mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 04:20:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes

Browse Source 
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
This commit is contained in:
Ronald Cron 2021-10-11 19:23:12 +02:00 committed by GitHub
commit e3e16d5d67
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
library/ssl_misc.h
View File

@ -413,6 +413,32 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
} \
} while( 0 )
/**
* \brief This macro checks if the remaining length in an input buffer is
* greater or equal than a needed length. If it is not the case, it
* returns #MBEDTLS_ERR_SSL_DECODE_ERROR error and pends a
* #MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR alert message.
*
* This is a function-like macro. It is guaranteed to evaluate each
* argument exactly once.
*
* \param cur Pointer to the current position in the buffer.
* \param end Pointer to one past the end of the buffer.
* \param need Needed length in bytes.
*
*/
#define MBEDTLS_SSL_CHK_BUF_READ_PTR( cur, end, need ) \
do { \
if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
{ \
MBEDTLS_SSL_DEBUG_MSG( 1, \
( "missing input data in %s", __func__ ) ); \
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, \
MBEDTLS_ERR_SSL_DECODE_ERROR ); \
return( MBEDTLS_ERR_SSL_DECODE_ERROR ); \
} \
} while( 0 )
#ifdef __cplusplus
extern "C" {
#endif
@ -490,6 +516,9 @@ struct mbedtls_ssl_handshake_params
/*
* Handshake specific crypto variables
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@ -1434,6 +1463,53 @@ static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
/**
* Given a list of key exchange modes, check if at least one of them is
* supported.
*
* \param[in] ssl SSL context
* \param kex_modes_mask Mask of the key exchange modes to check
*
* \return 0 if at least one of the key exchange modes is supported,
* !=0 otherwise.
*/
static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
int kex_modes_mask )
{
return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 );
}
static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
}
static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled(
mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
}
static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
}
static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl )
{
return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/**