Update parse_key_share in server side and version config
Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
parent
0a1b54ed73
commit
060d867598
2 changed files with 40 additions and 41 deletions
|
@ -4210,34 +4210,37 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
|||
conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
if( ( endpoint == MBEDTLS_SSL_IS_SERVER ) ||
|
||||
( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
#else
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
|
||||
endpoint == MBEDTLS_SSL_IS_SERVER )
|
||||
{
|
||||
/* DTLS 1.3 not supported yet
|
||||
* server side hybrid mode not support yet
|
||||
*/
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
}
|
||||
else
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
conf->min_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
#else
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
}
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
conf->max_tls_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* DTLS 1.3 not supported yet */
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Preset-specific defaults
|
||||
|
@ -7791,7 +7794,7 @@ int mbedtls_ssl_validate_ciphersuite(
|
|||
return( -1 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
|
||||
mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
|
||||
|
|
|
@ -215,19 +215,19 @@ static int ssl_tls13_parse_key_shares_ext( mbedtls_ssl_context *ssl,
|
|||
if( match_found == 1 )
|
||||
continue;
|
||||
|
||||
if( ! mbedtls_ssl_named_group_is_offered( ssl, group ) ||
|
||||
! mbedtls_ssl_named_group_is_supported( group ) )
|
||||
{
|
||||
continue;
|
||||
}
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_tls_id( group );
|
||||
|
||||
/*
|
||||
* For now, we only support ECDHE groups.
|
||||
*/
|
||||
if( mbedtls_ssl_tls13_named_group_is_ecdhe( group ) )
|
||||
{
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_tls_id( group );
|
||||
if( curve_info == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Invalid TLS curve group id" ) );
|
||||
continue;
|
||||
}
|
||||
|
||||
match_found = 1;
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
|
||||
ret = mbedtls_ssl_tls13_read_public_ecdhe_share(
|
||||
|
@ -377,8 +377,9 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const unsigned char *p = buf;
|
||||
size_t legacy_session_id_len;
|
||||
const unsigned char *cipher_suites_start;
|
||||
const unsigned char *cipher_suites;
|
||||
size_t cipher_suites_len;
|
||||
const unsigned char *cipher_suites_end;
|
||||
size_t extensions_len;
|
||||
const unsigned char *extensions_end;
|
||||
|
||||
|
@ -479,7 +480,8 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
|||
* with CipherSuite defined as:
|
||||
* uint8 CipherSuite[2];
|
||||
*/
|
||||
cipher_suites_start = p;
|
||||
cipher_suites = p;
|
||||
cipher_suites_end = p + cipher_suites_len;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
|
||||
p, cipher_suites_len );
|
||||
/*
|
||||
|
@ -487,8 +489,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
|||
*/
|
||||
int ciphersuite_match = 0;
|
||||
ciphersuite_info = NULL;
|
||||
for ( size_t j = 0; j < cipher_suites_len;
|
||||
j += 2, p += 2 )
|
||||
for ( ; p < cipher_suites_end; p += 2 )
|
||||
{
|
||||
uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
|
||||
|
@ -520,7 +521,7 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s",
|
||||
ciphersuite_info->name ) );
|
||||
|
||||
p = cipher_suites_start + cipher_suites_len;
|
||||
p = cipher_suites + cipher_suites_len;
|
||||
/* ...
|
||||
* opaque legacy_compression_methods<1..2^8-1>;
|
||||
* ...
|
||||
|
@ -730,7 +731,7 @@ cleanup:
|
|||
}
|
||||
|
||||
/*
|
||||
* TLS and DTLS 1.3 State Maschine -- server side
|
||||
* TLS 1.3 State Maschine -- server side
|
||||
*/
|
||||
int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
|
@ -760,14 +761,9 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
|
|||
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_SERVER_HELLO:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSL - The requested feature is not available" ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
break;
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
|
||||
return( ret );
|
||||
|
|
Loading…
Reference in a new issue