yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tls13_only: compile pass

Browse source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-12-23 14:57:39 +08:00
parent e0a6412d8d
commit c3091b1c8c
4 changed files with 49 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
library/ssl_cli.c
View file

@ -2931,8 +2931,10 @@ start_processing:
#endif
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
size_t params_len = p - params;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void *rs_ctx = NULL;
mbedtls_pk_context * peer_pk;

12
library/ssl_misc.h
View file

@ -79,7 +79,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
@ -87,10 +89,14 @@
/* Determine maximum supported version */
#define MBEDTLS_SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_4
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
#define MBEDTLS_SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_3
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
/* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
defined(MBEDTLS_SSL_CLI_C) && \
@ -748,7 +754,6 @@ struct mbedtls_ssl_handshake_params
/*
* Checksum contexts
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
@ -763,7 +768,6 @@ struct mbedtls_ssl_handshake_params
mbedtls_sha512_context fin_sha512;
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
uint16_t offered_group_id; /* The NamedGroup value for the group

16
library/ssl_srv.c
View file

@ -2956,9 +2956,11 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
ssl->handshake->ciphersuite_info;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
unsigned char *dig_signed = NULL;
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED &&
MBEDTLS_SSL_PROTO_TLS1_2 */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
(void) ciphersuite_info; /* unused in some configurations */
@ -3064,7 +3066,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
return( ret );
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
dig_signed = ssl->out_msg + ssl->out_msglen;
#endif
@ -3130,7 +3133,8 @@ curve_matching_done:
return( ret );
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
dig_signed = ssl->out_msg + ssl->out_msglen;
#endif
@ -3150,7 +3154,9 @@ curve_matching_done:
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
size_t hashlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char hash[PSA_HASH_MAX_SIZE];
@ -3165,7 +3171,7 @@ curve_matching_done:
* to choose appropriate hash.
*/
mbedtls_md_type_t md_alg;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
mbedtls_pk_type_t sig_alg =

33
library/ssl_tls.c
View file

@ -632,6 +632,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
else
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
((void) tls_prf);
return( MBEDTLS_SSL_TLS_PRF_NONE );
}
@ -1121,8 +1122,11 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
int minor_ver,
mbedtls_md_type_t hash )
{
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA384_C)
#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \
!( defined(MBEDTLS_SHA384_C) || defined(MBEDTLS_SHA256_C) )
(void) hash;
(void) handshake;
(void) minor_ver;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -2001,9 +2005,8 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
return( 0 );
}
return( -1 );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
return( -1 );
}
#endif /* MBEDTLS_SSL_SRV_C */
@ -2458,6 +2461,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
{
((void) ssl);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -2481,6 +2485,9 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
((void) ssl);
((void) buf);
((void) len);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -5198,6 +5205,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
return( ssl_session_save( session, 0, buf, buf_len, olen ) );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/*
* Deserialize session, see mbedtls_ssl_session_save() for format.
*
@ -5402,6 +5410,7 @@ static int ssl_session_load_tls12( mbedtls_ssl_session *session,
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static int ssl_session_load( mbedtls_ssl_session *session,
unsigned char omit_header,
@ -6212,6 +6221,10 @@ typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
unsigned char *dstbuf, size_t dlen );
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* TODO: This function has some problem when
!MBEDTLS_SHA384_C && !MBEDTLS_SHA256_C && MBEDTLS_SHA512_C
*/
#if defined(MBEDTLS_SHA384_C)
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
@ -6222,6 +6235,11 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
(void) ciphersuite_id;
#endif
return( tls_prf_sha256 );
#else
((void) ciphersuite_id);
return NULL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
/*
@ -7593,16 +7611,21 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
return( ssl_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
#endif /* MBEDTLS_SHA384_C */
#endif /* MBEDTLS_SHA384_C && MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( ssl_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
#endif /* MBEDTLS_SHA256_C */
#endif /* MBEDTLS_SHA256_C && MBEDTLS_SSL_PROTO_TLS1_2*/
default:
break;
}
((void) ssl);
((void) md);
((void) dst);
((void) dst_len);
((void) olen);
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}