mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-17 20:42:44 +00:00
Merge pull request #8309 from daverodgman/iar-warnings2
Fix IAR warnings
This commit is contained in:
Dave Rodgman
GitHub
commit
8e00fe0cd8
@ -208,9 +208,11 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
|||||||
PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
|
PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
|
||||||
size_t rsa_len = mbedtls_rsa_get_len(rsa);
|
size_t rsa_len = mbedtls_rsa_get_len(rsa);
|
||||||
|
|
||||||
|
#if SIZE_MAX > UINT_MAX
|
||||||
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
|
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
|
||||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (sig_len < rsa_len) {
|
if (sig_len < rsa_len) {
|
||||||
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
||||||
|
|||||||
@ -1920,7 +1920,7 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui
|
|||||||
psa_algorithm_t alg;
|
psa_algorithm_t alg;
|
||||||
size_t key_bits;
|
size_t key_bits;
|
||||||
|
|
||||||
status = mbedtls_ssl_cipher_to_psa(info->cipher,
|
status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) info->cipher,
|
||||||
info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
|
info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16,
|
||||||
&alg, &key_type, &key_bits);
|
&alg, &key_type, &key_bits);
|
||||||
|
|
||||||
@ -1969,10 +1969,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip
|
|||||||
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
|
||||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
|
||||||
return PSA_ALG_RSA_PKCS1V15_SIGN(
|
return PSA_ALG_RSA_PKCS1V15_SIGN(
|
||||||
mbedtls_md_psa_alg_from_type(info->mac));
|
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
|
||||||
|
|
||||||
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
|
||||||
return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac));
|
return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
|
||||||
|
|
||||||
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
|
||||||
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
|
||||||
|
|||||||
@ -2427,7 +2427,8 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
|
|||||||
psa_algorithm_t alg;
|
psa_algorithm_t alg;
|
||||||
psa_key_type_t type;
|
psa_key_type_t type;
|
||||||
size_t size;
|
size_t size;
|
||||||
status = mbedtls_ssl_cipher_to_psa(suite->cipher, 0, &alg, &type, &size);
|
status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) suite->cipher,
|
||||||
|
0, &alg, &type, &size);
|
||||||
if (status == PSA_SUCCESS) {
|
if (status == PSA_SUCCESS) {
|
||||||
base_mode = mbedtls_ssl_get_base_mode(alg);
|
base_mode = mbedtls_ssl_get_base_mode(alg);
|
||||||
}
|
}
|
||||||
@ -6406,7 +6407,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
|
|||||||
mbedtls_svc_key_id_t psk;
|
mbedtls_svc_key_id_t psk;
|
||||||
psa_key_derivation_operation_t derivation =
|
psa_key_derivation_operation_t derivation =
|
||||||
PSA_KEY_DERIVATION_OPERATION_INIT;
|
PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||||
mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac;
|
mbedtls_md_type_t hash_alg = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion"));
|
MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion"));
|
||||||
|
|
||||||
@ -8208,7 +8209,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher,
|
if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher,
|
||||||
transform->taglen,
|
transform->taglen,
|
||||||
&alg,
|
&alg,
|
||||||
&key_type,
|
&key_type,
|
||||||
@ -8227,7 +8228,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
|||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
|
mac_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
|
||||||
if (mac_alg == 0) {
|
if (mac_alg == 0) {
|
||||||
MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
|
MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
|
||||||
(unsigned) ciphersuite_info->mac));
|
(unsigned) ciphersuite_info->mac));
|
||||||
|
|||||||
@ -686,7 +686,7 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite)
|
|||||||
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
|
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
|
||||||
|
|
||||||
if (ciphersuite_info != NULL) {
|
if (ciphersuite_info != NULL) {
|
||||||
return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
|
return mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
|
||||||
}
|
}
|
||||||
|
|
||||||
return PSA_ALG_NONE;
|
return PSA_ALG_NONE;
|
||||||
@ -1140,7 +1140,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac)
|
if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac)
|
||||||
!= hash_alg) {
|
!= hash_alg) {
|
||||||
MBEDTLS_SSL_DEBUG_MSG(
|
MBEDTLS_SSL_DEBUG_MSG(
|
||||||
1, ("Invalid ciphersuite for external psk."));
|
1, ("Invalid ciphersuite for external psk."));
|
||||||
@ -2858,7 +2858,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl,
|
|||||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
|
psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
|
||||||
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
|
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
|
||||||
if (hash_length == -1 ||
|
if (hash_length == -1 ||
|
||||||
(size_t) hash_length > sizeof(session->resumption_key)) {
|
(size_t) hash_length > sizeof(session->resumption_key)) {
|
||||||
|
|||||||
@ -369,7 +369,7 @@ int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl)
|
|||||||
*/
|
*/
|
||||||
ret = mbedtls_ssl_get_handshake_transcript(
|
ret = mbedtls_ssl_get_handshake_transcript(
|
||||||
ssl,
|
ssl,
|
||||||
ssl->handshake->ciphersuite_info->mac,
|
(mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac,
|
||||||
transcript, sizeof(transcript),
|
transcript, sizeof(transcript),
|
||||||
&transcript_len);
|
&transcript_len);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
@ -967,7 +967,7 @@ cleanup:
|
|||||||
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg,
|
int mbedtls_ssl_tls13_check_sig_alg_cert_key_match(uint16_t sig_alg,
|
||||||
mbedtls_pk_context *key)
|
mbedtls_pk_context *key)
|
||||||
{
|
{
|
||||||
mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk(key);
|
mbedtls_pk_type_t pk_type = (mbedtls_pk_type_t) mbedtls_ssl_sig_from_pk(key);
|
||||||
size_t key_size = mbedtls_pk_get_bitlen(key);
|
size_t key_size = mbedtls_pk_get_bitlen(key);
|
||||||
|
|
||||||
switch (pk_type) {
|
switch (pk_type) {
|
||||||
@ -1035,7 +1035,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = mbedtls_ssl_get_handshake_transcript(
|
ret = mbedtls_ssl_get_handshake_transcript(
|
||||||
ssl, ssl->handshake->ciphersuite_info->mac,
|
ssl, (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac,
|
||||||
handshake_hash, sizeof(handshake_hash), &handshake_hash_len);
|
handshake_hash, sizeof(handshake_hash), &handshake_hash_len);
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
@ -1464,7 +1464,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
|
|||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR"));
|
MBEDTLS_SSL_DEBUG_MSG(3, ("Reset SSL session for HRR"));
|
||||||
|
|
||||||
ret = mbedtls_ssl_get_handshake_transcript(ssl, ciphersuite_info->mac,
|
ret = mbedtls_ssl_get_handshake_transcript(ssl, (mbedtls_md_type_t) ciphersuite_info->mac,
|
||||||
hash_transcript + 4,
|
hash_transcript + 4,
|
||||||
PSA_HASH_MAX_SIZE,
|
PSA_HASH_MAX_SIZE,
|
||||||
&hash_len);
|
&hash_len);
|
||||||
|
|||||||
@ -685,7 +685,7 @@ static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl)
|
|||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||||
psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
|
psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
|
||||||
handshake->ciphersuite_info->mac);
|
(mbedtls_md_type_t) handshake->ciphersuite_info->mac);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Compute MasterSecret
|
* Compute MasterSecret
|
||||||
@ -797,10 +797,10 @@ int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl,
|
|||||||
mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
|
mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets =
|
||||||
&ssl->handshake->tls13_hs_secrets;
|
&ssl->handshake->tls13_hs_secrets;
|
||||||
|
|
||||||
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
|
mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac;
|
||||||
|
|
||||||
psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(
|
psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(
|
||||||
ssl->handshake->ciphersuite_info->mac);
|
(mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac);
|
||||||
size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
|
size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data"));
|
MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_calculate_verify_data"));
|
||||||
@ -1059,7 +1059,7 @@ int mbedtls_ssl_tls13_populate_transform(
|
|||||||
/*
|
/*
|
||||||
* Setup psa keys and alg
|
* Setup psa keys and alg
|
||||||
*/
|
*/
|
||||||
if ((status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher,
|
if ((status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher,
|
||||||
transform->taglen,
|
transform->taglen,
|
||||||
&alg,
|
&alg,
|
||||||
&key_type,
|
&key_type,
|
||||||
@ -1118,7 +1118,7 @@ static int ssl_tls13_get_cipher_key_info(
|
|||||||
taglen = 16;
|
taglen = 16;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
|
status = mbedtls_ssl_cipher_to_psa((mbedtls_cipher_type_t) ciphersuite_info->cipher, taglen,
|
||||||
&alg, &key_type, &key_bits);
|
&alg, &key_type, &key_bits);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return PSA_TO_MBEDTLS_ERR(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
@ -1168,9 +1168,9 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl,
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
md_type = ciphersuite_info->mac;
|
md_type = (mbedtls_md_type_t) ciphersuite_info->mac;
|
||||||
|
|
||||||
hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
|
hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
|
||||||
hash_len = PSA_HASH_LENGTH(hash_alg);
|
hash_len = PSA_HASH_LENGTH(hash_alg);
|
||||||
|
|
||||||
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
|
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
|
||||||
@ -1298,7 +1298,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl)
|
|||||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
