mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-28 19:21:08 +00:00
Reverting deleted macros
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
parent
302ed2bf7d
commit
345165c1f7
@ -1878,7 +1878,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
|
||||
* even is lower than our min version.
|
||||
*/
|
||||
if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||
minor_ver < MBEDTLS_SSL_MAJOR_VERSION_3 - 1 ||
|
||||
minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
|
||||
major_ver > ssl->conf->max_major_ver ||
|
||||
minor_ver > ssl->conf->max_minor_ver )
|
||||
{
|
||||
|
@ -65,6 +65,16 @@
|
||||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Legacy minor version numbers as defined by:
|
||||
* - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
|
||||
* - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
|
||||
*
|
||||
* We no longer support these versions, but some code still references those
|
||||
* constants, for keep them for now until we clean up that code.
|
||||
*/
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_1 1
|
||||
#define MBEDTLS_SSL_MINOR_VERSION_2 2
|
||||
|
||||
/* Determine minimum supported version */
|
||||
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
|
||||
|
@ -643,28 +643,19 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
|
||||
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||
transform->minor_ver );
|
||||
ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
|
||||
transform->minor_ver );
|
||||
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc,
|
||||
data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
mbedtls_md_hmac_reset( &transform->md_ctx_enc );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data,
|
||||
add_data_len );
|
||||
mbedtls_md_hmac_update( &transform->md_ctx_enc, data, rec->data_len );
|
||||
mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
|
||||
mbedtls_md_hmac_reset( &transform->md_ctx_enc );
|
||||
|
||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
||||
}
|
||||
else
|
||||
memcpy( data + rec->data_len, mac, transform->maclen );
|
||||
#endif
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
|
||||
transform->maclen );
|
||||
@ -837,31 +828,26 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||
* Prepend per-record IV for block cipher in TLS v1.2 as per
|
||||
* Method 1 (6.2.3.2. in RFC4346 and RFC5246)
|
||||
*/
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( f_rng == NULL )
|
||||
{
|
||||
if( f_rng == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
if( rec->data_offset < transform->ivlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate IV
|
||||
*/
|
||||
ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
memcpy( data - transform->ivlen, transform->iv_enc,
|
||||
transform->ivlen );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
if( rec->data_offset < transform->ivlen )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate IV
|
||||
*/
|
||||
ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
memcpy( data - transform->ivlen, transform->iv_enc, transform->ivlen );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||
@ -1369,11 +1355,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
* Check immediate ciphertext sanity
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* The ciphertext is prefixed with the CBC IV. */
|
||||
minlen += transform->ivlen;
|
||||
}
|
||||
/* The ciphertext is prefixed with the CBC IV. */
|
||||
minlen += transform->ivlen;
|
||||
#endif
|
||||
|
||||
/* Size considerations:
|
||||
@ -1478,15 +1461,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||
/*
|
||||
* Initialize for prepended IV for block cipher in TLS v1.2
|
||||
*/
|
||||
if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
|
||||
memcpy( transform->iv_dec, data, transform->ivlen );
|
||||
/* Safe because data_len >= minlen + ivlen = 2 * ivlen. */
|
||||
memcpy( transform->iv_dec, data, transform->ivlen );
|
||||
|
||||
data += transform->ivlen;
|
||||
rec->data_offset += transform->ivlen;
|
||||
rec->data_len -= transform->ivlen;
|
||||
}
|
||||
data += transform->ivlen;
|
||||
rec->data_offset += transform->ivlen;
|
||||
rec->data_len -= transform->ivlen;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
/* We still have data_len % ivlen == 0 and data_len >= ivlen here. */
|
||||
@ -5026,8 +5006,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
|
||||
/* For TLS 1.2 or higher, an explicit IV is added
|
||||
* after the record header. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
transform_expansion += block_size;
|
||||
transform_expansion += block_size;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
break;
|
||||
@ -5169,21 +5148,13 @@ static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
|
||||
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
|
||||
MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
|
||||
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
|
||||
MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
@ -5607,7 +5578,7 @@ void mbedtls_ssl_write_version( int major, int minor, int transport,
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||
{
|
||||
if( minor == MBEDTLS_SSL_MINOR_VERSION_3 - 1 )
|
||||
if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
--minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
||||
|
||||
ver[0] = (unsigned char)( 255 - ( major - 2 ) );
|
||||
@ -5632,7 +5603,7 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
|
||||
*major = 255 - ver[0] + 2;
|
||||
*minor = 255 - ver[1] + 1;
|
||||
|
||||
if( *minor == MBEDTLS_SSL_MINOR_VERSION_3 - 2 )
|
||||
if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
|
||||
++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
|
||||
}
|
||||
else
|
||||
|
@ -948,23 +948,14 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
|
||||
For AEAD-based ciphersuites, there is nothing to do here. */
|
||||
if( mac_key_len != 0 )
|
||||
{
|
||||
/* For HMAC-based ciphersuites, initialize the HMAC transforms.
|
||||
For AEAD-based ciphersuites, there is nothing to do here. */
|
||||
if( mac_key_len != 0 )
|
||||
{
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
|
||||
}
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
|
||||
mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
goto end;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
|
||||
|
||||
((void) mac_dec);
|
||||
|
Loading…
x
Reference in New Issue
Block a user