mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 10:35:35 +00:00
Merge remote-tracking branch 'origin/pr/2350' into development-psa
This commit is contained in:
commit
d4a31d3581
|
@ -765,6 +765,7 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash, size_t *hashlen,
|
||||
unsigned char *data, size_t data_len,
|
||||
|
|
|
@ -50,6 +50,11 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#include "mbedtls/oid.h"
|
||||
#endif
|
||||
|
@ -9972,6 +9977,70 @@ exit:
|
|||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash, size_t *hashlen,
|
||||
unsigned char *data, size_t data_len,
|
||||
mbedtls_md_type_t md_alg )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_hash_operation_t hash_operation;
|
||||
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );
|
||||
|
||||
if( ( status = psa_hash_setup( &hash_operation,
|
||||
hash_alg ) ) != PSA_SUCCESS )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes,
|
||||
64 ) ) != PSA_SUCCESS )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( status = psa_hash_update( &hash_operation,
|
||||
data, data_len ) ) != PSA_SUCCESS )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE,
|
||||
hashlen ) ) != PSA_SUCCESS )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
exit:
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||
switch( status )
|
||||
{
|
||||
case PSA_ERROR_NOT_SUPPORTED:
|
||||
return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
|
||||
case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */
|
||||
case PSA_ERROR_BUFFER_TOO_SMALL:
|
||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
||||
return( MBEDTLS_ERR_MD_ALLOC_FAILED );
|
||||
default:
|
||||
return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED );
|
||||
}
|
||||
}
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash, size_t *hashlen,
|
||||
unsigned char *data, size_t data_len,
|
||||
|
@ -9982,6 +10051,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
|
|||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
|
||||
*hashlen = mbedtls_md_get_size( md_info );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) );
|
||||
|
||||
mbedtls_md_init( &ctx );
|
||||
|
||||
/*
|
||||
|
@ -10026,6 +10097,8 @@ exit:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
|
|
|
@ -765,6 +765,7 @@ run_test_psa() {
|
|||
-C "Failed to setup PSA-based cipher context"\
|
||||
-S "Failed to setup PSA-based cipher context"\
|
||||
-s "Protocol is TLSv1.2" \
|
||||
-c "Perform PSA-based computation of digest of ServerKeyExchange" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue