lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge branch 'development' into safer-ct5

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
2023-08-07 11:47:35 +01:00
committed by GitHub
parent 56e5d6887f 3b5e8aa05c
commit c98f8d996a
257 changed files with 20700 additions and 8475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
library/ssl_misc.h
View File

@ -24,12 +24,14 @@
#include "mbedtls/build_info.h"
#include "mbedtls/error.h"
#include "mbedtls/ssl.h"
#include "mbedtls/cipher.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#include "psa_util_internal.h"
#endif
#if defined(MBEDTLS_MD_CAN_MD5)
@ -751,20 +753,20 @@ struct mbedtls_ssl_handshake_params {
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
#endif
#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_USE_PSA_CRYPTO)
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
#endif /* MBEDTLS_ECDH_C && !MBEDTLS_USE_PSA_CRYPTO */
#endif /* !MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */
#if defined(PSA_WANT_ALG_ECDH) && \
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
psa_key_type_t ecdh_psa_type;
size_t ecdh_bits;
mbedtls_svc_key_id_t ecdh_psa_privkey;
uint8_t ecdh_psa_privkey_is_external;
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t ecdh_psa_peerkey_len;
#endif /* PSA_WANT_ALG_ECDH &&
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
psa_key_type_t xxdh_psa_type;
size_t xxdh_psa_bits;
mbedtls_svc_key_id_t xxdh_psa_privkey;
uint8_t xxdh_psa_privkey_is_external;
unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
size_t xxdh_psa_peerkey_len;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -780,7 +782,8 @@ struct mbedtls_ssl_handshake_params {
#endif
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_PK_CAN_ECDH) || defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */
#endif
@ -1553,16 +1556,16 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/**
* \brief Return PSA EC info for the specified TLS ID.
*
* \param tls_id The TLS ID to look for
* \param family If the TLD ID is supported, then proper \c psa_ecc_family_t
* \param type If the TLD ID is supported, then proper \c psa_key_type_t
* value is returned here. Can be NULL.
* \param bits If the TLD ID is supported, then proper bit size is returned
* here. Can be NULL.
@ -1575,7 +1578,7 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id
* simply to check if a specific TLS ID is supported.
*/
int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
psa_ecc_family_t *family,
psa_key_type_t *type,
size_t *bits);
/**
@ -2111,15 +2114,15 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl);
#if defined(PSA_WANT_ALG_ECDH)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
mbedtls_ssl_context *ssl,
uint16_t named_group,
unsigned char *buf,
unsigned char *end,
size_t *out_len);
#endif /* PSA_WANT_ALG_ECDH */
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
#if defined(MBEDTLS_SSL_EARLY_DATA)
int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
@ -2211,7 +2214,7 @@ static inline int mbedtls_ssl_tls13_named_group_is_ecdhe(uint16_t named_group)
named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448;
}
static inline int mbedtls_ssl_tls13_named_group_is_dhe(uint16_t named_group)
static inline int mbedtls_ssl_tls13_named_group_is_ffdh(uint16_t named_group)
{
return named_group >= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048 &&
named_group <= MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
@ -2244,9 +2247,15 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
return 1;
}
}
#else
((void) named_group);
#endif /* PSA_WANT_ALG_ECDH */
#endif
#if defined(PSA_WANT_ALG_FFDH)
if (mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
return 1;
}
#endif
#if !defined(PSA_WANT_ALG_ECDH) && !defined(PSA_WANT_ALG_FFDH)
(void) named_group;
#endif
return 0;
}
@ -2639,14 +2648,14 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
const mbedtls_ssl_ciphersuite_t *suite);
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
#if defined(PSA_WANT_ALG_ECDH)
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_tls13_read_public_ecdhe_share(mbedtls_ssl_context *ssl,
int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t buf_len);
#endif /* PSA_WANT_ALG_ECDH */
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
static inline int mbedtls_ssl_tls13_cipher_suite_is_offered(
mbedtls_ssl_context *ssl, int cipher_suite)