ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-12 01:42:21 +08:00
Code Issues Releases Wiki Activity

Use correct condition to use encrypt_then_mac in ssl_tls.c

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-04-05 11:01:47 +02:00
parent d1be7674a4
commit ccc074e44d
2 changed files with 32 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_misc.h
View File

@ -2223,14 +2223,16 @@ typedef enum {
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform( mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
const mbedtls_ssl_transform *transform ); const mbedtls_ssl_transform *transform );
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
int encrypt_then_mac, int encrypt_then_mac,
const mbedtls_ssl_ciphersuite_t *suite ); const mbedtls_ssl_ciphersuite_t *suite );
#else #else
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
const mbedtls_ssl_ciphersuite_t *suite ); const mbedtls_ssl_ciphersuite_t *suite );
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)

42
library/ssl_tls.c
View File

@ -1716,9 +1716,11 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode( static inline mbedtls_ssl_mode_t mbedtls_ssl_get_mode(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
int encrypt_then_mac, int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t alg psa_algorithm_t alg
#else #else
@ -1772,26 +1774,32 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_transform(
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
return mbedtls_ssl_get_mode( return mbedtls_ssl_get_mode(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac, transform->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
transform->psa_alg ); transform->psa_alg );
#else #else
mbedtls_cipher_mode_t mode = mbedtls_cipher_mode_t mode =
mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
return mbedtls_ssl_get_mode( return mbedtls_ssl_get_mode(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac, transform->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
mode ); mode );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
} }
mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
int encrypt_then_mac, int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
const mbedtls_ssl_ciphersuite_t *suite ) const mbedtls_ssl_ciphersuite_t *suite )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
@ -1803,9 +1811,11 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size ); status = mbedtls_ssl_cipher_to_psa( suite->cipher, 0, &alg, &type, &size );
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
return mbedtls_ssl_get_mode( return mbedtls_ssl_get_mode(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
encrypt_then_mac, encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
alg ); alg );
#else #else
const mbedtls_cipher_info_t *cipher = const mbedtls_cipher_info_t *cipher =
@ -1813,9 +1823,11 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
if( cipher != NULL ) if( cipher != NULL )
return mbedtls_ssl_get_mode( return mbedtls_ssl_get_mode(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
encrypt_then_mac, encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
mbedtls_cipher_info_get_mode( cipher ) ); mbedtls_cipher_info_get_mode( cipher ) );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -6969,9 +6981,11 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
} }
ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite( ssl_mode = mbedtls_ssl_get_mode_from_ciphersuite(
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
encrypt_then_mac, encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC &&
MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ciphersuite_info ); ciphersuite_info );
if( ssl_mode == MBEDTLS_SSL_MODE_AEAD ) if( ssl_mode == MBEDTLS_SSL_MODE_AEAD )