mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 20:55:31 +00:00
Use PSA-based ciphers for SSL ticket protection
This commit modifies the default SSL ticket implementation from `library/ssl_ticket.c` to use PSA-based cipher context for ticket creation and parsing. As in mbedtls_ssl_derive_keys() adapted in an earlier commit, we allow fallback to the ordinary mbedtls_cipher_setup() if the provided cipher is not known. We do this even though we always call mbedtls_ssl_ticket_setup() with AES-GCM in our own code since this function is public and might be used with other ciphers by users.
This commit is contained in:
parent
4724645e28
commit
329919eadf
|
@ -154,11 +154,27 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
||||||
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
|
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
|
ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
|
||||||
{
|
cipher_info, TICKET_AUTH_TAG_BYTES );
|
||||||
|
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||||
|
return( ret );
|
||||||
|
/* We don't yet expect to support all ciphers through PSA,
|
||||||
|
* so allow fallback to ordinary mbedtls_cipher_setup(). */
|
||||||
|
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
|
||||||
|
return( ret );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
|
||||||
|
cipher_info, TICKET_AUTH_TAG_BYTES );
|
||||||
|
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||||
|
return( ret );
|
||||||
|
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
|
||||||
|
|
||||||
if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
|
if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
|
||||||
( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
|
( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
|
||||||
|
|
Loading…
Reference in a new issue