From bdc71888fcedae2d85b367452bc618c63c138a88 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Sep 2021 19:30:36 +0800 Subject: [PATCH] Remove restartable and everest from tls1.3 Signed-off-by: Jerry Yu --- library/ecdh.c | 50 +++++++++++--------------------------- library/ecdh_misc.h | 41 +++++++++++++++++++++++++++++++ library/ssl_misc.h | 9 ------- library/ssl_tls13_client.c | 4 ++- 4 files changed, 58 insertions(+), 46 deletions(-) create mode 100644 library/ecdh_misc.h diff --git a/library/ecdh.c b/library/ecdh.c index ac60165443..b9319470e5 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -31,7 +31,8 @@ #include "mbedtls/ecdh.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "ssl_misc.h" + +#include "ecdh_misc.h" #include @@ -730,37 +731,17 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t blen, - int ( *f_rng )( void *, - unsigned char *, - size_t), - void *p_rng, int restart_enabled ) + size_t *olen, int point_format, unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_ctx *rs_ctx = NULL; -#endif if( ctx->grp.pbits == 0 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) - rs_ctx = &ctx->rs; -#else - (void) restart_enabled; -#endif - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) - return( ret ); -#else if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ) != 0 ) return( ret ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format, olen, buf, blen ); @@ -771,38 +752,35 @@ static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx, } int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int ( *f_rng )( void *, unsigned char *, size_t ), - void *p_rng ) + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ) { - int restart_enabled = 0; ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( olen != NULL ); ECDH_VALIDATE_RET( buf != NULL ); ECDH_VALIDATE_RET( f_rng != NULL ); + #if defined(MBEDTLS_ECP_RESTARTABLE) - restart_enabled = ctx->restart_enabled; -#else - (void) restart_enabled; + if( ctx-> restart_enabled ) + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, buf, blen, - f_rng, p_rng, restart_enabled ) ); + return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format, + buf, blen, f_rng, p_rng ) ); #else switch( ctx->var ) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen, ctx->point_format, buf, blen, - f_rng, p_rng, - restart_enabled ) ); + f_rng, p_rng ) ); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/ecdh_misc.h b/library/ecdh_misc.h new file mode 100644 index 0000000000..3d75b0fce0 --- /dev/null +++ b/library/ecdh_misc.h @@ -0,0 +1,41 @@ +/** + * \file ecdh_misc.h + * + * \brief Internal functions shared by the ECDH module + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#if !defined(MBEDTLS_ECDH_MISC_H) +#define MBEDTLS_ECDH_MISC_H + +#if defined(MBEDTLS_ECDH_C) + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +/* + * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h + */ +int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int ( *f_rng )( void *, unsigned char *, size_t ), + void *p_rng ); + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + +#endif /* MBEDTLS_ECDH_C */ + +#endif /* !MBEDTLS_ECDH_MISC_H */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index fb843848bf..c338d79eec 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1501,15 +1501,6 @@ int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, size_t *olen); -#if defined(MBEDTLS_ECDH_C) -/* - * TLS 1.3 version of mbedtls_ecdh_make_params in ecdh.h - */ -int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int ( *f_rng )( void *, unsigned char *, size_t ), - void *p_rng ); -#endif /* MBEDTLS_ECDH_C */ #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8ae8a56330..0190ee5f39 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -27,10 +27,12 @@ #include -#include "ssl_misc.h" #include "mbedtls/debug.h" #include "mbedtls/error.h" +#include "ssl_misc.h" +#include "ecdh_misc.h" + #define CLIENT_HELLO_RANDOM_LEN 32 /* Write extensions */