ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-24 14:20:59 +08:00
Code Issues Releases Wiki Activity

Adapt remaining guards to FFDH

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-06-15 16:48:19 +02:00
parent ce05f54283
commit 8c0a95374f
3 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
library/ssl_client.c
View File

@ -185,7 +185,8 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || defined(PSA_WANT_ALG_FFDH) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || \
(defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(PSA_WANT_ALG_FFDH))
/* /*
* Function for writing a supported groups (TLS 1.3) or supported elliptic * Function for writing a supported groups (TLS 1.3) or supported elliptic
* curves (TLS 1.2) extension. * curves (TLS 1.2) extension.
@ -257,7 +258,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
for (; *group_list != 0; group_list++) { for (; *group_list != 0; group_list++) {
MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list)); MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
#if defined(MBEDTLS_ECP_LIGHT) #if defined(PSA_WANT_ALG_ECDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) && if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) || mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) ||
(mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) && (mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) &&
@ -273,7 +274,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
mbedtls_ssl_get_curve_name_from_tls_id(*group_list), mbedtls_ssl_get_curve_name_from_tls_id(*group_list),
*group_list)); *group_list));
} }
#endif /* MBEDTLS_ECP_LIGHT */ #endif /* PSA_WANT_ALG_ECDH */
#if defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_FFDH)
if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) && if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) { mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
@ -314,7 +315,8 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
return 0; return 0;
} }
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED || PSA_WANT_ALG_FFDH */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ||
(MBEDTLS_SSL_PROTO_TLS1_3 && PSA_WANT_ALG_FFDH) */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_client_hello_cipher_suites( static int ssl_write_client_hello_cipher_suites(
@ -606,7 +608,8 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
#endif #endif
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || defined(PSA_WANT_ALG_FFDH) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || \
(defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(PSA_WANT_ALG_FFDH))
if ( if (
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
(propose_tls13 && (propose_tls13 &&
@ -623,7 +626,8 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
p += output_len; p += output_len;
} }
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED || PSA_WANT_ALG_FFDH */ MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ||
(MBEDTLS_SSL_PROTO_TLS1_3 && PSA_WANT_ALG_FFDH) */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if ( if (

5
library/ssl_tls.c
View File

@ -4214,12 +4214,13 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
mbedtls_ssl_buffering_free(ssl); mbedtls_ssl_buffering_free(ssl);
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(PSA_WANT_ALG_ECDH) && \ #if (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
if (handshake->ecdh_psa_privkey_is_external == 0) { if (handshake->ecdh_psa_privkey_is_external == 0) {
psa_destroy_key(handshake->ecdh_psa_privkey); psa_destroy_key(handshake->ecdh_psa_privkey);
} }
#endif /* PSA_WANT_ALG_ECDH && (MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */ #endif /* (PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH) &&
(MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3) */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_transform_free(handshake->transform_handshake); mbedtls_ssl_transform_free(handshake->transform_handshake);

8
library/ssl_tls13_server.c
View File

@ -776,7 +776,7 @@ static int ssl_tls13_parse_supported_versions_ext(mbedtls_ssl_context *ssl,
return (int) tls_version; return (int) tls_version;
} }
#if defined(PSA_WANT_ALG_ECDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
/* /*
* *
* From RFC 8446: * From RFC 8446:
@ -832,7 +832,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
return 0; return 0;
} }
#endif /* PSA_WANT_ALG_ECDH */ #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH */
#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1
@ -1541,7 +1541,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
break; break;
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(PSA_WANT_ALG_ECDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension")); MBEDTLS_SSL_DEBUG_MSG(3, ("found supported group extension"));
@ -1560,7 +1560,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
} }
break; break;
#endif /* PSA_WANT_ALG_ECDH */ #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/
#if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH) #if defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
case MBEDTLS_TLS_EXT_KEY_SHARE: case MBEDTLS_TLS_EXT_KEY_SHARE: