Skip to content

Commit

Permalink
Merge pull request #9173 from eleuzi01/replace-mbedtls-md-can-sha256
Browse files Browse the repository at this point in the history 
Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
  • Loading branch information
@paul-elliott-arm
paul-elliott-arm authored Jul 11, 2024
2 parents 1004c9c + 4e6a368 commit 095fa2c
Show file tree
Hide file tree
Showing 53 changed files with 2,140 additions and 2,140 deletions.
2 changes: 1 addition & 1 deletion include/mbedtls/ssl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1153,7 +1153,7 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
#elif defined(PSA_WANT_ALG_SHA_384)
Expand Down
192 changes: 96 additions & 96 deletions library/ssl_ciphersuites.c
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion library/ssl_cookie.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ static int local_err_translation(psa_status_t status)
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
* available. Try SHA-256 first as 384 wastes resources
*/
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#define COOKIE_MD MBEDTLS_MD_SHA256
#define COOKIE_MD_OUTLEN 32
#define COOKIE_HMAC_LEN 28
Expand Down
16 changes: 8 additions & 8 deletions library/ssl_misc.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
#include "mbedtls/sha1.h"
#endif

#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#include "mbedtls/sha256.h"
#endif

Expand Down Expand Up @@ -290,7 +290,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
/* Ciphersuites using HMAC */
#if defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
#elif defined(MBEDTLS_MD_CAN_SHA256)
#elif defined(PSA_WANT_ALG_SHA_256)
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
#else
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
Expand Down Expand Up @@ -922,7 +922,7 @@ struct mbedtls_ssl_handshake_params {
/*
* Checksum contexts
*/
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
#else
Expand Down Expand Up @@ -2429,10 +2429,10 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported(
{
switch (sig_alg) {
#if defined(MBEDTLS_PKCS1_V15)
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
#endif /* PSA_WANT_ALG_SHA_256 */
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
break;
Expand Down Expand Up @@ -2483,12 +2483,12 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(

switch (sig_alg) {
#if defined(MBEDTLS_PKCS1_V21)
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
#endif /* PSA_WANT_ALG_SHA_256 */
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
Expand Down Expand Up @@ -2532,7 +2532,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
break;
#endif

#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_SSL_HASH_SHA256:
break;
#endif
Expand Down
Loading

0 comments on commit 095fa2c

Please sign in to comment.