Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.
This commit makes check-names.sh pass.
```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
This commit is contained in:
Gilles Peskine
parent
2f084fe02c
commit
eccd888717
@ -292,7 +292,7 @@
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
( !defined(MBEDTLS_SHA256_C) && \
|
||||
!defined(MBEDTLS_SHA512_C) && \
|
||||
|
||||
@ -1250,9 +1250,9 @@
|
||||
#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
|
||||
#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
|
||||
#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
|
||||
#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||
#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
|
||||
#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||
#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
|
||||
#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
|
||||
#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
|
||||
#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
|
||||
|
||||
@ -825,7 +825,7 @@ typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
|
||||
typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) && \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
|
||||
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
@ -841,7 +841,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
||||
/* This is already checked in check_config.h, but be sure. */
|
||||
#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
|
||||
#endif
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED &&
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
|
||||
!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
|
||||
/*
|
||||
@ -937,7 +937,7 @@ struct mbedtls_ssl_config
|
||||
void *p_vrfy; /*!< context for X.509 verify calllback */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
/** Callback to retrieve PSK key from identity */
|
||||
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
|
||||
void *p_psk; /*!< context for PSK callback */
|
||||
@ -1000,7 +1000,7 @@ struct mbedtls_ssl_config
|
||||
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
const int *sig_hashes; /*!< allowed signature hashes */
|
||||
#endif
|
||||
|
||||
@ -1013,7 +1013,7 @@ struct mbedtls_ssl_config
|
||||
mbedtls_mpi dhm_G; /*!< generator for DHM */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_key_handle_t psk_opaque; /*!< PSA key slot holding opaque PSK.
|
||||
@ -1044,7 +1044,7 @@ struct mbedtls_ssl_config
|
||||
* Its value is non-zero if and only if
|
||||
* \c psk is not \c NULL or \c psk_opaque
|
||||
* is not \c 0. */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
const char **alpn_list; /*!< ordered list of protocols */
|
||||
@ -2668,7 +2668,7 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
|
||||
mbedtls_pk_context *pk_key );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
/**
|
||||
* \brief Configure a pre-shared key (PSK) and identity
|
||||
* to be used in PSK-based ciphersuites.
|
||||
@ -2815,7 +2815,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
|
||||
size_t),
|
||||
void *p_psk );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
@ -2920,7 +2920,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||
const mbedtls_ecp_group_id *curves );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/**
|
||||
* \brief Set the allowed hashes for signatures during the handshake.
|
||||
* (Default: all available hashes except MD5.)
|
||||
@ -2941,7 +2941,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||
*/
|
||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
const int *hashes );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
|
||||
@ -312,7 +312,7 @@ typedef enum {
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges allowing client certificate requests */
|
||||
@ -322,28 +322,28 @@ typedef enum {
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges involving server signature in ServerKeyExchange */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using ECDH */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges that don't involve ephemeral keys */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
|
||||
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges that involve ephemeral keys */
|
||||
@ -353,7 +353,7 @@ typedef enum {
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using a PSK */
|
||||
@ -361,20 +361,20 @@ typedef enum {
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using DHE */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
|
||||
#endif
|
||||
|
||||
/* Key exchanges using ECDHE */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
|
||||
#endif
|
||||
|
||||
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
|
||||
@ -417,7 +417,7 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers
|
||||
int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
|
||||
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -434,9 +434,9 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -452,9 +452,9 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -467,7 +467,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
|
||||
|
||||
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
@ -504,7 +504,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -517,9 +517,9 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -533,9 +533,9 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersu
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -549,7 +549,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_s
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
@ -113,7 +113,7 @@
|
||||
defined(MBEDTLS_SSL_CLI_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
#define MBEDTLS_SSL__ECP_RESTARTABLE
|
||||
#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
|
||||
#endif
|
||||
|
||||
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
|
||||
@ -278,7 +278,7 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* Abstraction for a grid of allowed signature-hash-algorithm pairs.
|
||||
*/
|
||||
@ -293,7 +293,7 @@ struct mbedtls_ssl_sig_hash_set_t
|
||||
mbedtls_md_type_t ecdsa;
|
||||
};
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
@ -309,7 +309,7 @@ struct mbedtls_ssl_handshake_params
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
|
||||
#endif
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
@ -338,13 +338,13 @@ struct mbedtls_ssl_handshake_params
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_key_handle_t psk_opaque; /*!< Opaque PSK from the callback */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
unsigned char *psk; /*!< PSK from the callback */
|
||||
size_t psk_len; /*!< Length of PSK from callback */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_ssl_key_cert *key_cert; /*!< chosen key/cert pair (server) */
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
@ -354,7 +354,7 @@ struct mbedtls_ssl_handshake_params
|
||||
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
int ecrs_enabled; /*!< Handshake supports EC restart? */
|
||||
mbedtls_x509_crt_restart_ctx ecrs_ctx; /*!< restart context */
|
||||
enum { /* this complements ssl->state with info on intra-state operations */
|
||||
@ -746,7 +746,7 @@ struct mbedtls_ssl_flight_item
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/* Find an entry in a signature-hash set matching a given hash algorithm. */
|
||||
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
|
||||
@ -766,7 +766,7 @@ static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *se
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
/**
|
||||
* \brief Free referenced items in an SSL transform context and clear
|
||||
@ -893,7 +893,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
|
||||
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
|
||||
#endif
|
||||
|
||||
@ -911,7 +911,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
|
||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||
mbedtls_md_type_t md );
|
||||
#endif
|
||||
|
||||
@ -2353,7 +2353,7 @@ int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
|
||||
{
|
||||
switch( info->key_exchange )
|
||||
@ -2368,6 +2368,6 @@ int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
|
||||
return( 0 );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
||||
@ -56,7 +56,7 @@
|
||||
#include "mbedtls/platform_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
|
||||
{
|
||||
if( conf->psk_identity == NULL ||
|
||||
@ -92,7 +92,7 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
||||
@ -208,7 +208,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
||||
* Only if we handle at least one key exchange that needs signatures.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
@ -290,7 +290,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||
*olen = 6 + sig_alg_len;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -846,13 +846,13 @@ static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_inf
|
||||
#endif
|
||||
|
||||
/* Don't suggest PSK-based ciphersuite if no PSK is available. */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
|
||||
ssl_conf_has_static_psk( ssl->conf ) == 0 )
|
||||
{
|
||||
return( 1 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -1112,7 +1112,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
@ -1923,7 +1923,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
|
||||
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
@ -2319,7 +2319,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
||||
(const unsigned char **) p, end ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||
#endif
|
||||
@ -2338,7 +2338,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
||||
unsigned char **p,
|
||||
unsigned char *end )
|
||||
@ -2378,7 +2378,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
@ -2627,7 +2627,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled &&
|
||||
ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing )
|
||||
{
|
||||
@ -2672,7 +2672,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
|
||||
|
||||
@ -2682,7 +2682,7 @@ start_processing:
|
||||
end = ssl->in_msg + ssl->in_hslen;
|
||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
|
||||
@ -2696,7 +2696,7 @@ start_processing:
|
||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||
}
|
||||
} /* FALLTROUGH */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
@ -2779,7 +2779,7 @@ start_processing:
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
|
||||
{
|
||||
size_t sig_len, hashlen;
|
||||
@ -2917,7 +2917,7 @@ start_processing:
|
||||
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
|
||||
#endif
|
||||
@ -2925,13 +2925,13 @@ start_processing:
|
||||
if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
|
||||
md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
#endif
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||
#endif
|
||||
@ -2945,7 +2945,7 @@ start_processing:
|
||||
mbedtls_pk_free( peer_pk );
|
||||
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
|
||||
|
||||
exit:
|
||||
ssl->state++;
|
||||
@ -2955,7 +2955,7 @@ exit:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if ! defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
|
||||
#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
@ -2973,7 +2973,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -3136,7 +3136,7 @@ exit:
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
@ -3328,7 +3328,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
*/
|
||||
header_len = 4;
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
{
|
||||
if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret )
|
||||
@ -3345,7 +3345,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||
#endif
|
||||
@ -3355,7 +3355,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Q );
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
