Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925

Conflicts: * `include/mbedtls/build_info.h`: a new fragment to auto-enable `MBEDTLS_CIPHER_PADDING_PKCS7` was added in c9f4040f7f in `development-restricted`. In `development`, this section of the file has moved to `include/mbedtls/config_adjust_legacy_crypto.h`. * `library/bignum.c`: function name change in `development-restricted` vs comment change in development. The comment change in `development` is not really relevant, so just take the line from `development-restricted`.
2025-07-28 00:21:48 +03:00 · 2023-09-25 16:16:26 +02:00
parent 76059e5ef8 87fe99627f
commit ca1e605b9c
201 changed files with 5318 additions and 2759 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -1504,7 +1504,8 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,

    int auth_done = 0;
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
-    size_t padlen = 0, correct = 1;
+    size_t padlen = 0;
+    mbedtls_ct_condition_t correct = MBEDTLS_CT_TRUE;
 #endif
    unsigned char *data;
    /* For an explanation of the additional data length see
@ -1929,7 +1930,7 @@ hmac_failed_etm_enabled:
            const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
                rec->data_len,
                padlen + 1);
-            correct = mbedtls_ct_size_if_else_0(ge, correct);
+            correct = mbedtls_ct_bool_and(ge, correct);
            padlen  = mbedtls_ct_size_if_else_0(ge, padlen);
        } else {
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
@ -1945,7 +1946,7 @@ hmac_failed_etm_enabled:
            const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
                rec->data_len,
                transform->maclen + padlen + 1);
-            correct = mbedtls_ct_size_if_else_0(ge, correct);
+            correct = mbedtls_ct_bool_and(ge, correct);
            padlen  = mbedtls_ct_size_if_else_0(ge, padlen);
        }

@ -1981,14 +1982,14 @@ hmac_failed_etm_enabled:
            increment = mbedtls_ct_size_if_else_0(b, increment);
            pad_count += increment;
        }
-        correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), padlen);
+        correct = mbedtls_ct_bool_and(mbedtls_ct_uint_eq(pad_count, padlen), correct);

 #if defined(MBEDTLS_SSL_DEBUG_ALL)
-        if (padlen > 0 && correct == 0) {
+        if (padlen > 0 && correct == MBEDTLS_CT_FALSE) {
            MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected"));
        }
 #endif
-        padlen = mbedtls_ct_size_if_else_0(mbedtls_ct_bool(correct), padlen);
+        padlen = mbedtls_ct_size_if_else_0(correct, padlen);

 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

@ -2086,7 +2087,7 @@ hmac_failed_etm_enabled:
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
            MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match"));
 #endif
-            correct = 0;
+            correct = MBEDTLS_CT_FALSE;
        }
        auth_done++;

@ -2101,7 +2102,7 @@ hmac_failed_etm_disabled:
    /*
     * Finally check the correct flag
     */
-    if (correct == 0) {
+    if (correct == MBEDTLS_CT_FALSE) {
        return MBEDTLS_ERR_SSL_INVALID_MAC;
    }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */