Update SHA and MD5 dependencies in the SSL module
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
635c2c2be5
commit
25f271557b
5 changed files with 383 additions and 363 deletions
File diff suppressed because it is too large
Load diff
|
|
@ -38,21 +38,26 @@
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/constant_time.h"
|
#include "mbedtls/constant_time.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#include "psa/crypto.h"
|
||||||
|
#endif
|
||||||
|
#include "legacy_or_psa.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
||||||
* available. Try SHA-256 first, 512 wastes resources
|
* available. Try SHA-256 first, 512 wastes resources
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SHA224_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
|
||||||
#define COOKIE_MD MBEDTLS_MD_SHA224
|
#define COOKIE_MD MBEDTLS_MD_SHA224
|
||||||
#define COOKIE_MD_OUTLEN 32
|
#define COOKIE_MD_OUTLEN 32
|
||||||
#define COOKIE_HMAC_LEN 28
|
#define COOKIE_HMAC_LEN 28
|
||||||
#elif defined(MBEDTLS_SHA384_C)
|
#elif defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
|
||||||
#define COOKIE_MD MBEDTLS_MD_SHA384
|
#define COOKIE_MD MBEDTLS_MD_SHA384
|
||||||
#define COOKIE_MD_OUTLEN 48
|
#define COOKIE_MD_OUTLEN 48
|
||||||
#define COOKIE_HMAC_LEN 28
|
#define COOKIE_HMAC_LEN 28
|
||||||
#elif defined(MBEDTLS_SHA1_C)
|
#elif defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
|
||||||
#define COOKIE_MD MBEDTLS_MD_SHA1
|
#define COOKIE_MD MBEDTLS_MD_SHA1
|
||||||
#define COOKIE_MD_OUTLEN 20
|
#define COOKIE_MD_OUTLEN 20
|
||||||
#define COOKIE_HMAC_LEN 20
|
#define COOKIE_HMAC_LEN 20
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
#include "hash_info.h"
|
#include "hash_info.h"
|
||||||
#endif
|
#endif
|
||||||
|
#include "legacy_or_psa.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_MD5_C)
|
#if defined(MBEDTLS_MD5_C)
|
||||||
#include "mbedtls/md5.h"
|
#include "mbedtls/md5.h"
|
||||||
|
|
@ -184,9 +185,9 @@
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||||
/* Ciphersuites using HMAC */
|
/* Ciphersuites using HMAC */
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
|
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
|
||||||
#elif defined(MBEDTLS_SHA256_C)
|
#elif defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
|
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
|
||||||
#else
|
#else
|
||||||
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
|
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
|
||||||
|
|
@ -783,14 +784,14 @@ struct mbedtls_ssl_handshake_params
|
||||||
/*
|
/*
|
||||||
* Checksum contexts
|
* Checksum contexts
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_operation_t fin_sha256_psa;
|
psa_hash_operation_t fin_sha256_psa;
|
||||||
#else
|
#else
|
||||||
mbedtls_sha256_context fin_sha256;
|
mbedtls_sha256_context fin_sha256;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_operation_t fin_sha384_psa;
|
psa_hash_operation_t fin_sha384_psa;
|
||||||
#else
|
#else
|
||||||
|
|
@ -2104,24 +2105,24 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
|
||||||
switch( sig_alg )
|
switch( sig_alg )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_PKCS1_V21)
|
#if defined(MBEDTLS_PKCS1_V21)
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
|
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
|
||||||
*md_alg = MBEDTLS_MD_SHA256;
|
*md_alg = MBEDTLS_MD_SHA256;
|
||||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||||
break;
|
break;
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
|
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
|
||||||
*md_alg = MBEDTLS_MD_SHA384;
|
*md_alg = MBEDTLS_MD_SHA384;
|
||||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||||
break;
|
break;
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
|
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
|
||||||
*md_alg = MBEDTLS_MD_SHA512;
|
*md_alg = MBEDTLS_MD_SHA512;
|
||||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||||
break;
|
break;
|
||||||
#endif /* MBEDTLS_SHA512_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA */
|
||||||
#endif /* MBEDTLS_PKCS1_V21 */
|
#endif /* MBEDTLS_PKCS1_V21 */
|
||||||
default:
|
default:
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
@ -2209,32 +2210,32 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
|
||||||
|
|
||||||
switch( hash )
|
switch( hash )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_MD5_C)
|
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_MD5:
|
case MBEDTLS_SSL_HASH_MD5:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA1:
|
case MBEDTLS_SSL_HASH_SHA1:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA224_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA224:
|
case MBEDTLS_SSL_HASH_SHA224:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA256:
|
case MBEDTLS_SSL_HASH_SHA256:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA384:
|
case MBEDTLS_SSL_HASH_SHA384:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA512:
|
case MBEDTLS_SSL_HASH_SHA512:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@
|
||||||
#include "ssl_client.h"
|
#include "ssl_client.h"
|
||||||
#include "ssl_debug_helpers.h"
|
#include "ssl_debug_helpers.h"
|
||||||
#include "ssl_misc.h"
|
#include "ssl_misc.h"
|
||||||
|
|
||||||
#include "mbedtls/debug.h"
|
#include "mbedtls/debug.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
|
|
@ -53,6 +54,7 @@
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#endif
|
#endif
|
||||||
|
#include "legacy_or_psa.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
|
|
@ -418,7 +420,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
unsigned endpoint,
|
unsigned endpoint,
|
||||||
const mbedtls_ssl_context *ssl );
|
const mbedtls_ssl_context *ssl );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
||||||
const char *label,
|
const char *label,
|
||||||
|
|
@ -427,9 +429,9 @@ static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
||||||
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
|
static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * );
|
||||||
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
|
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
|
||||||
|
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||||
const char *label,
|
const char *label,
|
||||||
|
|
@ -438,7 +440,7 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||||
|
|
||||||
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
||||||
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
|
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
static size_t ssl_tls12_session_save( const mbedtls_ssl_session *session,
|
static size_t ssl_tls12_session_save( const mbedtls_ssl_session *session,
|
||||||
unsigned char *buf,
|
unsigned char *buf,
|
||||||
|
|
@ -452,13 +454,13 @@ static int ssl_tls12_session_load( mbedtls_ssl_session *session,
|
||||||
|
|
||||||
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
|
static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
|
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
||||||
const unsigned char *secret, size_t slen,
|
const unsigned char *secret, size_t slen,
|
||||||
|
|
@ -471,16 +473,16 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
||||||
switch( prf )
|
switch( prf )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_TLS_PRF_SHA384:
|
case MBEDTLS_SSL_TLS_PRF_SHA384:
|
||||||
tls_prf = tls_prf_sha384;
|
tls_prf = tls_prf_sha384;
|
||||||
break;
|
break;
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_TLS_PRF_SHA256:
|
case MBEDTLS_SSL_TLS_PRF_SHA256:
|
||||||
tls_prf = tls_prf_sha256;
|
tls_prf = tls_prf_sha256;
|
||||||
break;
|
break;
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
default:
|
default:
|
||||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||||
|
|
@ -517,12 +519,12 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
((void) ciphersuite_info);
|
((void) ciphersuite_info);
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
|
if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
|
||||||
ssl->handshake->update_checksum = ssl_update_checksum_sha256;
|
ssl->handshake->update_checksum = ssl_update_checksum_sha256;
|
||||||
else
|
else
|
||||||
|
|
@ -560,7 +562,7 @@ void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
|
||||||
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
((void) ssl);
|
((void) ssl);
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_abort( &ssl->handshake->fin_sha256_psa );
|
psa_hash_abort( &ssl->handshake->fin_sha256_psa );
|
||||||
psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
|
psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
|
||||||
|
|
@ -568,7 +570,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
|
mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
|
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
|
||||||
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
||||||
|
|
@ -581,14 +583,14 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||||
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
|
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
|
||||||
#else
|
#else
|
||||||
mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
|
mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
|
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
|
||||||
#else
|
#else
|
||||||
|
|
@ -597,7 +599,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
|
|
@ -609,7 +611,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
{
|
{
|
||||||
|
|
@ -625,7 +627,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||||
{
|
{
|
||||||
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
|
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
handshake->fin_sha256_psa = psa_hash_operation_init();
|
handshake->fin_sha256_psa = psa_hash_operation_init();
|
||||||
psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
|
psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
|
||||||
|
|
@ -634,7 +636,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||||
mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
|
mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
handshake->fin_sha384_psa = psa_hash_operation_init();
|
handshake->fin_sha384_psa = psa_hash_operation_init();
|
||||||
psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
||||||
|
|
@ -3499,14 +3501,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_abort( &handshake->fin_sha256_psa );
|
psa_hash_abort( &handshake->fin_sha256_psa );
|
||||||
#else
|
#else
|
||||||
mbedtls_sha256_free( &handshake->fin_sha256 );
|
mbedtls_sha256_free( &handshake->fin_sha256 );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_abort( &handshake->fin_sha384_psa );
|
psa_hash_abort( &handshake->fin_sha384_psa );
|
||||||
#else
|
#else
|
||||||
|
|
@ -4355,45 +4357,45 @@ static int ssl_preset_suiteb_ciphersuites[] = {
|
||||||
*/
|
*/
|
||||||
static uint16_t ssl_preset_default_sig_algs[] = {
|
static uint16_t ssl_preset_default_sig_algs[] = {
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
|