{
|
||||
ssl->handshake->ecrs_n = content_len;
|
||||
@ -3373,7 +3373,7 @@ ecdh_calc_secret:
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||
#endif
|
||||
@ -3388,7 +3388,7 @@ ecdh_calc_secret:
|
||||
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
|
||||
{
|
||||
/*
|
||||
@ -3531,7 +3531,7 @@ ecdh_calc_secret:
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
|
||||
{
|
||||
@ -3592,7 +3592,7 @@ ecdh_calc_secret:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
@ -3617,7 +3617,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
@ -3632,7 +3632,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled &&
|
||||
ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign )
|
||||
{
|
||||
@ -3669,7 +3669,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
/*
|
||||
* Make a signature of the handshake digests
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
|
||||
|
||||
@ -3750,7 +3750,7 @@ sign:
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
|
||||
#endif
|
||||
@ -3761,7 +3761,7 @@ sign:
|
||||
ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||
#endif
|
||||
@ -3787,7 +3787,7 @@ sign:
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
|
||||
@ -150,7 +150,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
|
||||
{
|
||||
if( conf->f_psk != NULL )
|
||||
@ -190,7 +190,7 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
@ -229,7 +229,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/*
|
||||
* Status of the implementation of signature-algorithms extension:
|
||||
@ -317,7 +317,7 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -921,7 +921,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||
const mbedtls_ssl_ciphersuite_t *suite_info;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_pk_type_t sig_type;
|
||||
#endif
|
||||
|
||||
@ -978,7 +978,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
/* If the ciphersuite requires a pre-shared key and we don't
|
||||
* have one, skip it now rather than failing later */
|
||||
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
|
||||
@ -990,7 +990,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/* If the ciphersuite requires signing, check whether
|
||||
* a suitable hash algorithm is present. */
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
@ -1006,7 +1006,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/*
|
||||
@ -1316,10 +1316,10 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
|
||||
* we need to fall back to the default values for allowed
|
||||
* signature-hash pairs. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
int sig_hash_alg_ext_present = 0;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
|
||||
|
||||
@ -1832,7 +1832,7 @@ read_record_header:
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
|
||||
@ -1843,7 +1843,7 @@ read_record_header:
|
||||
sig_hash_alg_ext_present = 1;
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
@ -1990,7 +1990,7 @@ read_record_header:
|
||||
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/*
|
||||
* Try to fall back to default hash SHA1 if the client
|
||||
@ -2007,7 +2007,7 @@ read_record_header:
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
/*
|
||||
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
@ -2134,7 +2134,7 @@ have_ciphersuite:
|
||||
/* Debugging-only output for testsuite */
|
||||
#if defined(MBEDTLS_DEBUG_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
|
||||
@ -2816,7 +2816,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
@ -2834,7 +2834,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
@ -3002,7 +3002,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
@ -3029,7 +3029,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
|
||||
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
size_t *signature_len )
|
||||
@ -3052,7 +3052,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret );
|
||||
return( ret );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
|
||||
#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) &&
|
||||
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
|
||||
|
||||
/* Prepare the ServerKeyExchange message, up to and including
|
||||
@ -3064,16 +3064,16 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
ssl->handshake->ciphersuite_info;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
unsigned char *dig_signed = NULL;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
|
||||
|
||||
(void) ciphersuite_info; /* unused in some configurations */
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
(void) signature_len;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
|
||||
|
||||
ssl->out_msglen = 4; /* header (type:1, length:3) to be written later */
|
||||
|
||||
@ -3126,7 +3126,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
/*
|
||||
* - DHE key exchanges
|
||||
*/
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
@ -3165,7 +3165,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
dig_signed = ssl->out_msg + ssl->out_msglen;
|
||||
#endif
|
||||
|
||||
@ -3176,12 +3176,12 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
|
||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */
|
||||
|
||||
/*
|
||||
* - ECDHE key exchanges
|
||||
*/
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) )
|
||||
{
|
||||
/*
|
||||
@ -3229,7 +3229,7 @@ curve_matching_done:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
dig_signed = ssl->out_msg + ssl->out_msglen;
|
||||
#endif
|
||||
|
||||
@ -3238,7 +3238,7 @@ curve_matching_done:
|
||||
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
|
||||
MBEDTLS_DEBUG_ECDH_Q );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */
|
||||
|
||||
/*
|
||||
*
|
||||
@ -3246,7 +3246,7 @@ curve_matching_done:
|
||||
* exchange parameters, compute and add the signature here.
|
||||
*
|
||||
*/
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
|
||||
{
|
||||
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
|
||||
@ -3414,7 +3414,7 @@ curve_matching_done:
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -3427,26 +3427,26 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t signature_len = 0;
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
ssl->handshake->ciphersuite_info;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
|
||||
/* Extract static ECDH parameters and abort if ServerKeyExchange
|
||||
* is not needed. */
|
||||
if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) )
|
||||
{
|
||||
/* For suites involving ECDH, extract DH parameters
|
||||
* from certificate at this point. */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
|
||||
if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
|
||||
{
|
||||
ssl_get_ecdh_params_from_cert( ssl );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
|
||||
|
||||
/* Key exchanges not involving ephemeral keys don't use
|
||||
* ServerKeyExchange, so end here. */
|
||||
@ -3454,9 +3454,9 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) && \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
|
||||
defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
/* If we have already prepared the message and there is an ongoing
|
||||
* signature operation, resume signing. */
|
||||
@ -3466,7 +3466,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
ret = ssl_resume_server_key_exchange( ssl, &signature_len );
|
||||
}
|
||||
else
|
||||
#endif /* defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) &&
|
||||
#endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) &&
|
||||
defined(MBEDTLS_SSL_ASYNC_PRIVATE) */
|
||||
{
|
||||
/* ServerKeyExchange is needed. Prepare the message. */
|
||||
@ -3489,7 +3489,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
/* If there is a signature, write its length.
|
||||
* ssl_prepare_server_key_exchange already wrote the signature
|
||||
* itself at its proper place in the output buffer. */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
|
||||
if( signature_len != 0 )
|
||||
{
|
||||
ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 );
|
||||
@ -3502,7 +3502,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
|
||||
/* Skip over the already-written signature */
|
||||
ssl->out_msglen += signature_len;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
|
||||
|
||||
/* Add header and send. */
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||
@ -3806,7 +3806,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
|
||||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
|
||||
const unsigned char *end )
|
||||
{
|
||||
@ -3865,7 +3865,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
@ -4172,7 +4172,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
@ -4190,7 +4190,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
@ -4381,7 +4381,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||
|
||||
@ -1819,7 +1819,7 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
|
||||
{
|
||||
unsigned char *p = ssl->handshake->premaster;
|
||||
@ -1941,7 +1941,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
|
||||
@ -2000,7 +2000,7 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session )
|
||||
/*
|
||||
* Handshake functions
|
||||
*/
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/* No certificate support -> dummy functions */
|
||||
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
@ -2038,7 +2038,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#else /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
/* Some certificate support -> implement write and parse */
|
||||
|
||||
int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||
@ -2518,7 +2518,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||
return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
|
||||
#endif
|
||||
@ -2696,7 +2696,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled &&
|
||||
ssl->handshake->ecrs_state == ssl_ecrs_crt_verify )
|
||||
{
|
||||
@ -2750,7 +2750,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ssl->handshake->ecrs_enabled)
|
||||
ssl->handshake->ecrs_state = ssl_ecrs_crt_verify;
|
||||
|
||||
@ -2807,7 +2807,7 @@ exit:
|
||||
if( ret == 0 )
|
||||
ssl->state++;
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||
{
|
||||
ssl->handshake->ecrs_peer_cert = chain;
|
||||
@ -2823,7 +2823,7 @@ exit:
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
|
||||
@ -3565,7 +3565,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||
handshake->update_checksum = ssl_update_checksum_start;
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
|
||||
#endif
|
||||
|
||||
@ -3583,7 +3583,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx );
|
||||
#endif
|
||||
|
||||
@ -4221,7 +4221,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
|
||||
static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
|
||||
{
|
||||
@ -4394,7 +4394,7 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
|
||||
conf->f_psk = f_psk;
|
||||
conf->p_psk = p_psk;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||
|
||||
@ -4459,7 +4459,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
||||
}
|
||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* Set allowed/preferred hashes for handshake signatures
|
||||
*/
|
||||
@ -4468,7 +4468,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||
{
|
||||
conf->sig_hashes = hashes;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
/*
|
||||
@ -5745,7 +5745,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||
mbedtls_free( (void *) handshake->curves );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( handshake->psk != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( handshake->psk, handshake->psk_len );
|
||||
@ -5772,7 +5772,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
|
||||
mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx );
|
||||
if( handshake->ecrs_peer_cert != NULL )
|
||||
{
|
||||
@ -6545,7 +6545,7 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
||||
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static int ssl_preset_default_hashes[] = {
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
MBEDTLS_MD_SHA512,
|
||||
@ -6568,7 +6568,7 @@ static int ssl_preset_suiteb_ciphersuites[] = {
|
||||
0
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static int ssl_preset_suiteb_hashes[] = {
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA384,
|
||||
@ -6697,7 +6697,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
||||
#endif
|
||||
|
||||
@ -6736,7 +6736,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
conf->sig_hashes = ssl_preset_default_hashes;
|
||||
#endif
|
||||
|
||||
@ -6762,7 +6762,7 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
|
||||
mbedtls_mpi_free( &conf->dhm_G );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( conf->psk != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( conf->psk, conf->psk_len );
|
||||
@ -6837,7 +6837,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
|
||||
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/* Find an entry in a signature-hash set matching a given hash algorithm. */
|
||||
mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
|
||||
@ -6885,7 +6885,7 @@ void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
/*
|
||||
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
|
||||
@ -6971,7 +6971,7 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* Check if a hash proposed by the peer is in our list.
|
||||
* Return 0 if we're willing to use it, -1 otherwise.
|
||||
@ -6990,7 +6990,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||
|
||||
@ -16,7 +16,7 @@ static mbedtls_x509_crt cacert;
|
||||
const char *alpn_list[3];
|
||||
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
const unsigned char psk[] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
||||
@ -80,7 +80,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if (options & 2) {
|
||||
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
|
||||
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
|
||||
|
||||
@ -18,7 +18,7 @@ static mbedtls_pk_context pkey;
|
||||
#endif
|
||||
const char *alpn_list[3];
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
const unsigned char psk[] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
||||
@ -130,7 +130,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if (options & 0x40) {
|
||||
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
|
||||
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
|
||||
|
||||
@ -88,7 +88,7 @@ int main( void )
|
||||
|
||||
const char *pers = "mini_client";
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
const unsigned char psk[] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
||||
@ -211,7 +211,7 @@ int main( void )
|
||||
|
||||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
|
||||
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
|
||||
#endif
|
||||
|
||||
@ -201,7 +201,7 @@ int main( void )
|
||||
#define USAGE_CID ""
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
#define USAGE_PSK_RAW \
|
||||
" psk=%%s default: \"\" (disabled)\n" \
|
||||
" The PSK values are in hex, without 0x.\n" \
|
||||
@ -223,7 +223,7 @@ int main( void )
|
||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||
#else
|
||||
#define USAGE_PSK ""
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
#define USAGE_CA_CALLBACK \
|
||||
@ -1127,7 +1127,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
||||
size_t psk_len = 0;
|
||||
#endif
|
||||
