mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tls: fix a comment a rename a variable/symbol

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-07-25 11:14:03 +02:00
parent d0371b0a08
commit ea59c43499
8 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mbedtls/ssl_ciphersuites.h
View File

@ -383,7 +383,7 @@ typedef enum {
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED
#endif #endif
/* TLS 1.3 key exchanges using ECDH or ECDHE */ /* TLS 1.3 key exchanges using ECDHE */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
defined(PSA_WANT_ALG_ECDH) defined(PSA_WANT_ALG_ECDH)
#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_ECDHE_ENABLED
@ -403,7 +403,7 @@ typedef enum {
#if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \ #if (defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_1_2_ENABLED) && defined(MBEDTLS_USE_PSA_CRYPTO)) || \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED
#endif #endif
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;

6
library/ssl_misc.h
View File

@ -757,14 +757,14 @@ struct mbedtls_ssl_handshake_params {
#endif /* !MBEDTLS_USE_PSA_CRYPTO && #endif /* !MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */ MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
psa_key_type_t xxdh_psa_type; psa_key_type_t xxdh_psa_type;
size_t xxdh_bits; size_t xxdh_psa_bits;
mbedtls_svc_key_id_t xxdh_psa_privkey; mbedtls_svc_key_id_t xxdh_psa_privkey;
uint8_t xxdh_psa_privkey_is_external; uint8_t xxdh_psa_privkey_is_external;
unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char xxdh_psa_peerkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
size_t xxdh_psa_peerkey_len; size_t xxdh_psa_peerkey_len;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)

4
library/ssl_tls.c
View File

@ -4219,11 +4219,11 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
mbedtls_ssl_buffering_free(ssl); mbedtls_ssl_buffering_free(ssl);
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
if (handshake->xxdh_psa_privkey_is_external == 0) { if (handshake->xxdh_psa_privkey_is_external == 0) {
psa_destroy_key(handshake->xxdh_psa_privkey); psa_destroy_key(handshake->xxdh_psa_privkey);
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
mbedtls_ssl_transform_free(handshake->transform_handshake); mbedtls_ssl_transform_free(handshake->transform_handshake);

8
library/ssl_tls12_client.c
View File

@ -1766,7 +1766,7 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
} }
handshake->xxdh_psa_type = key_type; handshake->xxdh_psa_type = key_type;
handshake->xxdh_bits = ec_bits; handshake->xxdh_psa_bits = ec_bits;
/* Keep a copy of the peer's public key */ /* Keep a copy of the peer's public key */
ecpoint_len = *(*p)++; ecpoint_len = *(*p)++;
@ -2039,7 +2039,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
/* If the above conversion to TLS ID was fine, then also this one will be, /* If the above conversion to TLS ID was fine, then also this one will be,
so there is no need to check the return value here */ so there is no need to check the return value here */
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
&ssl->handshake->xxdh_bits); &ssl->handshake->xxdh_psa_bits);
ssl->handshake->xxdh_psa_type = key_type; ssl->handshake->xxdh_psa_type = key_type;
@ -2790,7 +2790,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->xxdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
/* Generate ECDH private key. */ /* Generate ECDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,
@ -2962,7 +2962,7 @@ ecdh_calc_secret:
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->xxdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
/* Generate ECDH private key. */ /* Generate ECDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,

10
library/ssl_tls12_server.c
View File

@ -2646,7 +2646,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
} }
ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
ssl->handshake->xxdh_bits = psa_get_key_bits(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes);
psa_reset_key_attributes(&key_attributes); psa_reset_key_attributes(&key_attributes);
@ -2670,7 +2670,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
/* If the above conversion to TLS ID was fine, then also this one will /* If the above conversion to TLS ID was fine, then also this one will
be, so there is no need to check the return value here */ be, so there is no need to check the return value here */
mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type, mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
&ssl->handshake->xxdh_bits); &ssl->handshake->xxdh_psa_bits);
ssl->handshake->xxdh_psa_type = key_type; ssl->handshake->xxdh_psa_type = key_type;
@ -2679,7 +2679,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, psa_set_key_type(&key_attributes,
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_bits); psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
key_len = PSA_BITS_TO_BYTES(key->grp.pbits); key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
ret = mbedtls_ecp_write_key(key, buf, key_len); ret = mbedtls_ecp_write_key(key, buf, key_len);
@ -2987,13 +2987,13 @@ curve_matching_done:
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
} }
handshake->xxdh_psa_type = key_type; handshake->xxdh_psa_type = key_type;
handshake->xxdh_bits = ec_bits; handshake->xxdh_psa_bits = ec_bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->xxdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
/* /*
* ECParameters curve_params * ECParameters curve_params

