AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected

Browse Source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-05-03 17:56:38 +02:00
parent 044a32c4c6
commit 80f6f32495
4 changed files with 51 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/ssl_misc.h
View File

@ -1307,8 +1307,10 @@ void mbedtls_ssl_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
size_t msg_len );
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl,
mbedtls_key_exchange_type_t key_ex );
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf );
#endif

20
library/ssl_tls.c
View File

@ -5530,18 +5530,12 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
}
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
{
#if !defined(MBEDTLS_USE_PSA_CRYPTO) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char *p = ssl->handshake->premaster;
unsigned char *end = p + sizeof( ssl->handshake->premaster );
#else
(void)ssl;
(void)key_ex;
#endif /* !MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
const unsigned char *psk = NULL;
size_t psk_len = 0;
int psk_ret = mbedtls_ssl_get_psk( ssl, &psk, &psk_len );
@ -5602,7 +5596,6 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
{
@ -5624,8 +5617,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -5646,13 +5638,12 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
MBEDTLS_DEBUG_ECDH_Z );
}
else
#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* opaque psk<0..2^16-1>; */
if( end - p < 2 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -5667,11 +5658,10 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
p += psk_len;
ssl->handshake->pmslen = p - ssl->handshake->premaster;
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
static int ssl_write_hello_request( mbedtls_ssl_context *ssl );

37
library/ssl_tls12_client.c
View File

@ -3126,6 +3126,25 @@ ecdh_calc_secret:
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
return( ret );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char *pms = ssl->handshake->premaster;
unsigned char *pms_end = pms + sizeof( ssl->handshake->premaster );
size_t pms_len;
/* Write length only when we know the actual value */
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
pms + 2, pms_end - ( pms + 2 ), &pms_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
}
MBEDTLS_PUT_UINT16_BE( pms_len, pms, 0 );
pms += 2 + pms_len;
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
#endif
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
@ -3157,21 +3176,15 @@ ecdh_calc_secret:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK )
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
MBEDTLS_SSL_DEBUG_RET( 1,
"mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
return( ret );
}
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */

19
library/ssl_tls12_server.c
View File

@ -4053,12 +4053,31 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char *pms = ssl->handshake->premaster;
unsigned char *pms_end = pms + sizeof( ssl->handshake->premaster );
size_t pms_len;
/* Write length only when we know the actual value */
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
pms + 2, pms_end - ( pms + 2 ), &pms_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
}
MBEDTLS_PUT_UINT16_BE( pms_len, pms, 0 );
pms += 2 + pms_len;
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K );
#else
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */