lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-24 17:41:01 +03:00
Code Activity

Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28

Browse Source
This commit is contained in:
David Horstmann
2024-03-11 16:28:50 +00:00
parent 479448dbc8 5bc604f33c
commit f06494dc9e
30 changed files with 578 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
library/ecp.c
View File

@@ -927,7 +927,7 @@ int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
size_t plen;
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(pt != NULL);
ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(ilen == 0 || buf != NULL);
if (ilen < 1) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@@ -996,7 +996,7 @@ int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(pt != NULL);
ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(*buf != NULL);
ECP_VALIDATE_RET(buf_len == 0 || *buf != NULL);
/*
* We must have at least two bytes (1 for length, at least one for data)
@@ -1068,7 +1068,7 @@ int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
mbedtls_ecp_group_id grp_id;
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(*buf != NULL);
ECP_VALIDATE_RET(len == 0 || *buf != NULL);
if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) {
return ret;
@@ -1088,7 +1088,7 @@ int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
const mbedtls_ecp_curve_info *curve_info;
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(*buf != NULL);
ECP_VALIDATE_RET(len == 0 || *buf != NULL);
/*
* We expect at least three bytes (see below)
@@ -2614,8 +2614,8 @@ static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
/* RP.X might be slightly larger than P, so reduce it */
MOD_ADD(RP.X);
/* Randomize coordinates of the starting point */
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
/* Derandomize coordinates of the starting point */
if (f_rng == NULL) {
have_rng = 0;
}
@@ -3358,10 +3358,10 @@ cleanup:
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
unsigned char *buf, size_t buflen)
{
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET(key != NULL);
ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(buflen == 0 || buf != NULL);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {

14
library/ecp_curves.c
View File

@@ -535,10 +535,10 @@ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_
*/
static inline void ecp_mpi_set1(mbedtls_mpi *X)
{
static mbedtls_mpi_uint one[] = { 1 };
static const mbedtls_mpi_uint one[] = { 1 };
X->s = 1;
X->n = 1;
X->p = one;
X->p = (mbedtls_mpi_uint *) one; /* X->p will not be modified so the cast is safe */
}
/*
@@ -1348,7 +1348,7 @@ cleanup:
*/
#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, mbedtls_mpi_uint mask)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1362,7 +1362,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p
/* Init R */
R.s = 1;
R.p = Rp;
R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */
R.n = P_KOBLITZ_R;
/* Common setup for M */
@@ -1433,7 +1433,7 @@ cleanup:
*/
static int ecp_mod_p192k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00)
};
@@ -1450,7 +1450,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N)
*/
static int ecp_mod_p224k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00)
};
@@ -1472,7 +1472,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N)
*/
static int ecp_mod_p256k1(mbedtls_mpi *N)
{
static mbedtls_mpi_uint Rp[] = {
static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00)
};

2
library/entropy_poll.c
View File

@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(__linux__) && !defined(_GNU_SOURCE)
#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
/* Ensure that syscall() is available even when compiling with -std=c99 */
#define _GNU_SOURCE
#endif

18
library/pk_wrap.c
View File

@@ -53,7 +53,23 @@ static int rsa_can_do(mbedtls_pk_type_t type)
static size_t rsa_get_bitlen(const void *ctx)
{
const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
return 8 * mbedtls_rsa_get_len(rsa);
/* Unfortunately, the rsa.h interface does not have a direct way
* to access the bit-length that works with MBEDTLS_RSA_ALT.
* So we have to do a little work here.
*/
mbedtls_mpi N;
mbedtls_mpi_init(&N);
int ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, NULL);
/* If the export fails for some reason (e.g. the RSA_ALT implementation
* does not support export, or there is not enough memory),
* we have no way of returning an error from this function.
* As a fallback, return the byte-length converted in bits, which is
* the correct value if the modulus size is a multiple of 8 bits, which
* is very often the case in practice. */
size_t bitlen = (ret == 0 ? mbedtls_mpi_bitlen(&N) :
8 * mbedtls_rsa_get_len(rsa));
mbedtls_mpi_free(&N);
return bitlen;
}
static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,

4
library/platform_util.c
View File

@@ -66,10 +66,10 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
#include <time.h>
#if !defined(_WIN32) && (defined(unix) || \
defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
defined(__MACH__)))
defined(__MACH__)) || defined(__midipix__))
#include <unistd.h>
#endif /* !_WIN32 && (unix || __unix || __unix__ ||
* (__APPLE__ && __MACH__)) */
* (__APPLE__ && __MACH__)) || __midipix__ */
#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \
(defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \

57
library/psa_crypto.c
View File

@@ -4822,21 +4822,10 @@ static psa_status_t psa_hash_try_support(psa_algorithm_t alg)
return status;
}
static psa_status_t psa_key_derivation_setup_kdf(
static psa_status_t psa_key_derivation_set_maximum_capacity(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg)
{
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset(&operation->ctx, 0, sizeof(operation->ctx));
/* Make sure that kdf_alg is a supported key derivation algorithm. */
if (!is_kdf_alg_supported(kdf_alg)) {
return PSA_ERROR_NOT_SUPPORTED;
}
/* All currently supported key derivation algorithms are based on a
* hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
size_t hash_size = PSA_HASH_LENGTH(hash_alg);
if (hash_size == 0) {
@@ -4851,14 +4840,48 @@ static psa_status_t psa_key_derivation_setup_kdf(
return status;
}
if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) &&
!(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
#if defined(PSA_WANT_ALG_HKDF)
if (PSA_ALG_IS_HKDF(kdf_alg)) {
operation->capacity = 255 * hash_size;
} else
#endif
#if defined(PSA_WANT_ALG_TLS12_PRF)
if (PSA_ALG_IS_TLS12_PRF(kdf_alg) &&
(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
operation->capacity = SIZE_MAX;
} else
#endif
#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg) &&
(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
/* Master Secret is always 48 bytes
* https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */
operation->capacity = 48U;
} else
#endif
{
(void) hash_size;
status = PSA_ERROR_NOT_SUPPORTED;
}
return status;
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg)
{
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset(&operation->ctx, 0, sizeof(operation->ctx));
/* Make sure that kdf_alg is a supported key derivation algorithm. */
if (!is_kdf_alg_supported(kdf_alg)) {
return PSA_ERROR_NOT_SUPPORTED;
}
operation->capacity = 255 * hash_size;
return PSA_SUCCESS;
psa_status_t status = psa_key_derivation_set_maximum_capacity(operation,
kdf_alg);
return status;
}
static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)

66
library/ssl_tls.c
View File

@@ -5204,6 +5204,12 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1
#else
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
#else
@@ -5241,6 +5247,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT 4
#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5
#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 7
#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
((uint16_t) ( \
@@ -5252,9 +5259,11 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
(SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \
SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
(SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \
SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT)))
static unsigned char ssl_serialized_session_header[] = {
static const unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH,
@@ -5278,19 +5287,36 @@ static unsigned char ssl_serialized_session_header[] = {
* // the setting of those compile-time
* // configuration options which influence
* // the structure of mbedtls_ssl_session.
* uint64 start_time;
* uint8 ciphersuite[2]; // defined by the standard
* uint8 compression; // 0 or 1
* uint8 session_id_len; // at most 32
* opaque session_id[32];
* opaque master[48]; // fixed length in the standard
* uint32 verify_result;
* opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
* opaque ticket<0..2^24-1>; // length 0 means no ticket
* uint32 ticket_lifetime;
* uint8 mfl_code; // up to 255 according to standard
* uint8 trunc_hmac; // 0 or 1
* uint8 encrypt_then_mac; // 0 or 1
* #if defined(MBEDTLS_HAVE_TIME)
* uint64 start_time;
* #endif
* uint8 ciphersuite[2]; // defined by the standard
* uint8 compression; // 0 or 1
* uint8 session_id_len; // at most 32
* opaque session_id[32];
* opaque master[48]; // fixed length in the standard
* uint32 verify_result;
* #if defined(MBEDTLS_X509_CRT_PARSE_C)
* #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
* opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
* #else
* uint8 peer_cert_digest_type;
* opaque peer_cert_digest<0..2^8-1>
* #endif
* #endif
* #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
* opaque ticket<0..2^24-1>; // length 0 means no ticket
* uint32 ticket_lifetime;
* #endif
* #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
* uint8 mfl_code; // up to 255 according to standard
* #endif
* #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
* uint8 trunc_hmac; // 0 or 1
* #endif
* #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
* uint8 encrypt_then_mac; // 0 or 1
* #endif
*
* The order is the same as in the definition of the structure, except
* verify_result is put before peer_cert so that all mandatory fields come
@@ -6123,7 +6149,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
(SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
0u))
static unsigned char ssl_serialized_context_header[] = {
static const unsigned char ssl_serialized_context_header[] = {
MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH,
@@ -6821,7 +6847,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
static int ssl_preset_default_hashes[] = {
static const int ssl_preset_default_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
#endif
@@ -6839,14 +6865,14 @@ static int ssl_preset_default_hashes[] = {
};
#endif
static int ssl_preset_suiteb_ciphersuites[] = {
static const int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
0
};
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
static int ssl_preset_suiteb_hashes[] = {
static const int ssl_preset_suiteb_hashes[] = {
MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA384,
MBEDTLS_MD_NONE
@@ -6854,7 +6880,7 @@ static int ssl_preset_suiteb_hashes[] = {
#endif
#if defined(MBEDTLS_ECP_C)
static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
static const mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_ECP_DP_SECP256R1,
#endif