lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-05 00:22:11 +03:00
Code

Merge pull request #6491 from davidhorstmann-arm/2.28-fix-unusual-macros-0

Browse Source 
[Backport-ish 2.28] Fix unusual macros
This commit is contained in:
Gilles Peskine 2022-11-03 10:29:06 +01:00 committed by GitHub
commit c4698502d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 160 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
library/aria.c
View File

@ -888,15 +888,17 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext
};
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#define ARIA_SELF_TEST_IF_FAIL \
{ \
#define ARIA_SELF_TEST_ASSERT( cond ) \
do { \
if( cond ) { \
if( verbose ) \
mbedtls_printf( "failed\n" ); \
goto exit; \
} else { \
if( verbose ) \
mbedtls_printf( "passed\n" ); \
}
} \
} while( 0 )
/*
* Checkup routine
@ -930,16 +932,18 @@ int mbedtls_aria_self_test( int verbose )
mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i );
mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT(
memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
!= 0 );
/* test ECB decryption */
if( verbose )
mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i );
mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT(
memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
!= 0 );
}
if( verbose )
mbedtls_printf( "\n" );
@ -958,8 +962,8 @@ int mbedtls_aria_self_test( int verbose )
memset( buf, 0x55, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
aria_test2_pt, buf );
if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
!= 0 );
/* Test CBC decryption */
if( verbose )
@ -969,8 +973,7 @@ int mbedtls_aria_self_test( int verbose )
memset( buf, 0xAA, sizeof( buf ) );
mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
aria_test2_cbc_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
}
if( verbose )
mbedtls_printf( "\n" );
@ -989,8 +992,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
aria_test2_pt, buf );
if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
/* Test CFB decryption */
if( verbose )
@ -1001,8 +1003,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0;
mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
iv, aria_test2_cfb_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
}
if( verbose )
mbedtls_printf( "\n" );
@ -1020,8 +1021,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_pt, buf );
if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
/* Test CTR decryption */
if( verbose )
@ -1032,8 +1032,7 @@ int mbedtls_aria_self_test( int verbose )
j = 0;
mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
aria_test2_ctr_ct[i], buf );
if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
ARIA_SELF_TEST_IF_FAIL;
ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
}
if( verbose )
mbedtls_printf( "\n" );

6
library/asn1write.c
View File

@ -72,9 +72,11 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return( 4 );
}
int len_is_valid = 1;
#if SIZE_MAX > 0xFFFFFFFF
if( len <= 0xFFFFFFFF )
len_is_valid = ( len <= 0xFFFFFFFF );
#endif
if( len_is_valid )
{
if( *p - start < 5 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@ -87,9 +89,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
return( 5 );
}
#if SIZE_MAX > 0xFFFFFFFF
return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
#endif
}
int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )

6
library/ecdh.c
View File

@ -77,10 +77,12 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* If multiplication is in progress, we already generated a privkey */
int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx == NULL || rs_ctx->rsm == NULL )
restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
#endif
/* If multiplication is in progress, we already generated a privkey */
if( !restarting )
MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,

39
library/ecp.c
View File

@ -2048,9 +2048,13 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
i = d;
MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 )
if( f_rng == 0 )
have_rng = 0;
#endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
}
@ -2184,9 +2188,12 @@ final_norm:
*
* Avoid the leak by randomizing coordinates before we normalize them.
*/
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 )
if( f_rng == 0 )
have_rng = 0;
#endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
@ -2395,12 +2402,14 @@ cleanup:
mbedtls_free( T );
}
/* don't free R while in progress in case R == P */
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
#endif
/* prevent caller from using invalid value */
if( ret != 0 )
int should_free_R = ( ret != 0 );
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* don't free R while in progress in case R == P */
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
should_free_R = 0;
#endif
if( should_free_R )
mbedtls_ecp_point_free( R );
ECP_RS_LEAVE( rsm );
@ -2588,9 +2597,12 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MOD_ADD( RP.X );
/* Randomize coordinates of the starting point */
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL )
if( f_rng == NULL )
have_rng = 0;
#endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */
@ -2623,9 +2635,12 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
*
* Avoid the leak by randomizing coordinates before we normalize them.
*/
have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL )
if( f_rng == NULL )
have_rng = 0;
#endif
if( have_rng )
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
@ -2672,10 +2687,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
int restarting = 0;
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* skip argument check when restarting */
if( rs_ctx == NULL || rs_ctx->rsm == NULL )
restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
#endif
/* skip argument check when restarting */
if( !restarting )
{
/* check_privkey is free */
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );

4
library/sha512.c
View File

@ -418,9 +418,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
sha512_put_uint64_be( ctx->state[4], output, 32 );
sha512_put_uint64_be( ctx->state[5], output, 40 );
int truncated = 0;
#if !defined(MBEDTLS_SHA512_NO_SHA384)
if( ctx->is384 == 0 )
truncated = ctx->is384;
#endif
if( !truncated )
{
sha512_put_uint64_be( ctx->state[6], output, 48 );
sha512_put_uint64_be( ctx->state[7], output, 56 );

