mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 17:45:37 +01:00
Depend on ECJPAKE key exchange, not module
This is more consistent, as it doesn't make any sense for a user to be able to set up an EC J-PAKE password with TLS if the corresponding key exchange is disabled. Arguably this is what we should de for other key exchanges as well instead of depending on ECDH_C etc, but this is an independent issue, so let's just do the right thing with the new key exchange and fix the other ones later. (This is a marginal issue anyway, since people who disable all ECDH key exchange are likely to also disable ECDH_C in order to minimize footprint.)
This commit is contained in:
parent
ddf97a6c92
commit
eef142d753
@ -1676,7 +1676,7 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
|
||||
void *p_sni );
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/**
|
||||
* \brief Set the EC J-PAKE password for current handshake.
|
||||
*
|
||||
@ -1697,7 +1697,7 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
|
||||
int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||
const unsigned char *pw,
|
||||
size_t pw_len );
|
||||
#endif /*MBEDTLS_ECJPAKE_C */
|
||||
#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
/**
|
||||
|
@ -41,7 +41,7 @@
|
||||
#include "sha512.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#include "ecjpake.h"
|
||||
#endif
|
||||
|
||||
@ -172,11 +172,11 @@ struct mbedtls_ssl_handshake_params
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_ECJPAKE_C)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
|
@ -209,7 +209,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_ECJPAKE_C)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
@ -278,9 +278,9 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*olen = 6;
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_ECJPAKE_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
@ -320,7 +320,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*olen = kkpp_len + 4;
|
||||
}
|
||||
#endif /* MBEDTLS_ECJPAKE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
@ -821,7 +821,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_ECJPAKE_C)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
||||
@ -829,7 +829,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
@ -1977,7 +1977,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_ECJPAKE_C)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
@ -2005,7 +2005,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||
|
||||
*olen = 6;
|
||||
}
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_ECJPAKE_C */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN )
|
||||
static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||
@ -2292,7 +2292,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_ECJPAKE_C)
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
@ -4932,7 +4932,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_init( &handshake->ecdh_ctx );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
|
||||
#endif
|
||||
|
||||
@ -5451,7 +5451,7 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* Set EC J-PAKE password for current handshake
|
||||
*/
|
||||
@ -5475,7 +5475,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_ECP_DP_SECP256R1,
|
||||
pw, pw_len ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECJPAKE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
|
||||
@ -6619,7 +6619,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
mbedtls_ecdh_free( &handshake->ecdh_ctx );
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
|
||||
#endif
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user