Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256 #9173

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion include/mbedtls/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -1153,7 +1153,7 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
#elif defined(PSA_WANT_ALG_SHA_384)
Expand Down
192 changes: 96 additions & 96 deletions library/ssl_ciphersuites.c

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion library/ssl_cookie.c
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ static int local_err_translation(psa_status_t status)
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
* available. Try SHA-256 first as 384 wastes resources
*/
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#define COOKIE_MD MBEDTLS_MD_SHA256
#define COOKIE_MD_OUTLEN 32
#define COOKIE_HMAC_LEN 28
Expand Down
16 changes: 8 additions & 8 deletions library/ssl_misc.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
#include "mbedtls/sha1.h"
#endif

#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#include "mbedtls/sha256.h"
#endif

Expand Down Expand Up @@ -290,7 +290,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type);
/* Ciphersuites using HMAC */
#if defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
#elif defined(MBEDTLS_MD_CAN_SHA256)
#elif defined(PSA_WANT_ALG_SHA_256)
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
#else
#define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
Expand Down Expand Up @@ -922,7 +922,7 @@ struct mbedtls_ssl_handshake_params {
/*
* Checksum contexts
*/
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha256_psa;
#else
Expand Down Expand Up @@ -2429,10 +2429,10 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported(
{
switch (sig_alg) {
#if defined(MBEDTLS_PKCS1_V15)
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
#endif /* PSA_WANT_ALG_SHA_256 */
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
break;
Expand Down Expand Up @@ -2483,12 +2483,12 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(

switch (sig_alg) {
#if defined(MBEDTLS_PKCS1_V21)
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
#endif /* PSA_WANT_ALG_SHA_256 */
#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
Expand Down Expand Up @@ -2532,7 +2532,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
break;
#endif

#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(PSA_WANT_ALG_SHA_256)
case MBEDTLS_SSL_HASH_SHA256:
break;
#endif
Expand Down
Loading