lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function

Browse Source 
Harmonise the names and return values of check functions in TLS code
This commit is contained in:
Ronald Cron
2024-01-11 13:51:39 +00:00
committed by GitHub
parent 7c14afcaaa 94a42ccb3e
commit ae2213c307
5 changed files with 107 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
library/ssl_tls13_server.c
View File

@@ -95,9 +95,9 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket(
@@ -175,12 +175,12 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
key_exchanges = 0;
if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) &&
ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) &&
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
}
if (mbedtls_ssl_session_ticket_allow_psk(session) &&
ssl_tls13_check_psk_key_exchange(ssl)) {
if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) &&
ssl_tls13_key_exchange_is_psk_available(ssl)) {
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
}
@@ -1003,12 +1003,12 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl,
unsigned int kex_mode)
static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl,
unsigned int kex_mode)
{
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (ssl->handshake->resume) {
if (mbedtls_ssl_session_check_ticket_flags(
if (!mbedtls_ssl_tls13_session_ticket_has_flags(
ssl->session_negotiate, kex_mode)) {
return 0;
}
@@ -1022,10 +1022,10 @@ static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) &&
return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) &&
ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl);
#else
((void) ssl);
@@ -1034,13 +1034,13 @@ static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
return ssl_tls13_ticket_permission_check(
return ssl_tls13_ticket_is_kex_mode_permitted(
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
mbedtls_ssl_tls13_psk_enabled(ssl) &&
mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
mbedtls_ssl_tls13_is_psk_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
#else
((void) ssl);
@@ -1049,13 +1049,13 @@ static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
return ssl_tls13_ticket_permission_check(
return ssl_tls13_ticket_is_kex_mode_permitted(
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
#else
((void) ssl);
@@ -1083,17 +1083,17 @@ static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
if (ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
if (ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
} else
if (ssl_tls13_check_ephemeral_key_exchange(ssl)) {
if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
} else
if (ssl_tls13_check_psk_key_exchange(ssl)) {
if (ssl_tls13_key_exchange_is_psk_available(ssl)) {
ssl->handshake->key_exchange_mode =
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
@@ -1734,8 +1734,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
* - The content up to but excluding the PSK extension, if present.
*/
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
if (ssl_tls13_check_psk_key_exchange(ssl) ||
ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
if (ssl_tls13_key_exchange_is_psk_available(ssl) ||
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
@@ -1842,7 +1842,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
}
if (!mbedtls_ssl_session_ticket_allow_early_data(ssl->session_negotiate)) {
if (!mbedtls_ssl_tls13_session_ticket_allow_early_data(ssl->session_negotiate)) {
MBEDTLS_SSL_DEBUG_MSG(
1,
("EarlyData: rejected, early_data not allowed in ticket "
@@ -3079,7 +3079,7 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
* expected to be resolved with issue#6395.
*/
/* Sent NewSessionTicket message only when client supports PSK */
if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
if (mbedtls_ssl_tls13_is_some_psk_supported(ssl)) {
mbedtls_ssl_handshake_set_state(
ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
} else
@@ -3138,17 +3138,17 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
#endif
/* Set ticket_flags depends on the advertised psk key exchange mode */
mbedtls_ssl_session_clear_ticket_flags(
mbedtls_ssl_tls13_session_clear_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
mbedtls_ssl_session_set_ticket_flags(
mbedtls_ssl_tls13_session_set_ticket_flags(
session, ssl->handshake->tls13_kex_modes);
#endif
#if defined(MBEDTLS_SSL_EARLY_DATA)
if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
ssl->conf->max_early_data_size > 0) {
mbedtls_ssl_session_set_ticket_flags(
mbedtls_ssl_tls13_session_set_ticket_flags(
session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -3328,7 +3328,7 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl,
p += 2;
#if defined(MBEDTLS_SSL_EARLY_DATA)
if (mbedtls_ssl_session_ticket_allow_early_data(session)) {
if (mbedtls_ssl_tls13_session_ticket_allow_early_data(session)) {
size_t output_len;
if ((ret = mbedtls_ssl_tls13_write_early_data_ext(