Merge pull request #642 from jarvte/mbedtls_ssl_set_hostname_to_optional
[baremetal] Make function mbedtls_ssl_set_hostname(...) as optional
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index f8f4090..32f5939 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -691,7 +691,6 @@
/*
* Session specific crypto layer
*/
- size_t minlen; /*!< min. ciphertext length */
size_t ivlen; /*!< IV length */
size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */
size_t maclen; /*!< MAC(CBC) len */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c8bd66b..96276c2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1028,8 +1028,6 @@
cipher_info->mode == MBEDTLS_MODE_CCM ||
cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
{
- size_t explicit_ivlen;
-
transform->maclen = 0;
mac_key_len = 0;
transform->taglen = mbedtls_ssl_suite_get_flags( ciphersuite_info ) &
@@ -1044,10 +1042,6 @@
transform->fixed_ivlen = 12;
else
transform->fixed_ivlen = 4;
-
- /* Minimum length of encrypted record */
- explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
- transform->minlen = explicit_ivlen + transform->taglen;
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
@@ -1088,51 +1082,6 @@
/* IV length */
transform->ivlen = cipher_info->iv_size;
-
- /* Minimum length */
- if( cipher_info->mode == MBEDTLS_MODE_STREAM )
- transform->minlen = transform->maclen;
- else
- {
- /*
- * GenericBlockCipher:
- * 1. if EtM is in use: one block plus MAC
- * otherwise: * first multiple of blocklen greater than maclen
- * 2. IV except for SSL3 and TLS 1.0
- */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
- {
- transform->minlen = transform->maclen
- + cipher_info->block_size;
- }
- else
-#endif
- {
- transform->minlen = transform->maclen
- + cipher_info->block_size
- - transform->maclen % cipher_info->block_size;
- }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
- minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
- ; /* No need to adjust minlen */
- else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
- if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
- minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
- {
- transform->minlen += transform->ivlen;
- }
- else
-#endif
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
- }
}
else
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
@@ -1141,9 +1090,8 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u",
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, ivlen: %u, maclen: %u",
(unsigned) keylen,
- (unsigned) transform->minlen,
(unsigned) transform->ivlen,
(unsigned) transform->maclen ) );
@@ -9402,7 +9350,6 @@
{
size_t transform_expansion = 0;
const mbedtls_ssl_transform *transform = ssl->transform_out;
- unsigned block_size;
size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl );
@@ -9416,14 +9363,35 @@
switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
{
+#if defined(MBEDTLS_GCM_C) || \
+ defined(MBEDTLS_CCM_C) || \
+ defined(MBEDTLS_CHACHAPOLY_C)
+#if defined(MBEDTLS_GCM_C)
case MBEDTLS_MODE_GCM:
+#endif
+#if defined(MBEDTLS_CCM_C)
case MBEDTLS_MODE_CCM:
+#endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
case MBEDTLS_MODE_CHACHAPOLY:
- case MBEDTLS_MODE_STREAM:
- transform_expansion = transform->minlen;
+#endif
+ transform_expansion =
+ transform->ivlen - transform->fixed_ivlen + transform->taglen;
break;
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C ||
+ MBEDTLS_CHACHAPOLY_C */
+
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+ case MBEDTLS_MODE_STREAM:
+ transform_expansion = transform->maclen;
+ break;
+#endif /* MBEDTLS_CIPHER_MODE_STREAM */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
case MBEDTLS_MODE_CBC:
+ {
+ size_t block_size;
block_size = mbedtls_cipher_get_block_size(
&transform->cipher_ctx_enc );
@@ -9444,6 +9412,8 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
break;
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index dac2e26..2055292 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1347,6 +1347,43 @@
scripts/baremetal.sh --rom --gcc --armc5 --armc6 --check
}
+component_test_default_tinycrypt () {
+ msg "test default config with tinycrypt enabled"
+
+ scripts/config.pl set MBEDTLS_USE_TINYCRYPT
+ scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+ msg "test: default config with tinycrypt enabled"
+ make test
+ if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
+ if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'ECDHE-ECDSA\|ECDH-ECDSA\|ECDHE-PSK'
+}
+
+component_test_default_tinycrypt_without_legacy_ecdh () {
+ msg "test default config with tinycrypt enabled and ecdh_c disabled"
+
+ scripts/config.pl set MBEDTLS_USE_TINYCRYPT
+ scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+ scripts/config.pl unset MBEDTLS_ECDH_C
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra'
+
+ msg "test: default config with tinycrypt enabled and ecdh_c disabled"
+ make test
+ if_build_succeeded tests/ssl-opt.sh -f "^Default, DTLS$"
+ if_build_succeeded tests/compat.sh -m 'dtls1_2' -f 'TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA\|+ECDHE-ECDSA:+AES-256-CBC:+SHA1\|ECDHE-ECDSA-AES256-SHA' -e 'SHA384'
+}
+
component_test_baremetal () {
msg "build: lib+test+programs for baremetal.h + baremetal_test.h"
record_status scripts/baremetal.sh --ram --build-only