Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: Mbed-TLS/mbedtls
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 91ae5918abfecc7645e71899098da8153155b3c0
Choose a base ref
..
head repository: Mbed-TLS/mbedtls
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7a94a1b9fea391c319441e6b2ee21cd581065686
Choose a head ref
24 changes: 2 additions & 22 deletions include/mbedtls/check_config.h
View file
Original file line number Diff line number Diff line change
@@ -93,20 +93,12 @@
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(PSA_WANT_ALG_JPAKE) || \
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
!defined(PSA_WANT_ECC_SECP_R1_256) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
#else /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
( !defined(MBEDTLS_ECJPAKE_C) || \
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
#endif
#endif /* MBEDTLS_USE_PSA_CRYPTO */

/* Use of EC J-PAKE in TLS requires SHA-256. */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
@@ -202,11 +194,6 @@
#error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites"
#endif

#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \
defined(MBEDTLS_USE_PSA_CRYPTO))
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
#endif

/* TLS 1.2 and 1.3 require SHA-256 or SHA-384 (running handshake hash) */
#if defined(MBEDTLS_SSL_TLS_C) && \
!(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))
@@ -281,11 +268,6 @@
#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites"
#endif

#if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \
!defined(MBEDTLS_USE_PSA_CRYPTO) )
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif

#if defined(MBEDTLS_SSL_TICKET_C) && \
!( defined(PSA_WANT_ALG_CCM) || defined(PSA_WANT_ALG_GCM) || \
defined(PSA_WANT_ALG_CHACHA20_POLY1305) )
@@ -308,15 +290,13 @@

#if defined(MBEDTLS_X509_USE_C) && \
(!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) || \
!defined(MBEDTLS_PK_PARSE_C) || \
( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
!defined(MBEDTLS_PK_PARSE_C))
#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
#endif

#if defined(MBEDTLS_X509_CREATE_C) && \
(!defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) || \
!defined(MBEDTLS_PK_PARSE_C) || \
( !defined(MBEDTLS_MD_C) && !defined(MBEDTLS_USE_PSA_CRYPTO) ) )
!defined(MBEDTLS_PK_PARSE_C))
#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
#endif

3 changes: 1 addition & 2 deletions include/mbedtls/mbedtls_config.h
View file
Original file line number Diff line number Diff line change
@@ -835,8 +835,7 @@
* Module: library/ssl_ticket.c
* Caller:
*
* Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
* (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
* Requires: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C
*/
#define MBEDTLS_SSL_TICKET_C

6 changes: 0 additions & 6 deletions include/mbedtls/ssl.h
View file
Original file line number Diff line number Diff line change
@@ -1569,14 +1569,12 @@ struct mbedtls_ssl_config {

#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)

#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
* configured, this has value \c 0.
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
@@ -3625,7 +3623,6 @@ int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
const unsigned char *psk, size_t psk_len,
const unsigned char *psk_identity, size_t psk_identity_len);

#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Configure one or more opaque pre-shared keys (PSKs) and
* their identities to be used in PSK-based ciphersuites.
@@ -3667,7 +3664,6 @@ int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
mbedtls_svc_key_id_t psk,
const unsigned char *psk_identity,
size_t psk_identity_len);
#endif /* MBEDTLS_USE_PSA_CRYPTO */

/**
* \brief Set the pre-shared Key (PSK) for the current handshake.
@@ -3688,7 +3684,6 @@ int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
const unsigned char *psk, size_t psk_len);

#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
* \brief Set an opaque pre-shared Key (PSK) for the current handshake.
*
@@ -3711,7 +3706,6 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
*/
int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl,
mbedtls_svc_key_id_t psk);
#endif /* MBEDTLS_USE_PSA_CRYPTO */

#if defined(MBEDTLS_SSL_SRV_C)
/**
3 changes: 1 addition & 2 deletions include/mbedtls/ssl_ciphersuites.h
View file
Original file line number Diff line number Diff line change
@@ -328,8 +328,7 @@ typedef enum {
* - by TLS 1.3 to do ECDHE or FFDHE.
* The following macros can be used to guard their declaration and use.
*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) && \
defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_XXDH_PSA_1_2_ENABLED) || \
14 changes: 0 additions & 14 deletions include/mbedtls/ssl_cookie.h
View file
Original file line number Diff line number Diff line change
@@ -15,11 +15,6 @@

#include "mbedtls/ssl.h"

#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
#endif /* !MBEDTLS_USE_PSA_CRYPTO */

/**
* \name SECTION: Module settings
@@ -42,23 +37,14 @@ extern "C" {
* \brief Context for the default cookie functions.
*/
typedef struct mbedtls_ssl_cookie_ctx {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(psa_hmac_key); /*!< key id for the HMAC portion */
psa_algorithm_t MBEDTLS_PRIVATE(psa_hmac_alg); /*!< key algorithm for the HMAC portion */
#else
mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_HAVE_TIME)
unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */

#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_THREADING_C)
mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
#endif /* !MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_ssl_cookie_ctx;

/**
6 changes: 0 additions & 6 deletions include/mbedtls/ssl_ticket.h
View file
Original file line number Diff line number Diff line change
@@ -26,9 +26,7 @@
#include "mbedtls/platform_time.h"
#endif

#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#endif

#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
@@ -54,14 +52,10 @@ typedef struct mbedtls_ssl_ticket_key {
* tickets created under that key.
*/
uint32_t MBEDTLS_PRIVATE(lifetime);
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
#else
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(key); /*!< key used for auth enc/decryption */
psa_algorithm_t MBEDTLS_PRIVATE(alg); /*!< algorithm of auth enc/decryption */
psa_key_type_t MBEDTLS_PRIVATE(key_type); /*!< key type */
size_t MBEDTLS_PRIVATE(key_bits); /*!< key length in bits */
#endif
}
mbedtls_ssl_ticket_key;

11 changes: 0 additions & 11 deletions library/ssl_ciphersuites.c
View file
Original file line number Diff line number Diff line change
@@ -16,9 +16,7 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#endif

#include <string.h>

@@ -1370,7 +1368,6 @@ int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name)

size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t key_type;
psa_algorithm_t alg;
@@ -1385,12 +1382,6 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersui
}

return key_bits;
#else
const mbedtls_cipher_info_t * const cipher_info =
mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) info->cipher);

return mbedtls_cipher_info_get_key_bitlen(cipher_info);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}

#if defined(MBEDTLS_PK_C)
@@ -1413,7 +1404,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe
}
}

#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info)
{
switch (info->key_exchange) {
@@ -1452,7 +1442,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c
return 0;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */

mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info)
{
2 changes: 0 additions & 2 deletions library/ssl_ciphersuites_internal.h
View file
Original file line number Diff line number Diff line change
@@ -14,10 +14,8 @@

#if defined(MBEDTLS_PK_C)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
#endif /* MBEDTLS_PK_C */

Loading