lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge branch 'development' into convert_NO_SHA384_to_positive

Browse Source 
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
This commit is contained in:
Mateusz Starzyk
2021-05-20 14:18:12 +02:00
parent 3489cc1433 085e94f4f7
commit 17011a3185
168 changed files with 5718 additions and 18419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
library/ssl_tls.c
View File

@ -806,14 +806,14 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *,
static int ssl_populate_transform( mbedtls_ssl_transform *transform,
int ciphersuite,
const unsigned char master[48],
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int trunc_hmac,
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls_prf_t tls_prf,
const unsigned char randbytes[64],
int minor_ver,
@ -846,7 +846,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
* Some data just needs copying into the structure
*/
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
transform->encrypt_then_mac = encrypt_then_mac;
#endif
transform->minor_ver = minor_ver;
@ -967,7 +967,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
}
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
cipher_info->mode == MBEDTLS_MODE_CBC )
{
@ -1044,7 +1044,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
}
}
else
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@ -1105,7 +1105,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
goto end;
}
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
@ -1125,7 +1125,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
goto end;
}
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
((void) mac_dec);
((void) mac_enc);
@ -1518,14 +1518,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
ret = ssl_populate_transform( ssl->transform_negotiate,
ssl->session_negotiate->ciphersuite,
ssl->session_negotiate->master,
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session_negotiate->encrypt_then_mac,
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
ssl->session_negotiate->trunc_hmac,
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl->handshake->tls_prf,
ssl->handshake->randbytes,
ssl->minor_ver,
@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
{
if( mbedtls_ssl_own_cert( ssl ) == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
/* Should never happen because we shouldn't have picked the
* ciphersuite if we don't have a certificate. */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
#endif
@ -1964,7 +1965,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
" > %" MBEDTLS_PRINTF_SIZET,
i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
ssl->out_msg[i ] = (unsigned char)( n >> 16 );
@ -2897,8 +2898,6 @@ static void ssl_calc_finished_tls_sha256(
#if defined(MBEDTLS_SHA384_C)
typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
static void ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
{
@ -2957,13 +2956,7 @@ static void ssl_calc_finished_tls_sha384(
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
sha512.state, sizeof( sha512.state ) );
#endif
/*
* For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long.
* However, to avoid stringop-overflow warning in gcc, we have to cast
* mbedtls_sha512_finish_ret().
*/
finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret;
finish( &sha512, padbuf );
mbedtls_sha512_finish_ret( &sha512, padbuf );
mbedtls_sha512_free( &sha512 );
#endif
@ -3322,7 +3315,7 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
mbedtls_cipher_init( &transform->cipher_ctx_enc );
mbedtls_cipher_init( &transform->cipher_ctx_dec );
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
mbedtls_md_init( &transform->md_ctx_enc );
mbedtls_md_init( &transform->md_ctx_dec );
#endif
@ -4646,7 +4639,7 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl )
{
size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
size_t read_mfl;
/* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */
@ -6161,14 +6154,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
ret = ssl_populate_transform( ssl->transform,
ssl->session->ciphersuite,
ssl->session->master,
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session->encrypt_then_mac,
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
ssl->session->trunc_hmac,
#endif
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
@ -6985,14 +6978,14 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
return( -1 );
switch( md )
{
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5:
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
return( -1 );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1:
@ -7011,7 +7004,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
break;
#endif
default:
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
return( -1 );
}
return 0;
@ -7019,7 +7012,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
(void) ssl;
(void) md;
return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
return( -1 );
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}