TLS 1.3: Limit scope of tls13_kex_modes handshake field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
799077177b
commit
bc817bac76
1 changed files with 7 additions and 1 deletions
|
@ -612,14 +612,18 @@ struct mbedtls_ssl_handshake_params
|
|||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
uint8_t key_exchange_mode; /*!< Selected key exchange mode */
|
||||
uint8_t tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
|
||||
|
||||
/** Number of HelloRetryRequest messages received/sent from/to the server. */
|
||||
int hello_retry_request_count;
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/** selected_group of key_share extension in HelloRetryRequest message. */
|
||||
uint16_t hrr_selected_group;
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
@ -1770,6 +1774,7 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
|
|||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
/**
|
||||
* Given a list of key exchange modes, check if at least one of them is
|
||||
* supported.
|
||||
|
@ -1816,6 +1821,7 @@ static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
|
|||
return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
/*
|
||||
* Helper functions to check the selected key exchange mode.
|
||||
|
|
Loading…
Reference in a new issue