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
|
||||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C &&
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA &&
|
||||||
MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
|
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
|
||||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C &&
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA &&
|
||||||
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA512_C) && \
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
|
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
|
||||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C &&
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA &&
|
||||||
MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
|
||||||
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA512_C */
|
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
|
||||||
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||||
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
|
||||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */
|
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA512_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
|
||||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA384_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
||||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
|
||||||
|
|
||||||
|
|
@ -4403,7 +4405,7 @@ static uint16_t ssl_preset_default_sig_algs[] = {
|
||||||
/* NOTICE: see above */
|
/* NOTICE: see above */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512 ),
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -4413,8 +4415,8 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512 ),
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SHA512_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA */
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -4424,8 +4426,8 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -4435,32 +4437,32 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
MBEDTLS_TLS_SIG_NONE
|
MBEDTLS_TLS_SIG_NONE
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
/* NOTICE: see above */
|
/* NOTICE: see above */
|
||||||
static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C) && \
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
|
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
|
||||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA256_C &&
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA &&
|
||||||
MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA384_C) && \
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||||
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
|
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
|
||||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_SHA384_C &&
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA &&
|
||||||
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||||
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
||||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_RSA_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
MBEDTLS_TLS_SIG_NONE
|
MBEDTLS_TLS_SIG_NONE
|
||||||
};
|
};
|
||||||
|
|
@ -4468,22 +4470,22 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
|
||||||
/* NOTICE: see above */
|
/* NOTICE: see above */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
|
static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256 ),
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256 ),
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384 ),
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG( MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384 ),
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
MBEDTLS_TLS_SIG_NONE
|
MBEDTLS_TLS_SIG_NONE
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
@ -4834,27 +4836,27 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
|
||||||
{
|
{
|
||||||
switch( hash )
|
switch( hash )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_MD5_C)
|
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_MD5:
|
case MBEDTLS_SSL_HASH_MD5:
|
||||||
return( MBEDTLS_MD_MD5 );
|
return( MBEDTLS_MD_MD5 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA1:
|
case MBEDTLS_SSL_HASH_SHA1:
|
||||||
return( MBEDTLS_MD_SHA1 );
|
return( MBEDTLS_MD_SHA1 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA224_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA224:
|
case MBEDTLS_SSL_HASH_SHA224:
|
||||||
return( MBEDTLS_MD_SHA224 );
|
return( MBEDTLS_MD_SHA224 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA256:
|
case MBEDTLS_SSL_HASH_SHA256:
|
||||||
return( MBEDTLS_MD_SHA256 );
|
return( MBEDTLS_MD_SHA256 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA384:
|
case MBEDTLS_SSL_HASH_SHA384:
|
||||||
return( MBEDTLS_MD_SHA384 );
|
return( MBEDTLS_MD_SHA384 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA512:
|
case MBEDTLS_SSL_HASH_SHA512:
|
||||||
return( MBEDTLS_MD_SHA512 );
|
return( MBEDTLS_MD_SHA512 );
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -4870,27 +4872,27 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
|
||||||
{
|
{
|
||||||
switch( md )
|
switch( md )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_MD5_C)
|
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_MD5:
|
case MBEDTLS_MD_MD5:
|
||||||
return( MBEDTLS_SSL_HASH_MD5 );
|
return( MBEDTLS_SSL_HASH_MD5 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA1:
|
case MBEDTLS_MD_SHA1:
|
||||||
return( MBEDTLS_SSL_HASH_SHA1 );
|
return( MBEDTLS_SSL_HASH_SHA1 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA224_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA224:
|
case MBEDTLS_MD_SHA224:
|
||||||
return( MBEDTLS_SSL_HASH_SHA224 );
|
return( MBEDTLS_SSL_HASH_SHA224 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA256:
|
case MBEDTLS_MD_SHA256:
|
||||||
return( MBEDTLS_SSL_HASH_SHA256 );
|
return( MBEDTLS_SSL_HASH_SHA256 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA384:
|
case MBEDTLS_MD_SHA384:
|
||||||
return( MBEDTLS_SSL_HASH_SHA384 );
|
return( MBEDTLS_SSL_HASH_SHA384 );
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA512_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA512:
|
case MBEDTLS_MD_SHA512:
|
||||||
return( MBEDTLS_SSL_HASH_SHA512 );
|
return( MBEDTLS_SSL_HASH_SHA512 );
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -5019,13 +5021,13 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
switch( md )
|
switch( md )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA384:
|
case MBEDTLS_MD_SHA384:
|
||||||
hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
|
hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA256:
|
case MBEDTLS_MD_SHA256:
|
||||||
hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
|
hash_operation_to_clone = &ssl->handshake->fin_sha256_psa;
|
||||||
break;
|
break;
|
||||||
|
|
@ -5048,7 +5050,7 @@ exit:
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
|
static int ssl_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *dst,
|
unsigned char *dst,
|
||||||
|
|
@ -5077,9 +5079,9 @@ exit:
|
||||||
mbedtls_sha512_free( &sha512 );
|
mbedtls_sha512_free( &sha512 );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
|
static int ssl_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *dst,
|
unsigned char *dst,
|
||||||
|
|
@ -5108,7 +5110,7 @@ exit:
|
||||||
mbedtls_sha256_free( &sha256 );
|
mbedtls_sha256_free( &sha256 );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||||
const mbedtls_md_type_t md,
|
const mbedtls_md_type_t md,
|
||||||
|
|
@ -5119,15 +5121,15 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||||
switch( md )
|
switch( md )
|
||||||
{
|
{
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA384:
|
case MBEDTLS_MD_SHA384:
|
||||||
return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
|
return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_MD_SHA256:
|
case MBEDTLS_MD_SHA256:
|
||||||
return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
|
return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
|
|
@ -5485,7 +5487,7 @@ exit:
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
||||||
const char *label,
|
const char *label,
|
||||||
|
|
@ -5495,9 +5497,9 @@ static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
||||||
return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
|
return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
|
||||||
label, random, rlen, dstbuf, dlen ) );
|
label, random, rlen, dstbuf, dlen ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||||
const char *label,
|
const char *label,
|
||||||
|
|
@ -5507,7 +5509,7 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||||
return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
|
return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
|
||||||
label, random, rlen, dstbuf, dlen ) );
|
label, random, rlen, dstbuf, dlen ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set appropriate PRF function and other SSL / TLS1.2 functions
|
* Set appropriate PRF function and other SSL / TLS1.2 functions
|
||||||
|
|
@ -5522,7 +5524,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||||
mbedtls_md_type_t hash )
|
mbedtls_md_type_t hash )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
if( hash == MBEDTLS_MD_SHA384 )
|
if( hash == MBEDTLS_MD_SHA384 )
|
||||||
{
|
{
|
||||||
handshake->tls_prf = tls_prf_sha384;
|
handshake->tls_prf = tls_prf_sha384;
|
||||||
|
|
@ -5531,7 +5533,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
{
|
{
|
||||||
(void) hash;
|
(void) hash;
|
||||||
handshake->tls_prf = tls_prf_sha256;
|
handshake->tls_prf = tls_prf_sha256;
|
||||||
|
|
@ -5783,12 +5785,12 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||||
{
|
{
|
||||||
switch( md )
|
switch( md )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA384:
|
case MBEDTLS_SSL_HASH_SHA384:
|
||||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
case MBEDTLS_SSL_HASH_SHA256:
|
case MBEDTLS_SSL_HASH_SHA256:
|
||||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
|
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
|
||||||
break;
|
break;
|
||||||
|
|
@ -5800,7 +5802,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
|
void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
|
||||||
unsigned char *hash,
|
unsigned char *hash,
|
||||||
size_t *hlen )
|
size_t *hlen )
|
||||||
|
|
@ -5847,9 +5849,9 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
||||||
unsigned char *hash,
|
unsigned char *hash,
|
||||||
size_t *hlen )
|
size_t *hlen )
|
||||||
|
|
@ -5896,7 +5898,7 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||||
|
|
@ -6861,7 +6863,7 @@ exit:
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
static void ssl_calc_finished_tls_sha256(
|
static void ssl_calc_finished_tls_sha256(
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
||||||
{
|
{
|
||||||
|
|
@ -6935,11 +6937,10 @@ static void ssl_calc_finished_tls_sha256(
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
|
|
||||||
static void ssl_calc_finished_tls_sha384(
|
static void ssl_calc_finished_tls_sha384(
