Fix SHA512 vs SHA384 dependencies
When building SHA512 without SHA384, there are some code paths that resulted in unused variables or usage of undefined code. This commit fixes that. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
228b12ce54
commit
eabeb30c65
4 changed files with 28 additions and 11 deletions
|
|
@ -38,8 +38,8 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
|
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-384 is
|
||||||
* available. Try SHA-256 first, 512 wastes resources
|
* available. Try SHA-256 first, 384 wastes resources
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
|
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
|
||||||
#define COOKIE_MD MBEDTLS_MD_SHA224
|
#define COOKIE_MD MBEDTLS_MD_SHA224
|
||||||
|
|
|
||||||
|
|
@ -604,6 +604,12 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
|
mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
#if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
|
!defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
|
(void) ssl;
|
||||||
|
(void) buf;
|
||||||
|
(void) len;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
|
|
@ -5165,6 +5171,10 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
|
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
|
(void) ssl;
|
||||||
|
#endif
|
||||||
return( psa_ssl_status_to_mbedtls( status ) );
|
return( psa_ssl_status_to_mbedtls( status ) );
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
@ -5437,6 +5447,8 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
|
||||||
|
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int tls_prf_generic( mbedtls_md_type_t md_type,
|
static int tls_prf_generic( mbedtls_md_type_t md_type,
|
||||||
const unsigned char *secret, size_t slen,
|
const unsigned char *secret, size_t slen,
|
||||||
|
|
@ -5511,7 +5523,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
|
@ -5917,7 +5929,10 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||||
default:
|
default:
|
||||||
return( -1 );
|
return( -1 );
|
||||||
}
|
}
|
||||||
|
#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
|
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
|
(void) ssl;
|
||||||
|
#endif
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -7436,8 +7451,6 @@ exit:
|
||||||
* Helper to get TLS 1.2 PRF from ciphersuite
|
* Helper to get TLS 1.2 PRF from ciphersuite
|
||||||
* (Duplicates bits of logic from ssl_set_handshake_prfs().)
|
* (Duplicates bits of logic from ssl_set_handshake_prfs().)
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
|
|
||||||
defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
|
||||||
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
||||||
{
|
{
|
||||||
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
|
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
|
||||||
|
|
@ -7457,10 +7470,9 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
||||||
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
(void) ciphersuite_info;
|
(void) ciphersuite_info;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return( NULL );
|
return( NULL );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA ||
|
|
||||||
MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
|
||||||
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
|
||||||
|
|
||||||
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||||
|
|
|
||||||
|
|
@ -11,12 +11,14 @@
|
||||||
#include "mbedtls/ctr_drbg.h"
|
#include "mbedtls/ctr_drbg.h"
|
||||||
#include "mbedtls/timing.h"
|
#include "mbedtls/timing.h"
|
||||||
#include "mbedtls/ssl_cookie.h"
|
#include "mbedtls/ssl_cookie.h"
|
||||||
|
#include "mbedtls/legacy_or_psa.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SRV_C) && \
|
#if defined(MBEDTLS_SSL_SRV_C) && \
|
||||||
defined(MBEDTLS_ENTROPY_C) && \
|
defined(MBEDTLS_ENTROPY_C) && \
|
||||||
defined(MBEDTLS_CTR_DRBG_C) && \
|
defined(MBEDTLS_CTR_DRBG_C) && \
|
||||||
defined(MBEDTLS_TIMING_C)
|
defined(MBEDTLS_TIMING_C) && \
|
||||||
|
( defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
|
||||||
|
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) )
|
||||||
const char *pers = "fuzz_dtlsserver";
|
const char *pers = "fuzz_dtlsserver";
|
||||||
const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
|
const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
|
||||||
static int initialized = 0;
|
static int initialized = 0;
|
||||||
|
|
@ -32,7 +34,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
defined(MBEDTLS_SSL_SRV_C) && \
|
defined(MBEDTLS_SSL_SRV_C) && \
|
||||||
defined(MBEDTLS_ENTROPY_C) && \
|
defined(MBEDTLS_ENTROPY_C) && \
|
||||||
defined(MBEDTLS_CTR_DRBG_C) && \
|
defined(MBEDTLS_CTR_DRBG_C) && \
|
||||||
defined(MBEDTLS_TIMING_C)
|
defined(MBEDTLS_TIMING_C) && \
|
||||||
|
( defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
|
||||||
|
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) )
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
|
|
|
||||||
|
|
@ -243,6 +243,7 @@ REVERSE_DEPENDENCIES = {
|
||||||
EXCLUSIVE_GROUPS = {
|
EXCLUSIVE_GROUPS = {
|
||||||
'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
|
'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
|
||||||
'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
|
'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
|
||||||
|
'MBEDTLS_SHA512_C': ['!MBEDTLS_SSL_COOKIE_C'],
|
||||||
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
|
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
|
||||||
'!MBEDTLS_ECDSA_DETERMINISTIC',
|
'!MBEDTLS_ECDSA_DETERMINISTIC',
|
||||||
'!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
|
'!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue