mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-28 00:21:48 +03:00
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard code specific to the TLS 1.3 ephemeral key exchange mode. Use it also for the dependencies of TLS 1.3 only tests relying on ephemeral key exchange mode, but for tests in tls13-kex-modes.sh where the change is done later using all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
@ -1873,7 +1873,7 @@ int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_process_certificate( mbedtls_ssl_context *ssl );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
/*
|
||||
* Handler of TLS 1.3 write Certificate message
|
||||
*/
|
||||
@ -1886,7 +1886,7 @@ int mbedtls_ssl_tls13_write_certificate( mbedtls_ssl_context *ssl );
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl );
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
* Generic handler of Certificate Verify
|
||||
@ -2063,10 +2063,7 @@ static inline const void *mbedtls_ssl_get_sig_algs(
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
}
|
||||
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ssl,
|
||||
uint16_t own_sig_alg )
|
||||
{
|
||||
@ -2081,61 +2078,7 @@ static inline int mbedtls_ssl_sig_alg_is_received( const mbedtls_ssl_context *ss
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
|
||||
uint16_t proposed_sig_alg )
|
||||
{
|
||||
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
|
||||
if( sig_alg == NULL )
|
||||
return( 0 );
|
||||
|
||||
for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
|
||||
{
|
||||
if( *sig_alg == proposed_sig_alg )
|
||||
return( 1 );
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
|
||||
uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
|
||||
{
|
||||
*pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff );
|
||||
*md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff );
|
||||
|
||||
if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE )
|
||||
return( 0 );
|
||||
|
||||
switch( sig_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
|
||||
*md_alg = MBEDTLS_MD_SHA256;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
|
||||
*md_alg = MBEDTLS_MD_SHA384;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
|
||||
*md_alg = MBEDTLS_MD_SHA512;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
default:
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
|
||||
const uint16_t sig_alg )
|
||||
{
|
||||
@ -2203,7 +2146,63 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported(
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
|
||||
mbedtls_pk_context *key );
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl,
|
||||
uint16_t proposed_sig_alg )
|
||||
{
|
||||
const uint16_t *sig_alg = mbedtls_ssl_get_sig_algs( ssl );
|
||||
if( sig_alg == NULL )
|
||||
return( 0 );
|
||||
|
||||
for( ; *sig_alg != MBEDTLS_TLS_SIG_NONE; sig_alg++ )
|
||||
{
|
||||
if( *sig_alg == proposed_sig_alg )
|
||||
return( 1 );
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
|
||||
uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
|
||||
{
|
||||
*pk_type = mbedtls_ssl_pk_alg_from_sig( sig_alg & 0xff );
|
||||
*md_alg = mbedtls_ssl_md_alg_from_hash( ( sig_alg >> 8 ) & 0xff );
|
||||
|
||||
if( *pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE )
|
||||
return( 0 );
|
||||
|
||||
switch( sig_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_PKCS1_V21)
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
|
||||
*md_alg = MBEDTLS_MD_SHA256;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
|
||||
*md_alg = MBEDTLS_MD_SHA384;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
|
||||
*md_alg = MBEDTLS_MD_SHA512;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
break;
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#endif /* MBEDTLS_PKCS1_V21 */
|
||||
default:
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
|
||||
@ -2281,25 +2280,16 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
|
||||
{
|
||||
return( mbedtls_ssl_tls13_sig_alg_is_supported( sig_alg ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
#endif
|
||||
((void) ssl);
|
||||
((void) sig_alg);
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
|
||||
mbedtls_pk_context *key );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
|
||||
@ -4822,7 +4822,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
conf->sig_algs = ssl_preset_suiteb_sig_algs;
|
||||
#endif
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
conf->curve_list = NULL;
|
||||
|
||||
@ -2065,7 +2065,7 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl )
|
||||
mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
|
||||
buf, buf_len );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||
else
|
||||
@ -2082,7 +2082,7 @@ cleanup:
|
||||
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
/*
|
||||
* STATE HANDLING: CertificateRequest
|
||||
*
|
||||
@ -2319,7 +2319,7 @@ static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
* Handler for MBEDTLS_SSL_SERVER_FINISHED
|
||||
@ -2365,7 +2365,7 @@ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
|
||||
( "Switch to handshake traffic keys for outbound traffic" ) );
|
||||
mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_handshake );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
if( ssl->handshake->client_auth )
|
||||
{
|
||||
int ret = mbedtls_ssl_tls13_write_certificate( ssl );
|
||||
@ -2395,7 +2395,7 @@ static int ssl_tls13_write_client_certificate( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
/*
|
||||
* Handler for MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY
|
||||
*/
|
||||
@ -2409,7 +2409,7 @@ static int ssl_tls13_write_client_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
* Handler for MBEDTLS_SSL_CLIENT_FINISHED
|
||||
@ -2722,7 +2722,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||
ret = ssl_tls13_process_encrypted_extensions( ssl );
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
|
||||
ret = ssl_tls13_process_certificate_request( ssl );
|
||||
break;
|
||||
@ -2734,7 +2734,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
|
||||
ret = ssl_tls13_process_certificate_verify( ssl );
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
case MBEDTLS_SSL_SERVER_FINISHED:
|
||||
ret = ssl_tls13_process_server_finished( ssl );
|
||||
@ -2744,11 +2744,11 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
|
||||
ret = ssl_tls13_write_client_certificate( ssl );
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
case MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:
|
||||
ret = ssl_tls13_write_client_certificate_verify( ssl );
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
case MBEDTLS_SSL_CLIENT_FINISHED:
|
||||
ret = ssl_tls13_write_client_finished( ssl );
|
||||
|
||||
@ -83,7 +83,7 @@ cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
/*
|
||||
* STATE HANDLING: Read CertificateVerify
|
||||
*/
|
||||
@ -285,12 +285,12 @@ error:
|
||||
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
|
||||
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
int mbedtls_ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char verify_buffer[SSL_VERIFY_STRUCT_MAX_SIZE];
|
||||
size_t verify_buffer_len;
|
||||
@ -348,7 +348,7 @@ cleanup:
|
||||
((void) ssl);
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
}
|
||||
|
||||
/*
|
||||
@ -757,7 +757,7 @@ cleanup:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
|
||||
return( ret );
|
||||
}
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
/*
|
||||
* enum {
|
||||
* X509(0),
|
||||
@ -1078,7 +1078,7 @@ cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
*
|
||||
|
||||
@ -1104,7 +1104,7 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg )
|
||||
@ -1229,7 +1229,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C &&
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
*
|
||||
@ -1634,7 +1634,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
|
||||
@ -1649,7 +1649,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||
@ -2390,7 +2390,7 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(
|
||||
ssl, buf_len, msg_len ) );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
if( mbedtls_ssl_tls13_key_exchange_mode_with_psk( ssl ) )
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||
else
|
||||
@ -2405,7 +2405,7 @@ cleanup:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
#define SSL_CERTIFICATE_REQUEST_SEND_REQUEST 0
|
||||
#define SSL_CERTIFICATE_REQUEST_SKIP 1
|
||||
/* Coordination:
|
||||
@ -2573,7 +2573,7 @@ static int ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
* Handler for MBEDTLS_SSL_SERVER_FINISHED
|
||||
@ -2984,7 +2984,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
case MBEDTLS_SSL_CERTIFICATE_REQUEST:
|
||||
ret = ssl_tls13_write_certificate_request( ssl );
|
||||
break;
|
||||
@ -2996,7 +2996,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
|
||||
ret = ssl_tls13_write_certificate_verify( ssl );
|
||||
break;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
|
||||
|
||||
/*
|
||||
* Injection of dummy-CCS's for middlebox compatibility
|
||||
|
||||
Reference in New Issue
Block a user