@ -1756,7 +1756,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_debug_set_threshold( opt.debug_level );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
/*
|
||||
* Unhexify the pre-shared key if any is given
|
||||
*/
|
||||
@ -1775,7 +1775,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 )
|
||||
@ -2376,7 +2376,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 )
|
||||
{
|
||||
@ -2414,7 +2414,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
if( opt.min_version != DFL_MIN_VERSION )
|
||||
mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
@ -3314,7 +3314,7 @@ exit:
|
||||
mbedtls_free( context_buf );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 )
|
||||
{
|
||||
@ -3331,7 +3331,7 @@ exit:
|
||||
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
|
||||
MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||
|
||||
@ -257,7 +257,7 @@ int main( void )
|
||||
#define USAGE_CID ""
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
#define USAGE_PSK_RAW \
|
||||
" psk=%%s default: \"\" (disabled)\n" \
|
||||
" The PSK values are in hex, without 0x.\n" \
|
||||
@ -292,7 +292,7 @@ int main( void )
|
||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||
#else
|
||||
#define USAGE_PSK ""
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
#define USAGE_CA_CALLBACK \
|
||||
" ca_callback=%%d default: 0 (disabled)\n" \
|
||||
@ -1187,7 +1187,7 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
|
||||
|
||||
#endif /* SNI_OPTION */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \
|
||||
defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
|
||||
#define HEX2NUM( c ) \
|
||||
@ -1233,7 +1233,7 @@ int unhexify( unsigned char *output, const char *input, size_t *olen )
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
|
||||
typedef struct _psk_entry psk_entry;
|
||||
|
||||
@ -1345,7 +1345,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl,
|
||||
|
||||
return( -1 );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
static mbedtls_net_context listen_fd, client_fd;
|
||||
|
||||
@ -1748,7 +1748,7 @@ int main( int argc, char *argv[] )
|
||||
int version_suites[4][2];
|
||||
io_ctx_t io_ctx;
|
||||
unsigned char* buf = 0;
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_algorithm_t alg = 0;
|
||||
psa_key_handle_t psk_slot = 0;
|
||||
@ -2626,7 +2626,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
/*
|
||||
* Unhexify the pre-shared key and parse the list if any given
|
||||
*/
|
||||
@ -2644,7 +2644,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( opt.curves != NULL )
|
||||
@ -3339,7 +3339,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
|
||||
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
|
||||
{
|
||||
@ -4232,7 +4232,7 @@ exit:
|
||||
#if defined(SNI_OPTION)
|
||||
sni_free( sni_info );
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( ( ret = psk_free( psk_info ) ) != 0 )
|
||||
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
||||
#endif
|
||||
@ -4240,7 +4240,7 @@ exit:
|
||||
mbedtls_dhm_free( &dhm );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) && \
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.psk_opaque != 0 )
|
||||
{
|
||||
@ -4255,7 +4255,7 @@ exit:
|
||||
(unsigned) psk_slot, (int) status );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED &&
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED &&
|
||||
MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_ssl_free( &ssl );
|
||||
|
||||
@ -706,9 +706,9 @@ POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
|
||||
POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
|
||||
POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
|
||||
POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||
POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
|
||||
POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
|
||||
POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
|
||||
POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
|
||||
POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
|
||||
|
||||
@ -1635,7 +1635,7 @@ void perform_handshake( handshake_test_options* options )
|
||||
int forced_ciphersuite[2];
|
||||
enum { BUFFSIZE = 17000 };
|
||||
mbedtls_endpoint client, server;
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
const char *psk_identity = "foo";
|
||||
#endif
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
@ -1723,7 +1723,7 @@ void perform_handshake( handshake_test_options* options )
|
||||
TEST_ASSERT( MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl );
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
if( options->psk_str != NULL && options->psk_str->len > 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_ssl_conf_psk( &client.conf, options->psk_str->x,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user