|
||||||
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
|
||||||
{
|
{
|
||||||
|
|
@ -7012,7 +7013,7 @@ static void ssl_calc_finished_tls_sha384(
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA384_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA */
|
||||||
|
|
||||||
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
|
|
@ -7305,7 +7306,7 @@ exit:
|
||||||
*/
|
*/
|
||||||
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
|
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
|
||||||
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
|
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
|
||||||
|
|
||||||
|
|
@ -7321,14 +7322,14 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
||||||
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||||
{
|
{
|
||||||
((void) tls_prf);
|
((void) tls_prf);
|
||||||
#if defined(MBEDTLS_SHA384_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
if( tls_prf == tls_prf_sha384 )
|
if( tls_prf == tls_prf_sha384 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_SSL_TLS_PRF_SHA384 );
|
return( MBEDTLS_SSL_TLS_PRF_SHA384 );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
if( tls_prf == tls_prf_sha256 )
|
if( tls_prf == tls_prf_sha256 )
|
||||||
{
|
{
|
||||||
return( MBEDTLS_SSL_TLS_PRF_SHA256 );
|
return( MBEDTLS_SSL_TLS_PRF_SHA256 );
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,14 @@
|
||||||
|
|
||||||
#include <test/certs.h>
|
#include <test/certs.h>
|
||||||
|
|
||||||
|
#include "mbedtls/build_info.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#include "psa/crypto.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "legacy_or_psa.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Test CA Certificates
|
* Test CA Certificates
|
||||||
*
|
*
|
||||||
|
|
@ -1563,13 +1571,13 @@ const size_t mbedtls_test_cli_crt_ec_len =
|
||||||
* Dispatch between SHA-1 and SHA-256
|
* Dispatch between SHA-1 and SHA-256
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256
|
#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256
|
||||||
#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256
|
#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256
|
||||||
#else
|
#else
|
||||||
#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1
|
#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1
|
||||||
#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1
|
#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
|
|
||||||
const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
|
const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
|
||||||
const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA;
|
const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA;
|
||||||
|
|
@ -1668,10 +1676,10 @@ const size_t mbedtls_test_cli_crt_len =
|
||||||
|
|
||||||
/* List of CAs in PEM or DER, depending on config */
|
/* List of CAs in PEM or DER, depending on config */
|
||||||
const char * mbedtls_test_cas[] = {
|
const char * mbedtls_test_cas[] = {
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
mbedtls_test_ca_crt_rsa_sha1,
|
mbedtls_test_ca_crt_rsa_sha1,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
mbedtls_test_ca_crt_rsa_sha256,
|
mbedtls_test_ca_crt_rsa_sha256,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
|
@ -1680,10 +1688,10 @@ const char * mbedtls_test_cas[] = {
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
const size_t mbedtls_test_cas_len[] = {
|
const size_t mbedtls_test_cas_len[] = {
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
|
sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
|
sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
|
@ -1695,12 +1703,12 @@ const size_t mbedtls_test_cas_len[] = {
|
||||||
/* List of all available CA certificates in DER format */
|
/* List of all available CA certificates in DER format */
|
||||||
const unsigned char * mbedtls_test_cas_der[] = {
|
const unsigned char * mbedtls_test_cas_der[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
mbedtls_test_ca_crt_rsa_sha256_der,
|
mbedtls_test_ca_crt_rsa_sha256_der,
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
mbedtls_test_ca_crt_rsa_sha1_der,
|
mbedtls_test_ca_crt_rsa_sha1_der,
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
mbedtls_test_ca_crt_ec_der,
|
mbedtls_test_ca_crt_ec_der,
|
||||||
|
|
@ -1710,12 +1718,12 @@ const unsigned char * mbedtls_test_cas_der[] = {
|
||||||
|
|
||||||
const size_t mbedtls_test_cas_der_len[] = {
|
const size_t mbedtls_test_cas_der_len[] = {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
sizeof( mbedtls_test_ca_crt_rsa_sha256_der ),
|
sizeof( mbedtls_test_ca_crt_rsa_sha256_der ),
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
|
sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
sizeof( mbedtls_test_ca_crt_ec_der ),
|
sizeof( mbedtls_test_ca_crt_ec_der ),
|
||||||
|
|
@ -1727,12 +1735,12 @@ const size_t mbedtls_test_cas_der_len[] = {
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
const char mbedtls_test_cas_pem[] =
|
const char mbedtls_test_cas_pem[] =
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
#if defined(MBEDTLS_SHA256_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
TEST_CA_CRT_RSA_SHA256_PEM
|
TEST_CA_CRT_RSA_SHA256_PEM
|
||||||
#endif /* MBEDTLS_SHA256_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
TEST_CA_CRT_RSA_SHA1_PEM
|
TEST_CA_CRT_RSA_SHA1_PEM
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
TEST_CA_CRT_EC_PEM
|
TEST_CA_CRT_EC_PEM
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue