lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback

Browse Source 
Mbed TLS 3.4.0
This commit is contained in:
Paul Elliott
2023-03-27 18:09:49 +01:00
parent 445c3bfcac 1873d3bfc2
commit d01a3bca05
140 changed files with 102278 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/CMakeLists.txt
View File

@ -284,7 +284,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.3.0 SOVERSION 13)
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.4.0 SOVERSION 14)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
if(TARGET everest)
@ -292,11 +292,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
endif()
add_library(${mbedx509_target} SHARED ${src_x509})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.3.0 SOVERSION 4)
set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.0 SOVERSION 5)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.3.0 SOVERSION 19)
set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.4.0 SOVERSION 19)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)

4
library/Makefile
View File

@ -48,8 +48,8 @@ endif
endif
SOEXT_TLS?=so.19
SOEXT_X509?=so.4
SOEXT_CRYPTO?=so.13
SOEXT_X509?=so.5
SOEXT_CRYPTO?=so.14
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)

133
library/aes.c
View File

@ -47,8 +47,7 @@
#if !defined(MBEDTLS_AES_ALT)
#if defined(MBEDTLS_PADLOCK_C) && \
(defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16))
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
static int aes_padlock_ace = -1;
#endif
@ -505,6 +504,53 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
/* Some implementations need the round keys to be aligned.
* Return an offset to be added to buf, such that (buf + offset) is
* correctly aligned.
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
#if (defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)) || \
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#define MAY_NEED_TO_ALIGN
#endif
static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
{
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
if (aes_padlock_ace) {
align_16_bytes = 1;
}
#endif
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
align_16_bytes = 1;
}
#endif
if (align_16_bytes) {
/* These implementations needs 16-byte alignment
* for the round key array. */
unsigned delta = ((uintptr_t) buf & 0x0000000fU) / 4;
if (delta == 0) {
return 0;
} else {
return 4 - delta; // 16 bytes = 4 uint32_t
}
}
#else /* MAY_NEED_TO_ALIGN */
(void) buf;
#endif /* MAY_NEED_TO_ALIGN */
return 0;
}
/*
* AES key schedule (encryption)
*/
@ -529,19 +575,10 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
}
#endif
ctx->rk_offset = 0;
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
if (aes_padlock_ace) {
ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16(ctx->buf) - ctx->buf;
}
#endif
ctx->rk_offset = mbedtls_aes_rk_offset(ctx->buf);
RK = ctx->buf + ctx->rk_offset;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
return mbedtls_aesni_setkey_enc((unsigned char *) RK, key, keybits);
}
@ -634,16 +671,7 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
mbedtls_aes_init(&cty);
ctx->rk_offset = 0;
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
if (aes_padlock_ace) {
ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16(ctx->buf) - ctx->buf;
}
#endif
ctx->rk_offset = mbedtls_aes_rk_offset(ctx->buf);
RK = ctx->buf + ctx->rk_offset;
/* Also checks keybits */
@ -653,7 +681,7 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
ctx->nr = cty.nr;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
mbedtls_aesni_inverse_key((unsigned char *) RK,
(const unsigned char *) (cty.buf + cty.rk_offset), ctx->nr);
@ -945,6 +973,26 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
#if defined(MAY_NEED_TO_ALIGN)
/* VIA Padlock and our intrinsics-based implementation of AESNI require
* the round keys to be aligned on a 16-byte boundary. We take care of this
* before creating them, but the AES context may have moved (this can happen
* if the library is called from a language with managed memory), and in later
* calls it might have a different alignment with respect to 16-byte memory.
* So we may need to realign.
*/
static void aes_maybe_realign(mbedtls_aes_context *ctx)
{
unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
if (new_offset != ctx->rk_offset) {
memmove(ctx->buf + new_offset, // new address
ctx->buf + ctx->rk_offset, // current address
(ctx->nr + 1) * 16); // number of round keys * bytes per rk
ctx->rk_offset = new_offset;
}
}
#endif
/*
* AES-ECB block encryption/decryption
*/
@ -957,7 +1005,11 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MAY_NEED_TO_ALIGN)
aes_maybe_realign(ctx);
#endif
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
return mbedtls_aesni_crypt_ecb(ctx, mode, input, output);
}
@ -971,13 +1023,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if (aes_padlock_ace > 0) {
if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) {
return 0;
}
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
}
#endif
@ -1729,6 +1775,29 @@ int mbedtls_aes_self_test(int verbose)
memset(key, 0, 32);
mbedtls_aes_init(&ctx);
if (verbose != 0) {
#if defined(MBEDTLS_AES_ALT)
mbedtls_printf(" AES note: alternative implementation.\n");
#else /* MBEDTLS_AES_ALT */
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
#endif
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
mbedtls_printf(" AES note: using AESNI.\n");
} else
#endif
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
if (mbedtls_aesce_has_support()) {
mbedtls_printf(" AES note: using AESCE.\n");
} else
#endif
mbedtls_printf(" AES note: built-in implementation.\n");
#endif /* MBEDTLS_AES_ALT */
}
/*
* ECB mode
*/

604
library/aesni.c
View File

@ -18,26 +18,26 @@
*/
/*
* [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
* [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
* [AES-WP] https://www.intel.com/content/www/us/en/developer/articles/tool/intel-advanced-encryption-standard-aes-instructions-set.html
* [CLMUL-WP] https://www.intel.com/content/www/us/en/develop/download/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode.html
*/
#include "common.h"
#if defined(MBEDTLS_AESNI_C)
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#warning \
"MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
#include "aesni.h"
#include <string.h>
#if defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#if MBEDTLS_AESNI_HAVE_CODE == 2
#if !defined(_WIN32)
#include <cpuid.h>
#endif
#include <immintrin.h>
#endif
/*
* AES-NI support detection routine
@ -48,17 +48,355 @@ int mbedtls_aesni_has_support(unsigned int what)
static unsigned int c = 0;
if (!done) {
#if MBEDTLS_AESNI_HAVE_CODE == 2
static unsigned info[4] = { 0, 0, 0, 0 };
#if defined(_MSC_VER)
__cpuid(info, 1);
#else
__cpuid(1, info[0], info[1], info[2], info[3]);
#endif
c = info[2];
#else /* AESNI using asm */
asm ("movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c" (c)
:
: "eax", "ebx", "edx");
#endif /* MBEDTLS_AESNI_HAVE_CODE */
done = 1;
}
return (c & what) != 0;
}
#if MBEDTLS_AESNI_HAVE_CODE == 2
/*
* AES-NI AES-ECB block en(de)cryption
*/
int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16])
{
const __m128i *rk = (const __m128i *) (ctx->buf + ctx->rk_offset);
unsigned nr = ctx->nr; // Number of remaining rounds
// Load round key 0
__m128i state;
memcpy(&state, input, 16);
state = _mm_xor_si128(state, rk[0]); // state ^= *rk;
++rk;
--nr;
if (mode == 0) {
while (nr != 0) {
state = _mm_aesdec_si128(state, *rk);
++rk;
--nr;
}
state = _mm_aesdeclast_si128(state, *rk);
} else {
while (nr != 0) {
state = _mm_aesenc_si128(state, *rk);
++rk;
--nr;
}
state = _mm_aesenclast_si128(state, *rk);
}
memcpy(output, &state, 16);
return 0;
}
/*
* GCM multiplication: c = a times b in GF(2^128)
* Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
*/
static void gcm_clmul(const __m128i aa, const __m128i bb,
__m128i *cc, __m128i *dd)
{
/*
* Caryless multiplication dd:cc = aa * bb
* using [CLMUL-WP] algorithm 1 (p. 12).
*/
*cc = _mm_clmulepi64_si128(aa, bb, 0x00); // a0*b0 = c1:c0
*dd = _mm_clmulepi64_si128(aa, bb, 0x11); // a1*b1 = d1:d0
__m128i ee = _mm_clmulepi64_si128(aa, bb, 0x10); // a0*b1 = e1:e0
__m128i ff = _mm_clmulepi64_si128(aa, bb, 0x01); // a1*b0 = f1:f0
ff = _mm_xor_si128(ff, ee); // e1+f1:e0+f0
ee = ff; // e1+f1:e0+f0
ff = _mm_srli_si128(ff, 8); // 0:e1+f1
ee = _mm_slli_si128(ee, 8); // e0+f0:0
*dd = _mm_xor_si128(*dd, ff); // d1:d0+e1+f1
*cc = _mm_xor_si128(*cc, ee); // c1+e0+f0:c0
}
static void gcm_shift(__m128i *cc, __m128i *dd)
{
/* [CMUCL-WP] Algorithm 5 Step 1: shift cc:dd one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 18). */
// // *cc = r1:r0
// // *dd = r3:r2
__m128i cc_lo = _mm_slli_epi64(*cc, 1); // r1<<1:r0<<1
__m128i dd_lo = _mm_slli_epi64(*dd, 1); // r3<<1:r2<<1
__m128i cc_hi = _mm_srli_epi64(*cc, 63); // r1>>63:r0>>63
__m128i dd_hi = _mm_srli_epi64(*dd, 63); // r3>>63:r2>>63
__m128i xmm5 = _mm_srli_si128(cc_hi, 8); // 0:r1>>63
cc_hi = _mm_slli_si128(cc_hi, 8); // r0>>63:0
dd_hi = _mm_slli_si128(dd_hi, 8); // 0:r1>>63
*cc = _mm_or_si128(cc_lo, cc_hi); // r1<<1|r0>>63:r0<<1
*dd = _mm_or_si128(_mm_or_si128(dd_lo, dd_hi), xmm5); // r3<<1|r2>>62:r2<<1|r1>>63
}
static __m128i gcm_reduce(__m128i xx)
{
// // xx = x1:x0
/* [CLMUL-WP] Algorithm 5 Step 2 */
__m128i aa = _mm_slli_epi64(xx, 63); // x1<<63:x0<<63 = stuff:a
__m128i bb = _mm_slli_epi64(xx, 62); // x1<<62:x0<<62 = stuff:b
__m128i cc = _mm_slli_epi64(xx, 57); // x1<<57:x0<<57 = stuff:c
__m128i dd = _mm_slli_si128(_mm_xor_si128(_mm_xor_si128(aa, bb), cc), 8); // a+b+c:0
return _mm_xor_si128(dd, xx); // x1+a+b+c:x0 = d:x0
}
static __m128i gcm_mix(__m128i dx)
{
/* [CLMUL-WP] Algorithm 5 Steps 3 and 4 */
__m128i ee = _mm_srli_epi64(dx, 1); // e1:x0>>1 = e1:e0'
__m128i ff = _mm_srli_epi64(dx, 2); // f1:x0>>2 = f1:f0'
__m128i gg = _mm_srli_epi64(dx, 7); // g1:x0>>7 = g1:g0'
// e0'+f0'+g0' is almost e0+f0+g0, except for some missing
// bits carried from d. Now get those bits back in.
__m128i eh = _mm_slli_epi64(dx, 63); // d<<63:stuff
__m128i fh = _mm_slli_epi64(dx, 62); // d<<62:stuff
__m128i gh = _mm_slli_epi64(dx, 57); // d<<57:stuff
__m128i hh = _mm_srli_si128(_mm_xor_si128(_mm_xor_si128(eh, fh), gh), 8); // 0:missing bits of d
return _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(ee, ff), gg), hh), dx);
}
void mbedtls_aesni_gcm_mult(unsigned char c[16],
const unsigned char a[16],
const unsigned char b[16])
{
__m128i aa, bb, cc, dd;
/* The inputs are in big-endian order, so byte-reverse them */
for (size_t i = 0; i < 16; i++) {
((uint8_t *) &aa)[i] = a[15 - i];
((uint8_t *) &bb)[i] = b[15 - i];
}
gcm_clmul(aa, bb, &cc, &dd);
gcm_shift(&cc, &dd);
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
* using [CLMUL-WP] algorithm 5 (p. 18).
* Currently dd:cc holds x3:x2:x1:x0 (already shifted).
*/
__m128i dx = gcm_reduce(cc);
__m128i xh = gcm_mix(dx);
cc = _mm_xor_si128(xh, dd); // x3+h1:x2+h0
/* Now byte-reverse the outputs */
for (size_t i = 0; i < 16; i++) {
c[i] = ((uint8_t *) &cc)[15 - i];
}
return;
}
/*
* Compute decryption round keys from encryption round keys
*/
void mbedtls_aesni_inverse_key(unsigned char *invkey,
const unsigned char *fwdkey, int nr)
{
__m128i *ik = (__m128i *) invkey;
const __m128i *fk = (const __m128i *) fwdkey + nr;
*ik = *fk;
for (--fk, ++ik; fk > (const __m128i *) fwdkey; --fk, ++ik) {
*ik = _mm_aesimc_si128(*fk);
}
*ik = *fk;
}
/*
* Key expansion, 128-bit case
*/
static __m128i aesni_set_rk_128(__m128i state, __m128i xword)
{
/*
* Finish generating the next round key.
*
* On entry state is r3:r2:r1:r0 and xword is X:stuff:stuff:stuff
* with X = rot( sub( r3 ) ) ^ RCON (obtained with AESKEYGENASSIST).
*
* On exit, xword is r7:r6:r5:r4
* with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
* and this is returned, to be written to the round key buffer.
*/
xword = _mm_shuffle_epi32(xword, 0xff); // X:X:X:X
xword = _mm_xor_si128(xword, state); // X+r3:X+r2:X+r1:r4
state = _mm_slli_si128(state, 4); // r2:r1:r0:0
xword = _mm_xor_si128(xword, state); // X+r3+r2:X+r2+r1:r5:r4
state = _mm_slli_si128(state, 4); // r1:r0:0:0
xword = _mm_xor_si128(xword, state); // X+r3+r2+r1:r6:r5:r4
state = _mm_slli_si128(state, 4); // r0:0:0:0
state = _mm_xor_si128(xword, state); // r7:r6:r5:r4
return state;
}
static void aesni_setkey_enc_128(unsigned char *rk_bytes,
const unsigned char *key)
{
__m128i *rk = (__m128i *) rk_bytes;
memcpy(&rk[0], key, 16);
rk[1] = aesni_set_rk_128(rk[0], _mm_aeskeygenassist_si128(rk[0], 0x01));
rk[2] = aesni_set_rk_128(rk[1], _mm_aeskeygenassist_si128(rk[1], 0x02));
rk[3] = aesni_set_rk_128(rk[2], _mm_aeskeygenassist_si128(rk[2], 0x04));
rk[4] = aesni_set_rk_128(rk[3], _mm_aeskeygenassist_si128(rk[3], 0x08));
rk[5] = aesni_set_rk_128(rk[4], _mm_aeskeygenassist_si128(rk[4], 0x10));
rk[6] = aesni_set_rk_128(rk[5], _mm_aeskeygenassist_si128(rk[5], 0x20));
rk[7] = aesni_set_rk_128(rk[6], _mm_aeskeygenassist_si128(rk[6], 0x40));
rk[8] = aesni_set_rk_128(rk[7], _mm_aeskeygenassist_si128(rk[7], 0x80));
rk[9] = aesni_set_rk_128(rk[8], _mm_aeskeygenassist_si128(rk[8], 0x1B));
rk[10] = aesni_set_rk_128(rk[9], _mm_aeskeygenassist_si128(rk[9], 0x36));
}
/*
* Key expansion, 192-bit case
*/
static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword,
unsigned char *rk)
{
/*
* Finish generating the next 6 quarter-keys.
*
* On entry state0 is r3:r2:r1:r0, state1 is stuff:stuff:r5:r4
* and xword is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON
* (obtained with AESKEYGENASSIST).
*
* On exit, state0 is r9:r8:r7:r6 and state1 is stuff:stuff:r11:r10
* and those are written to the round key buffer.
*/
xword = _mm_shuffle_epi32(xword, 0x55); // X:X:X:X
xword = _mm_xor_si128(xword, *state0); // X+r3:X+r2:X+r1:X+r0
*state0 = _mm_slli_si128(*state0, 4); // r2:r1:r0:0
xword = _mm_xor_si128(xword, *state0); // X+r3+r2:X+r2+r1:X+r1+r0:X+r0
*state0 = _mm_slli_si128(*state0, 4); // r1:r0:0:0
xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1:X+r2+r1+r0:X+r1+r0:X+r0
*state0 = _mm_slli_si128(*state0, 4); // r0:0:0:0
xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1+r0:X+r2+r1+r0:X+r1+r0:X+r0
*state0 = xword; // = r9:r8:r7:r6
xword = _mm_shuffle_epi32(xword, 0xff); // r9:r9:r9:r9
xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5:r9+r4
*state1 = _mm_slli_si128(*state1, 4); // stuff:stuff:r4:0
xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5+r4:r9+r4
*state1 = xword; // = stuff:stuff:r11:r10
/* Store state0 and the low half of state1 into rk, which is conceptually
* an array of 24-byte elements. Since 24 is not a multiple of 16,
* rk is not necessarily aligned so just `*rk = *state0` doesn't work. */
memcpy(rk, state0, 16);
memcpy(rk + 16, state1, 8);
}
static void aesni_setkey_enc_192(unsigned char *rk,
const unsigned char *key)
{
/* First round: use original key */
memcpy(rk, key, 24);
/* aes.c guarantees that rk is aligned on a 16-byte boundary. */
__m128i state0 = ((__m128i *) rk)[0];
__m128i state1 = _mm_loadl_epi64(((__m128i *) rk) + 1);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x01), rk + 24 * 1);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x02), rk + 24 * 2);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x04), rk + 24 * 3);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x08), rk + 24 * 4);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x10), rk + 24 * 5);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x20), rk + 24 * 6);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7);
aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8);
}
/*
* Key expansion, 256-bit case
*/
static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword,
__m128i *rk0, __m128i *rk1)
{
/*
* Finish generating the next two round keys.
*
* On entry state0 is r3:r2:r1:r0, state1 is r7:r6:r5:r4 and
* xword is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
* (obtained with AESKEYGENASSIST).
*
* On exit, *rk0 is r11:r10:r9:r8 and *rk1 is r15:r14:r13:r12
*/
xword = _mm_shuffle_epi32(xword, 0xff);
xword = _mm_xor_si128(xword, state0);
state0 = _mm_slli_si128(state0, 4);
xword = _mm_xor_si128(xword, state0);
state0 = _mm_slli_si128(state0, 4);
xword = _mm_xor_si128(xword, state0);
state0 = _mm_slli_si128(state0, 4);
state0 = _mm_xor_si128(state0, xword);
*rk0 = state0;
/* Set xword to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
xword = _mm_aeskeygenassist_si128(state0, 0x00);
xword = _mm_shuffle_epi32(xword, 0xaa);
xword = _mm_xor_si128(xword, state1);
state1 = _mm_slli_si128(state1, 4);
xword = _mm_xor_si128(xword, state1);
state1 = _mm_slli_si128(state1, 4);
xword = _mm_xor_si128(xword, state1);
state1 = _mm_slli_si128(state1, 4);
state1 = _mm_xor_si128(state1, xword);
*rk1 = state1;
}
static void aesni_setkey_enc_256(unsigned char *rk_bytes,
const unsigned char *key)
{
__m128i *rk = (__m128i *) rk_bytes;
memcpy(&rk[0], key, 16);
memcpy(&rk[1], key + 16, 16);
/*
* Main "loop" - Generating one more key than necessary,
* see definition of mbedtls_aes_context.buf
*/
aesni_set_rk_256(rk[0], rk[1], _mm_aeskeygenassist_si128(rk[1], 0x01), &rk[2], &rk[3]);
aesni_set_rk_256(rk[2], rk[3], _mm_aeskeygenassist_si128(rk[3], 0x02), &rk[4], &rk[5]);
aesni_set_rk_256(rk[4], rk[5], _mm_aeskeygenassist_si128(rk[5], 0x04), &rk[6], &rk[7]);
aesni_set_rk_256(rk[6], rk[7], _mm_aeskeygenassist_si128(rk[7], 0x08), &rk[8], &rk[9]);
aesni_set_rk_256(rk[8], rk[9], _mm_aeskeygenassist_si128(rk[9], 0x10), &rk[10], &rk[11]);
aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]);
aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]);
}
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
#warning \
"MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
#endif
#endif
/*
* Binutils needs to be at least 2.19 to support AES-NI instructions.
* Unfortunately, a lot of users have a lower version now (2014-04).
@ -69,13 +407,13 @@ int mbedtls_aesni_has_support(unsigned int what)
* Operand macros are in gas order (src, dst) as opposed to Intel order
* (dst, src) in order to blend better into the surrounding assembly code.
*/
#define AESDEC ".byte 0x66,0x0F,0x38,0xDE,"
#define AESDECLAST ".byte 0x66,0x0F,0x38,0xDF,"
#define AESENC ".byte 0x66,0x0F,0x38,0xDC,"
#define AESENCLAST ".byte 0x66,0x0F,0x38,0xDD,"
#define AESIMC ".byte 0x66,0x0F,0x38,0xDB,"
#define AESKEYGENA ".byte 0x66,0x0F,0x3A,0xDF,"
#define PCLMULQDQ ".byte 0x66,0x0F,0x3A,0x44,"
#define AESDEC(regs) ".byte 0x66,0x0F,0x38,0xDE," regs "\n\t"
#define AESDECLAST(regs) ".byte 0x66,0x0F,0x38,0xDF," regs "\n\t"
#define AESENC(regs) ".byte 0x66,0x0F,0x38,0xDC," regs "\n\t"
#define AESENCLAST(regs) ".byte 0x66,0x0F,0x38,0xDD," regs "\n\t"
#define AESIMC(regs) ".byte 0x66,0x0F,0x38,0xDB," regs "\n\t"
#define AESKEYGENA(regs, imm) ".byte 0x66,0x0F,0x3A,0xDF," regs "," imm "\n\t"
#define PCLMULQDQ(regs, imm) ".byte 0x66,0x0F,0x3A,0x44," regs "," imm "\n\t"
#define xmm0_xmm0 "0xC0"
#define xmm0_xmm1 "0xC8"
@ -103,25 +441,25 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENC xmm1_xmm0 "\n\t" // do round
"add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // loop
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENCLAST xmm1_xmm0 "\n\t" // last round
"jmp 3f \n\t"
AESENC(xmm1_xmm0) // do round
"add $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // loop
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENCLAST(xmm1_xmm0) // last round
"jmp 3f \n\t"
"2: \n\t" // decryption loop
"movdqu (%1), %%xmm1 \n\t"
AESDEC xmm1_xmm0 "\n\t" // do round
"add $16, %1 \n\t"
"subl $1, %0 \n\t"
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESDECLAST xmm1_xmm0 "\n\t" // last round
"2: \n\t" // decryption loop
"movdqu (%1), %%xmm1 \n\t"
AESDEC(xmm1_xmm0) // do round
"add $16, %1 \n\t"
"subl $1, %0 \n\t"
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESDECLAST(xmm1_xmm0) // last round
"3: \n\t"
"movdqu %%xmm0, (%4) \n\t" // export output
"3: \n\t"
"movdqu %%xmm0, (%4) \n\t" // export output
:
: "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output)
: "memory", "cc", "xmm0", "xmm1");
@ -152,84 +490,84 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16],
/*
* Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
* using [CLMUL-WP] algorithm 1 (p. 13).
* using [CLMUL-WP] algorithm 1 (p. 12).
*/
"movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0
"movdqa %%xmm1, %%xmm3 \n\t" // same
"movdqa %%xmm1, %%xmm4 \n\t" // same
PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0
PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
"pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
"movdqa %%xmm4, %%xmm3 \n\t" // same
"psrldq $8, %%xmm4 \n\t" // 0:e1+f1
"pslldq $8, %%xmm3 \n\t" // e0+f0:0
"pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
"pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
PCLMULQDQ(xmm0_xmm1, "0x00") // a0*b0 = c1:c0
PCLMULQDQ(xmm0_xmm2, "0x11") // a1*b1 = d1:d0
PCLMULQDQ(xmm0_xmm3, "0x10") // a0*b1 = e1:e0
PCLMULQDQ(xmm0_xmm4, "0x01") // a1*b0 = f1:f0
"pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
"movdqa %%xmm4, %%xmm3 \n\t" // same
"psrldq $8, %%xmm4 \n\t" // 0:e1+f1
"pslldq $8, %%xmm3 \n\t" // e0+f0:0
"pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
"pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
/*
* Now shift the result one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 20)
* taking advantage of [CLMUL-WP] eq 27 (p. 18)
*/
"movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
"movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
"psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
"psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
"psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
"psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
"movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
"pslldq $8, %%xmm3 \n\t" // r0>>63:0
"pslldq $8, %%xmm4 \n\t" // r2>>63:0
"psrldq $8, %%xmm5 \n\t" // 0:r1>>63
"por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
"por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
"por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
"movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
"movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
"psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
"psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
"psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
"psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
"movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
"pslldq $8, %%xmm3 \n\t" // r0>>63:0
"pslldq $8, %%xmm4 \n\t" // r2>>63:0
"psrldq $8, %%xmm5 \n\t" // 0:r1>>63
"por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
"por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
"por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
* using [CLMUL-WP] algorithm 5 (p. 20).
* using [CLMUL-WP] algorithm 5 (p. 18).
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
*/
/* Step 2 (1) */
"movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
"movdqa %%xmm1, %%xmm4 \n\t" // same
"movdqa %%xmm1, %%xmm5 \n\t" // same
"psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
"psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
"psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
"movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
"movdqa %%xmm1, %%xmm4 \n\t" // same
"movdqa %%xmm1, %%xmm5 \n\t" // same
"psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
"psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
"psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
/* Step 2 (2) */
"pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
"pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
"pslldq $8, %%xmm3 \n\t" // a+b+c:0
"pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
"pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
"pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
"pslldq $8, %%xmm3 \n\t" // a+b+c:0
"pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
/* Steps 3 and 4 */
"movdqa %%xmm1,%%xmm0 \n\t" // d:x0
"movdqa %%xmm1,%%xmm4 \n\t" // same
"movdqa %%xmm1,%%xmm5 \n\t" // same
"psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
"psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
"psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
"pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
"pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
"movdqa %%xmm1,%%xmm0 \n\t" // d:x0
"movdqa %%xmm1,%%xmm4 \n\t" // same
"movdqa %%xmm1,%%xmm5 \n\t" // same
"psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
"psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
"psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
"pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
"pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
// e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
// bits carried from d. Now get those\t bits back in.
"movdqa %%xmm1,%%xmm3 \n\t" // d:x0
"movdqa %%xmm1,%%xmm4 \n\t" // same
"movdqa %%xmm1,%%xmm5 \n\t" // same
"psllq $63, %%xmm3 \n\t" // d<<63:stuff
"psllq $62, %%xmm4 \n\t" // d<<62:stuff
"psllq $57, %%xmm5 \n\t" // d<<57:stuff
"pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
"pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
"psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
"pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
"pxor %%xmm1, %%xmm0 \n\t" // h1:h0
"pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
"movdqa %%xmm1,%%xmm3 \n\t" // d:x0
"movdqa %%xmm1,%%xmm4 \n\t" // same
"movdqa %%xmm1,%%xmm5 \n\t" // same
"psllq $63, %%xmm3 \n\t" // d<<63:stuff
"psllq $62, %%xmm4 \n\t" // d<<62:stuff
"psllq $57, %%xmm5 \n\t" // d<<57:stuff
"pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
"pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
"psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
"pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
"pxor %%xmm1, %%xmm0 \n\t" // h1:h0
"pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
"movdqu %%xmm0, (%2) \n\t" // done
"movdqu %%xmm0, (%2) \n\t" // done
:
: "r" (aa), "r" (bb), "r" (cc)
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
@ -255,8 +593,8 @@ void mbedtls_aesni_inverse_key(unsigned char *invkey,
for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
asm ("movdqu (%0), %%xmm0 \n\t"
AESIMC xmm0_xmm0 "\n\t"
"movdqu %%xmm0, (%1) \n\t"
AESIMC(xmm0_xmm0)
"movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
: "memory", "xmm0");
@ -300,16 +638,16 @@ static void aesni_setkey_enc_128(unsigned char *rk,
/* Main "loop" */
"2: \n\t"
AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x01") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x02") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x04") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x08") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x10") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x20") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x40") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x80") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x1B") "call 1b \n\t"
AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0");
@ -358,14 +696,14 @@ static void aesni_setkey_enc_192(unsigned char *rk,
"ret \n\t"
"2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x80") "call 1b \n\t"
:
: "r" (rk), "r" (key)
@ -408,36 +746,38 @@ static void aesni_setkey_enc_256(unsigned char *rk,
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
"pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm2, %%xmm1 \n\t"
"add $16, %0 \n\t"
"movdqu %%xmm1, (%0) \n\t"
"ret \n\t"
AESKEYGENA(xmm0_xmm2, "0x00")
"pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm2, %%xmm1 \n\t"
"add $16, %0 \n\t"
"movdqu %%xmm1, (%0) \n\t"
"ret \n\t"
/*
* Main "loop" - Generating one more key than necessary,
* see definition of mbedtls_aes_context.buf
*/
"2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
"2: \n\t"
AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t"
AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0");
}
#endif /* MBEDTLS_AESNI_HAVE_CODE */
/*
* Key expansion, wrapper
*/
@ -455,6 +795,6 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
return 0;
}
#endif /* MBEDTLS_HAVE_X86_64 */
#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */

38
library/aesni.h
View File

@ -32,13 +32,46 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
(defined(__amd64__) || defined(__x86_64__)) && \
!defined(MBEDTLS_HAVE_X86_64)
#define MBEDTLS_HAVE_X86_64
#endif
#if defined(MBEDTLS_AESNI_C)
/* Can we do AESNI with intrinsics?
* (Only implemented with certain compilers, only for certain targets.)
*/
#undef MBEDTLS_AESNI_HAVE_INTRINSICS
#if defined(_MSC_VER)
/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
* VS 2013 and up for other reasons anyway, so no need to check the version. */
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
/* GCC-like compilers: currently, we only support intrinsics if the requisite
* target flag is enabled when building the library (e.g. `gcc -mpclmul -msse2`
* or `clang -maes -mpclmul`). */
#if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
/* Choose the implementation of AESNI, if one is available. */
#undef MBEDTLS_AESNI_HAVE_CODE
/* To minimize disruption when releasing the intrinsics-based implementation,
* favor the assembly-based implementation if it's available. We intend to
* revise this in a later release of Mbed TLS 3.x. In the long run, we will
* likely remove the assembly implementation. */
#if defined(MBEDTLS_HAVE_X86_64)
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#endif
#if defined(MBEDTLS_AESNI_HAVE_CODE)
#ifdef __cplusplus
extern "C" {
@ -127,6 +160,7 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk,
}
#endif
#endif /* MBEDTLS_HAVE_X86_64 */
#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */
#endif /* MBEDTLS_AESNI_H */

879
library/error.c Normal file
View File

@ -0,0 +1,879 @@
/*
* Error message information
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "common.h"
#include "mbedtls/error.h"
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
#if defined(MBEDTLS_ERROR_C)
#include "mbedtls/platform.h"
#include <stdio.h>
#include <string.h>
#if defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
#endif
#if defined(MBEDTLS_ARIA_C)
#include "mbedtls/aria.h"
#endif
#if defined(MBEDTLS_ASN1_PARSE_C)
#include "mbedtls/asn1.h"
#endif
#if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h"
#endif
#if defined(MBEDTLS_BIGNUM_C)
#include "mbedtls/bignum.h"
#endif
#if defined(MBEDTLS_CAMELLIA_C)
#include "mbedtls/camellia.h"
#endif
#if defined(MBEDTLS_CCM_C)
#include "mbedtls/ccm.h"
#endif
#if defined(MBEDTLS_CHACHA20_C)
#include "mbedtls/chacha20.h"
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
#include "mbedtls/chachapoly.h"
#endif
#if defined(MBEDTLS_CIPHER_C)
#include "mbedtls/cipher.h"
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#endif
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
#if defined(MBEDTLS_DHM_C)
#include "mbedtls/dhm.h"
#endif
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ENTROPY_C)
#include "mbedtls/entropy.h"
#endif
#if defined(MBEDTLS_ERROR_C)
#include "mbedtls/error.h"
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#endif
#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
#endif
#if defined(MBEDTLS_HKDF_C)
#include "mbedtls/hkdf.h"
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
#endif
#if defined(MBEDTLS_LMS_C)
#include "mbedtls/lms.h"
#endif
#if defined(MBEDTLS_MD_C)
#include "mbedtls/md.h"
#endif
#if defined(MBEDTLS_NET_C)
#include "mbedtls/net_sockets.h"
#endif
#if defined(MBEDTLS_OID_C)
#include "mbedtls/oid.h"
#endif
#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
#include "mbedtls/pem.h"
#endif
#if defined(MBEDTLS_PK_C)
#include "mbedtls/pk.h"
#endif
#if defined(MBEDTLS_PKCS12_C)
#include "mbedtls/pkcs12.h"
#endif
#if defined(MBEDTLS_PKCS5_C)
#include "mbedtls/pkcs5.h"
#endif
#if defined(MBEDTLS_PKCS7_C)
#include "mbedtls/pkcs7.h"
#endif
#if defined(MBEDTLS_POLY1305_C)
#include "mbedtls/poly1305.h"
#endif
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_SHA1_C)
#include "mbedtls/sha1.h"
#endif
#if defined(MBEDTLS_SHA256_C)
#include "mbedtls/sha256.h"
#endif
#if defined(MBEDTLS_SHA512_C)
#include "mbedtls/sha512.h"
#endif
#if defined(MBEDTLS_SSL_TLS_C)
#include "mbedtls/ssl.h"
#endif
#if defined(MBEDTLS_THREADING_C)
#include "mbedtls/threading.h"
#endif
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
#include "mbedtls/x509.h"
#endif
const char *mbedtls_high_level_strerr(int error_code)
{
int high_level_error_code;
if (error_code < 0) {
error_code = -error_code;
}
/* Extract the high-level part from the error code. */
high_level_error_code = error_code & 0xFF80;
switch (high_level_error_code) {
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_CIPHER_C)
case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE):
return( "CIPHER - The selected feature is not available" );
case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA):
return( "CIPHER - Bad input parameters" );
case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED):
return( "CIPHER - Failed to allocate memory" );
case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING):
return( "CIPHER - Input data contains invalid padding and is rejected" );
case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED):
return( "CIPHER - Decryption of block requires a full block" );
case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED):
return( "CIPHER - Authentication failed (for AEAD modes)" );
case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT):
return( "CIPHER - The context is invalid. For example, because it was freed" );
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_DHM_C)
case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA):
return( "DHM - Bad input parameters" );
case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED):
return( "DHM - Reading of the DHM parameters failed" );
case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED):
return( "DHM - Making of the DHM parameters failed" );
case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED):
return( "DHM - Reading of the public values failed" );
case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED):
return( "DHM - Making of the public value failed" );
case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED):
return( "DHM - Calculation of the DHM secret failed" );
case -(MBEDTLS_ERR_DHM_INVALID_FORMAT):
return( "DHM - The ASN.1 data is not formatted correctly" );
case -(MBEDTLS_ERR_DHM_ALLOC_FAILED):
return( "DHM - Allocation of memory failed" );
case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR):
return( "DHM - Read or write of file failed" );
case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED):
return( "DHM - Setting the modulus and generator failed" );
#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_ECP_C)
case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA):
return( "ECP - Bad input parameters to function" );
case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL):
return( "ECP - The buffer is too small to write to" );
case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE):
return( "ECP - The requested feature is not available, for example, the requested curve is not supported" );
case -(MBEDTLS_ERR_ECP_VERIFY_FAILED):
return( "ECP - The signature is not valid" );
case -(MBEDTLS_ERR_ECP_ALLOC_FAILED):
return( "ECP - Memory allocation failed" );
case -(MBEDTLS_ERR_ECP_RANDOM_FAILED):
return( "ECP - Generation of random value, such as ephemeral key, failed" );
case -(MBEDTLS_ERR_ECP_INVALID_KEY):
return( "ECP - Invalid private or public key" );
case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH):
return( "ECP - The buffer contains a valid signature followed by more data" );
case -(MBEDTLS_ERR_ECP_IN_PROGRESS):
return( "ECP - Operation in progress, call again with the same parameters to continue" );
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_MD_C)
case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE):
return( "MD - The selected feature is not available" );
case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA):
return( "MD - Bad input parameters to function" );
case -(MBEDTLS_ERR_MD_ALLOC_FAILED):
return( "MD - Failed to allocate memory" );
case -(MBEDTLS_ERR_MD_FILE_IO_ERROR):
return( "MD - Opening or reading of file failed" );
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT):
return( "PEM - No PEM header or footer found" );
case -(MBEDTLS_ERR_PEM_INVALID_DATA):
return( "PEM - PEM string is not as expected" );
case -(MBEDTLS_ERR_PEM_ALLOC_FAILED):
return( "PEM - Failed to allocate memory" );
case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV):
return( "PEM - RSA IV is not in hex-format" );
case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG):
return( "PEM - Unsupported key encryption algorithm" );
case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED):
return( "PEM - Private key password can't be empty" );
case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH):
return( "PEM - Given private key password does not allow for correct decryption" );
case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE):
return( "PEM - Unavailable feature, e.g. hashing/encryption combination" );
case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA):
return( "PEM - Bad input parameters to function" );
#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
#if defined(MBEDTLS_PK_C)
case -(MBEDTLS_ERR_PK_ALLOC_FAILED):
return( "PK - Memory allocation failed" );
case -(MBEDTLS_ERR_PK_TYPE_MISMATCH):
return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA):
return( "PK - Bad input parameters to function" );
case -(MBEDTLS_ERR_PK_FILE_IO_ERROR):
return( "PK - Read/write of file failed" );
case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION):
return( "PK - Unsupported key version" );
case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT):
return( "PK - Invalid key tag or value" );
case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG):
return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED):
return( "PK - Private key password can't be empty" );
case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH):
return( "PK - Given private key password does not allow for correct decryption" );
case -(MBEDTLS_ERR_PK_INVALID_PUBKEY):
return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
case -(MBEDTLS_ERR_PK_INVALID_ALG):
return( "PK - The algorithm tag or value is invalid" );
case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE):
return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE):
return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH):
return( "PK - The buffer contains a valid signature followed by more data" );
case -(MBEDTLS_ERR_PK_BUFFER_TOO_SMALL):
return( "PK - The output buffer is too small" );
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_PKCS12_C)
case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA):
return( "PKCS12 - Bad input parameters to function" );
case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE):
return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT):
return( "PKCS12 - PBE ASN.1 data not as expected" );
case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH):
return( "PKCS12 - Given private key password does not allow for correct decryption" );
#endif /* MBEDTLS_PKCS12_C */
#if defined(MBEDTLS_PKCS5_C)
case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA):
return( "PKCS5 - Bad input parameters to function" );
case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT):
return( "PKCS5 - Unexpected ASN.1 data" );
case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE):
return( "PKCS5 - Requested encryption or digest alg not available" );
case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH):
return( "PKCS5 - Given private key password does not allow for correct decryption" );
#endif /* MBEDTLS_PKCS5_C */
#if defined(MBEDTLS_PKCS7_C)
case -(MBEDTLS_ERR_PKCS7_INVALID_FORMAT):
return( "PKCS7 - The format is invalid, e.g. different type expected" );
case -(MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE):
return( "PKCS7 - Unavailable feature, e.g. anything other than signed data" );
case -(MBEDTLS_ERR_PKCS7_INVALID_VERSION):
return( "PKCS7 - The PKCS #7 version element is invalid or cannot be parsed" );
case -(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO):
return( "PKCS7 - The PKCS #7 content info is invalid or cannot be parsed" );
case -(MBEDTLS_ERR_PKCS7_INVALID_ALG):
return( "PKCS7 - The algorithm tag or value is invalid or cannot be parsed" );
case -(MBEDTLS_ERR_PKCS7_INVALID_CERT):
return( "PKCS7 - The certificate tag or value is invalid or cannot be parsed" );
case -(MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE):
return( "PKCS7 - Error parsing the signature" );
case -(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO):
return( "PKCS7 - Error parsing the signer's info" );
case -(MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA):
return( "PKCS7 - Input invalid" );
case -(MBEDTLS_ERR_PKCS7_ALLOC_FAILED):
return( "PKCS7 - Allocation of memory failed" );
case -(MBEDTLS_ERR_PKCS7_VERIFY_FAIL):
return( "PKCS7 - Verification Failed" );
case -(MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID):
return( "PKCS7 - The PKCS #7 date issued/expired dates are invalid" );
#endif /* MBEDTLS_PKCS7_C */
#if defined(MBEDTLS_RSA_C)
case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA):
return( "RSA - Bad input parameters to function" );
case -(MBEDTLS_ERR_RSA_INVALID_PADDING):
return( "RSA - Input data contains invalid padding and is rejected" );
case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED):
return( "RSA - Something failed during generation of a key" );
case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED):
return( "RSA - Key failed to pass the validity check of the library" );
case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED):
return( "RSA - The public key operation failed" );
case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED):
return( "RSA - The private key operation failed" );
case -(MBEDTLS_ERR_RSA_VERIFY_FAILED):
return( "RSA - The PKCS#1 verification failed" );
case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE):
return( "RSA - The output buffer for decryption is not large enough" );
case -(MBEDTLS_ERR_RSA_RNG_FAILED):
return( "RSA - The random generator failed to generate non-zeros" );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SSL_TLS_C)
case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS):
return( "SSL - A cryptographic operation is in progress. Try again later" );
case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE):
return( "SSL - The requested feature is not available" );
case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA):
return( "SSL - Bad input parameters to function" );
case -(MBEDTLS_ERR_SSL_INVALID_MAC):
return( "SSL - Verification of the message MAC failed" );
case -(MBEDTLS_ERR_SSL_INVALID_RECORD):
return( "SSL - An invalid SSL record was received" );
case -(MBEDTLS_ERR_SSL_CONN_EOF):
return( "SSL - The connection indicated an EOF" );
case -(MBEDTLS_ERR_SSL_DECODE_ERROR):
return( "SSL - A message could not be parsed due to a syntactic error" );
case -(MBEDTLS_ERR_SSL_NO_RNG):
return( "SSL - No RNG was provided to the SSL module" );
case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE):
return( "SSL - No client certification received from the client, but required by the authentication mode" );
case -(MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION):
return( "SSL - Client received an extended server hello containing an unsupported extension" );
case -(MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL):
return( "SSL - No ALPN protocols supported that the client advertises" );
case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED):
return( "SSL - The own private key or pre-shared key is not set, but needed" );
case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED):
return( "SSL - No CA Chain is set, but required to operate" );
case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE):
return( "SSL - An unexpected message was received from our peer" );
case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE):
return( "SSL - A fatal alert message was received from our peer" );
case -(MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME):
return( "SSL - No server could be identified matching the client's SNI" );
case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY):
return( "SSL - The peer notified us that the connection is going to be closed" );
case -(MBEDTLS_ERR_SSL_BAD_CERTIFICATE):
return( "SSL - Processing of the Certificate handshake message failed" );
case -(MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET):
return( "SSL - * Received NewSessionTicket Post Handshake Message. This error code is experimental and may be changed or removed without notice" );
case -(MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA):
return( "SSL - Not possible to read early data" );
case -(MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA):
return( "SSL - Not possible to write early data" );
case -(MBEDTLS_ERR_SSL_ALLOC_FAILED):
return( "SSL - Memory allocation failed" );
case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED):
return( "SSL - Hardware acceleration function returned with error" );
case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH):
return( "SSL - Hardware acceleration function skipped / left alone data" );
case -(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION):
return( "SSL - Handshake protocol not within min/max boundaries" );
case -(MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE):
return( "SSL - The handshake negotiation failed" );
case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED):
return( "SSL - Session ticket has expired" );
case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH):
return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY):
return( "SSL - Unknown identity received (eg, PSK identity)" );
case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR):
return( "SSL - Internal error (eg, unexpected failure in lower-level module)" );
case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING):
return( "SSL - A counter would wrap (eg, too many messages exchanged)" );
case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO):
return( "SSL - Unexpected message at ServerHello in renegotiation" );
case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED):
return( "SSL - DTLS client must retry for hello verification" );
case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL):
return( "SSL - A buffer is too small to receive or write a message" );
case -(MBEDTLS_ERR_SSL_WANT_READ):
return( "SSL - No data of requested type currently available on underlying transport" );
case -(MBEDTLS_ERR_SSL_WANT_WRITE):
return( "SSL - Connection requires a write call" );
case -(MBEDTLS_ERR_SSL_TIMEOUT):
return( "SSL - The operation timed out" );
case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT):
return( "SSL - The client initiated a reconnect from the same port" );
case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD):
return( "SSL - Record header looks valid but is not expected" );
case -(MBEDTLS_ERR_SSL_NON_FATAL):
return( "SSL - The alert message received indicates a non-fatal error" );
case -(MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER):
return( "SSL - A field in a message was incorrect or inconsistent with other fields" );
case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING):
return( "SSL - Internal-only message signaling that further message-processing should be done" );
case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS):
return( "SSL - The asynchronous operation is not completed yet" );
case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE):
return( "SSL - Internal-only message signaling that a message arrived early" );
case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID):
return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH):
return( "SSL - An operation failed due to an unexpected version or configuration" );
case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
return( "SSL - Invalid value in SSL config" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE):
return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
case -(MBEDTLS_ERR_X509_UNKNOWN_OID):
return( "X509 - Requested OID is unknown" );
case -(MBEDTLS_ERR_X509_INVALID_FORMAT):
return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
case -(MBEDTLS_ERR_X509_INVALID_VERSION):
return( "X509 - The CRT/CRL/CSR version element is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_SERIAL):
return( "X509 - The serial tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_ALG):
return( "X509 - The algorithm tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_NAME):
return( "X509 - The name tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_DATE):
return( "X509 - The date tag or value is invalid" );
case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE):
return( "X509 - The signature tag or value invalid" );
case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS):
return( "X509 - The extension tag or value is invalid" );
case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION):
return( "X509 - CRT/CRL/CSR has an unsupported version number" );
case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG):
return( "X509 - Signature algorithm (oid) is unsupported" );
case -(MBEDTLS_ERR_X509_SIG_MISMATCH):
return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" );
case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED):
return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT):
return( "X509 - Format not recognized as DER or PEM" );
case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA):
return( "X509 - Input invalid" );
case -(MBEDTLS_ERR_X509_ALLOC_FAILED):
return( "X509 - Allocation of memory failed" );
case -(MBEDTLS_ERR_X509_FILE_IO_ERROR):
return( "X509 - Read/write of file failed" );
case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL):
return( "X509 - Destination buffer is too small" );
case -(MBEDTLS_ERR_X509_FATAL_ERROR):
return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" );
#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
/* End Auto-Generated Code. */
default:
break;
}
return NULL;
}
const char *mbedtls_low_level_strerr(int error_code)
{
int low_level_error_code;
if (error_code < 0) {
error_code = -error_code;
}
/* Extract the low-level part from the error code. */
low_level_error_code = error_code & ~0xFF80;
switch (low_level_error_code) {
/* Begin Auto-Generated Code. */
#if defined(MBEDTLS_AES_C)
case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH):
return( "AES - Invalid key length" );
case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH):
return( "AES - Invalid data input length" );
case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA):
return( "AES - Invalid input data" );
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ARIA_C)
case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA):
return( "ARIA - Bad input data" );
case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH):
return( "ARIA - Invalid data input length" );
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA):
return( "ASN1 - Out of data when parsing an ASN1 data structure" );
case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):
return( "ASN1 - ASN1 tag was of an unexpected value" );
case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH):
return( "ASN1 - Error when trying to determine the length or invalid length" );
case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH):
return( "ASN1 - Actual length differs from expected length" );
case -(MBEDTLS_ERR_ASN1_INVALID_DATA):
return( "ASN1 - Data is invalid" );
case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED):
return( "ASN1 - Memory allocation failed" );
case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL):
return( "ASN1 - Buffer too small when writing ASN.1 data structure" );
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_BASE64_C)
case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL):
return( "BASE64 - Output buffer too small" );
case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER):
return( "BASE64 - Invalid character in input" );
#endif /* MBEDTLS_BASE64_C */
#if defined(MBEDTLS_BIGNUM_C)
case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR):
return( "BIGNUM - An error occurred while reading from or writing to a file" );
case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA):
return( "BIGNUM - Bad input parameters to function" );
case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER):
return( "BIGNUM - There is an invalid character in the digit string" );
case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL):
return( "BIGNUM - The buffer is too small to write to" );
case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE):
return( "BIGNUM - The input arguments are negative or result in illegal output" );
case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO):
return( "BIGNUM - The input argument for division is zero, which is not allowed" );
case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE):
return( "BIGNUM - The input arguments are not acceptable" );
case -(MBEDTLS_ERR_MPI_ALLOC_FAILED):
return( "BIGNUM - Memory allocation failed" );
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_CAMELLIA_C)
case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA):
return( "CAMELLIA - Bad input data" );
case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH):
return( "CAMELLIA - Invalid data input length" );
#endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_CCM_C)
case -(MBEDTLS_ERR_CCM_BAD_INPUT):
return( "CCM - Bad input parameters to the function" );
case -(MBEDTLS_ERR_CCM_AUTH_FAILED):
return( "CCM - Authenticated decryption failed" );
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHA20_C)
case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA):
return( "CHACHA20 - Invalid input parameter(s)" );
#endif /* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE):
return( "CHACHAPOLY - The requested operation is not permitted in the current state" );
case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED):
return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_CTR_DRBG_C)
case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED):
return( "CTR_DRBG - The entropy source failed" );
case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG):
return( "CTR_DRBG - The requested random buffer length is too big" );
case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG):
return( "CTR_DRBG - The input (entropy + additional data) is too large" );
case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR):
return( "CTR_DRBG - Read or write error in file" );
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DES_C)
case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH):
return( "DES - The data input has an invalid length" );
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_ENTROPY_C)
case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED):
return( "ENTROPY - Critical entropy source failure" );
case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES):
return( "ENTROPY - No more sources can be added" );
case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED):
return( "ENTROPY - No sources have been added to poll" );
case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE):
return( "ENTROPY - No strong sources have been added to poll" );
case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR):
return( "ENTROPY - Read/write error in file" );
#endif /* MBEDTLS_ENTROPY_C */
#if defined(MBEDTLS_ERROR_C)
case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR):
return( "ERROR - Generic error" );
case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED):
return( "ERROR - This is a bug in the library" );
#endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_PLATFORM_C)
case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
return( "PLATFORM - Hardware accelerator failed" );
case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED):
return( "PLATFORM - The requested feature is not supported by the platform" );
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_GCM_C)
case -(MBEDTLS_ERR_GCM_AUTH_FAILED):
return( "GCM - Authenticated decryption failed" );
case -(MBEDTLS_ERR_GCM_BAD_INPUT):
return( "GCM - Bad input parameters to function" );
case -(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL):
return( "GCM - An output buffer is too small" );
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_HKDF_C)
case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA):
return( "HKDF - Bad input parameters to function" );
#endif /* MBEDTLS_HKDF_C */
#if defined(MBEDTLS_HMAC_DRBG_C)
case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG):
return( "HMAC_DRBG - Too many random requested in single call" );
case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG):
return( "HMAC_DRBG - Input too large (Entropy + additional)" );
case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR):
return( "HMAC_DRBG - Read/write error in file" );
case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED):
return( "HMAC_DRBG - The entropy source failed" );
#endif /* MBEDTLS_HMAC_DRBG_C */
#if defined(MBEDTLS_LMS_C)
case -(MBEDTLS_ERR_LMS_BAD_INPUT_DATA):
return( "LMS - Bad data has been input to an LMS function" );
case -(MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS):
return( "LMS - Specified LMS key has utilised all of its private keys" );
case -(MBEDTLS_ERR_LMS_VERIFY_FAILED):
return( "LMS - LMS signature verification failed" );
case -(MBEDTLS_ERR_LMS_ALLOC_FAILED):
return( "LMS - LMS failed to allocate space for a private key" );
case -(MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL):
return( "LMS - Input/output buffer is too small to contain requited data" );
#endif /* MBEDTLS_LMS_C */
#if defined(MBEDTLS_NET_C)
case -(MBEDTLS_ERR_NET_SOCKET_FAILED):
return( "NET - Failed to open a socket" );
case -(MBEDTLS_ERR_NET_CONNECT_FAILED):
return( "NET - The connection to the given server / port failed" );
case -(MBEDTLS_ERR_NET_BIND_FAILED):
return( "NET - Binding of the socket failed" );
case -(MBEDTLS_ERR_NET_LISTEN_FAILED):
return( "NET - Could not listen on the socket" );
case -(MBEDTLS_ERR_NET_ACCEPT_FAILED):
return( "NET - Could not accept the incoming connection" );
case -(MBEDTLS_ERR_NET_RECV_FAILED):
return( "NET - Reading information from the socket failed" );
case -(MBEDTLS_ERR_NET_SEND_FAILED):
return( "NET - Sending information through the socket failed" );
case -(MBEDTLS_ERR_NET_CONN_RESET):
return( "NET - Connection was reset by peer" );
case -(MBEDTLS_ERR_NET_UNKNOWN_HOST):
return( "NET - Failed to get an IP address for the given hostname" );
case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL):
return( "NET - Buffer is too small to hold the data" );
case -(MBEDTLS_ERR_NET_INVALID_CONTEXT):
return( "NET - The context is invalid, eg because it was free()ed" );
case -(MBEDTLS_ERR_NET_POLL_FAILED):
return( "NET - Polling the net context failed" );
case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA):
return( "NET - Input invalid" );
#endif /* MBEDTLS_NET_C */
#if defined(MBEDTLS_OID_C)
case -(MBEDTLS_ERR_OID_NOT_FOUND):
return( "OID - OID is not found" );
case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL):
return( "OID - output buffer is too small" );
#endif /* MBEDTLS_OID_C */
#if defined(MBEDTLS_POLY1305_C)
case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA):
return( "POLY1305 - Invalid input parameter(s)" );
#endif /* MBEDTLS_POLY1305_C */
#if defined(MBEDTLS_SHA1_C)
case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA):
return( "SHA1 - SHA-1 input data was malformed" );
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA):
return( "SHA256 - SHA-256 input data was malformed" );
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA):
return( "SHA512 - SHA-512 input data was malformed" );
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_THREADING_C)
case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA):
return( "THREADING - Bad input parameters to function" );
case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR):
return( "THREADING - Locking / unlocking / free failed with error code" );
#endif /* MBEDTLS_THREADING_C */
/* End Auto-Generated Code. */
default:
break;
}
return NULL;
}
void mbedtls_strerror(int ret, char *buf, size_t buflen)
{
size_t len;
int use_ret;
const char *high_level_error_description = NULL;
const char *low_level_error_description = NULL;
if (buflen == 0) {
return;
}
memset(buf, 0x00, buflen);
if (ret < 0) {
ret = -ret;
}
if (ret & 0xFF80) {
use_ret = ret & 0xFF80;
// Translate high level error code.
high_level_error_description = mbedtls_high_level_strerr(ret);
if (high_level_error_description == NULL) {
mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
} else {
mbedtls_snprintf(buf, buflen, "%s", high_level_error_description);
}
#if defined(MBEDTLS_SSL_TLS_C)
// Early return in case of a fatal error - do not try to translate low
// level code.
if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) {
return;
}
#endif /* MBEDTLS_SSL_TLS_C */
}
use_ret = ret & ~0xFF80;
if (use_ret == 0) {
return;
}
// If high level code is present, make a concatenation between both
// error strings.
//
len = strlen(buf);
if (len > 0) {
if (buflen - len < 5) {
return;
}
mbedtls_snprintf(buf + len, buflen - len, " : ");
buf += len + 3;
buflen -= len + 3;
}
// Translate low level error code.
low_level_error_description = mbedtls_low_level_strerr(ret);
if (low_level_error_description == NULL) {
mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
} else {
mbedtls_snprintf(buf, buflen, "%s", low_level_error_description);
}
}
#else /* MBEDTLS_ERROR_C */
/*
* Provide a dummy implementation when MBEDTLS_ERROR_C is not defined
*/
void mbedtls_strerror(int ret, char *buf, size_t buflen)
{
((void) ret);
if (buflen > 0) {
buf[0] = '\0';
}
}
#endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_TEST_HOOKS)
void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
#endif
#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */

19
library/gcm.c
View File

@ -90,7 +90,7 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx)
ctx->HL[8] = vl;
ctx->HH[8] = vh;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
/* With CLMUL support, we need only h, not the rest of the table */
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
return 0;
@ -193,7 +193,7 @@ static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16],
unsigned char lo, hi, rem;
uint64_t zh, zl;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
unsigned char h[16];
@ -206,7 +206,7 @@ static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16],
mbedtls_aesni_gcm_mult(output, x, h);
return;
}
#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
#endif /* MBEDTLS_AESNI_HAVE_CODE */
#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64)
if (mbedtls_aesce_has_support()) {
@ -871,6 +871,19 @@ int mbedtls_gcm_self_test(int verbose)
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
size_t olen;
if (verbose != 0) {
#if defined(MBEDTLS_GCM_ALT)
mbedtls_printf(" GCM note: alternative implementation.\n");
#else /* MBEDTLS_GCM_ALT */
#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
mbedtls_printf(" GCM note: using AESNI.\n");
} else
#endif
mbedtls_printf(" GCM note: built-in implementation.\n");
#endif /* MBEDTLS_GCM_ALT */
}
for (j = 0; j < 3; j++) {
int key_len = 128 + 64 * j;

2987
library/psa_crypto_driver_wrappers.c Normal file
View File

File diff suppressed because it is too large Load Diff

3
library/psa_util.c
View File

@ -112,10 +112,9 @@ int psa_generic_status_to_mbedtls(psa_status_t status)
int psa_status_to_mbedtls(psa_status_t status,
const mbedtls_error_pair_t *local_translations,
size_t local_errors_size,
size_t local_errors_num,
int (*fallback_f)(psa_status_t))
{
size_t local_errors_num = (size_t) local_errors_size / 2;
for (size_t i = 0; i < local_errors_num; i++) {
if (status == local_translations[i].psa_status) {
return local_translations[i].mbedtls_error;

4
library/ssl_ciphersuites.c
View File

@ -50,9 +50,9 @@ static const int ciphersuite_preference[] =
#else
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* TLS 1.3 ciphersuites */
MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

225
library/ssl_debug_helpers_generated.c Normal file
View File

@ -0,0 +1,225 @@
/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
/**
* \file ssl_debug_helpers_generated.c
*
* \brief Automatically generated helper functions for debugging
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "common.h"
#if defined(MBEDTLS_DEBUG_C)
#include "ssl_debug_helpers.h"
const char *mbedtls_ssl_named_group_to_str( uint16_t in )
{
switch( in )
{
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1:
return "secp192k1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1:
return "secp192r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1:
return "secp224k1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1:
return "secp224r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:
return "secp256k1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:
return "secp256r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:
return "secp384r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:
return "secp521r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:
return "bp256r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:
return "bp384r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:
return "bp512r1";
case MBEDTLS_SSL_IANA_TLS_GROUP_X25519:
return "x25519";
case MBEDTLS_SSL_IANA_TLS_GROUP_X448:
return "x448";
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
return "ffdhe2048";
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
return "ffdhe3072";
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
return "ffdhe4096";
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
return "ffdhe6144";
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
return "ffdhe8192";
};
return "UNKOWN";
}
const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
{
switch( in )
{
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
return "rsa_pkcs1_sha256";
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
return "rsa_pkcs1_sha384";
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
return "rsa_pkcs1_sha512";
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
return "ecdsa_secp256r1_sha256";
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
return "ecdsa_secp384r1_sha384";
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
return "ecdsa_secp521r1_sha512";
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return "rsa_pss_rsae_sha256";
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return "rsa_pss_rsae_sha384";
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return "rsa_pss_rsae_sha512";
case MBEDTLS_TLS1_3_SIG_ED25519:
return "ed25519";
case MBEDTLS_TLS1_3_SIG_ED448:
return "ed448";
case MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256:
return "rsa_pss_pss_sha256";
case MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384:
return "rsa_pss_pss_sha384";
case MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512:
return "rsa_pss_pss_sha512";
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1:
return "rsa_pkcs1_sha1";
case MBEDTLS_TLS1_3_SIG_ECDSA_SHA1:
return "ecdsa_sha1";
case MBEDTLS_TLS1_3_SIG_NONE:
return "none";
};
return "UNKNOWN";
}
const char *mbedtls_ssl_states_str( mbedtls_ssl_states in )
{
const char * in_to_str[]=
{
[MBEDTLS_SSL_HELLO_REQUEST] = "MBEDTLS_SSL_HELLO_REQUEST",
[MBEDTLS_SSL_CLIENT_HELLO] = "MBEDTLS_SSL_CLIENT_HELLO",
[MBEDTLS_SSL_SERVER_HELLO] = "MBEDTLS_SSL_SERVER_HELLO",
[MBEDTLS_SSL_SERVER_CERTIFICATE] = "MBEDTLS_SSL_SERVER_CERTIFICATE",
[MBEDTLS_SSL_SERVER_KEY_EXCHANGE] = "MBEDTLS_SSL_SERVER_KEY_EXCHANGE",
[MBEDTLS_SSL_CERTIFICATE_REQUEST] = "MBEDTLS_SSL_CERTIFICATE_REQUEST",
[MBEDTLS_SSL_SERVER_HELLO_DONE] = "MBEDTLS_SSL_SERVER_HELLO_DONE",
[MBEDTLS_SSL_CLIENT_CERTIFICATE] = "MBEDTLS_SSL_CLIENT_CERTIFICATE",
[MBEDTLS_SSL_CLIENT_KEY_EXCHANGE] = "MBEDTLS_SSL_CLIENT_KEY_EXCHANGE",
[MBEDTLS_SSL_CERTIFICATE_VERIFY] = "MBEDTLS_SSL_CERTIFICATE_VERIFY",
[MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC] = "MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC",
[MBEDTLS_SSL_CLIENT_FINISHED] = "MBEDTLS_SSL_CLIENT_FINISHED",
[MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC] = "MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC",
[MBEDTLS_SSL_SERVER_FINISHED] = "MBEDTLS_SSL_SERVER_FINISHED",
[MBEDTLS_SSL_FLUSH_BUFFERS] = "MBEDTLS_SSL_FLUSH_BUFFERS",
[MBEDTLS_SSL_HANDSHAKE_WRAPUP] = "MBEDTLS_SSL_HANDSHAKE_WRAPUP",
[MBEDTLS_SSL_NEW_SESSION_TICKET] = "MBEDTLS_SSL_NEW_SESSION_TICKET",
[MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT] = "MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT",
[MBEDTLS_SSL_HELLO_RETRY_REQUEST] = "MBEDTLS_SSL_HELLO_RETRY_REQUEST",
[MBEDTLS_SSL_ENCRYPTED_EXTENSIONS] = "MBEDTLS_SSL_ENCRYPTED_EXTENSIONS",
[MBEDTLS_SSL_END_OF_EARLY_DATA] = "MBEDTLS_SSL_END_OF_EARLY_DATA",
[MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY] = "MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY",
[MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED] = "MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED",
[MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO] = "MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO",
[MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO] = "MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO",
[MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO] = "MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO",
[MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST] = "MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST",
[MBEDTLS_SSL_HANDSHAKE_OVER] = "MBEDTLS_SSL_HANDSHAKE_OVER",
[MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET] = "MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET",
[MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH] = "MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH",
};
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{
return "UNKNOWN_VALUE";
}
return in_to_str[ in ];
}
const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in )
{
const char * in_to_str[]=
{
[MBEDTLS_SSL_VERSION_UNKNOWN] = "MBEDTLS_SSL_VERSION_UNKNOWN",
[MBEDTLS_SSL_VERSION_TLS1_2] = "MBEDTLS_SSL_VERSION_TLS1_2",
[MBEDTLS_SSL_VERSION_TLS1_3] = "MBEDTLS_SSL_VERSION_TLS1_3",
};
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{
return "UNKNOWN_VALUE";
}
return in_to_str[ in ];
}
const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in )
{
const char * in_to_str[]=
{
[MBEDTLS_SSL_TLS_PRF_NONE] = "MBEDTLS_SSL_TLS_PRF_NONE",
[MBEDTLS_SSL_TLS_PRF_SHA384] = "MBEDTLS_SSL_TLS_PRF_SHA384",
[MBEDTLS_SSL_TLS_PRF_SHA256] = "MBEDTLS_SSL_TLS_PRF_SHA256",
[MBEDTLS_SSL_HKDF_EXPAND_SHA384] = "MBEDTLS_SSL_HKDF_EXPAND_SHA384",
[MBEDTLS_SSL_HKDF_EXPAND_SHA256] = "MBEDTLS_SSL_HKDF_EXPAND_SHA256",
};
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{
return "UNKNOWN_VALUE";
}
return in_to_str[ in ];
}
const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in )
{
const char * in_to_str[]=
{
[MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET",
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
[MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET",
[MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET",
[MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET",
[MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET",
[MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET",
[MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET] = "MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET",
#endif
};
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{
return "UNKNOWN_VALUE";
}
return in_to_str[ in ];
}
#endif /* MBEDTLS_DEBUG_C */
/* End of automatically generated file. */

36
library/ssl_tls13_server.c
View File

@ -258,6 +258,8 @@ static int ssl_tls13_offered_psks_check_identity_match(
int *psk_type,
mbedtls_ssl_session *session)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) session);
((void) obfuscated_ticket_age);
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
@ -271,9 +273,13 @@ static int ssl_tls13_offered_psks_check_identity_match(
session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
ssl->handshake->resume = 1;
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
mbedtls_ssl_set_hs_psk(ssl,
session->resumption_key,
session->resumption_key_len);
ret = mbedtls_ssl_set_hs_psk(ssl,
session->resumption_key,
session->resumption_key_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
return ret;
}
MBEDTLS_SSL_DEBUG_BUF(4, "Ticket-resumed PSK:",
session->resumption_key,
@ -299,7 +305,11 @@ static int ssl_tls13_offered_psks_check_identity_match(
identity_len == ssl->conf->psk_identity_len &&
mbedtls_ct_memcmp(ssl->conf->psk_identity,
identity, identity_len) == 0) {
mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len);
ret = mbedtls_ssl_set_hs_psk(ssl, ssl->conf->psk, ssl->conf->psk_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
return ret;
}
return SSL_TLS1_3_OFFERED_PSK_MATCH;
}
@ -1331,6 +1341,15 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
cipher_suites_len = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
/*
* The length of the ciphersuite list has to be even.
*/
if (cipher_suites_len & 1) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR,
MBEDTLS_ERR_SSL_DECODE_ERROR);
return MBEDTLS_ERR_SSL_DECODE_ERROR;
}
/* Check we have enough data for the ciphersuite list, the legacy
* compression methods and the length of the extensions.
*
@ -1360,8 +1379,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, cipher_suites_end, 2);
/*
* "cipher_suite_end - p is even" is an invariant of the loop. As
* cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and
* it is thus safe to read two bytes.
*/
cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
ssl, cipher_suite);
@ -1374,6 +1396,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
cipher_suite,
ciphersuite_info->name));
break;
}
if (handshake->ciphersuite_info == NULL) {
@ -1381,6 +1404,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
}
p = cipher_suites_end;
/* ...
* opaque legacy_compression_methods<1..2^8-1>;

