mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
Revert "move ciphersuite validation to set_session"
This reverts commit 19ae6f62c7a4e6cf14bf61fcb6ea070d34e70f2a. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
379b91a393
commit
21f9095fa8
@ -848,6 +848,7 @@ static int ssl_prepare_client_hello( mbedtls_ssl_context *ssl )
|
||||
defined(MBEDTLS_HAVE_TIME)
|
||||
/* Check if a tls13 ticket has been configured. */
|
||||
if( ssl->session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
|
||||
ssl->handshake->resume != 0 &&
|
||||
ssl->session_negotiate != NULL &&
|
||||
ssl->session_negotiate->ticket != NULL )
|
||||
{
|
||||
|
@ -1911,10 +1911,6 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
size_t *out_len );
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl,
|
||||
int ciphersuite,
|
||||
psa_algorithm_t *psa_alg );
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
|
@ -1373,15 +1373,6 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
||||
if( ssl->handshake->resume == 1 )
|
||||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
if( session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
|
||||
( ( ret = mbedtls_ssl_tls13_ciphersuite_to_alg(
|
||||
ssl, session->ciphersuite, NULL ) ) != 0 ) )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
|
||||
session ) ) != 0 )
|
||||
return( ret );
|
||||
|
@ -668,19 +668,17 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
|
||||
static psa_algorithm_t ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl,
|
||||
int ciphersuite )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
|
||||
|
||||
psa_algorithm_t psa_alg;
|
||||
if( mbedtls_ssl_tls13_ciphersuite_to_alg(
|
||||
ssl, ciphersuite, &psa_alg ) != 0 )
|
||||
if( mbedtls_ssl_validate_ciphersuite(
|
||||
ssl, ciphersuite_info,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3 ) == 0 )
|
||||
{
|
||||
/* ciphersuite is `ssl->session_negotiate->ciphersuite` or
|
||||
* PSA_ALG_SHA256, both are validated before writting pre_shared_key.
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "should never happen" ) );
|
||||
return( PSA_ALG_NONE );
|
||||
return( mbedtls_psa_translate_md( ciphersuite_info->mac ) );
|
||||
}
|
||||
|
||||
return( psa_alg );
|
||||
return( PSA_ALG_NONE );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
|
@ -1485,36 +1485,4 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
int mbedtls_ssl_tls13_ciphersuite_to_alg( mbedtls_ssl_context *ssl,
|
||||
int ciphersuite,
|
||||
psa_algorithm_t *psa_alg )
|
||||
{
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
|
||||
psa_algorithm_t alg;
|
||||
|
||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
|
||||
if( psa_alg )
|
||||
*psa_alg = PSA_ALG_NONE;
|
||||
|
||||
if( mbedtls_ssl_validate_ciphersuite(
|
||||
ssl, ciphersuite_info,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3 ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
|
||||
if( alg == PSA_ALG_NONE )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not valid.", ciphersuite ) );
|
||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||
}
|
||||
|
||||
if( psa_alg )
|
||||
*psa_alg = alg;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
Loading…
x
Reference in New Issue
Block a user