lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-24 17:41:01 +03:00
Code Activity

Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925

Browse Source 
Merge development into development-restricted
This commit is contained in:
Dave Rodgman
2023-09-25 18:16:01 +01:00
committed by GitHub
parent ffe590d197 ca1e605b9c
commit 6da7872aa2
201 changed files with 5318 additions and 2759 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/CMakeLists.txt
View File

@@ -1,7 +1,7 @@
option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without

28
library/Makefile
View File

@@ -167,7 +167,7 @@ OBJS_X509= \
x509_crl.o \
x509_crt.o \
x509_csr.o \
x509write.o \
x509write.o \
x509write_crt.o \
x509write_csr.o \
pkcs7.o \
@@ -315,21 +315,29 @@ GENERATED_FILES = \
psa_crypto_driver_wrappers.c
generated_files: $(GENERATED_FILES)
error.c: ../scripts/generate_errors.pl
error.c: ../scripts/data_files/error.fmt
error.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
# See root Makefile
GEN_FILES ?= yes
ifdef GEN_FILES
gen_file_dep =
else
gen_file_dep = |
endif
error.c: $(gen_file_dep) ../scripts/generate_errors.pl
error.c: $(gen_file_dep) ../scripts/data_files/error.fmt
error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
error.c:
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
ssl_debug_helpers_generated.c: ../scripts/generate_ssl_debug_helpers.py
ssl_debug_helpers_generated.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py
ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
version_features.c: ../scripts/generate_features.pl
version_features.c: ../scripts/data_files/version_features.fmt
version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
## The generated file only depends on the options that are present in mbedtls_config.h,
## not on which options are set. To avoid regenerating this file all the time
## when switching between configurations, don't declare mbedtls_config.h as a
@@ -340,8 +348,8 @@ version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py
psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/generate_driver_wrappers.py
psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
psa_crypto_driver_wrappers.c:
echo " Gen $@"
$(PYTHON) ../scripts/generate_driver_wrappers.py

15
library/aes.c
View File

@@ -34,20 +34,19 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
#if defined(__aarch64__)
#if defined(MBEDTLS_ARCH_IS_ARM64)
#if !defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
#endif
#if defined(__amd64__) || defined(__x86_64__) || \
((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))
#if defined(MBEDTLS_ARCH_IS_X64)
#if !defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
#endif
#if defined(__i386__) || defined(_M_IX86)
#if defined(MBEDTLS_ARCH_IS_X86)
#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_AESNI_C)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites"
#endif
@@ -652,7 +651,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
}
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits);
}
@@ -764,7 +763,7 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
}
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_aesce_inverse_key(
(unsigned char *) RK,
@@ -1091,7 +1090,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
}
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return mbedtls_aesce_crypt_ecb(ctx, mode, input, output);
}
@@ -1910,7 +1909,7 @@ int mbedtls_aes_self_test(int verbose)
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");
} else

4
library/aesce.c
View File

@@ -46,7 +46,7 @@
#include "aesce.h"
#if defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_ARCH_IS_ARM64)
/* Compiler version checks. */
#if defined(__clang__)
@@ -510,6 +510,6 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16],
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
#endif /* MBEDTLS_HAVE_ARM64 */
#endif /* MBEDTLS_ARCH_IS_ARM64 */
#endif /* MBEDTLS_AESCE_C */

11
library/aesce.h
View File

@@ -30,13 +30,10 @@
#include "mbedtls/aes.h"
#if !defined(MBEDTLS_HAVE_ARM64)
#if defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)
#define MBEDTLS_HAVE_ARM64
#endif
#endif
#if defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64)
#define MBEDTLS_AESCE_HAVE_CODE
#ifdef __cplusplus
extern "C" {
@@ -131,6 +128,6 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
}
#endif
#endif /* MBEDTLS_HAVE_ARM64 */
#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARM64 */
#endif /* MBEDTLS_AESCE_H */

22
library/aesni.h
View File

@@ -32,23 +32,8 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#if !defined(MBEDTLS_HAVE_X86_64) && \
(defined(__amd64__) || defined(__x86_64__) || \
defined(_M_X64) || defined(_M_AMD64)) && \
!defined(_M_ARM64EC)
#define MBEDTLS_HAVE_X86_64
#endif
#if !defined(MBEDTLS_HAVE_X86) && \
(defined(__i386__) || defined(_M_IX86))
#define MBEDTLS_HAVE_X86
#endif
#if defined(MBEDTLS_AESNI_C) && \
(defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86))
(defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_X86))
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
@@ -75,7 +60,10 @@
#if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#elif defined(MBEDTLS_HAVE_ASM) && \
defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64)
defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(__GNUC__)
# error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"

57
library/asn1parse.c
View File

@@ -19,7 +19,7 @@
#include "common.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
#include "mbedtls/asn1.h"
#include "mbedtls/platform_util.h"
@@ -47,47 +47,18 @@ int mbedtls_asn1_get_len(unsigned char **p,
if ((**p & 0x80) == 0) {
*len = *(*p)++;
} else {
switch (**p & 0x7F) {
case 1:
if ((end - *p) < 2) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = (*p)[1];
(*p) += 2;
break;
case 2:
if ((end - *p) < 3) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 8) | (*p)[2];
(*p) += 3;
break;
case 3:
if ((end - *p) < 4) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 16) |
((size_t) (*p)[2] << 8) | (*p)[3];
(*p) += 4;
break;
case 4:
if ((end - *p) < 5) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
((size_t) (*p)[3] << 8) | (*p)[4];
(*p) += 5;
break;
default:
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
int n = (**p) & 0x7F;
if (n == 0 || n > 4) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
if ((end - *p) <= n) {
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
*len = 0;
(*p)++;
while (n--) {
*len = (*len << 8) | **p;
(*p)++;
}
}
@@ -114,7 +85,9 @@ int mbedtls_asn1_get_tag(unsigned char **p,
return mbedtls_asn1_get_len(p, end, len);
}
#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
int mbedtls_asn1_get_bool(unsigned char **p,
const unsigned char *end,
int *val)

158
library/asn1write.c
View File

@@ -19,7 +19,7 @@
#include "common.h"
#if defined(MBEDTLS_ASN1_WRITE_C)
#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
@@ -28,68 +28,40 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h"
#endif
int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len)
{
if (len < 0x80) {
if (*p - start < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = (unsigned char) len;
return 1;
}
if (len <= 0xFF) {
if (*p - start < 2) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = (unsigned char) len;
*--(*p) = 0x81;
return 2;
}
if (len <= 0xFFFF) {
if (*p - start < 3) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = 0x82;
return 3;
}
if (len <= 0xFFFFFF) {
if (*p - start < 4) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = 0x83;
return 4;
}
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
len_is_valid = (len <= 0xFFFFFFFF);
if (len > 0xFFFFFFFF) {
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
#endif
if (len_is_valid) {
if (*p - start < 5) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
*--(*p) = MBEDTLS_BYTE_0(len);
*--(*p) = MBEDTLS_BYTE_1(len);
*--(*p) = MBEDTLS_BYTE_2(len);
*--(*p) = MBEDTLS_BYTE_3(len);
*--(*p) = 0x84;
return 5;
int required = 1;
if (len >= 0x80) {
for (size_t l = len; l != 0; l >>= 8) {
required++;
}
}
return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
if (required > (*p - start)) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
do {
*--(*p) = MBEDTLS_BYTE_0(len);
len >>= 8;
} while (len);
if (required > 1) {
*--(*p) = (unsigned char) (0x80 + required - 1);
}
return required;
}
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag)
@@ -102,6 +74,21 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign
return 1;
}
#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
#if defined(MBEDTLS_ASN1_WRITE_C)
static int mbedtls_asn1_write_len_and_tag(unsigned char **p,
const unsigned char *start,
size_t len,
unsigned char tag)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return (int) len;
}
int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t size)
@@ -154,10 +141,7 @@ int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start, const
len += 1;
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER));
ret = (int) len;
ret = mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER);
cleanup:
return ret;
@@ -166,15 +150,9 @@ cleanup:
int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
// Write NULL
//
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL);
}
int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
@@ -185,10 +163,7 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
(const unsigned char *) oid, oid_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID);
}
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start,
@@ -215,17 +190,12 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
}
int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if (*p - start < 1) {
@@ -235,15 +205,11 @@ int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int b
*--(*p) = (boolean) ? 255 : 0;
len++;
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN);
}
static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
do {
@@ -263,10 +229,7 @@ static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start,
len += 1;
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len, tag);
}
int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val)
@@ -289,10 +252,7 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta
(const unsigned char *) text,
text_len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len, tag);
}
int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start,
@@ -361,7 +321,6 @@ int mbedtls_asn1_write_named_bitstring(unsigned char **p,
int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
const unsigned char *buf, size_t bits)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
size_t unused_bits, byte_len;
@@ -385,10 +344,7 @@ int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
/* Write unused bits */
*--(*p) = (unsigned char) unused_bits;
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING);
}
int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start,
@@ -399,13 +355,11 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
return (int) len;
return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING);
}
#if !defined(MBEDTLS_ASN1_PARSE_C)
/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
* which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
static mbedtls_asn1_named_data *asn1_find_named_data(
@@ -423,6 +377,10 @@ static mbedtls_asn1_named_data *asn1_find_named_data(
return list;
}
#else
#define asn1_find_named_data(list, oid, len) \
((mbedtls_asn1_named_data *) mbedtls_asn1_find_named_data(list, oid, len))
#endif
mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
mbedtls_asn1_named_data **head,

