Merge remote-tracking branch 'development/development' into development-restricted
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
commit
e4622a3436
173 changed files with 12071 additions and 4182 deletions
|
@ -496,6 +496,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
|
|||
const unsigned char *ciphersuites,
|
||||
const unsigned char *ciphersuites_end)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const unsigned char *identities = pre_shared_key_ext;
|
||||
const unsigned char *p_identity_len;
|
||||
size_t identities_len;
|
||||
|
@ -531,8 +532,12 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len);
|
||||
binders_end = p_binder_len + binders_len;
|
||||
|
||||
ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
|
||||
identities_end - pre_shared_key_ext);
|
||||
ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
|
||||
identities_end - pre_shared_key_ext);
|
||||
if (0 != ret) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
while (p_identity_len < identities_end && p_binder_len < binders_end) {
|
||||
const unsigned char *identity;
|
||||
|
@ -540,7 +545,6 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
|
|||
uint32_t obfuscated_ticket_age;
|
||||
const unsigned char *binder;
|
||||
size_t binder_len;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
int psk_type;
|
||||
uint16_t cipher_suite;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
@ -652,9 +656,13 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
|
|||
}
|
||||
|
||||
/* Update the handshake transcript with the binder list. */
|
||||
ssl->handshake->update_checksum(ssl,
|
||||
identities_end,
|
||||
(size_t) (binders_end - identities_end));
|
||||
ret = ssl->handshake->update_checksum(ssl,
|
||||
identities_end,
|
||||
(size_t) (binders_end - identities_end));
|
||||
if (0 != ret) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
|
||||
return ret;
|
||||
}
|
||||
if (matched_identity == -1) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
|
||||
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||
|
@ -1614,9 +1622,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
|||
MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO,
|
||||
handshake->received_extensions);
|
||||
|
||||
mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
|
||||
MBEDTLS_SSL_HS_CLIENT_HELLO,
|
||||
p - buf);
|
||||
ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
|
||||
MBEDTLS_SSL_HS_CLIENT_HELLO,
|
||||
p - buf);
|
||||
if (0 != ret) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
/* Update checksum with either
|
||||
|
@ -1627,8 +1639,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
|||
if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
|
||||
mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
|
||||
(handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
|
||||
handshake->update_checksum(ssl, buf,
|
||||
pre_shared_key_ext - buf);
|
||||
ret = handshake->update_checksum(ssl, buf,
|
||||
pre_shared_key_ext - buf);
|
||||
if (0 != ret) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
|
||||
return ret;
|
||||
}
|
||||
ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
|
||||
pre_shared_key_ext,
|
||||
pre_shared_key_ext_end,
|
||||
|
@ -1644,7 +1660,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
|||
} else
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
{
|
||||
handshake->update_checksum(ssl, buf, p - buf);
|
||||
ret = handshake->update_checksum(ssl, buf, p - buf);
|
||||
if (0 != ret) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
ret = ssl_tls13_determine_key_exchange_mode(ssl);
|
||||
|
@ -2158,8 +2178,8 @@ static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
|
|||
&msg_len,
|
||||
0));
|
||||
|
||||
mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
|
||||
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
|
||||
ssl, buf_len, msg_len));
|
||||
|
@ -2231,8 +2251,8 @@ static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl)
|
|||
buf + buf_len,
|
||||
&msg_len,
|
||||
1));
|
||||
mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
|
||||
|
||||
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
|
||||
|
@ -2330,8 +2350,8 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
|
|||
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
|
||||
ssl, buf, buf + buf_len, &msg_len));
|
||||
|
||||
mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len);
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len));
|
||||
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
|
||||
ssl, buf_len, msg_len));
|
||||
|
@ -2463,8 +2483,8 @@ static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
|
|||
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
|
||||
ssl, buf, buf + buf_len, &msg_len));
|
||||
|
||||
mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len);
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
|
||||
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len));
|
||||
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
|
||||
ssl, buf_len, msg_len));
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue