Add tls prf handling when there's no SHA256 or SHA384
Return a null prf function pointer and check for it when populating transform. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
f502bcb13e
commit
894edde991
1 changed files with 22 additions and 4 deletions
|
|
@ -4046,6 +4046,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
const unsigned char * const end = buf + len;
|
||||
size_t session_len;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
tls_prf_fn prf_func = NULL;
|
||||
|
||||
/*
|
||||
* The context should have been freshly setup or reset.
|
||||
|
|
@ -4131,6 +4132,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
ssl->transform_out = ssl->transform;
|
||||
ssl->transform_negotiate = NULL;
|
||||
|
||||
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
|
||||
if( prf_func == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
/* Read random bytes and populate structure */
|
||||
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
|
@ -4141,7 +4146,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
|
|||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM)
|
||||
ssl->session->encrypt_then_mac,
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
|
||||
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
|
||||
prf_func,
|
||||
p, /* currently pointing to randbytes */
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, /* (D)TLS 1.2 is forced */
|
||||
ssl->conf->endpoint,
|
||||
|
|
@ -7428,6 +7433,8 @@ exit:
|
|||
* Helper to get TLS 1.2 PRF from ciphersuite
|
||||
* (Duplicates bits of logic from ssl_set_handshake_prfs().)
|
||||
*/
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
|
||||
defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
||||
{
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
|
|
@ -7436,11 +7443,22 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
|||
|
||||
if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
return( tls_prf_sha384 );
|
||||
#else
|
||||
(void) ciphersuite_id;
|
||||
else
|
||||
#endif
|
||||
return( tls_prf_sha256 );
|
||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
{
|
||||
if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
|
||||
return( tls_prf_sha256 );
|
||||
}
|
||||
#endif
|
||||
#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
(void) ciphersuite_info;
|
||||
#endif
|
||||
return( NULL );
|
||||
}
|
||||
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA ||
|
||||
MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||
|
||||
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||
|
|
|
|||
Loading…
Reference in a new issue