2
library/bignum.c
View File

@@ -72,7 +72,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
}
/*
* Set sign_N to 1 if N >= 0, 0 if N < 0.
* Set N_is_negative to MBEDTLS_CT_FALSE if N >= 0, MBEDTLS_CT_TRUE if N < 0.
* We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
*/
X_is_negative = mbedtls_ct_bool((X->s & 2) >> 1);

31
library/bignum_core.c
View File

@@ -77,38 +77,17 @@ size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs)
return 0;
}
/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
* into the storage form used by mbedtls_mpi. */
static mbedtls_mpi_uint mpi_bigendian_to_host_c(mbedtls_mpi_uint a)
{
uint8_t i;
unsigned char *a_ptr;
mbedtls_mpi_uint tmp = 0;
for (i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++) {
tmp <<= CHAR_BIT;
tmp |= (mbedtls_mpi_uint) *a_ptr;
}
return tmp;
}
static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a)
{
if (MBEDTLS_IS_BIG_ENDIAN) {
/* Nothing to do on bigendian systems. */
return a;
} else {
switch (sizeof(mbedtls_mpi_uint)) {
case 4:
return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a);
case 8:
return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a);
}
/* Fall back to C-based reordering if we don't know the byte order
* or we couldn't use a compiler-specific builtin. */
return mpi_bigendian_to_host_c(a);
#if defined(MBEDTLS_HAVE_INT32)
return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a);
#elif defined(MBEDTLS_HAVE_INT64)
return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a);
#endif
}
}

1
library/ccm.c
View File

@@ -401,7 +401,6 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
mbedtls_xor(ctx->y + offset, ctx->y + offset, local_output, use_len);
memcpy(output, local_output, use_len);
mbedtls_platform_zeroize(local_output, 16);
if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
if ((ret =

2
library/cipher.c
View File

@@ -1,7 +1,7 @@
/**
* \file cipher.c
*
* \brief Generic cipher wrapper for mbed TLS
* \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*

46
library/cipher_wrap.c
View File

@@ -1,7 +1,7 @@
/**
* \file cipher_wrap.c
*
* \brief Generic cipher wrapper for mbed TLS
* \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
@@ -307,6 +307,7 @@ static const mbedtls_cipher_info_t aes_128_ecb_info = {
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ecb_info = {
"AES-192-ECB",
16,
@@ -328,6 +329,7 @@ static const mbedtls_cipher_info_t aes_256_ecb_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
static const mbedtls_cipher_info_t aes_128_cbc_info = {
@@ -341,6 +343,7 @@ static const mbedtls_cipher_info_t aes_128_cbc_info = {
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_cbc_info = {
"AES-192-CBC",
16,
@@ -362,6 +365,7 @@ static const mbedtls_cipher_info_t aes_256_cbc_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#endif
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -376,6 +380,7 @@ static const mbedtls_cipher_info_t aes_128_cfb128_info = {
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_cfb128_info = {
"AES-192-CFB128",
16,
@@ -397,6 +402,7 @@ static const mbedtls_cipher_info_t aes_256_cfb128_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#endif
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
@@ -411,6 +417,7 @@ static const mbedtls_cipher_info_t aes_128_ofb_info = {
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ofb_info = {
"AES-192-OFB",
16,
@@ -432,6 +439,7 @@ static const mbedtls_cipher_info_t aes_256_ofb_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#endif
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -446,6 +454,7 @@ static const mbedtls_cipher_info_t aes_128_ctr_info = {
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ctr_info = {
"AES-192-CTR",
16,
@@ -467,6 +476,7 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_AES
};
#endif
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -545,6 +555,7 @@ static const mbedtls_cipher_info_t aes_128_xts_info = {
MBEDTLS_CIPHER_BASE_INDEX_XTS_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_256_xts_info = {
"AES-256-XTS",
16,
@@ -555,6 +566,7 @@ static const mbedtls_cipher_info_t aes_256_xts_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_XTS_AES
};
#endif
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_GCM_C)
@@ -603,6 +615,7 @@ static const mbedtls_cipher_info_t aes_128_gcm_info = {
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_gcm_info = {
"AES-192-GCM",
16,
@@ -624,6 +637,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = {
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES
};
#endif
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CCM_C)
@@ -672,6 +686,7 @@ static const mbedtls_cipher_info_t aes_128_ccm_info = {
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ccm_info = {
"AES-192-CCM",
16,
@@ -693,6 +708,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = {
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
#endif
static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
"AES-128-CCM*-NO-TAG",
@@ -705,6 +721,7 @@ static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = {
"AES-192-CCM*-NO-TAG",
16,
@@ -726,6 +743,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = {
MBEDTLS_CIPHER_VARIABLE_IV_LEN,
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
};
#endif
#endif /* MBEDTLS_CCM_C */
#endif /* MBEDTLS_AES_C */
@@ -2125,6 +2143,7 @@ static const mbedtls_cipher_info_t aes_128_nist_kw_info = {
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_nist_kw_info = {
"AES-192-KW",
16,
@@ -2146,6 +2165,7 @@ static const mbedtls_cipher_info_t aes_256_nist_kw_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
#endif
static const mbedtls_cipher_info_t aes_128_nist_kwp_info = {
"AES-128-KWP",
@@ -2158,6 +2178,7 @@ static const mbedtls_cipher_info_t aes_128_nist_kwp_info = {
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
static const mbedtls_cipher_info_t aes_192_nist_kwp_info = {
"AES-192-KWP",
16,
@@ -2179,51 +2200,70 @@ static const mbedtls_cipher_info_t aes_256_nist_kwp_info = {
0,
MBEDTLS_CIPHER_BASE_INDEX_KW_AES
};
#endif
#endif /* MBEDTLS_NIST_KW_C */
const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
{
#if defined(MBEDTLS_AES_C)
{ MBEDTLS_CIPHER_AES_128_ECB, &aes_128_ecb_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_ECB, &aes_192_ecb_info },
{ MBEDTLS_CIPHER_AES_256_ECB, &aes_256_ecb_info },
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_CIPHER_AES_128_CBC, &aes_128_cbc_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CBC, &aes_192_cbc_info },
{ MBEDTLS_CIPHER_AES_256_CBC, &aes_256_cbc_info },
#endif
#endif
#if defined(MBEDTLS_CIPHER_MODE_CFB)
{ MBEDTLS_CIPHER_AES_128_CFB128, &aes_128_cfb128_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CFB128, &aes_192_cfb128_info },
{ MBEDTLS_CIPHER_AES_256_CFB128, &aes_256_cfb128_info },
#endif
#endif
#if defined(MBEDTLS_CIPHER_MODE_OFB)
{ MBEDTLS_CIPHER_AES_128_OFB, &aes_128_ofb_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_OFB, &aes_192_ofb_info },
{ MBEDTLS_CIPHER_AES_256_OFB, &aes_256_ofb_info },
#endif
#endif
#if defined(MBEDTLS_CIPHER_MODE_CTR)
{ MBEDTLS_CIPHER_AES_128_CTR, &aes_128_ctr_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CTR, &aes_192_ctr_info },
{ MBEDTLS_CIPHER_AES_256_CTR, &aes_256_ctr_info },
#endif
#endif
#if defined(MBEDTLS_CIPHER_MODE_XTS)
{ MBEDTLS_CIPHER_AES_128_XTS, &aes_128_xts_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info },
#endif
#endif
#if defined(MBEDTLS_GCM_C)
{ MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info },
{ MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info },
#endif
#endif
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info },
{ MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info },
#endif
{ MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info },
{ MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, &aes_256_ccm_star_no_tag_info },
#endif
#endif
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
@@ -2315,12 +2355,16 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
#if defined(MBEDTLS_NIST_KW_C)
{ MBEDTLS_CIPHER_AES_128_KW, &aes_128_nist_kw_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_KW, &aes_192_nist_kw_info },
{ MBEDTLS_CIPHER_AES_256_KW, &aes_256_nist_kw_info },
#endif
{ MBEDTLS_CIPHER_AES_128_KWP, &aes_128_nist_kwp_info },
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
{ MBEDTLS_CIPHER_AES_192_KWP, &aes_192_nist_kwp_info },
{ MBEDTLS_CIPHER_AES_256_KWP, &aes_256_nist_kwp_info },
#endif
#endif
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
{ MBEDTLS_CIPHER_NULL, &null_cipher_info },

