key_derivation_input_bytes( derivation,
+                                                 PSA_KEY_DERIVATION_INPUT_LABEL,
+                                                 label, label_length );
+        if( status != PSA_SUCCESS )
+            return( status );
+    }
+    else
+    {
+        return( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    status = psa_key_derivation_set_capacity( derivation, capacity );
+    if( status != PSA_SUCCESS )
+        return( status );
+
+    return( PSA_SUCCESS );
+}
+
 static int tls_prf_generic( mbedtls_md_type_t md_type,
                            const unsigned char *secret, size_t slen,
                            const char *label,
@ -716,12 +762,12 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
    if( status != PSA_SUCCESS )
        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );

-    status = psa_key_derivation( &derivation,
-                                 master_slot, alg,
-                                 random, rlen,
-                                 (unsigned char const *) label,
-                                 (size_t) strlen( label ),
-                                 dlen );
+    status = setup_psa_key_derivation( &derivation,
+                                       master_slot, alg,
+                                       random, rlen,
+                                       (unsigned char const *) label,
+                                       (size_t) strlen( label ),
+                                       dlen );
    if( status != PSA_SUCCESS )
    {
        psa_key_derivation_abort( &derivation );
@ -1695,11 +1741,11 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
        else
            alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);

-        status = psa_key_derivation( &derivation, psk, alg,
-                                     salt, salt_len,
-                                     (unsigned char const *) lbl,
-                                     (size_t) strlen( lbl ),
-                                     master_secret_len );
+        status = setup_psa_key_derivation( &derivation, psk, alg,
+                                           salt, salt_len,
+                                           (unsigned char const *) lbl,
+                                           (size_t) strlen( lbl ),
+                                           master_secret_len );
        if( status != PSA_SUCCESS )
        {
            psa_key_derivation_abort( &derivation );