lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Merge remote-tracking branch 'origin/mbedtls-2.28' into merge-2.28

Browse Source
This commit is contained in:
Dave Rodgman
2022-12-05 11:04:05 +00:00
parent 99ac73d963 3917028ab7
commit f0090d85e5
79 changed files with 3001 additions and 2179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
library/Makefile
View File

@@ -187,6 +187,7 @@ all: shared static
endif
static: libmbedcrypto.a libmbedx509.a libmbedtls.a
cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile
shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)

3
library/aes.c
View File

@@ -1763,7 +1763,8 @@ int mbedtls_aes_self_test( int verbose )
unsigned char key[32];
unsigned char buf[64];
const unsigned char *aes_tests;
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
defined(MBEDTLS_CIPHER_MODE_OFB)
unsigned char iv[16];
#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)

5
library/aria.c
View File

@@ -37,11 +37,6 @@
#include "mbedtls/platform_util.h"
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Parameter validation macros */
#define ARIA_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )

82
library/bignum.c
View File

@@ -262,6 +262,17 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
memcpy( Y, &T, sizeof( mbedtls_mpi ) );
}
static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
{
if( z >= 0 )
return( z );
/* Take care to handle the most negative value (-2^(biL-1)) correctly.
* A naive -z would have undefined behavior.
* Write this in a way that makes popular compilers happy (GCC, Clang,
* MSVC). */
return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
}
/*
* Set value from integer
*/
@@ -273,7 +284,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
memset( X->p, 0, X->n * ciL );
X->p[0] = ( z < 0 ) ? -z : z;
X->p[0] = mpi_sint_abs( z );
X->s = ( z < 0 ) ? -1 : 1;
cleanup:
@@ -1093,7 +1104,7 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
mbedtls_mpi_uint p[1];
MPI_VALIDATE_RET( X != NULL );
*p = ( z < 0 ) ? -z : z;
*p = mpi_sint_abs( z );
Y.s = ( z < 0 ) ? -1 : 1;
Y.n = 1;
Y.p = p;
@@ -1130,6 +1141,11 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
if( B->p[j - 1] != 0 )
break;
/* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
* and B is 0 (of any size). */
if( j == 0 )
return( 0 );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
o = B->p; p = X->p; c = 0;
@@ -1249,10 +1265,12 @@ cleanup:
return( ret );
}
/*
* Signed addition: X = A + B
/* Common function for signed addition and subtraction.
* Calculate A + B * flip_B where flip_B is 1 or -1.
*/
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
static int add_sub_mpi( mbedtls_mpi *X,
const mbedtls_mpi *A, const mbedtls_mpi *B,
int flip_B )
{
int ret, s;
MPI_VALIDATE_RET( X != NULL );
@@ -1260,16 +1278,21 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
MPI_VALIDATE_RET( B != NULL );
s = A->s;
if( A->s * B->s < 0 )
if( A->s * B->s * flip_B < 0 )
{
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
int cmp = mbedtls_mpi_cmp_abs( A, B );
if( cmp >= 0 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
X->s = s;
/* If |A| = |B|, the result is 0 and we must set the sign bit
* to +1 regardless of which of A or B was negative. Otherwise,
* since |A| > |B|, the sign is the sign of A. */
X->s = cmp == 0 ? 1 : s;
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
/* Since |A| < |B|, the sign is the opposite of A. */
X->s = -s;
}
}
@@ -1284,39 +1307,20 @@ cleanup:
return( ret );
}
/*
* Signed addition: X = A + B
*/
int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
return( add_sub_mpi( X, A, B, 1 ) );
}
/*
* Signed subtraction: X = A - B
*/
int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
int ret, s;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
s = A->s;
if( A->s * B->s > 0 )
{
if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
X->s = s;
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
X->s = -s;
}
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
X->s = s;
}
cleanup:
return( ret );
return( add_sub_mpi( X, A, B, -1 ) );
}
/*
@@ -1329,7 +1333,7 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b;
p[0] = mpi_sint_abs( b );
B.s = ( b < 0 ) ? -1 : 1;
B.n = 1;
B.p = p;
@@ -1347,7 +1351,7 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b;
p[0] = mpi_sint_abs( b );
B.s = ( b < 0 ) ? -1 : 1;
B.n = 1;
B.p = p;
@@ -1768,7 +1772,7 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
mbedtls_mpi_uint p[1];
MPI_VALIDATE_RET( A != NULL );
p[0] = ( b < 0 ) ? -b : b;
p[0] = mpi_sint_abs( b );
B.s = ( b < 0 ) ? -1 : 1;
B.n = 1;
B.p = p;

