mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-18 14:47:21 +00:00
Fix #ifdef inconsistency
fixes #310 Actually all key exchanges that use a certificate use signatures too, and there is no key exchange that uses signatures but no cert, so merge those two flags.
This commit is contained in:
parent
5df9216c9e
commit
e5f3072aed
|
@ -1,10 +1,12 @@
|
||||||
mbed TLS ChangeLog (Sorted per branch, date)
|
mbed TLS ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
= mbed TLS 2.1.2 released 2015-10-06
|
= mbed TLS 2.2.0 released 2015-10-xx
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fix build error with configurations where ECDHE-PSK is the only key
|
* Fix build error with configurations where ECDHE-PSK is the only key
|
||||||
exchange. Found and fix provided by Chris Hammond. #270
|
exchange. Found and fix provided by Chris Hammond. #270
|
||||||
|
* Fix build error with configurations where RSA, RSA-PSK, ECDH-RSA or
|
||||||
|
ECHD-ECDSA if the only key exchange. Multiple reports. #310
|
||||||
|
|
||||||
= mbed TLS 2.1.2 released 2015-10-06
|
= mbed TLS 2.1.2 released 2015-10-06
|
||||||
|
|
||||||
|
|
|
@ -529,7 +529,7 @@ struct mbedtls_ssl_config
|
||||||
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
|
mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
const int *sig_hashes; /*!< allowed signature hashes */
|
const int *sig_hashes; /*!< allowed signature hashes */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1548,7 +1548,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||||
const mbedtls_ecp_group_id *curves );
|
const mbedtls_ecp_group_id *curves );
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
/**
|
/**
|
||||||
* \brief Set the allowed hashes for signatures during the handshake.
|
* \brief Set the allowed hashes for signatures during the handshake.
|
||||||
* (Default: all available hashes.)
|
* (Default: all available hashes.)
|
||||||
|
@ -1569,7 +1569,7 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
||||||
const int *hashes );
|
const int *hashes );
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -246,6 +246,7 @@ typedef enum {
|
||||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||||
} mbedtls_key_exchange_type_t;
|
} mbedtls_key_exchange_type_t;
|
||||||
|
|
||||||
|
/* Key exchanges using a certificate */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
|
@ -256,6 +257,7 @@ typedef enum {
|
||||||
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Key exchanges using a PSK */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
|
||||||
|
@ -263,18 +265,13 @@ typedef enum {
|
||||||
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Key exchanges using a ECDHE */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||||
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
|
||||||
#define MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED
|
|
||||||
#endif
|
|
||||||
|
|
||||||
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
|
typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
|
||||||
|
|
||||||
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
#define MBEDTLS_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
||||||
|
|
|
@ -377,7 +377,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md );
|
||||||
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||||
mbedtls_md_type_t md );
|
mbedtls_md_type_t md );
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -1923,7 +1923,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
|
||||||
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
||||||
unsigned char **p,
|
unsigned char **p,
|
||||||
unsigned char *end,
|
unsigned char *end,
|
||||||
|
@ -1979,7 +1979,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||||
|
|
|
@ -5800,7 +5800,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
/*
|
/*
|
||||||
* Set allowed/preferred hashes for handshake signatures
|
* Set allowed/preferred hashes for handshake signatures
|
||||||
*/
|
*/
|
||||||
|
@ -6981,7 +6981,7 @@ static int ssl_preset_suiteb_ciphersuites[] = {
|
||||||
0
|
0
|
||||||
};
|
};
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
static int ssl_preset_suiteb_hashes[] = {
|
static int ssl_preset_suiteb_hashes[] = {
|
||||||
MBEDTLS_MD_SHA256,
|
MBEDTLS_MD_SHA256,
|
||||||
MBEDTLS_MD_SHA384,
|
MBEDTLS_MD_SHA384,
|
||||||
|
@ -7097,7 +7097,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
conf->sig_hashes = ssl_preset_suiteb_hashes;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -7130,7 +7130,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
|
||||||
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
conf->cert_profile = &mbedtls_x509_crt_profile_default;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
conf->sig_hashes = mbedtls_md_list();
|
conf->sig_hashes = mbedtls_md_list();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -7294,7 +7294,7 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
/*
|
/*
|
||||||
* Check if a hash proposed by the peer is in our list.
|
* Check if a hash proposed by the peer is in our list.
|
||||||
* Return 0 if we're willing to use it, -1 otherwise.
|
* Return 0 if we're willing to use it, -1 otherwise.
|
||||||
|
@ -7313,7 +7313,7 @@ int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
return( -1 );
|
return( -1 );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__SIGNATURE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
|
||||||
|
|
Loading…
Reference in a new issue