30
library/ssl_cli.c
View File

@ -998,9 +998,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_NO_RNG );
}
int renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif
if( !renegotiating )
{
ssl->major_ver = ssl->conf->min_major_ver;
ssl->minor_ver = ssl->conf->min_minor_ver;
@ -1086,9 +1089,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif
if( !renegotiating )
{
if( ssl->session_negotiate->ticket != NULL &&
ssl->session_negotiate->ticket_len != 0 )
@ -1203,9 +1209,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif
if( !renegotiating )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
@ -2235,20 +2244,23 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/
comp = buf[37 + n];
int bad_comp = 0;
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
accept_comp = 1;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
accept_comp = 0;
else
#endif
accept_comp = 1;
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
bad_comp = 1;
#else /* MBEDTLS_ZLIB_SUPPORT */
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
bad_comp = 1;
#endif/* MBEDTLS_ZLIB_SUPPORT */
if( bad_comp )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server hello, bad compression: %d", comp ) );
@ -2692,12 +2704,16 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
int bad_params = 0;
#if defined(MBEDTLS_ECP_C)
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
bad_params = 1;
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
bad_params = 1;
#endif
if( bad_params )
return( -1 );
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
@ -3451,9 +3467,11 @@ start_processing:
if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{
int send_alert_msg = 1;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
#endif
if( send_alert_msg )
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,

11
library/ssl_msg.c
View File

@ -435,9 +435,12 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data,
unsigned char *cur = add_data;
int is_tls13 = 0;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 )
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
is_tls13 = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
if( !is_tls13 )
{
((void) minor_ver);
memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
@ -3944,8 +3947,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
if( ssl_record_is_in_progress( ssl ) == 0 )
{
int dtls_have_buffered = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
int have_buffered = 0;
/* We only check for buffered messages if the
* current datagram is fully consumed. */
@ -3953,11 +3956,11 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
ssl_next_record_is_in_datagram( ssl ) == 0 )
{
if( ssl_load_buffered_message( ssl ) == 0 )
have_buffered = 1;
dtls_have_buffered = 1;
}
if( have_buffered == 0 )
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( dtls_have_buffered == 0 )
{
ret = ssl_get_next_record( ssl );
if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )

10
library/ssl_srv.c
View File

@ -1454,6 +1454,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
int renegotiating = 0;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
read_record_header:
#endif
@ -1463,8 +1464,10 @@ read_record_header:
* ClientHello, which doesn't use the same record layer format.
*/
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif
if( !renegotiating )
{
if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
{
@ -1477,9 +1480,12 @@ read_record_header:
buf = ssl->in_hdr;
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
int is_dtls = 0;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
is_dtls = 1;
#endif
if( !is_dtls )
if( ( buf[0] & 0x80 ) != 0 )
return( ssl_parse_client_hello_v2( ssl ) );
#endif

16
library/ssl_ticket.c
View File

@ -146,7 +146,10 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
int do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
do_mbedtls_cipher_setup = 0;
ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
cipher_info, TICKET_AUTH_TAG_BYTES );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
@ -154,18 +157,27 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
/* We don't yet expect to support all ciphers through PSA,
* so allow fallback to ordinary mbedtls_cipher_setup(). */
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
do_mbedtls_cipher_setup = 1;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 )
if( do_mbedtls_cipher_setup )
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )
!= 0 )
return( ret );
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
do_mbedtls_cipher_setup = 0;
ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx,
cipher_info, TICKET_AUTH_TAG_BYTES );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
return( ret );
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
do_mbedtls_cipher_setup = 1;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
if( do_mbedtls_cipher_setup )
if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) )
!= 0 )
return( ret );
if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||

25
library/ssl_tls.c
View File

@ -981,6 +981,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int psa_fallthrough;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int do_mbedtls_cipher_setup;
unsigned char keyblk[256];
unsigned char *key1;
unsigned char *key2;
@ -1359,6 +1360,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
}
#endif
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Only use PSA-based ciphers for TLS-1.2.
@ -1394,15 +1396,18 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
psa_fallthrough = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( psa_fallthrough == 1 )
if( psa_fallthrough == 0 )
do_mbedtls_cipher_setup = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
if( do_mbedtls_cipher_setup &&
( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
goto end;
}
do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* Only use PSA-based ciphers for TLS-1.2.
* That's relevant at least for TLS-1.0, where
@ -1437,9 +1442,11 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
psa_fallthrough = 1;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( psa_fallthrough == 1 )
if( psa_fallthrough == 0 )
do_mbedtls_cipher_setup = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
if( do_mbedtls_cipher_setup &&
( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
cipher_info ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
@ -4085,9 +4092,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
memset( ssl->out_buf, 0, out_buf_len );
int clear_in_buf = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
if( partial == 0 )
if( partial != 0 )
clear_in_buf = 0;
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
if( clear_in_buf )
{
ssl->in_left = 0;
memset( ssl->in_buf, 0, in_buf_len );
@ -4124,9 +4134,12 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
int free_cli_id = 1;
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
if( partial == 0 )
if( partial != 0 )
free_cli_id = 0;
#endif
if( free_cli_id )
{
mbedtls_free( ssl->cli_id );
ssl->cli_id = NULL;

5
library/x509_crt.c
View File

@ -1258,9 +1258,12 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
}
}
int extensions_allowed = 1;
#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
if( crt->version == 3 )
if( crt->version != 3 )
extensions_allowed = 0;
#endif
if( extensions_allowed )
{
ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx );
if( ret != 0 )

4
programs/ssl/ssl_client2.c
View File

@ -1573,8 +1573,9 @@ int main( int argc, char *argv[] )
if( ret != 0 )
break;
}
if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */
if( ret == 0 )
{
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse_der( &cacert,
@ -1584,6 +1585,7 @@ int main( int argc, char *argv[] )
break;
}
}
}
#else
{
ret = 1;

4
programs/ssl/ssl_server2.c
View File

@ -2377,8 +2377,9 @@ int main( int argc, char *argv[] )
if( ret != 0 )
break;
}
if( ret == 0 )
#endif /* MBEDTLS_PEM_PARSE_C */
if( ret == 0 )
{
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse_der( &cacert,
@ -2388,6 +2389,7 @@ int main( int argc, char *argv[] )
break;
}
}
}
#else
{
ret = 1;