5
library/chacha20.c
View File

@@ -36,11 +36,6 @@
#if !defined(MBEDTLS_CHACHA20_ALT)
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Parameter validation macros */
#define CHACHA20_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )

45
library/common.h
View File

@@ -29,8 +29,15 @@
#include "mbedtls/config.h"
#endif
#include <stddef.h>
#include <stdint.h>
/* Define `inline` on some non-C99-compliant compilers. */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/** Helper to define a function as static except when building invasive tests.
*
* If a function is only used inside its own source file and should be
@@ -52,6 +59,44 @@
#define MBEDTLS_STATIC_TESTABLE static
#endif
/** Return an offset into a buffer.
*
* This is just the addition of an offset to a pointer, except that this
* function also accepts an offset of 0 into a buffer whose pointer is null.
* (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
* A null pointer is a valid buffer pointer when the size is 0, for example
* as the result of `malloc(0)` on some platforms.)
*
* \param p Pointer to a buffer of at least n bytes.
* This may be \p NULL if \p n is zero.
* \param n An offset in bytes.
* \return Pointer to offset \p n in the buffer \p p.
* Note that this is only a valid pointer if the size of the
* buffer is at least \p n + 1.
*/
static inline unsigned char *mbedtls_buffer_offset(
unsigned char *p, size_t n )
{
return( p == NULL ? NULL : p + n );
}
/** Return an offset into a read-only buffer.
*
* Similar to mbedtls_buffer_offset(), but for const pointers.
*
* \param p Pointer to a buffer of at least n bytes.
* This may be \p NULL if \p n is zero.
* \param n An offset in bytes.
* \return Pointer to offset \p n in the buffer \p p.
* Note that this is only a valid pointer if the size of the
* buffer is at least \p n + 1.
*/
static inline const unsigned char *mbedtls_buffer_offset_const(
const unsigned char *p, size_t n )
{
return( p == NULL ? NULL : p + n );
}
/** Byte Reading Macros
*
* Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th

4
library/constant_time_internal.h
View File

@@ -45,7 +45,7 @@
*/
unsigned mbedtls_ct_uint_mask( unsigned value );
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
/** Turn a value into a mask:
* - if \p value == 0, return the all-bits 0 mask, aka 0
@@ -60,7 +60,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value );
*/
size_t mbedtls_ct_size_mask( size_t value );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C)

5
library/debug.c
View File

@@ -30,11 +30,6 @@
#include <stdio.h>
#include <string.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define DEBUG_BUF_SIZE 512
static int debug_threshold = 0;

9
library/ecp.c
View File

@@ -104,11 +104,6 @@
#endif
#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#if defined(MBEDTLS_SELF_TEST)
/*
* Counts of point addition and doubling, and field multiplications.
@@ -2051,7 +2046,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == 0 )
if( f_rng == NULL )
have_rng = 0;
#endif
if( have_rng )
@@ -2190,7 +2185,7 @@ final_norm:
*/
int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == 0 )
if( f_rng == NULL )
have_rng = 0;
#endif
if( have_rng )

5
library/ecp_curves.c
View File

@@ -38,11 +38,6 @@
#define ECP_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
#define ECP_MPI_INIT_ARRAY(x) \

5
library/mps_reader.c
View File

@@ -29,11 +29,6 @@
#include <string.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
#if defined(MBEDTLS_MPS_ENABLE_TRACE)
static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER;
#endif /* MBEDTLS_MPS_ENABLE_TRACE */

5
library/poly1305.c
View File

@@ -32,11 +32,6 @@
#if !defined(MBEDTLS_POLY1305_ALT)
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/* Parameter validation macros */
#define POLY1305_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )

4
library/psa_crypto.c
View File

@@ -3638,8 +3638,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, local_iv, default_iv_length, input, input_length,
output + default_iv_length, output_size - default_iv_length,
output_length );
mbedtls_buffer_offset( output, default_iv_length ),
output_size - default_iv_length, output_length );
exit:
unlock_status = psa_unlock_key_slot( slot );

22
library/psa_crypto_cipher.c
View File

@@ -514,9 +514,10 @@ psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
if( status != PSA_SUCCESS )
goto exit;
status = mbedtls_psa_cipher_finish( &operation, output + update_output_length,
output_size - update_output_length,
&finish_output_length );
status = mbedtls_psa_cipher_finish(
&operation,
mbedtls_buffer_offset( output, update_output_length ),
output_size - update_output_length, &finish_output_length );
if( status != PSA_SUCCESS )
goto exit;
@@ -560,17 +561,20 @@ psa_status_t mbedtls_psa_cipher_decrypt(
goto exit;
}
status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length,
input_length - operation.iv_length,
output, output_size, &olength );
status = mbedtls_psa_cipher_update(
&operation,
mbedtls_buffer_offset_const( input, operation.iv_length ),
input_length - operation.iv_length,
output, output_size, &olength );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = olength;
status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length,
&olength );
status = mbedtls_psa_cipher_finish(
&operation,
mbedtls_buffer_offset( output, accumulated_length ),
output_size - accumulated_length, &olength );
if( status != PSA_SUCCESS )
goto exit;

88
library/ssl_cli.c
View File

@@ -1089,11 +1089,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
* RFC 5077 section 3.4: "When presenting a ticket, the client MAY
* generate and include a Session ID in the TLS ClientHello."
*/
renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif
if( !renegotiating )
{
if( ssl->session_negotiate->ticket != NULL &&
@@ -1209,11 +1204,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
renegotiating = 0;
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
renegotiating = 1;
#endif
if( !renegotiating )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
@@ -2065,6 +2055,30 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
{
int bad_comp = 0;
/* Suppress warnings in some configurations */
(void) ssl;
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
comp != MBEDTLS_SSL_COMPRESS_NULL )
bad_comp = 1;
#endif
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
bad_comp = 1;
#else /* MBEDTLS_ZLIB_SUPPORT */
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
bad_comp = 1;
#endif/* MBEDTLS_ZLIB_SUPPORT */
return bad_comp;
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
{
@@ -2073,9 +2087,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
size_t ext_len;
unsigned char *buf, *ext;
unsigned char comp;
#if defined(MBEDTLS_ZLIB_SUPPORT)
int accept_comp;
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0;
#endif
@@ -2244,23 +2255,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/
comp = buf[37 + n];
int bad_comp = 0;
#if defined(MBEDTLS_ZLIB_SUPPORT)
/* See comments in ssl_write_client_hello() */
accept_comp = 1;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
accept_comp = 0;
#endif
if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
bad_comp = 1;
#else /* MBEDTLS_ZLIB_SUPPORT */
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
bad_comp = 1;
#endif/* MBEDTLS_ZLIB_SUPPORT */
if( bad_comp )
if( is_compression_bad( ssl, comp ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server hello, bad compression: %d", comp ) );
@@ -2693,7 +2688,7 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
grp_id = ssl->handshake->ecdh_ctx.grp.id;
#else
grp_id = ssl->handshake->ecdh_ctx.grp_id;
#endif
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
if( curve_info == NULL )
@@ -2704,17 +2699,14 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
int bad_params = 0;
#if defined(MBEDTLS_ECP_C)
if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
bad_params = 1;
return( -1 );
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
bad_params = 1;
#endif
if( bad_params )
return( -1 );
#endif /* MBEDTLS_ECP_C */
MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
MBEDTLS_DEBUG_ECDH_QP );
@@ -3462,25 +3454,23 @@ start_processing:
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ssl->handshake->ecrs_enabled )
rs_ctx = &ssl->handshake->ecrs_ctx.pk;
#endif
#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
{
int send_alert_msg = 1;
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
send_alert_msg = ( ret != MBEDTLS_ERR_ECP_IN_PROGRESS );
#endif
if( send_alert_msg )
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
#endif
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
}
#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
return( ret );
}

6
library/ssl_msg.c
View File

@@ -1884,8 +1884,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -2100,8 +2099,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ssl->f_send == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}

22
library/ssl_ticket.c
View File

@@ -148,16 +148,22 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
int do_mbedtls_cipher_setup = 1;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
do_mbedtls_cipher_setup = 0;
ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx,
cipher_info, TICKET_AUTH_TAG_BYTES );
if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
return( ret );
/* We don't yet expect to support all ciphers through PSA,
* so allow fallback to ordinary mbedtls_cipher_setup(). */
if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE )
do_mbedtls_cipher_setup = 1;
switch( ret )
{
case 0:
do_mbedtls_cipher_setup = 0;
break;
case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
/* We don't yet expect to support all ciphers through PSA,
* so allow fallback to ordinary mbedtls_cipher_setup(). */
do_mbedtls_cipher_setup = 1;
break;
default:
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( do_mbedtls_cipher_setup )
if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) )

32
library/ssl_tls.c
View File

@@ -6519,24 +6519,41 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
* Helper to get TLS 1.2 PRF from ciphersuite
* (Duplicates bits of logic from ssl_set_handshake_prfs().)
*/
#if defined(MBEDTLS_SHA256_C) || \
(defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384))
typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
const char *label,
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen );
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
if( ciphersuite_info == NULL )
return( NULL );
#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
return( tls_prf_sha384 );
#else
(void) ciphersuite_id;
else
#endif
return( tls_prf_sha256 );
#if defined(MBEDTLS_SHA256_C)
{
if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
return( tls_prf_sha256 );
}
#endif
#if !defined(MBEDTLS_SHA256_C) && \
(!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA512_NO_SHA384))
(void) ciphersuite_info;
#endif
return( NULL );
}
#endif /* MBEDTLS_SHA256_C ||
(MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384) */
/*
* Deserialize context, see mbedtls_ssl_context_save() for format.
*
@@ -6552,6 +6569,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
const unsigned char * const end = buf + len;
size_t session_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
tls_prf_fn prf_func = NULL;
/*
* The context should have been freshly setup or reset.
@@ -6639,6 +6657,10 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
ssl->transform_out = ssl->transform;
ssl->transform_negotiate = NULL;
prf_func = ssl_tls12prf_from_cs( ssl->session->ciphersuite );
if( prf_func == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
/* Read random bytes and populate structure */
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -6657,7 +6679,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ZLIB_SUPPORT)
ssl->session->compression,
#endif
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
prf_func,
p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
ssl->conf->endpoint,

8
library/ssl_tls13_keys.c
View File

@@ -24,6 +24,7 @@
#include "mbedtls/hkdf.h"
#include "mbedtls/ssl_internal.h"
#include "ssl_tls13_keys.h"
#include "psa/crypto_sizes.h"
#include <stdint.h>
#include <string.h>
@@ -31,6 +32,9 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
.name = string,
#define TLS1_3_EVOLVE_INPUT_SIZE ( PSA_HASH_MAX_SIZE > PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ) ? \
PSA_HASH_MAX_SIZE : PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
{
/* This seems to work in C, despite the string literal being one
@@ -292,8 +296,8 @@ int mbedtls_ssl_tls1_3_evolve_secret(
{
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
size_t hlen, ilen;
unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 };
unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ TLS1_3_EVOLVE_INPUT_SIZE ] = { 0 };
const mbedtls_md_info_t *md;
md = mbedtls_md_info_from_type( hash_alg );

14
library/x509_crt.c
View File

@@ -1780,6 +1780,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
const char *prefix )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
@@ -1832,18 +1833,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
if( other_name->value.hardware_module_name.val.len >= n )
for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
MBEDTLS_X509_SAFE_SNPRINTF;
}
memcpy( p, other_name->value.hardware_module_name.val.p,
other_name->value.hardware_module_name.val.len );
p += other_name->value.hardware_module_name.val.len;
n -= other_name->value.hardware_module_name.val.len;
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
}
break;