|
hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac);
|
||||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||||
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
|
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
|
||||||
ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
|
ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
|
||||||
@ -1370,9 +1370,9 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
md_type = ciphersuite_info->mac;
|
md_type = (mbedtls_md_type_t) ciphersuite_info->mac;
|
||||||
|
|
||||||
hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
|
hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
|
||||||
hash_len = PSA_HASH_LENGTH(hash_alg);
|
hash_len = PSA_HASH_LENGTH(hash_alg);
|
||||||
|
|
||||||
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
|
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
|
||||||
@ -1480,7 +1480,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
|||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
|
||||||
psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
|
psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
|
||||||
handshake->ciphersuite_info->mac);
|
(mbedtls_md_type_t) handshake->ciphersuite_info->mac);
|
||||||
unsigned char *shared_secret = NULL;
|
unsigned char *shared_secret = NULL;
|
||||||
size_t shared_secret_len = 0;
|
size_t shared_secret_len = 0;
|
||||||
|
|
||||||
@ -1617,9 +1617,9 @@ static int ssl_tls13_generate_application_keys(
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
md_type = handshake->ciphersuite_info->mac;
|
md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
|
||||||
|
|
||||||
hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
|
hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac);
|
||||||
hash_len = PSA_HASH_LENGTH(hash_alg);
|
hash_len = PSA_HASH_LENGTH(hash_alg);
|
||||||
|
|
||||||
/* Compute current handshake transcript. It's the caller's responsibility
|
/* Compute current handshake transcript. It's the caller's responsibility
|
||||||
@ -1767,7 +1767,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl)
|
|||||||
MBEDTLS_SSL_DEBUG_MSG(
|
MBEDTLS_SSL_DEBUG_MSG(
|
||||||
2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret"));
|
2, ("=> mbedtls_ssl_tls13_compute_resumption_master_secret"));
|
||||||
|
|
||||||
md_type = handshake->ciphersuite_info->mac;
|
md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
|
||||||
|
|
||||||
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
|
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
|
||||||
transcript, sizeof(transcript),
|
transcript, sizeof(transcript),
|
||||||
|
|||||||
@ -408,7 +408,8 @@ static int ssl_tls13_select_ciphersuite_for_psk(
|
|||||||
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
|
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
|
||||||
* Otherwise, client should reject.
|
* Otherwise, client should reject.
|
||||||
*/
|
*/
|
||||||
if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) {
|
if (psk_hash_alg ==
|
||||||
|
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) {
|
||||||
*selected_ciphersuite = cipher_suite;
|
*selected_ciphersuite = cipher_suite;
|
||||||
*selected_ciphersuite_info = ciphersuite_info;
|
*selected_ciphersuite_info = ciphersuite_info;
|
||||||
return 0;
|
return 0;
|
||||||
@ -614,7 +615,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(
|
|||||||
|
|
||||||
ret = ssl_tls13_offered_psks_check_binder_match(
|
ret = ssl_tls13_offered_psks_check_binder_match(
|
||||||
ssl, binder, binder_len, psk_type,
|
ssl, binder, binder_len, psk_type,
|
||||||
mbedtls_md_psa_alg_from_type(ciphersuite_info->mac));
|
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac));
|
||||||
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
|
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
|
||||||
/* For security reasons, the handshake should be aborted when we
|
/* For security reasons, the handshake should be aborted when we
|
||||||
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
|
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
|
||||||
@ -2793,7 +2794,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
ciphersuite_info =
|
ciphersuite_info =
|
||||||
(mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
|
(mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
|
||||||
psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
|
psa_hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac);
|
||||||
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
|
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
|
||||||
if (hash_length == -1 ||
|
if (hash_length == -1 ||
|
||||||
(size_t) hash_length > sizeof(session->resumption_key)) {
|
(size_t) hash_length > sizeof(session->resumption_key)) {
|
||||||
@ -3015,7 +3016,7 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)",
|
MBEDTLS_SSL_DEBUG_MSG(2, ("tls13 server state: %s(%d)",
|
||||||
mbedtls_ssl_states_str(ssl->state),
|
mbedtls_ssl_states_str((mbedtls_ssl_states) ssl->state),
|
||||||
ssl->state));
|
ssl->state));
|
||||||
|
|
||||||
switch (ssl->state) {
|
switch (ssl->state) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user