191
library/constant_time_impl.h
View File

@@ -1,15 +1,6 @@
/**
* Constant-time functions
*
* For readability, the static inline definitions are here, and
* constant_time_internal.h has only the declarations.
*
* This results in duplicate declarations of the form:
* static inline void f() { ... }
* static inline void f();
* when constant_time_internal.h is included. This appears to behave
* exactly as if the declaration-without-definition was not present.
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
@@ -37,11 +28,20 @@
#include "mbedtls/bignum.h"
#endif
/* constant_time_impl.h contains all the static inline implementations,
* so that constant_time_internal.h is more readable.
/*
* To improve readability of constant_time_internal.h, the static inline
* definitions are here, and constant_time_internal.h has only the declarations.
*
* gcc generates warnings about duplicate declarations, so disable this
* warning.
* This results in duplicate declarations of the form:
* static inline void f(); // from constant_time_internal.h
* static inline void f() { ... } // from constant_time_impl.h
* when constant_time_internal.h is included.
*
* This appears to behave as if the declaration-without-definition was not present
* (except for warnings if gcc -Wredundant-decls or similar is used).
*
* Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled
* at the bottom of this file.
*/
#ifdef __GNUC__
#pragma GCC diagnostic push
@@ -71,6 +71,10 @@
#define MBEDTLS_CT_ARM_ASM
#elif defined(__aarch64__)
#define MBEDTLS_CT_AARCH64_ASM
#elif defined(__amd64__) || defined(__x86_64__)
#define MBEDTLS_CT_X86_64_ASM
#elif defined(__i386__)
#define MBEDTLS_CT_X86_ASM
#endif
#endif
@@ -132,7 +136,7 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x)
* seem to apply unified syntax globally, which breaks other asm code.
*/
#if !defined(__clang__)
#define RESTORE_ASM_SYNTAX ".syntax divided \n\t"
#define RESTORE_ASM_SYNTAX ".syntax divided \n\t"
#else
#define RESTORE_ASM_SYNTAX
#endif
@@ -150,9 +154,9 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x)
*/
#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
mbedtls_ct_uint_t s;
asm volatile ("neg %x[s], %x[x] \n\t"
"orr %x[x], %x[s], %x[x] \n\t"
"asr %x[x], %x[x], 63"
asm volatile ("neg %x[s], %x[x] \n\t"
"orr %x[x], %x[s], %x[x] \n\t"
"asr %x[x], %x[x], 63 \n\t"
:
[s] "=&r" (s),
[x] "+&r" (x)
@@ -162,10 +166,10 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x)
return (mbedtls_ct_condition_t) x;
#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
uint32_t s;
asm volatile (".syntax unified \n\t"
"negs %[s], %[x] \n\t"
"orrs %[x], %[x], %[s] \n\t"
"asrs %[x], %[x], #31 \n\t"
asm volatile (".syntax unified \n\t"
"negs %[s], %[x] \n\t"
"orrs %[x], %[x], %[s] \n\t"
"asrs %[x], %[x], #31 \n\t"
RESTORE_ASM_SYNTAX
:
[s] "=&l" (s),
@@ -175,6 +179,32 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x)
"cc" /* clobbers flag bits */
);
return (mbedtls_ct_condition_t) x;
#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
uint64_t s;
asm volatile ("mov %[x], %[s] \n\t"
"neg %[s] \n\t"
"or %[x], %[s] \n\t"
"sar $63, %[s] \n\t"
:
[s] "=&a" (s)
:
[x] "D" (x)
:
);
return (mbedtls_ct_condition_t) s;
#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
uint32_t s;
asm volatile ("mov %[x], %[s] \n\t"
"neg %[s] \n\t"
"or %[s], %[x] \n\t"
"sar $31, %[x] \n\t"
:
[s] "=&c" (s),
[x] "+&a" (x)
:
:
);
return (mbedtls_ct_condition_t) x;
#else
const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x);
#if defined(_MSC_VER)
@@ -202,9 +232,9 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
mbedtls_ct_uint_t if0)
{
#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t"
"mvn %x[condition], %x[condition] \n\t"
"and %x[condition], %x[condition], %x[if0] \n\t"
asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t"
"mvn %x[condition], %x[condition] \n\t"
"and %x[condition], %x[condition], %x[if0] \n\t"
"orr %x[condition], %x[if1], %x[condition]"
:
[condition] "+&r" (condition),
@@ -215,11 +245,11 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
);
return (mbedtls_ct_uint_t) condition;
#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
asm volatile (".syntax unified \n\t"
"ands %[if1], %[if1], %[condition] \n\t"
"mvns %[condition], %[condition] \n\t"
"ands %[condition], %[condition], %[if0] \n\t"
"orrs %[condition], %[if1], %[condition] \n\t"
asm volatile (".syntax unified \n\t"
"ands %[if1], %[if1], %[condition] \n\t"
"mvns %[condition], %[condition] \n\t"
"ands %[condition], %[condition], %[if0] \n\t"
"orrs %[condition], %[if1], %[condition] \n\t"
RESTORE_ASM_SYNTAX
:
[condition] "+&l" (condition),
@@ -230,6 +260,32 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition,
"cc"
);
return (mbedtls_ct_uint_t) condition;
#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
asm volatile ("and %[condition], %[if1] \n\t"
"not %[condition] \n\t"
"and %[condition], %[if0] \n\t"
"or %[if1], %[if0] \n\t"
:
[condition] "+&D" (condition),
[if1] "+&S" (if1),
[if0] "+&a" (if0)
:
:
);
return if0;
#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
asm volatile ("and %[condition], %[if1] \n\t"
"not %[condition] \n\t"
"and %[if0], %[condition] \n\t"
"or %[condition], %[if1] \n\t"
:
[condition] "+&c" (condition),
[if1] "+&a" (if1)
:
[if0] "b" (if0)
:
);
return if1;
#else
mbedtls_ct_condition_t not_cond =
(mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition));
@@ -241,39 +297,81 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe
{
#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
uint64_t s1;
asm volatile ("eor %x[s1], %x[y], %x[x] \n\t"
"sub %x[x], %x[x], %x[y] \n\t"
"bic %x[x], %x[x], %x[s1] \n\t"
"and %x[s1], %x[s1], %x[y] \n\t"
"orr %x[s1], %x[x], %x[s1] \n\t"
asm volatile ("eor %x[s1], %x[y], %x[x] \n\t"
"sub %x[x], %x[x], %x[y] \n\t"
"bic %x[x], %x[x], %x[s1] \n\t"
"and %x[s1], %x[s1], %x[y] \n\t"
"orr %x[s1], %x[x], %x[s1] \n\t"
"asr %x[x], %x[s1], 63"
: [s1] "=&r" (s1), [x] "+&r" (x)
: [y] "r" (y)
:
[s1] "=&r" (s1),
[x] "+&r" (x)
:
[y] "r" (y)
:
);
return (mbedtls_ct_condition_t) x;
#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32)
uint32_t s1;
asm volatile (
".syntax unified \n\t"
".syntax unified \n\t"
#if defined(__thumb__) && !defined(__thumb2__)
"movs %[s1], %[x] \n\t"
"eors %[s1], %[s1], %[y] \n\t"
"movs %[s1], %[x] \n\t"
"eors %[s1], %[s1], %[y] \n\t"
#else
"eors %[s1], %[x], %[y] \n\t"
"eors %[s1], %[x], %[y] \n\t"
#endif
"subs %[x], %[x], %[y] \n\t"
"bics %[x], %[x], %[s1] \n\t"
"ands %[y], %[s1], %[y] \n\t"
"orrs %[x], %[x], %[y] \n\t"
"asrs %[x], %[x], #31 \n\t"
"subs %[x], %[x], %[y] \n\t"
"bics %[x], %[x], %[s1] \n\t"
"ands %[y], %[s1], %[y] \n\t"
"orrs %[x], %[x], %[y] \n\t"
"asrs %[x], %[x], #31 \n\t"
RESTORE_ASM_SYNTAX
: [s1] "=&l" (s1), [x] "+&l" (x), [y] "+&l" (y)
:
[s1] "=&l" (s1),
[x] "+&l" (x),
[y] "+&l" (y)
:
:
"cc"
);
return (mbedtls_ct_condition_t) x;
#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64))
uint64_t s;
asm volatile ("mov %[x], %[s] \n\t"
"xor %[y], %[s] \n\t"
"sub %[y], %[x] \n\t"
"and %[s], %[y] \n\t"
"not %[s] \n\t"
"and %[s], %[x] \n\t"
"or %[y], %[x] \n\t"
"sar $63, %[x] \n\t"
:
[s] "=&a" (s),
[x] "+&D" (x),
[y] "+&S" (y)
:
:
);
return (mbedtls_ct_condition_t) x;
#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32)
uint32_t s;
asm volatile ("mov %[x], %[s] \n\t"
"xor %[y], %[s] \n\t"
"sub %[y], %[x] \n\t"
"and %[s], %[y] \n\t"
"not %[s] \n\t"
"and %[s], %[x] \n\t"
"or %[y], %[x] \n\t"
"sar $31, %[x] \n\t"
:
[s] "=&b" (s),
[x] "+&a" (x),
[y] "+&c" (y)
:
:
);
return (mbedtls_ct_condition_t) x;
#else
/* Ensure that the compiler cannot optimise the following operations over x and y,
* even if it knows the value of x and y.
@@ -461,6 +559,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t
}
#ifdef __GNUC__
/* Restore warnings for -Wredundant-decls on gcc */
#pragma GCC diagnostic pop
#endif

6
library/constant_time_internal.h
View File

@@ -47,7 +47,7 @@
* These are all named mbedtls_ct_<type>_if and mbedtls_ct_<type>_if_else_0
* All arguments are considered secret.
* example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c)
* example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint__if_else_0(x, b)
* example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if_else_0(x, b)
*
* - block memory operations
* Only some arguments are considered secret, as documented for each
@@ -517,8 +517,8 @@ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition,
*
* memcpy(dst, src + offset, len)
*
* This function copies \p len bytes from \p src_base + \p offset to \p
* dst, with a code flow and memory access pattern that does not depend on
* This function copies \p len bytes from \p src + \p offset to
* \p dst, with a code flow and memory access pattern that does not depend on
* \p offset, but only on \p offset_min, \p offset_max and \p len.
*
* \note This function reads from \p dest, but the value that

2
library/ecjpake.c
View File

@@ -1131,7 +1131,7 @@ int mbedtls_ecjpake_self_test(int verbose)
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
* are generated. This is only the case for the internal mbed TLS
* are generated. This is only the case for the internal Mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if (verbose != 0) {

5
library/ecp.c
View File

@@ -958,9 +958,8 @@ int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
/*
* Next two bytes are the namedcurve value
*/
tls_id = *(*buf)++;
tls_id <<= 8;
tls_id |= *(*buf)++;
tls_id = MBEDTLS_GET_UINT16_BE(*buf, 0);
*buf += 2;
if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) {
return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;

2
library/entropy_poll.h
View File

@@ -50,7 +50,7 @@ int mbedtls_platform_entropy_poll(void *data,
/**
* \brief Entropy poll callback for a hardware source
*
* \warning This is not provided by mbed TLS!
* \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h.
*
* \note This must accept NULL as its first argument.

6
library/gcm.c
View File

@@ -98,7 +98,7 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx)
}
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
return 0;
}
@@ -209,7 +209,7 @@ static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16],
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
unsigned char h[16];
@@ -883,7 +883,7 @@ int mbedtls_gcm_self_test(int verbose)
} else
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" GCM note: using AESCE.\n");
} else

18
library/md.c
View File

@@ -1,7 +1,7 @@
/**
* \file md.c
*
* \brief Generic message digest wrapper for mbed TLS
* \brief Generic message digest wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
@@ -231,6 +231,22 @@ static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info)
#if defined(MBEDTLS_MD_SHA512_VIA_PSA)
case MBEDTLS_MD_SHA512:
return PSA_ALG_SHA_512;
#endif
#if defined(MBEDTLS_MD_SHA3_224_VIA_PSA)
case MBEDTLS_MD_SHA3_224:
return PSA_ALG_SHA3_224;
#endif
#if defined(MBEDTLS_MD_SHA3_256_VIA_PSA)
case MBEDTLS_MD_SHA3_256:
return PSA_ALG_SHA3_256;
#endif
#if defined(MBEDTLS_MD_SHA3_384_VIA_PSA)
case MBEDTLS_MD_SHA3_384:
return PSA_ALG_SHA3_384;
#endif
#if defined(MBEDTLS_MD_SHA3_512_VIA_PSA)
case MBEDTLS_MD_SHA3_512:
return PSA_ALG_SHA3_512;
#endif
default:
return PSA_ALG_NONE;

10
library/md5.c
View File

@@ -286,7 +286,7 @@ int mbedtls_md5_finish(mbedtls_md5_context *ctx,
memset(ctx->buffer + used, 0, 64 - used);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -303,7 +303,7 @@ int mbedtls_md5_finish(mbedtls_md5_context *ctx,
MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60);
if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
/*
@@ -314,7 +314,11 @@ int mbedtls_md5_finish(mbedtls_md5_context *ctx,
MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
return 0;
ret = 0;
exit:
mbedtls_md5_free(ctx);
return ret;
}
#endif /* !MBEDTLS_MD5_ALT */

2
library/mps_common.h
View File

@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**

2
library/mps_error.h
View File

@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**

2
library/mps_reader.h
View File

@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**

2
library/mps_trace.h
View File

@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**

56
library/oid.c
View File

@@ -760,6 +760,30 @@ static const oid_md_alg_t oid_md_alg[] =
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"),
MBEDTLS_MD_RIPEMD160,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"),
MBEDTLS_MD_SHA3_224,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_256)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"),
MBEDTLS_MD_SHA3_256,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"),
MBEDTLS_MD_SHA3_384,
},
#endif
#if defined(MBEDTLS_MD_CAN_SHA3_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"),
MBEDTLS_MD_SHA3_512,
},
#endif
{
NULL_OID_DESCRIPTOR,
@@ -796,7 +820,7 @@ static const oid_md_hmac_t oid_md_hmac[] =
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"),
MBEDTLS_MD_SHA224,
},
#endif
#endif /* MBEDTLS_MD_CAN_SHA224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"),
@@ -815,6 +839,36 @@ static const oid_md_hmac_t oid_md_hmac[] =
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_MD_CAN_SHA512 */
#if defined(MBEDTLS_MD_CAN_SHA3_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"),
MBEDTLS_MD_SHA3_224,
},
#endif /* MBEDTLS_MD_CAN_SHA3_224 */
#if defined(MBEDTLS_MD_CAN_SHA3_256)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"),
MBEDTLS_MD_SHA3_256,
},
#endif /* MBEDTLS_MD_CAN_SHA3_256 */
#if defined(MBEDTLS_MD_CAN_SHA3_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"),
MBEDTLS_MD_SHA3_384,
},
#endif /* MBEDTLS_MD_CAN_SHA3_384 */
#if defined(MBEDTLS_MD_CAN_SHA3_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"),
MBEDTLS_MD_SHA3_512,
},
#endif /* MBEDTLS_MD_CAN_SHA3_512 */
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"),
MBEDTLS_MD_RIPEMD160,
},
#endif /* MBEDTLS_MD_CAN_RIPEMD160 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,

4
library/padlock.c
View File

@@ -31,7 +31,7 @@
#include <string.h>
#if defined(MBEDTLS_HAVE_X86)
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
@@ -162,6 +162,6 @@ int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
return 0;
}
#endif /* MBEDTLS_HAVE_X86 */
#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */

13
library/padlock.h
View File

@@ -38,16 +38,17 @@
#endif
#endif
/* Some versions of ASan result in errors about not enough registers */
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
/*
* - `padlock` is implements with GNUC assembly for x86 target.
* - Some versions of ASan result in errors about not enough registers.
*/
#if defined(MBEDTLS_PADLOCK_C) && \
defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
defined(MBEDTLS_HAVE_ASM) && \
!defined(MBEDTLS_HAVE_ASAN)
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
#ifndef MBEDTLS_HAVE_X86
#define MBEDTLS_HAVE_X86
#endif
#include <stdint.h>
#define MBEDTLS_PADLOCK_RNG 0x000C

2
library/pkparse.c
View File

@@ -737,7 +737,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
} else {
/* Uncompressed format */
if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
if ((size_t) (end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
}
memcpy(pk->pub_raw, *p, (end - *p));

9
library/pkwrite.c
View File

@@ -77,7 +77,7 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PEM_WRITE_C)
/* It is assumed that the input key is opaque */
static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
{
@@ -92,7 +92,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
return ec_family;
}
#endif /* MBETLS_USE_PSA_CRYPTO */
#endif /* MBETLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
@@ -379,7 +379,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
#endif
const char *oid;
const char *oid = NULL;
if (size == 0) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
@@ -688,7 +688,6 @@ end_of_export:
int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
{
unsigned char *c;
size_t len = 0;
#if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0;
#endif /* MBEDTLS_RSA_C */
@@ -733,8 +732,6 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
return (int) len;
}
#if defined(MBEDTLS_PEM_WRITE_C)

20
library/platform_util.c
View File

@@ -125,6 +125,26 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
SecureZeroMemory(buf, len);
#else
memset_func(buf, 0, len);
#endif
#if defined(__GNUC__)
/* For clang and recent gcc, pretend that we have some assembly that reads the
* zero'd memory as an additional protection against being optimised away. */
#if defined(__clang__) || (__GNUC__ >= 10)
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wvla"
#elif defined(MBEDTLS_COMPILER_IS_GCC)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wvla"
#endif
asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
#if defined(__clang__)
#pragma clang diagnostic pop
#elif defined(MBEDTLS_COMPILER_IS_GCC)
#pragma GCC diagnostic pop
#endif
#endif
#endif
}
}

113
library/psa_crypto.c
View File

@@ -64,6 +64,7 @@
#include "mbedtls/cipher.h"
#include "mbedtls/ccm.h"
#include "mbedtls/cmac.h"
#include "mbedtls/constant_time.h"
#include "mbedtls/des.h"
#include "mbedtls/ecdh.h"
#include "mbedtls/ecp.h"
@@ -104,9 +105,9 @@ static int key_type_is_raw_bytes(psa_key_type_t type)
#define RNG_SEEDED 2
typedef struct {
unsigned initialized : 1;
unsigned rng_state : 2;
unsigned drivers_initialized : 1;
uint8_t initialized;
uint8_t rng_state;
uint8_t drivers_initialized;
mbedtls_psa_random_context_t rng;
} psa_global_data_t;
@@ -152,9 +153,15 @@ psa_status_t mbedtls_to_psa_error(int ret)
case 0:
return PSA_SUCCESS;
#if defined(MBEDTLS_AES_C)
case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_AES_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
#endif
#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C)
case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
@@ -165,26 +172,34 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
#endif
#if defined(MBEDTLS_CAMELLIA_C)
case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
#endif
#if defined(MBEDTLS_CCM_C)
case MBEDTLS_ERR_CCM_BAD_INPUT:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_CCM_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
#endif
#if defined(MBEDTLS_CHACHA20_C)
case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
return PSA_ERROR_BAD_STATE;
case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
#endif
#if defined(MBEDTLS_CIPHER_C)
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
@@ -199,6 +214,7 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
return PSA_ERROR_CORRUPTION_DETECTED;
#endif
#if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE))
@@ -213,20 +229,24 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
#if defined(MBEDTLS_DES_C)
case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
return PSA_ERROR_NOT_SUPPORTED;
#endif
case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#if defined(MBEDTLS_GCM_C)
case MBEDTLS_ERR_GCM_AUTH_FAILED:
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_GCM_BAD_INPUT:
return PSA_ERROR_INVALID_ARGUMENT;
#endif
#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
@@ -241,17 +261,24 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
#if defined(MBEDTLS_MD_LIGHT)
case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
return PSA_ERROR_NOT_SUPPORTED;
case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MD_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
#if defined(MBEDTLS_FS_IO)
case MBEDTLS_ERR_MD_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
#endif
#endif
#if defined(MBEDTLS_BIGNUM_C)
#if defined(MBEDTLS_FS_IO)
case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
#endif
case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
@@ -266,14 +293,19 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_MPI_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
#endif
#if defined(MBEDTLS_PK_C)
case MBEDTLS_ERR_PK_ALLOC_FAILED:
return PSA_ERROR_INSUFFICIENT_MEMORY;
case MBEDTLS_ERR_PK_TYPE_MISMATCH:
case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_PSA_ITS_FILE_C)
case MBEDTLS_ERR_PK_FILE_IO_ERROR:
return PSA_ERROR_STORAGE_FAILURE;
#endif
case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
return PSA_ERROR_INVALID_ARGUMENT;
@@ -292,12 +324,14 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_INVALID_SIGNATURE;
case MBEDTLS_ERR_PK_BUFFER_TOO_SMALL:
return PSA_ERROR_BUFFER_TOO_SMALL;
#endif
case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
return PSA_ERROR_HARDWARE_FAILURE;
case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
return PSA_ERROR_NOT_SUPPORTED;
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
return PSA_ERROR_INVALID_ARGUMENT;
case MBEDTLS_ERR_RSA_INVALID_PADDING:
@@ -315,7 +349,9 @@ psa_status_t mbedtls_to_psa_error(int ret)
return PSA_ERROR_BUFFER_TOO_SMALL;
case MBEDTLS_ERR_RSA_RNG_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#endif
#if defined(MBEDTLS_ECP_LIGHT)
case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
case MBEDTLS_ERR_ECP_INVALID_KEY:
return PSA_ERROR_INVALID_ARGUMENT;
@@ -331,8 +367,11 @@ psa_status_t mbedtls_to_psa_error(int ret)
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
return PSA_ERROR_INSUFFICIENT_ENTROPY;
#if defined(MBEDTLS_ECP_RESTARTABLE)
case MBEDTLS_ERR_ECP_IN_PROGRESS:
return PSA_OPERATION_INCOMPLETE;
#endif
#endif
case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
return PSA_ERROR_CORRUPTION_DETECTED;
@@ -392,45 +431,71 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits)
{
switch (grpid) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1;
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1;
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
#endif
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1;
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1;
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
#endif
default:
*bits = 0;
return 0;
@@ -2356,7 +2421,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
goto exit;
}
if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2405,7 +2470,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) {
if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}
@@ -2787,7 +2852,7 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) {
if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
@@ -4109,7 +4174,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length;
size_t default_iv_length = 0;
if (operation->id == 0) {
status = PSA_ERROR_BAD_STATE;
@@ -4719,7 +4784,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE];
size_t required_nonce_size;
size_t required_nonce_size = 0;
*nonce_length = 0;
@@ -6684,20 +6749,17 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2,
const uint8_t *data,
size_t data_length)
{
if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET &&
pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
} else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
/* Appending to existing salt. No state change. */
} else {
return PSA_ERROR_BAD_STATE;
}
if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
pbkdf2->salt = mbedtls_calloc(1, data_length);
if (pbkdf2->salt == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
memcpy(pbkdf2->salt, data, data_length);
pbkdf2->salt_length = data_length;
} else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
if (data_length == 0) {
/* Appending an empty string, nothing to do. */
} else {
uint8_t *next_salt;
next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length);
@@ -6705,15 +6767,14 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2,
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
if (pbkdf2->salt_length != 0) {
memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
}
memcpy(next_salt + pbkdf2->salt_length, data, data_length);
pbkdf2->salt_length += data_length;
mbedtls_free(pbkdf2->salt);
pbkdf2->salt = next_salt;
}
pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
return PSA_SUCCESS;
}

25
library/psa_crypto_core.h
View File

@@ -38,27 +38,6 @@
*/
int psa_can_do_hash(psa_algorithm_t hash_alg);
/** Constant-time buffer comparison
*
* \param[in] a Left-hand buffer for comparison.
* \param[in] b Right-hand buffer for comparison.
* \param n Amount of bytes to compare.
*
* \return 0 if the buffer contents are equal, non-zero otherwise
*/
static inline int mbedtls_psa_safer_memcmp(
const uint8_t *a, const uint8_t *b, size_t n)
{
size_t i;
unsigned char diff = 0;
for (i = 0; i < n; i++) {
diff |= a[i] ^ b[i];
}
return diff;
}
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
@@ -246,12 +225,12 @@ psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot,
const uint8_t *data,
size_t data_length);
/** Convert an mbed TLS error code to a PSA error code
/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
* \param ret An mbed TLS-thrown error code
* \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/

4
library/psa_crypto_driver_wrappers.h
View File

@@ -24,9 +24,9 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
/*
* Initialization and termination functions

102
library/psa_crypto_hash.c
View File

@@ -73,6 +73,25 @@ psa_status_t mbedtls_psa_hash_abort(
case PSA_ALG_SHA_512:
mbedtls_sha512_free(&operation->ctx.sha512);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
case PSA_ALG_SHA3_224:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
case PSA_ALG_SHA3_256:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
case PSA_ALG_SHA3_384:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
case PSA_ALG_SHA3_512:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
mbedtls_sha3_free(&operation->ctx.sha3);
break;
#endif
default:
return PSA_ERROR_BAD_STATE;
@@ -134,6 +153,30 @@ psa_status_t mbedtls_psa_hash_setup(
mbedtls_sha512_init(&operation->ctx.sha512);
ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
case PSA_ALG_SHA3_224:
mbedtls_sha3_init(&operation->ctx.sha3);
ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
case PSA_ALG_SHA3_256:
mbedtls_sha3_init(&operation->ctx.sha3);
ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
case PSA_ALG_SHA3_384:
mbedtls_sha3_init(&operation->ctx.sha3);
ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
case PSA_ALG_SHA3_512:
mbedtls_sha3_init(&operation->ctx.sha3);
ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512);
break;
#endif
default:
return PSA_ALG_IS_HASH(alg) ?
@@ -196,6 +239,26 @@ psa_status_t mbedtls_psa_hash_clone(
mbedtls_sha512_clone(&target_operation->ctx.sha512,
&source_operation->ctx.sha512);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
case PSA_ALG_SHA3_224:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
case PSA_ALG_SHA3_256:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
case PSA_ALG_SHA3_384:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
case PSA_ALG_SHA3_512:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
mbedtls_sha3_clone(&target_operation->ctx.sha3,
&source_operation->ctx.sha3);
break;
#endif
default:
(void) source_operation;
@@ -256,6 +319,26 @@ psa_status_t mbedtls_psa_hash_update(
ret = mbedtls_sha512_update(&operation->ctx.sha512,
input, input_length);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
case PSA_ALG_SHA3_224:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
case PSA_ALG_SHA3_256:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
case PSA_ALG_SHA3_384:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
case PSA_ALG_SHA3_512:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
ret = mbedtls_sha3_update(&operation->ctx.sha3,
input, input_length);
break;
#endif
default:
(void) input;
@@ -326,6 +409,25 @@ psa_status_t mbedtls_psa_hash_finish(
case PSA_ALG_SHA_512:
ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash);
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224)
case PSA_ALG_SHA3_224:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256)
case PSA_ALG_SHA3_256:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384)
case PSA_ALG_SHA3_384:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
case PSA_ALG_SHA3_512:
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512)
ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size);
break;
#endif
default:
(void) hash;

3
library/psa_crypto_mac.c
View File

@@ -29,6 +29,7 @@
#include <mbedtls/md.h>
#include <mbedtls/error.h>
#include "mbedtls/constant_time.h"
#include <string.h>
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
@@ -453,7 +454,7 @@ psa_status_t mbedtls_psa_mac_verify_finish(
goto cleanup;
}
if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) {
if (mbedtls_ct_memcmp(mac, actual_mac, mac_length) != 0) {
status = PSA_ERROR_INVALID_SIGNATURE;
}

2
library/psa_crypto_pake.c
View File

@@ -28,7 +28,7 @@
#include "psa_crypto_slot_management.h"
#include <mbedtls/ecjpake.h>
#include <psa_util_internal.h>
#include "psa_util_internal.h"
#include <mbedtls/platform.h>
#include <mbedtls/error.h>

2
library/psa_crypto_random_impl.h
View File

@@ -30,7 +30,7 @@
#ifndef PSA_CRYPTO_RANDOM_IMPL_H
#define PSA_CRYPTO_RANDOM_IMPL_H
#include <psa_util_internal.h>
#include "psa_util_internal.h"
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)

2
library/psa_crypto_slot_management.c
View File

@@ -38,7 +38,7 @@
typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1;
uint8_t key_slots_initialized;
} psa_global_data_t;
static psa_global_data_t global_data;

2
library/psa_crypto_storage.h
View File

@@ -202,7 +202,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS 1
#endif
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)

2
library/psa_util.c
View File

@@ -25,7 +25,7 @@
#include <psa/crypto.h>
#include "psa_crypto_core.h"
#include <psa_util_internal.h>
#include "psa_util_internal.h"
/* The following includes are needed for MBEDTLS_ERR_XXX macros */
#include <mbedtls/error.h>

10
library/ripemd160.c
View File

@@ -356,12 +356,12 @@ int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
if (ret != 0) {
return ret;
goto exit;
}
ret = mbedtls_ripemd160_update(ctx, msglen, 8);
if (ret != 0) {
return ret;
goto exit;
}
MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
@@ -370,7 +370,11 @@ int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
return 0;
ret = 0;
exit:
mbedtls_ripemd160_free(ctx);
return ret;
}
#endif /* ! MBEDTLS_RIPEMD160_ALT */

11
library/sha1.c
View File

@@ -322,7 +322,7 @@ int mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
memset(ctx->buffer + used, 0, 64 - used);
if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -339,7 +339,7 @@ int mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
/*
@@ -351,7 +351,11 @@ int mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
return 0;
ret = 0;
exit:
mbedtls_sha1_free(ctx);
return ret;
}
#endif /* !MBEDTLS_SHA1_ALT */
@@ -382,7 +386,6 @@ int mbedtls_sha1(const unsigned char *input,
exit:
mbedtls_sha1_free(&ctx);
return ret;
}

10
library/sha256.c
View File

@@ -697,7 +697,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used);
if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
memset(ctx->buffer, 0, 56);
@@ -714,7 +714,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
/*
@@ -736,7 +736,11 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28);
}
return 0;
ret = 0;
exit:
mbedtls_sha256_free(ctx);
return ret;
}
#endif /* !MBEDTLS_SHA256_ALT */

13
library/sha3.c
View File

@@ -200,7 +200,7 @@ int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id)
}
}
if (p == NULL || p->id == MBEDTLS_SHA3_NONE) {
if (p->id == MBEDTLS_SHA3_NONE) {
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
}
@@ -259,10 +259,13 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx,
int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
uint8_t *output, size_t olen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Catch SHA-3 families, with fixed output length */
if (ctx->olen > 0) {
if (ctx->olen > olen) {
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
goto exit;
}
olen = ctx->olen;
}
@@ -280,7 +283,11 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
}
}
return 0;
ret = 0;
exit:
mbedtls_sha3_free(ctx);
return ret;
}
/*

10
library/sha512.c
View File

@@ -844,7 +844,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used);
if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
memset(ctx->buffer, 0, 112);
@@ -861,7 +861,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
sha512_put_uint64_be(low, ctx->buffer, 120);
if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
return ret;
goto exit;
}
/*
@@ -883,7 +883,11 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
sha512_put_uint64_be(ctx->state[7], output, 56);
}
return 0;
ret = 0;
exit:
mbedtls_sha512_free(ctx);
return ret;
}
#endif /* !MBEDTLS_SHA512_ALT */

2
library/ssl_cache.c
View File

@@ -264,7 +264,7 @@ int mbedtls_ssl_cache_set(void *data,
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
mbedtls_ssl_cache_entry *cur;
size_t session_serialized_len;
size_t session_serialized_len = 0;
unsigned char *session_serialized = NULL;
#if defined(MBEDTLS_THREADING_C)

7
library/ssl_ciphersuites.c
View File

@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.c
*
* \brief SSL ciphersuites for mbed TLS
* \brief SSL ciphersuites for Mbed TLS
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
@@ -2022,7 +2022,7 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersu
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
{
@@ -2040,7 +2040,8 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
}
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
* MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info)

16
library/ssl_client.c
View File

@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS ( https://tls.mbed.org )
* This file is part of Mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"
@@ -260,7 +260,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
for (; *group_list != 0; group_list++) {
int propose_group = 0;
MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
MBEDTLS_SSL_DEBUG_MSG(3, ("got supported group(%04x)", *group_list));
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
if (flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG) {
@@ -375,7 +375,7 @@ static int ssl_write_client_hello_cipher_suites(
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
(defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
*tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info);
#endif
@@ -648,14 +648,16 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (
int write_sig_alg_ext = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
(propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)) ||
write_sig_alg_ext = write_sig_alg_ext ||
(propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl));
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
propose_tls12 ||
write_sig_alg_ext = write_sig_alg_ext || propose_tls12;
#endif
0) {
if (write_sig_alg_ext) {
ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len);
if (ret != 0) {
return ret;

8
library/ssl_misc.h
View File

@@ -783,7 +783,7 @@ struct mbedtls_ssl_handshake_params {
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */
#endif
@@ -2313,7 +2313,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
const uint16_t sig_alg)
{
switch (sig_alg) {
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
break;
@@ -2326,7 +2326,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported(
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
break;
#endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_PKCS1_V21)
#if defined(PSA_WANT_ALG_SHA_256)
@@ -2482,7 +2482,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
break;
#endif
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
case MBEDTLS_SSL_SIG_ECDSA:
break;
#endif

17
library/ssl_msg.c
View File

@@ -1504,7 +1504,8 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1;
size_t padlen = 0;
mbedtls_ct_condition_t correct = MBEDTLS_CT_TRUE;
#endif
unsigned char *data;
/* For an explanation of the additional data length see
@@ -1929,7 +1930,7 @@ hmac_failed_etm_enabled:
const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
rec->data_len,
padlen + 1);
correct = mbedtls_ct_size_if_else_0(ge, correct);
correct = mbedtls_ct_bool_and(ge, correct);
padlen = mbedtls_ct_size_if_else_0(ge, padlen);
} else {
#if defined(MBEDTLS_SSL_DEBUG_ALL)
@@ -1945,7 +1946,7 @@ hmac_failed_etm_enabled:
const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
rec->data_len,
transform->maclen + padlen + 1);
correct = mbedtls_ct_size_if_else_0(ge, correct);
correct = mbedtls_ct_bool_and(ge, correct);
padlen = mbedtls_ct_size_if_else_0(ge, padlen);
}
@@ -1981,14 +1982,14 @@ hmac_failed_etm_enabled:
increment = mbedtls_ct_size_if_else_0(b, increment);
pad_count += increment;
}
correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), padlen);
correct = mbedtls_ct_bool_and(mbedtls_ct_uint_eq(pad_count, padlen), correct);
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if (padlen > 0 && correct == 0) {
if (padlen > 0 && correct == MBEDTLS_CT_FALSE) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected"));
}
#endif
padlen = mbedtls_ct_size_if_else_0(mbedtls_ct_bool(correct), padlen);
padlen = mbedtls_ct_size_if_else_0(correct, padlen);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2086,7 +2087,7 @@ hmac_failed_etm_enabled:
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
#endif
correct = 0;
correct = MBEDTLS_CT_FALSE;
}
auth_done++;
@@ -2101,7 +2102,7 @@ hmac_failed_etm_disabled:
/*
* Finally check the correct flag
*/
if (correct == 0) {
if (correct == MBEDTLS_CT_FALSE) {
return MBEDTLS_ERR_SSL_INVALID_MAC;
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */

68
library/ssl_tls.c
View File

@@ -1207,7 +1207,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
continue;
}
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
sig_algs_len += sizeof(uint16_t);
#endif
@@ -1235,7 +1235,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
if (hash == MBEDTLS_SSL_HASH_NONE) {
continue;
}
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
*p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
p++;
#endif
@@ -4156,7 +4156,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \
defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free((void *) handshake->curves_tls_id);
@@ -4578,13 +4578,14 @@ static int ssl_context_load(mbedtls_ssl_context *ssl,
* We can't check that the config matches the initial one, but we can at
* least check it matches the requirements for serializing.
*/
if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 ||
if (
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
#endif
0) {
ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 ||
ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2
) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -4972,26 +4973,26 @@ static const int ssl_preset_suiteb_ciphersuites[] = {
*/
static uint16_t ssl_preset_default_sig_algs[] = {
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA256 &&
MBEDTLS_ECP_DP_SECP256R1_ENABLED */
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
#endif
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA384) && \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&&
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
#endif
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA512) && \
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&&
MBEDTLS_ECP_DP_SECP521R1_ENABLED */
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512)
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
defined(MBEDTLS_MD_CAN_SHA512)
@@ -5030,7 +5031,7 @@ static uint16_t ssl_preset_default_sig_algs[] = {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#if defined(MBEDTLS_MD_CAN_SHA512)
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5041,7 +5042,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#endif
#endif /* MBEDTLS_MD_CAN_SHA512*/
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5052,7 +5053,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
#endif
#endif /* MBEDTLS_MD_CAN_SHA384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
@@ -5068,17 +5069,19 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
/* NOTICE: see above */
static uint16_t ssl_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA256&&
MBEDTLS_ECP_DP_SECP256R1_ENABLED */
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256)
#endif
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA384) && \
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA384) && \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA384&&
MBEDTLS_ECP_DP_SECP384R1_ENABLED */
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
#endif
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
defined(MBEDTLS_MD_CAN_SHA256)
@@ -5097,7 +5100,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256),
#endif
#if defined(MBEDTLS_RSA_C)
@@ -5105,7 +5108,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
#endif
#endif /* MBEDTLS_MD_CAN_SHA256*/
#if defined(MBEDTLS_MD_CAN_SHA384)
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
#if defined(MBEDTLS_RSA_C)
@@ -5394,7 +5397,7 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
}
#if defined(MBEDTLS_PK_C) && \
(defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SOME))
(defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
/*
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
*/
@@ -5405,7 +5408,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
return MBEDTLS_SSL_SIG_RSA;
}
#endif
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
return MBEDTLS_SSL_SIG_ECDSA;
}
@@ -5433,7 +5436,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
case MBEDTLS_SSL_SIG_RSA:
return MBEDTLS_PK_RSA;
#endif
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
case MBEDTLS_SSL_SIG_ECDSA:
return MBEDTLS_PK_ECDSA;
#endif
@@ -5441,7 +5444,8 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
return MBEDTLS_PK_NONE;
}
}
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_PK_CAN_ECDSA_SOME ) */
#endif /* MBEDTLS_PK_C &&
( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
/*
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
@@ -7722,7 +7726,7 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx,
MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len);
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
mbedtls_platform_zeroize(padbuf, hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));

18
library/ssl_tls12_client.c
View File

@@ -100,7 +100,7 @@ static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -132,7 +132,8 @@ static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -549,7 +550,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl,
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if (uses_ec) {
if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end,
@@ -818,7 +819,7 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
@@ -863,7 +864,8 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1548,7 +1550,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
MBEDTLS_SSL_DEBUG_MSG(3,
("found supported_point_formats extension"));
@@ -1559,7 +1562,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl)
}
break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C ||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)

31
library/ssl_tls12_server.c
View File

@@ -149,7 +149,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl,
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/*
* Function for parsing a supported groups (TLS 1.3) or supported elliptic
@@ -294,7 +294,8 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl,
return 0;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -669,7 +670,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
/*
* Return 0 if the given key uses one of the acceptable curves, -1 otherwise
*/
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_check_key_curve(mbedtls_pk_context *pk,
uint16_t *curves_tls_id)
@@ -688,7 +689,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk,
return -1;
}
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */
/*
* Try picking a certificate for this ciphersuite,
@@ -773,7 +774,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
continue;
}
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
if (pk_alg == MBEDTLS_PK_ECDSA &&
ssl_check_key_curve(&cur->cert->pk,
ssl->handshake->curves_tls_id) != 0) {
@@ -838,7 +839,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id,
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_PK_CAN_ECDSA_SOME)
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) &&
(ssl->handshake->curves_tls_id == NULL ||
ssl->handshake->curves_tls_id[0] == 0)) {
@@ -1383,7 +1384,7 @@ read_record_header:
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS:
MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension"));
@@ -1404,7 +1405,8 @@ read_record_header:
}
break;
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \
MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
@@ -1513,7 +1515,7 @@ read_record_header:
if (!sig_hash_alg_ext_present) {
uint16_t *received_sig_algs = ssl->handshake->received_sig_algs;
const uint16_t default_sig_algs[] = {
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
MBEDTLS_SSL_HASH_SHA1),
#endif
@@ -1898,7 +1900,8 @@ static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
unsigned char *buf,
size_t *olen)
@@ -1925,7 +1928,8 @@ static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl,
*olen = 6;
}
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C ||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2356,7 +2360,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \
defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
const mbedtls_ssl_ciphersuite_t *suite =
mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite);
if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) {
@@ -2479,7 +2484,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_RSA_C)
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
#endif
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
#endif

2
library/ssl_tls13_client.c
View File

@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS ( https://tls.mbed.org )
* This file is part of Mbed TLS ( https://tls.mbed.org )
*/
#include "common.h"

2
library/ssl_tls13_generic.c
View File

@@ -837,6 +837,8 @@ int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl)
ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len));
cleanup:
#else /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
(void) ssl;
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate"));