808
library/version_features.c Normal file
View File

@ -0,0 +1,808 @@
/*
* Version feature information
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "common.h"
#if defined(MBEDTLS_VERSION_C)
#include "mbedtls/version.h"
#include <string.h>
static const char * const features[] = {
#if defined(MBEDTLS_VERSION_FEATURES)
#if defined(MBEDTLS_HAVE_ASM)
"MBEDTLS_HAVE_ASM",
#endif /* MBEDTLS_HAVE_ASM */
#if defined(MBEDTLS_NO_UDBL_DIVISION)
"MBEDTLS_NO_UDBL_DIVISION",
#endif /* MBEDTLS_NO_UDBL_DIVISION */
#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
"MBEDTLS_NO_64BIT_MULTIPLICATION",
#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */
#if defined(MBEDTLS_HAVE_SSE2)
"MBEDTLS_HAVE_SSE2",
#endif /* MBEDTLS_HAVE_SSE2 */
#if defined(MBEDTLS_HAVE_TIME)
"MBEDTLS_HAVE_TIME",
#endif /* MBEDTLS_HAVE_TIME */
#if defined(MBEDTLS_HAVE_TIME_DATE)
"MBEDTLS_HAVE_TIME_DATE",
#endif /* MBEDTLS_HAVE_TIME_DATE */
#if defined(MBEDTLS_PLATFORM_MEMORY)
"MBEDTLS_PLATFORM_MEMORY",
#endif /* MBEDTLS_PLATFORM_MEMORY */
#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
"MBEDTLS_PLATFORM_NO_STD_FUNCTIONS",
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
"MBEDTLS_PLATFORM_SETBUF_ALT",
#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
"MBEDTLS_PLATFORM_EXIT_ALT",
#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
"MBEDTLS_PLATFORM_TIME_ALT",
#endif /* MBEDTLS_PLATFORM_TIME_ALT */
#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
"MBEDTLS_PLATFORM_FPRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
"MBEDTLS_PLATFORM_PRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
"MBEDTLS_PLATFORM_SNPRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
"MBEDTLS_PLATFORM_VSNPRINTF_ALT",
#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
"MBEDTLS_PLATFORM_NV_SEED_ALT",
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
"MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT",
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
#if defined(MBEDTLS_DEPRECATED_WARNING)
"MBEDTLS_DEPRECATED_WARNING",
#endif /* MBEDTLS_DEPRECATED_WARNING */
#if defined(MBEDTLS_DEPRECATED_REMOVED)
"MBEDTLS_DEPRECATED_REMOVED",
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_TIMING_ALT)
"MBEDTLS_TIMING_ALT",
#endif /* MBEDTLS_TIMING_ALT */
#if defined(MBEDTLS_AES_ALT)
"MBEDTLS_AES_ALT",
#endif /* MBEDTLS_AES_ALT */
#if defined(MBEDTLS_ARIA_ALT)
"MBEDTLS_ARIA_ALT",
#endif /* MBEDTLS_ARIA_ALT */
#if defined(MBEDTLS_CAMELLIA_ALT)
"MBEDTLS_CAMELLIA_ALT",
#endif /* MBEDTLS_CAMELLIA_ALT */
#if defined(MBEDTLS_CCM_ALT)
"MBEDTLS_CCM_ALT",
#endif /* MBEDTLS_CCM_ALT */
#if defined(MBEDTLS_CHACHA20_ALT)
"MBEDTLS_CHACHA20_ALT",
#endif /* MBEDTLS_CHACHA20_ALT */
#if defined(MBEDTLS_CHACHAPOLY_ALT)
"MBEDTLS_CHACHAPOLY_ALT",
#endif /* MBEDTLS_CHACHAPOLY_ALT */
#if defined(MBEDTLS_CMAC_ALT)
"MBEDTLS_CMAC_ALT",
#endif /* MBEDTLS_CMAC_ALT */
#if defined(MBEDTLS_DES_ALT)
"MBEDTLS_DES_ALT",
#endif /* MBEDTLS_DES_ALT */
#if defined(MBEDTLS_DHM_ALT)
"MBEDTLS_DHM_ALT",
#endif /* MBEDTLS_DHM_ALT */
#if defined(MBEDTLS_ECJPAKE_ALT)
"MBEDTLS_ECJPAKE_ALT",
#endif /* MBEDTLS_ECJPAKE_ALT */
#if defined(MBEDTLS_GCM_ALT)
"MBEDTLS_GCM_ALT",
#endif /* MBEDTLS_GCM_ALT */
#if defined(MBEDTLS_NIST_KW_ALT)
"MBEDTLS_NIST_KW_ALT",
#endif /* MBEDTLS_NIST_KW_ALT */
#if defined(MBEDTLS_MD5_ALT)
"MBEDTLS_MD5_ALT",
#endif /* MBEDTLS_MD5_ALT */
#if defined(MBEDTLS_POLY1305_ALT)
"MBEDTLS_POLY1305_ALT",
#endif /* MBEDTLS_POLY1305_ALT */
#if defined(MBEDTLS_RIPEMD160_ALT)
"MBEDTLS_RIPEMD160_ALT",
#endif /* MBEDTLS_RIPEMD160_ALT */
#if defined(MBEDTLS_RSA_ALT)
"MBEDTLS_RSA_ALT",
#endif /* MBEDTLS_RSA_ALT */
#if defined(MBEDTLS_SHA1_ALT)
"MBEDTLS_SHA1_ALT",
#endif /* MBEDTLS_SHA1_ALT */
#if defined(MBEDTLS_SHA256_ALT)
"MBEDTLS_SHA256_ALT",
#endif /* MBEDTLS_SHA256_ALT */
#if defined(MBEDTLS_SHA512_ALT)
"MBEDTLS_SHA512_ALT",
#endif /* MBEDTLS_SHA512_ALT */
#if defined(MBEDTLS_ECP_ALT)
"MBEDTLS_ECP_ALT",
#endif /* MBEDTLS_ECP_ALT */
#if defined(MBEDTLS_MD5_PROCESS_ALT)
"MBEDTLS_MD5_PROCESS_ALT",
#endif /* MBEDTLS_MD5_PROCESS_ALT */
#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
"MBEDTLS_RIPEMD160_PROCESS_ALT",
#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
#if defined(MBEDTLS_SHA1_PROCESS_ALT)
"MBEDTLS_SHA1_PROCESS_ALT",
#endif /* MBEDTLS_SHA1_PROCESS_ALT */
#if defined(MBEDTLS_SHA256_PROCESS_ALT)
"MBEDTLS_SHA256_PROCESS_ALT",
#endif /* MBEDTLS_SHA256_PROCESS_ALT */
#if defined(MBEDTLS_SHA512_PROCESS_ALT)
"MBEDTLS_SHA512_PROCESS_ALT",
#endif /* MBEDTLS_SHA512_PROCESS_ALT */
#if defined(MBEDTLS_DES_SETKEY_ALT)
"MBEDTLS_DES_SETKEY_ALT",
#endif /* MBEDTLS_DES_SETKEY_ALT */
#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
"MBEDTLS_DES_CRYPT_ECB_ALT",
#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
"MBEDTLS_DES3_CRYPT_ECB_ALT",
#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
"MBEDTLS_AES_SETKEY_ENC_ALT",
#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
"MBEDTLS_AES_SETKEY_DEC_ALT",
#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
#if defined(MBEDTLS_AES_ENCRYPT_ALT)
"MBEDTLS_AES_ENCRYPT_ALT",
#endif /* MBEDTLS_AES_ENCRYPT_ALT */
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
"MBEDTLS_ECDH_GEN_PUBLIC_ALT",
#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
"MBEDTLS_ECDH_COMPUTE_SHARED_ALT",
#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
"MBEDTLS_ECDSA_VERIFY_ALT",
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
#if defined(MBEDTLS_ECDSA_SIGN_ALT)
"MBEDTLS_ECDSA_SIGN_ALT",
#endif /* MBEDTLS_ECDSA_SIGN_ALT */
#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
"MBEDTLS_ECDSA_GENKEY_ALT",
#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
"MBEDTLS_ECP_INTERNAL_ALT",
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK)
"MBEDTLS_ECP_NO_FALLBACK",
#endif /* MBEDTLS_ECP_NO_FALLBACK */
#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
"MBEDTLS_ECP_RANDOMIZE_JAC_ALT",
#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
"MBEDTLS_ECP_ADD_MIXED_ALT",
#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
"MBEDTLS_ECP_DOUBLE_JAC_ALT",
#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
"MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT",
#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
"MBEDTLS_ECP_NORMALIZE_JAC_ALT",
#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
"MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT",
#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
"MBEDTLS_ECP_RANDOMIZE_MXZ_ALT",
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
"MBEDTLS_ECP_NORMALIZE_MXZ_ALT",
#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
"MBEDTLS_ENTROPY_HARDWARE_ALT",
#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
#if defined(MBEDTLS_AES_ROM_TABLES)
"MBEDTLS_AES_ROM_TABLES",
#endif /* MBEDTLS_AES_ROM_TABLES */
#if defined(MBEDTLS_AES_FEWER_TABLES)
"MBEDTLS_AES_FEWER_TABLES",
#endif /* MBEDTLS_AES_FEWER_TABLES */
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
#if defined(MBEDTLS_CHECK_RETURN_WARNING)
"MBEDTLS_CHECK_RETURN_WARNING",
#endif /* MBEDTLS_CHECK_RETURN_WARNING */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
"MBEDTLS_CIPHER_MODE_CBC",
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
"MBEDTLS_CIPHER_MODE_CFB",
#endif /* MBEDTLS_CIPHER_MODE_CFB */
#if defined(MBEDTLS_CIPHER_MODE_CTR)
"MBEDTLS_CIPHER_MODE_CTR",
#endif /* MBEDTLS_CIPHER_MODE_CTR */
#if defined(MBEDTLS_CIPHER_MODE_OFB)
"MBEDTLS_CIPHER_MODE_OFB",
#endif /* MBEDTLS_CIPHER_MODE_OFB */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
"MBEDTLS_CIPHER_MODE_XTS",
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
"MBEDTLS_CIPHER_NULL_CIPHER",
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
"MBEDTLS_CIPHER_PADDING_PKCS7",
#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
"MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS",
#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
"MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN",
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
"MBEDTLS_CIPHER_PADDING_ZEROS",
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
"MBEDTLS_CTR_DRBG_USE_128_BIT_KEY",
#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
"MBEDTLS_ECP_DP_SECP224R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
"MBEDTLS_ECP_DP_SECP256R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
"MBEDTLS_ECP_DP_SECP384R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
"MBEDTLS_ECP_DP_SECP521R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
"MBEDTLS_ECP_DP_SECP192K1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
"MBEDTLS_ECP_DP_SECP224K1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
"MBEDTLS_ECP_DP_SECP256K1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
"MBEDTLS_ECP_DP_BP256R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
"MBEDTLS_ECP_DP_BP384R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
"MBEDTLS_ECP_DP_BP512R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
"MBEDTLS_ECP_DP_CURVE25519_ENABLED",
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
"MBEDTLS_ECP_DP_CURVE448_ENABLED",
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
#if defined(MBEDTLS_ECP_NIST_OPTIM)
"MBEDTLS_ECP_NIST_OPTIM",
#endif /* MBEDTLS_ECP_NIST_OPTIM */
#if defined(MBEDTLS_ECP_RESTARTABLE)
"MBEDTLS_ECP_RESTARTABLE",
#endif /* MBEDTLS_ECP_RESTARTABLE */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
"MBEDTLS_ECDSA_DETERMINISTIC",
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
"MBEDTLS_KEY_EXCHANGE_PSK_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
"MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
"MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
"MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
"MBEDTLS_KEY_EXCHANGE_RSA_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
"MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
"MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
"MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
"MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
"MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
"MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED",
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
"MBEDTLS_PK_PARSE_EC_EXTENDED",
#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
"MBEDTLS_ERROR_STRERROR_DUMMY",
#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
#if defined(MBEDTLS_GENPRIME)
"MBEDTLS_GENPRIME",
#endif /* MBEDTLS_GENPRIME */
#if defined(MBEDTLS_FS_IO)
"MBEDTLS_FS_IO",
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
"MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES",
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
"MBEDTLS_NO_PLATFORM_ENTROPY",
#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
"MBEDTLS_ENTROPY_FORCE_SHA256",
#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
#if defined(MBEDTLS_ENTROPY_NV_SEED)
"MBEDTLS_ENTROPY_NV_SEED",
#endif /* MBEDTLS_ENTROPY_NV_SEED */
#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER",
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
#if defined(MBEDTLS_MEMORY_DEBUG)
"MBEDTLS_MEMORY_DEBUG",
#endif /* MBEDTLS_MEMORY_DEBUG */
#if defined(MBEDTLS_MEMORY_BACKTRACE)
"MBEDTLS_MEMORY_BACKTRACE",
#endif /* MBEDTLS_MEMORY_BACKTRACE */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
"MBEDTLS_PK_RSA_ALT_SUPPORT",
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
#if defined(MBEDTLS_PKCS1_V15)
"MBEDTLS_PKCS1_V15",
#endif /* MBEDTLS_PKCS1_V15 */
#if defined(MBEDTLS_PKCS1_V21)
"MBEDTLS_PKCS1_V21",
#endif /* MBEDTLS_PKCS1_V21 */
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
"MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS",
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
"MBEDTLS_PSA_CRYPTO_CLIENT",
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
"MBEDTLS_PSA_CRYPTO_DRIVERS",
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
"MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG",
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
"MBEDTLS_PSA_CRYPTO_SPM",
#endif /* MBEDTLS_PSA_CRYPTO_SPM */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
"MBEDTLS_PSA_INJECT_ENTROPY",
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#if defined(MBEDTLS_RSA_NO_CRT)
"MBEDTLS_RSA_NO_CRT",
#endif /* MBEDTLS_RSA_NO_CRT */
#if defined(MBEDTLS_SELF_TEST)
"MBEDTLS_SELF_TEST",
#endif /* MBEDTLS_SELF_TEST */
#if defined(MBEDTLS_SHA256_SMALLER)
"MBEDTLS_SHA256_SMALLER",
#endif /* MBEDTLS_SHA256_SMALLER */
#if defined(MBEDTLS_SHA512_SMALLER)
"MBEDTLS_SHA512_SMALLER",
#endif /* MBEDTLS_SHA512_SMALLER */
#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
"MBEDTLS_SSL_ALL_ALERT_MESSAGES",
#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
"MBEDTLS_SSL_DTLS_CONNECTION_ID",
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
"MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT",
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
"MBEDTLS_SSL_CONTEXT_SERIALIZATION",
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
#if defined(MBEDTLS_SSL_DEBUG_ALL)
"MBEDTLS_SSL_DEBUG_ALL",
#endif /* MBEDTLS_SSL_DEBUG_ALL */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
"MBEDTLS_SSL_ENCRYPT_THEN_MAC",
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
"MBEDTLS_SSL_EXTENDED_MASTER_SECRET",
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
"MBEDTLS_SSL_KEEP_PEER_CERTIFICATE",
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
"MBEDTLS_SSL_RENEGOTIATION",
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
"MBEDTLS_SSL_MAX_FRAGMENT_LENGTH",
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
"MBEDTLS_SSL_RECORD_SIZE_LIMIT",
#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
"MBEDTLS_SSL_PROTO_TLS1_2",
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
"MBEDTLS_SSL_PROTO_TLS1_3",
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
"MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE",
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
"MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED",
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
"MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED",
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
"MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED",
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
#if defined(MBEDTLS_SSL_EARLY_DATA)
"MBEDTLS_SSL_EARLY_DATA",
#endif /* MBEDTLS_SSL_EARLY_DATA */
#if defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)
"MBEDTLS_SSL_MAX_EARLY_DATA_SIZE",
#endif /* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
"MBEDTLS_SSL_PROTO_DTLS",
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_ALPN)
"MBEDTLS_SSL_ALPN",
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
"MBEDTLS_SSL_DTLS_ANTI_REPLAY",
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
"MBEDTLS_SSL_DTLS_HELLO_VERIFY",
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
"MBEDTLS_SSL_DTLS_SRTP",
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
"MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE",
#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
"MBEDTLS_SSL_SESSION_TICKETS",
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
"MBEDTLS_SSL_SERVER_NAME_INDICATION",
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
"MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH",
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
"MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
"MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND",
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
#if defined(MBEDTLS_TEST_HOOKS)
"MBEDTLS_TEST_HOOKS",
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_THREADING_ALT)
"MBEDTLS_THREADING_ALT",
#endif /* MBEDTLS_THREADING_ALT */
#if defined(MBEDTLS_THREADING_PTHREAD)
"MBEDTLS_THREADING_PTHREAD",
#endif /* MBEDTLS_THREADING_PTHREAD */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
"MBEDTLS_USE_PSA_CRYPTO",
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
"MBEDTLS_PSA_CRYPTO_CONFIG",
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
#if defined(MBEDTLS_VERSION_FEATURES)
"MBEDTLS_VERSION_FEATURES",
#endif /* MBEDTLS_VERSION_FEATURES */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
"MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK",
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#if defined(MBEDTLS_X509_REMOVE_INFO)
"MBEDTLS_X509_REMOVE_INFO",
#endif /* MBEDTLS_X509_REMOVE_INFO */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
"MBEDTLS_X509_RSASSA_PSS_SUPPORT",
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
#if defined(MBEDTLS_AESNI_C)
"MBEDTLS_AESNI_C",
#endif /* MBEDTLS_AESNI_C */
#if defined(MBEDTLS_AESCE_C)
"MBEDTLS_AESCE_C",
#endif /* MBEDTLS_AESCE_C */
#if defined(MBEDTLS_AES_C)
"MBEDTLS_AES_C",
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
"MBEDTLS_ASN1_PARSE_C",
#endif /* MBEDTLS_ASN1_PARSE_C */
#if defined(MBEDTLS_ASN1_WRITE_C)
"MBEDTLS_ASN1_WRITE_C",
#endif /* MBEDTLS_ASN1_WRITE_C */
#if defined(MBEDTLS_BASE64_C)
"MBEDTLS_BASE64_C",
#endif /* MBEDTLS_BASE64_C */
#if defined(MBEDTLS_BIGNUM_C)
"MBEDTLS_BIGNUM_C",
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_CAMELLIA_C)
"MBEDTLS_CAMELLIA_C",
#endif /* MBEDTLS_CAMELLIA_C */
#if defined(MBEDTLS_ARIA_C)
"MBEDTLS_ARIA_C",
#endif /* MBEDTLS_ARIA_C */
#if defined(MBEDTLS_CCM_C)
"MBEDTLS_CCM_C",
#endif /* MBEDTLS_CCM_C */
#if defined(MBEDTLS_CHACHA20_C)
"MBEDTLS_CHACHA20_C",
#endif /* MBEDTLS_CHACHA20_C */
#if defined(MBEDTLS_CHACHAPOLY_C)
"MBEDTLS_CHACHAPOLY_C",
#endif /* MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_CIPHER_C)
"MBEDTLS_CIPHER_C",
#endif /* MBEDTLS_CIPHER_C */
#if defined(MBEDTLS_CMAC_C)
"MBEDTLS_CMAC_C",
#endif /* MBEDTLS_CMAC_C */
#if defined(MBEDTLS_CTR_DRBG_C)
"MBEDTLS_CTR_DRBG_C",
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
"MBEDTLS_DEBUG_C",
#endif /* MBEDTLS_DEBUG_C */
#if defined(MBEDTLS_DES_C)
"MBEDTLS_DES_C",
#endif /* MBEDTLS_DES_C */
#if defined(MBEDTLS_DHM_C)
"MBEDTLS_DHM_C",
#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_ECDH_C)
"MBEDTLS_ECDH_C",
#endif /* MBEDTLS_ECDH_C */
#if defined(MBEDTLS_ECDSA_C)
"MBEDTLS_ECDSA_C",
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_ECJPAKE_C)
"MBEDTLS_ECJPAKE_C",
#endif /* MBEDTLS_ECJPAKE_C */
#if defined(MBEDTLS_ECP_C)
"MBEDTLS_ECP_C",
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ENTROPY_C)
"MBEDTLS_ENTROPY_C",
#endif /* MBEDTLS_ENTROPY_C */
#if defined(MBEDTLS_ERROR_C)
"MBEDTLS_ERROR_C",
#endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_GCM_C)
"MBEDTLS_GCM_C",
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_HKDF_C)
"MBEDTLS_HKDF_C",
#endif /* MBEDTLS_HKDF_C */
#if defined(MBEDTLS_HMAC_DRBG_C)
"MBEDTLS_HMAC_DRBG_C",
#endif /* MBEDTLS_HMAC_DRBG_C */
#if defined(MBEDTLS_LMS_C)
"MBEDTLS_LMS_C",
#endif /* MBEDTLS_LMS_C */
#if defined(MBEDTLS_LMS_PRIVATE)
"MBEDTLS_LMS_PRIVATE",
#endif /* MBEDTLS_LMS_PRIVATE */
#if defined(MBEDTLS_NIST_KW_C)
"MBEDTLS_NIST_KW_C",
#endif /* MBEDTLS_NIST_KW_C */
#if defined(MBEDTLS_MD_C)
"MBEDTLS_MD_C",
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD5_C)
"MBEDTLS_MD5_C",
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
"MBEDTLS_MEMORY_BUFFER_ALLOC_C",
#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
#if defined(MBEDTLS_NET_C)
"MBEDTLS_NET_C",
#endif /* MBEDTLS_NET_C */
#if defined(MBEDTLS_OID_C)
"MBEDTLS_OID_C",
#endif /* MBEDTLS_OID_C */
#if defined(MBEDTLS_PADLOCK_C)
"MBEDTLS_PADLOCK_C",
#endif /* MBEDTLS_PADLOCK_C */
#if defined(MBEDTLS_PEM_PARSE_C)
"MBEDTLS_PEM_PARSE_C",
#endif /* MBEDTLS_PEM_PARSE_C */
#if defined(MBEDTLS_PEM_WRITE_C)
"MBEDTLS_PEM_WRITE_C",
#endif /* MBEDTLS_PEM_WRITE_C */
#if defined(MBEDTLS_PK_C)
"MBEDTLS_PK_C",
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_PK_PARSE_C)
"MBEDTLS_PK_PARSE_C",
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
"MBEDTLS_PK_WRITE_C",
#endif /* MBEDTLS_PK_WRITE_C */
#if defined(MBEDTLS_PKCS5_C)
"MBEDTLS_PKCS5_C",
#endif /* MBEDTLS_PKCS5_C */
#if defined(MBEDTLS_PKCS7_C)
"MBEDTLS_PKCS7_C",
#endif /* MBEDTLS_PKCS7_C */
#if defined(MBEDTLS_PKCS12_C)
"MBEDTLS_PKCS12_C",
#endif /* MBEDTLS_PKCS12_C */
#if defined(MBEDTLS_PLATFORM_C)
"MBEDTLS_PLATFORM_C",
#endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_POLY1305_C)
"MBEDTLS_POLY1305_C",
#endif /* MBEDTLS_POLY1305_C */
#if defined(MBEDTLS_PSA_CRYPTO_C)
"MBEDTLS_PSA_CRYPTO_C",
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
"MBEDTLS_PSA_CRYPTO_SE_C",
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
#if defined(MBEDTLS_PSA_ITS_FILE_C)
"MBEDTLS_PSA_ITS_FILE_C",
#endif /* MBEDTLS_PSA_ITS_FILE_C */
#if defined(MBEDTLS_RIPEMD160_C)
"MBEDTLS_RIPEMD160_C",
#endif /* MBEDTLS_RIPEMD160_C */
#if defined(MBEDTLS_RSA_C)
"MBEDTLS_RSA_C",
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_SHA1_C)
"MBEDTLS_SHA1_C",
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA224_C)
"MBEDTLS_SHA224_C",
#endif /* MBEDTLS_SHA224_C */
#if defined(MBEDTLS_SHA256_C)
"MBEDTLS_SHA256_C",
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
"MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT",
#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
"MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY",
#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
#if defined(MBEDTLS_SHA384_C)
"MBEDTLS_SHA384_C",
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
"MBEDTLS_SHA512_C",
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
"MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT",
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
"MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY",
#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
#if defined(MBEDTLS_SSL_CACHE_C)
"MBEDTLS_SSL_CACHE_C",
#endif /* MBEDTLS_SSL_CACHE_C */
#if defined(MBEDTLS_SSL_COOKIE_C)
"MBEDTLS_SSL_COOKIE_C",
#endif /* MBEDTLS_SSL_COOKIE_C */
#if defined(MBEDTLS_SSL_TICKET_C)
"MBEDTLS_SSL_TICKET_C",
#endif /* MBEDTLS_SSL_TICKET_C */
#if defined(MBEDTLS_SSL_CLI_C)
"MBEDTLS_SSL_CLI_C",
#endif /* MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_SRV_C)
"MBEDTLS_SSL_SRV_C",
#endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_TLS_C)
"MBEDTLS_SSL_TLS_C",
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_THREADING_C)
"MBEDTLS_THREADING_C",
#endif /* MBEDTLS_THREADING_C */
#if defined(MBEDTLS_TIMING_C)
"MBEDTLS_TIMING_C",
#endif /* MBEDTLS_TIMING_C */
#if defined(MBEDTLS_VERSION_C)
"MBEDTLS_VERSION_C",
#endif /* MBEDTLS_VERSION_C */
#if defined(MBEDTLS_X509_USE_C)
"MBEDTLS_X509_USE_C",
#endif /* MBEDTLS_X509_USE_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
"MBEDTLS_X509_CRT_PARSE_C",
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
"MBEDTLS_X509_CRL_PARSE_C",
#endif /* MBEDTLS_X509_CRL_PARSE_C */
#if defined(MBEDTLS_X509_CSR_PARSE_C)
"MBEDTLS_X509_CSR_PARSE_C",
#endif /* MBEDTLS_X509_CSR_PARSE_C */
#if defined(MBEDTLS_X509_CREATE_C)
"MBEDTLS_X509_CREATE_C",
#endif /* MBEDTLS_X509_CREATE_C */
#if defined(MBEDTLS_X509_CRT_WRITE_C)
"MBEDTLS_X509_CRT_WRITE_C",
#endif /* MBEDTLS_X509_CRT_WRITE_C */
#if defined(MBEDTLS_X509_CSR_WRITE_C)
"MBEDTLS_X509_CSR_WRITE_C",
#endif /* MBEDTLS_X509_CSR_WRITE_C */
#endif /* MBEDTLS_VERSION_FEATURES */
NULL
};
int mbedtls_version_check_feature(const char *feature)
{
const char * const *idx = features;
if (*idx == NULL) {
return -2;
}
if (feature == NULL) {
return -1;
}
while (*idx != NULL) {
if (!strcmp(*idx, feature)) {
return 0;
}
idx++;
}
return -1;
}
#endif /* MBEDTLS_VERSION_C */