10
library/ssl_tls13_client.c
View File

@ -35,7 +35,7 @@
#include "ssl_debug_helpers.h" #include "ssl_debug_helpers.h"
#include "md_psa.h" #include "md_psa.h"
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
/* Define a local translating function to save code size by not using too many /* Define a local translating function to save code size by not using too many
* arguments in each translating place. */ * arguments in each translating place. */
static int local_err_translation(psa_status_t status) static int local_err_translation(psa_status_t status)
@ -194,7 +194,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_SSL_INTERNAL_ERROR; return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
} }
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group_id) ||
mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) { mbedtls_ssl_tls13_named_group_is_ffdh(group_id)) {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -211,7 +211,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl)
ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; ssl->handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
return 0; return 0;
} else } else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
if (0 /* other KEMs? */) { if (0 /* other KEMs? */) {
/* Do something */ /* Do something */
} }
@ -503,7 +503,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
} }
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(group) ||
mbedtls_ssl_tls13_named_group_is_ffdh(group)) { mbedtls_ssl_tls13_named_group_is_ffdh(group)) {
MBEDTLS_SSL_DEBUG_MSG(2, MBEDTLS_SSL_DEBUG_MSG(2,
@ -513,7 +513,7 @@ static int ssl_tls13_parse_key_share_ext(mbedtls_ssl_context *ssl,
return ret; return ret;
} }
} else } else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
if (0 /* other KEMs? */) { if (0 /* other KEMs? */) {
/* Do something */ /* Do something */
} else { } else {

10
library/ssl_tls13_generic.c
View File

@ -39,7 +39,7 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
/* Define a local translating function to save code size by not using too many /* Define a local translating function to save code size by not using too many
* arguments in each translating place. */ * arguments in each translating place. */
static int local_err_translation(psa_status_t status) static int local_err_translation(psa_status_t status)
@ -1496,7 +1496,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
return ret; return ret;
} }
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl, int mbedtls_ssl_tls13_read_public_xxdhe_share(mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
@ -1592,13 +1592,13 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
} }
handshake->xxdh_psa_type = key_type; handshake->xxdh_psa_type = key_type;
ssl->handshake->xxdh_bits = bits; ssl->handshake->xxdh_psa_bits = bits;
key_attributes = psa_key_attributes_init(); key_attributes = psa_key_attributes_init();
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&key_attributes, alg); psa_set_key_algorithm(&key_attributes, alg);
psa_set_key_type(&key_attributes, handshake->xxdh_psa_type); psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
psa_set_key_bits(&key_attributes, handshake->xxdh_bits); psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
/* Generate ECDH/FFDH private key. */ /* Generate ECDH/FFDH private key. */
status = psa_generate_key(&key_attributes, status = psa_generate_key(&key_attributes,
@ -1625,7 +1625,7 @@ int mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
return 0; return 0;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
/* RFC 8446 section 4.2 /* RFC 8446 section 4.2
* *

12
library/ssl_tls13_server.c
View File

@ -837,7 +837,7 @@ static int ssl_tls13_parse_supported_groups_ext(mbedtls_ssl_context *ssl,
#define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1 #define SSL_TLS1_3_PARSE_KEY_SHARES_EXT_NO_MATCH 1
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
/* /*
* ssl_tls13_parse_key_shares_ext() verifies whether the information in the * ssl_tls13_parse_key_shares_ext() verifies whether the information in the
* extension is correct and stores the first acceptable key share and its * extension is correct and stores the first acceptable key share and its
@ -940,7 +940,7 @@ static int ssl_tls13_parse_key_shares_ext(mbedtls_ssl_context *ssl,
} }
return 0; return 0;
} }
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl, static int ssl_tls13_client_hello_has_exts(mbedtls_ssl_context *ssl,
@ -1563,7 +1563,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
break; break;
#endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/ #endif /* PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
case MBEDTLS_TLS_EXT_KEY_SHARE: case MBEDTLS_TLS_EXT_KEY_SHARE:
MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension")); MBEDTLS_SSL_DEBUG_MSG(3, ("found key share extension"));
@ -1588,7 +1588,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
} }
break; break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: case MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS:
/* Already parsed */ /* Already parsed */
@ -1913,7 +1913,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
*out_len = 0; *out_len = 0;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED)
if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) || if (mbedtls_ssl_tls13_named_group_is_ecdhe(named_group) ||
mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) { mbedtls_ssl_tls13_named_group_is_ffdh(named_group)) {
ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange( ret = mbedtls_ssl_tls13_generate_and_write_xxdh_key_exchange(
@ -1925,7 +1925,7 @@ static int ssl_tls13_generate_and_write_key_share(mbedtls_ssl_context *ssl,
return ret; return ret;
} }
} else } else
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_ANY_PSA_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_ANY_ENABLED */
if (0 /* Other kinds of KEMs */) { if (0 /* Other kinds of KEMs */) {
} else { } else {
((void) ssl); ((void) ssl);