106
library/x509.c
View File

@@ -43,6 +43,8 @@
#include "mbedtls/pem.h"
#endif
#include "mbedtls/asn1write.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_HAVE_TIME)
@@ -810,6 +812,11 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
return 0;
}
static char nibble_to_hex_digit(int i)
{
return (i < 10) ? (i + '0') : (i - 10 + 'A');
}
/*
* Store the name in printable form into buf; no more
* than size characters will be written
@@ -817,11 +824,16 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j, n;
size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start;
/* 6 is enough as our asn1 write functions only write one byte for the tag and at most five bytes for the length*/
unsigned char asn1_tag_len_buf[6];
unsigned char *asn1_len_p;
unsigned char c, merge = 0;
const mbedtls_x509_name *name;
const char *short_name = NULL;
char lowbits, highbits;
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
int print_hexstring;
memset(s, 0, sizeof(s));
@@ -840,32 +852,91 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn)
MBEDTLS_X509_SAFE_SNPRINTF;
}
ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name);
print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) &&
(name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) &&
(name->val.tag != MBEDTLS_ASN1_IA5_STRING);
if (ret == 0) {
if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) {
ret = mbedtls_snprintf(p, n, "%s=", short_name);
} else {
ret = mbedtls_snprintf(p, n, "\?\?=");
if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) {
n -= ret;
p += ret;
ret = mbedtls_snprintf(p, n, "=");
print_hexstring = 1;
} else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
} else {
ret = mbedtls_snprintf(p, n, "\?\?=");
}
}
MBEDTLS_X509_SAFE_SNPRINTF;
for (i = 0, j = 0; i < name->val.len; i++, j++) {
if (j >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
if (print_hexstring) {
s[0] = '#';
c = name->val.p[i];
// Special characters requiring escaping, RFC 1779
if (c && strchr(",=+<>#;\"\\", c)) {
asn1_len_p = asn1_tag_len_buf + sizeof(asn1_tag_len_buf);
if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
asn1_len_size = ret;
if ((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
asn1_tag_size = ret;
asn1_tag_len_buf_start = sizeof(asn1_tag_len_buf) - asn1_len_size - asn1_tag_size;
for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) {
if (j + 1 >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
s[j++] = '\\';
c = asn1_tag_len_buf[asn1_tag_len_buf_start+i];
lowbits = (c & 0x0F);
highbits = c >> 4;
s[j++] = nibble_to_hex_digit(highbits);
s[j++] = nibble_to_hex_digit(lowbits);
}
if (c < 32 || c >= 127) {
s[j] = '?';
} else {
s[j] = c;
for (i = 0; i < name->val.len; i++) {
if (j + 1 >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
c = name->val.p[i];
lowbits = (c & 0x0F);
highbits = c >> 4;
s[j++] = nibble_to_hex_digit(highbits);
s[j++] = nibble_to_hex_digit(lowbits);
}
} else {
for (i = 0, j = 0; i < name->val.len; i++, j++) {
if (j >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
c = name->val.p[i];
// Special characters requiring escaping, RFC 4514 Section 2.4
if (c == '\0') {
return MBEDTLS_ERR_X509_INVALID_NAME;
} else {
if (strchr(",=+<>;\"\\", c) ||
((i == 0) && strchr("# ", c)) ||
((i == name->val.len-1) && (c == ' '))) {
if (j + 1 >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
s[j++] = '\\';
}
}
if (c < 32 || c >= 127) {
if (j + 3 >= sizeof(s) - 1) {
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
s[j++] = '\\';
lowbits = (c & 0x0F);
highbits = c >> 4;
s[j++] = nibble_to_hex_digit(highbits);
s[j] = nibble_to_hex_digit(lowbits);
} else {
s[j] = c;
}
}
}
s[j] = '\0';
@@ -1097,6 +1168,7 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name,
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
other_name->type_id = cur_oid;
p += len;
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
@@ -1488,7 +1560,7 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
&other_name->value.hardware_module_name.oid) != 0) {
&other_name->type_id) == 0) {
ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
ret =

202
library/x509_create.c
View File

@@ -28,6 +28,10 @@
#include <string.h>
#include "mbedtls/platform.h"
#include "mbedtls/asn1.h"
/* Structure linking OIDs for X.509 DN AttributeTypes to their
* string representations and default string encodings used by Mbed TLS. */
typedef struct {
@@ -35,7 +39,8 @@ typedef struct {
* "CN" or "emailAddress". */
size_t name_len; /* Length of 'name', without trailing 0 byte. */
const char *oid; /* String representation of OID of AttributeType,
* as per RFC 5280, Appendix A.1. */
* as per RFC 5280, Appendix A.1. encoded as per
* X.690 */
int default_tag; /* The default character encoding used for the
* given attribute type, e.g.
* MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
@@ -123,79 +128,200 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name,
return cur;
}
static int hex_to_int(char c)
{
return ('0' <= c && c <= '9') ? (c - '0') :
('a' <= c && c <= 'f') ? (c - 'a' + 10) :
('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1;
}
static int hexpair_to_int(const char *hexpair)
{
int n1 = hex_to_int(*hexpair);
int n2 = hex_to_int(*(hexpair + 1));
if (n1 != -1 && n2 != -1) {
return (n1 << 4) | n2;
} else {
return -1;
}
}
static int parse_attribute_value_string(const char *s,
int len,
unsigned char *data,
size_t *data_len)
{
const char *c;
const char *end = s + len;
unsigned char *d = data;
int n;
for (c = s; c < end; c++) {
if (*c == '\\') {
c++;
/* Check for valid escaped characters as per RFC 4514 Section 3 */
if (c + 1 < end && (n = hexpair_to_int(c)) != -1) {
if (n == 0) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
*(d++) = n;
c++;
} else if (c < end && strchr(" ,=+<>#;\"\\", *c)) {
*(d++) = *c;
} else {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
} else {
*(d++) = *c;
}
if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
}
*data_len = d - data;
return 0;
}
static int parse_attribute_value_der_encoded(const char *s,
int len,
unsigned char *data,
size_t *data_len,
int *tag)
{
const char *c = s;
const char *end = c + len;
unsigned char asn1_der_buf[MBEDTLS_X509_MAX_DN_NAME_SIZE];
unsigned char *asn1_der_end;
unsigned char *p;
unsigned char *d = data;
int n;
/* Converting from hexstring to raw binary so we can use asn1parse.c */
if ((len < 5) || (*c != '#')) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
c++;
if ((*tag = hexpair_to_int(c)) == -1) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
c += 2;
p = asn1_der_buf;
for (p = asn1_der_buf; c < end; c += 2) {
if ((c + 1 >= end) || (n = hexpair_to_int(c)) == -1) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
if (MBEDTLS_ASN1_IS_STRING_TAG(*tag) && n == 0) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
*(p++) = n;
}
asn1_der_end = p;
p = asn1_der_buf;
if (mbedtls_asn1_get_len(&p, asn1_der_end, data_len) != 0) {
return MBEDTLS_ERR_X509_INVALID_NAME;
}
while (p < asn1_der_end) {
*(d++) = *(p++);
}
return 0;
}
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
{
int ret = MBEDTLS_ERR_X509_INVALID_NAME;
int parse_ret = 0;
const char *s = name, *c = s;
const char *end = s + strlen(s);
const char *oid = NULL;
mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = MBEDTLS_ASN1_NULL };
const x509_attr_descriptor_t *attr_descr = NULL;
int in_tag = 1;
char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
char *d = data;
int in_attr_type = 1;
int tag;
int numericoid = 0;
unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
size_t data_len = 0;
/* Clear existing chain if present */
mbedtls_asn1_free_named_data_list(head);
while (c <= end) {
if (in_tag && *c == '=') {
if (in_attr_type && *c == '=') {
if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) {
ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
goto exit;
if ((mbedtls_oid_from_numeric_string(&oid, s, c - s)) != 0) {
return MBEDTLS_ERR_X509_INVALID_NAME;
} else {
numericoid = 1;
}
} else {
oid.len = strlen(attr_descr->oid);
oid.p = mbedtls_calloc(1, oid.len);
memcpy(oid.p, attr_descr->oid, oid.len);
numericoid = 0;
}
oid = attr_descr->oid;
s = c + 1;
in_tag = 0;
d = data;
in_attr_type = 0;
}
if (!in_tag && *c == '\\' && c != end) {
c++;
/* Check for valid escaped characters */
if (c == end || *c != ',') {
ret = MBEDTLS_ERR_X509_INVALID_NAME;
goto exit;
if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) {
if (s == c) {
mbedtls_free(oid.p);
return MBEDTLS_ERR_X509_INVALID_NAME;
} else if (*s == '#') {
if ((parse_ret =
parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len,
&tag)) != 0) {
mbedtls_free(oid.p);
return MBEDTLS_ERR_X509_INVALID_NAME;
}
} else {
if (numericoid) {
mbedtls_free(oid.p);
return MBEDTLS_ERR_X509_INVALID_NAME;
} else {
if ((parse_ret =
parse_attribute_value_string(s, (int) (c - s), data,
&data_len)) != 0) {
mbedtls_free(oid.p);
return parse_ret;
}
tag = attr_descr->default_tag;
}
}
} else if (!in_tag && (*c == ',' || c == end)) {
mbedtls_asn1_named_data *cur =
mbedtls_asn1_store_named_data(head, oid, strlen(oid),
(unsigned char *) data,
d - data);
mbedtls_asn1_named_data *cur =
mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len,
(unsigned char *) data,
data_len);
mbedtls_free(oid.p);
oid.p = NULL;
if (cur == NULL) {
return MBEDTLS_ERR_X509_ALLOC_FAILED;
}
// set tagType
cur->val.tag = attr_descr->default_tag;
cur->val.tag = tag;
while (c < end && *(c + 1) == ' ') {
c++;
}
s = c + 1;
in_tag = 1;
in_attr_type = 1;
/* Successfully parsed one name, update ret to success */
ret = 0;
}
if (!in_tag && s != c + 1) {
*(d++) = *c;
if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) {
ret = MBEDTLS_ERR_X509_INVALID_NAME;
goto exit;
}
}
c++;
}
exit:
if (oid.p != NULL) {
mbedtls_free(oid.p);
}
return ret;
}

4
library/x509_crt.c
View File

@@ -2754,8 +2754,8 @@ static int x509_inet_pton_ipv6(const char *src, void *dst)
p++;
}
if (num_digits != 0) {
addr[nonzero_groups++] = MBEDTLS_IS_BIG_ENDIAN ? group :
(group << 8) | (group >> 8);
MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
nonzero_groups++;
if (*p == '\0') {
break;
} else if (*p == '.') {