ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-09 00:21:18 +08:00
Code Issues Releases Wiki Activity

Rm dead !USE_PSA code: ssl_tls13_xxx (part 1)

Browse Source 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2025-01-23 09:46:14 +01:00
parent 48e0e3a356
commit 855f5bf244
2 changed files with 0 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
library/ssl_tls13_keys.c
View File

@ -925,23 +925,17 @@ int mbedtls_ssl_tls13_populate_transform(
mbedtls_ssl_key_set const *traffic_keys, mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl /* DEBUG ONLY */) mbedtls_ssl_context *ssl /* DEBUG ONLY */)
{ {
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
mbedtls_cipher_info_t const *cipher_info;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc; unsigned char const *key_enc;
unsigned char const *iv_enc; unsigned char const *iv_enc;
unsigned char const *key_dec; unsigned char const *key_dec;
unsigned char const *iv_dec; unsigned char const *iv_dec;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type; psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg; psa_algorithm_t alg;
size_t key_bits; size_t key_bits;
psa_status_t status = PSA_SUCCESS; psa_status_t status = PSA_SUCCESS;
#endif
#if !defined(MBEDTLS_DEBUG_C) #if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for those cases */ ssl = NULL; /* make sure we don't use it except for those cases */
@ -955,29 +949,6 @@ int mbedtls_ssl_tls13_populate_transform(
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
} }
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
if (cipher_info == NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
ciphersuite_info->cipher));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
/*
* Setup cipher contexts in target transform
*/
if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
cipher_info)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
return ret;
}
if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
cipher_info)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
if (endpoint == MBEDTLS_SSL_IS_SERVER) { if (endpoint == MBEDTLS_SSL_IS_SERVER) {
@ -1003,21 +974,6 @@ int mbedtls_ssl_tls13_populate_transform(
memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len); memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len);
memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len); memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len);
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_ENCRYPT)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
return ret;
}
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_DECRYPT)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* /*
* Setup other fields in SSL transform * Setup other fields in SSL transform
@ -1041,7 +997,6 @@ int mbedtls_ssl_tls13_populate_transform(
transform->minlen = transform->minlen =
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY; transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* /*
* Setup psa keys and alg * Setup psa keys and alg
*/ */
@ -1082,7 +1037,6 @@ int mbedtls_ssl_tls13_populate_transform(
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);
} }
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return 0; return 0;
} }
@ -1839,7 +1793,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
unsigned char **psk, unsigned char **psk,
size_t *psk_len) size_t *psk_len)
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -1869,14 +1822,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
return PSA_TO_MBEDTLS_ERR(status); return PSA_TO_MBEDTLS_ERR(status);
} }
return 0; return 0;
#else
*psk = ssl->handshake->psk;
*psk_len = ssl->handshake->psk_len;
if (*psk == NULL) {
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
return 0;
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} }
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */

14
library/ssl_tls13_server.c
View File

@ -435,9 +435,7 @@ static int ssl_tls13_offered_psks_check_binder_match(
psk, psk_len, psk_type, psk, psk_len, psk_type,
transcript, transcript,
server_computed_binder); server_computed_binder);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_free((void *) psk); mbedtls_free((void *) psk);
#endif
if (ret != 0) { if (ret != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed.")); MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed."));
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
@ -739,11 +737,7 @@ static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
*olen = 0; *olen = 0;
int not_using_psk = 0; int not_using_psk = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)); not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
#else
not_using_psk = (ssl->handshake->psk == NULL);
#endif
if (not_using_psk) { if (not_using_psk) {
/* We shouldn't have called this extension writer unless we've /* We shouldn't have called this extension writer unless we've
* chosen to use a PSK. */ * chosen to use a PSK. */
@ -1078,7 +1072,6 @@ static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ss
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg) static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
{ {
switch (sig_alg) { switch (sig_alg) {
@ -1104,7 +1097,6 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
return PSA_ALG_NONE; return PSA_ALG_NONE;
} }
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* /*
* Pick best ( private key, certificate chain ) pair based on the signature * Pick best ( private key, certificate chain ) pair based on the signature
@ -1139,9 +1131,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
for (key_cert = key_cert_list; key_cert != NULL; for (key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next) { key_cert = key_cert->next) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_alg = PSA_ALG_NONE; psa_algorithm_t psa_alg = PSA_ALG_NONE;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate", MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate",
key_cert->cert); key_cert->cert);
@ -1165,17 +1155,13 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
"check signature algorithm %s [%04x]", "check signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str(*sig_alg), mbedtls_ssl_sig_alg_to_str(*sig_alg),
*sig_alg)); *sig_alg));
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg); psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match( if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk) *sig_alg, &key_cert->cert->pk)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
&& psa_alg != PSA_ALG_NONE && && psa_alg != PSA_ALG_NONE &&
mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg, mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
PSA_KEY_USAGE_SIGN_HASH) == 1 PSA_KEY_USAGE_SIGN_HASH) == 1
#endif /* MBEDTLS_USE_PSA_CRYPTO */
) { ) {
ssl->handshake->key_cert = key_cert; ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG(3, MBEDTLS_SSL_DEBUG_MSG(3,