mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 16:05:38 +01:00
Remove dead code under MBEDTLS_SHA512_NO_SHA384
TLS code specific to SHA-384 was gated on MBEDTLS_SHA512_C. But SHA-384 also requires that MBEDTLS_SHA512_NO_SHA384 is not defined. This lead to dead code in TLS when MBEDTLS_SHA512_C and MBEDTLS_SHA512_NO_SHA384 were both defined (i.e. when SHA-512 was enabled but not SHA-384). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
367379d7fc
commit
d2d59379ed
@ -721,7 +721,7 @@ static int tls_prf_sha256( const unsigned char *secret, size_t slen,
|
||||
}
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||
const char *label,
|
||||
const unsigned char *random, size_t rlen,
|
||||
@ -730,7 +730,7 @@ static int tls_prf_sha384( const unsigned char *secret, size_t slen,
|
||||
return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
|
||||
label, random, rlen, dstbuf, dlen ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
@ -757,7 +757,7 @@ static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned cha
|
||||
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
|
||||
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
|
||||
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
|
||||
@ -804,7 +804,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
if( tls_prf == tls_prf_sha384 )
|
||||
{
|
||||
return( MBEDTLS_SSL_TLS_PRF_SHA384 );
|
||||
@ -845,11 +845,11 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_SSL_TLS_PRF_SHA384:
|
||||
tls_prf = tls_prf_sha384;
|
||||
break;
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
case MBEDTLS_SSL_TLS_PRF_SHA256:
|
||||
tls_prf = tls_prf_sha256;
|
||||
@ -1473,7 +1473,7 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
|
||||
hash == MBEDTLS_MD_SHA384 )
|
||||
{
|
||||
@ -1865,7 +1865,7 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash,
|
||||
size_t *hlen )
|
||||
@ -1912,7 +1912,7 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
return;
|
||||
}
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
|
||||
@ -2936,7 +2936,7 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
||||
else
|
||||
@ -2969,7 +2969,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
|
||||
mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
|
||||
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
||||
@ -2996,7 +2996,7 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
|
||||
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
|
||||
#else
|
||||
@ -3029,7 +3029,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *buf, size_t len )
|
||||
{
|
||||
@ -3263,7 +3263,7 @@ static void ssl_calc_finished_tls_sha256(
|
||||
}
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
|
||||
typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
|
||||
|
||||
@ -3345,7 +3345,7 @@ static void ssl_calc_finished_tls_sha384(
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
|
||||
}
|
||||
#endif /* MBEDTLS_SHA512_C */
|
||||
#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
|
||||
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
|
||||
@ -3659,7 +3659,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||
mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
handshake->fin_sha384_psa = psa_hash_operation_init();
|
||||
psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
|
||||
@ -5990,7 +5990,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
||||
mbedtls_sha256_free( &handshake->fin_sha256 );
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_hash_abort( &handshake->fin_sha384_psa );
|
||||
#else
|
||||
@ -6432,7 +6432,7 @@ typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
|
||||
unsigned char *dstbuf, size_t dlen );
|
||||
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
|
||||
{
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
|
||||
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
|
||||
|
||||
@ -6845,7 +6845,7 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static int ssl_preset_default_hashes[] = {
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
MBEDTLS_MD_SHA512,
|
||||
MBEDTLS_MD_SHA384,
|
||||
#endif
|
||||
@ -7206,7 +7206,7 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
|
||||
case MBEDTLS_SSL_HASH_SHA256:
|
||||
return( MBEDTLS_MD_SHA256 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_SSL_HASH_SHA384:
|
||||
return( MBEDTLS_MD_SHA384 );
|
||||
case MBEDTLS_SSL_HASH_SHA512:
|
||||
@ -7238,7 +7238,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
|
||||
case MBEDTLS_MD_SHA256:
|
||||
return( MBEDTLS_SSL_HASH_SHA256 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_MD_SHA384:
|
||||
return( MBEDTLS_SSL_HASH_SHA384 );
|
||||
case MBEDTLS_MD_SHA512:
|
||||
@ -7400,7 +7400,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
|
||||
break;
|
||||
#endif
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
|
||||
case MBEDTLS_SSL_HASH_SHA384:
|
||||
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||
break;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user