Merge branch 'development' into pr3431
This commit is contained in:
Bence Szépkúti
commit
a17d038ee1
51 changed files with 2551 additions and 744 deletions
|
|
@ -179,6 +179,20 @@
|
|||
#endif /* !MBEDTLS_NO_UDBL_DIVISION */
|
||||
#endif /* !MBEDTLS_HAVE_INT64 */
|
||||
|
||||
/** \typedef mbedtls_mpi_uint
|
||||
* \brief The type of machine digits in a bignum, called _limbs_.
|
||||
*
|
||||
* This is always an unsigned integer type with no padding bits. The size
|
||||
* is platform-dependent.
|
||||
*/
|
||||
|
||||
/** \typedef mbedtls_mpi_sint
|
||||
* \brief The signed type corresponding to #mbedtls_mpi_uint.
|
||||
*
|
||||
* This is always an signed integer type with no padding bits. The size
|
||||
* is platform-dependent.
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
|
@ -188,9 +202,27 @@ extern "C" {
|
|||
*/
|
||||
typedef struct mbedtls_mpi
|
||||
{
|
||||
int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
|
||||
size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
|
||||
mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
|
||||
/** Sign: -1 if the mpi is negative, 1 otherwise.
|
||||
*
|
||||
* The number 0 must be represented with `s = +1`. Although many library
|
||||
* functions treat all-limbs-zero as equivalent to a valid representation
|
||||
* of 0 regardless of the sign bit, there are exceptions, so bignum
|
||||
* functions and external callers must always set \c s to +1 for the
|
||||
* number zero.
|
||||
*
|
||||
* Note that this implies that calloc() or `... = {0}` does not create
|
||||
* a valid MPI representation. You must call mbedtls_mpi_init().
|
||||
*/
|
||||
int MBEDTLS_PRIVATE(s);
|
||||
|
||||
/** Total number of limbs in \c p. */
|
||||
size_t MBEDTLS_PRIVATE(n);
|
||||
|
||||
/** Pointer to limbs.
|
||||
*
|
||||
* This may be \c NULL if \c n is 0.
|
||||
*/
|
||||
mbedtls_mpi_uint *MBEDTLS_PRIVATE(p);
|
||||
}
|
||||
mbedtls_mpi;
|
||||
|
||||
|
|
|
|||
|
|
@ -842,10 +842,10 @@
|
|||
"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
|
||||
#endif
|
||||
|
||||
/* Early data requires PSK related mode defined */
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && \
|
||||
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED))
|
||||
( !defined(MBEDTLS_SSL_SESSION_TICKETS) || \
|
||||
( !defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) ) )
|
||||
#error "MBEDTLS_SSL_EARLY_DATA defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -1637,7 +1637,8 @@
|
|||
*
|
||||
* Enable support for RFC 8446 TLS 1.3 early data.
|
||||
*
|
||||
* Requires: MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
||||
* Requires: MBEDTLS_SSL_SESSION_TICKETS and either
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
|
||||
* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
*
|
||||
* Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
|
@ -1647,7 +1648,7 @@
|
|||
* production.
|
||||
*
|
||||
*/
|
||||
//#define MBEDTLS_SSL_EARLY_DATA
|
||||
#define MBEDTLS_SSL_EARLY_DATA
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PROTO_DTLS
|
||||
|
|
|
|||
|
|
@ -801,6 +801,29 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
|
|||
typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 4
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
typedef uint8_t mbedtls_ssl_tls13_ticket_flags;
|
||||
|
||||
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */
|
||||
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL /* 1U << 2 */
|
||||
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA ( 1U << 3 )
|
||||
|
||||
#define MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK \
|
||||
( MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION | \
|
||||
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION | \
|
||||
MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA )
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
/**
|
||||
* \brief Callback type: server-side session cache getter
|
||||
*
|
||||
|
|
@ -1783,6 +1806,10 @@ struct mbedtls_ssl_context
|
|||
* and #MBEDTLS_SSL_CID_DISABLED. */
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
|
||||
int MBEDTLS_PRIVATE(early_data_status);
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
/** Callback to export key block and master secret */
|
||||
mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
|
||||
void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue